coolaj86
/
issuer.rest.walnut.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

exchange credential for profiles

This commit is contained in:
AJ ONeal 2017-12-05 23:14:53 +00:00
parent 81b213ec4b
commit abaa59dab0
2 changed files with 45 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
accounts.js
View File

@ -61,19 +61,24 @@ function validateOtp(codeStore, codeId, token) {
});
}
function getOrCreate(store, username) {
function getOrCreate(store, iss, username) {
// account => profile
return store.IssuerOauth3OrgAccounts.get(username).then(function (profile) {
return store.IssuerOauth3OrgProfiles.find({ username: username }).then(function (profile) {
profile = profile && profile[0];
if (profile) {
return profile;
}
// TODO profile should be ecdsa256 pub/privkeypair
var sub = makeB64UrlSafe(crypto.randomBytes(32).toString('base64'));
var iss = req.experienceId;
profile = {
username: username,
accountId: makeB64UrlSafe(crypto.randomBytes(32).toString('base64')),
id: sub + (iss && ('@' + iss) || '')
, username: username
, sub: sub
, iss: iss
};
return store.IssuerOauth3OrgAccounts.create(username, profile).then(function () {
return store.IssuerOauth3OrgProfiles.create(profile.id, profile).then(function () {
// TODO: put sort sort of email notification to the server managers?
return profile;
});
@ -176,7 +181,7 @@ function create(deps, app) {
restful.sendOtp = function (req, res) {
var params = req.body;
var promise = req.getSiteStore().then(function (store) {
store.IssuerOauth3OrgProfiles = store.IssuerOauth3OrgProfiles || store.IssuerOauth3OrgAccounts;
//store.IssuerOauth3OrgProfiles = store.IssuerOauth3OrgProfiles || store.IssuerOauth3OrgAccounts;
return createOtp(store, params).then(function (code) {
var emailParams = {
to: params.username,
@ -241,7 +246,7 @@ function create(deps, app) {
return restful.createToken._helper(req, res, tokenInfo);
}
function createProfile(credential, profile) {
function createProfile(credential, meta) {
var bs58 = require('bs58');
var EC = require('elliptic').ec;
var ec = new EC('secp256k1');
@ -251,28 +256,25 @@ function create(deps, app) {
//var ec = new EC('curve25519');
var pub = bs58.encode(Buffer.from(key.derive(key.getPublic()).toString('hex'), 'hex'));
var priv = bs58.encode(Buffer.from(key.priv.toString('hex'), 'hex'));
var parts = [];
var iss = req.experienceId;
var id = pub + '@' + iss;
if (!credential.sub) {
return deps.Promise.reject(new Error("missing 'sub' from credential"));
}
if (credential.sub !== profile.sub || credential.iss !== profile.iss) {
return deps.Promise.reject(new Error("credential 'sub' and 'iss' do not match information in profile"));
if (credential.sub !== meta.sub || credential.iss !== meta.iss) {
return deps.Promise.reject(new Error("credential 'sub' and 'iss' do not match information in request body"));
}
parts.push(pub);
if (req.experienceId) {
parts.push(req.experienceId);
}
var username = parts.join('@');
var profile = {
accountId: pub // profile.sub
id: id
// accountId: pub // profile.sub
, sub: pub // profile.sub
, iss: req.experienceId
, prv: priv
, typ: 'oauth3'
, typ: 'profile'
, username: id
};
function getId(token) {
@ -280,17 +282,15 @@ function create(deps, app) {
if (token.iss) {
id += '@' + token.iss;
}
return id || token.accountId;
return id || token.id || token.accountId;
}
console.log('[debug] username, credential, profile:');
console.log(username);
console.log('[debug] id, credential, profile:');
console.log(id);
console.log(credential);
console.log(profile);
return deps.Promise.reject(new Error("blah blah grrr grrr"));
return store.IssuerOauth3OrgAccounts.create(username, profile).then(function () {
return store.IssuerOauth3OrgProfiles.create(profile.id/*username*/, profile).then(function () {
var id = crypto.randomBytes(16).toString('hex');
return store.IssuerOauth3OrgCredentialsProfiles.create(id, {
credentialId: getId(credential)
@ -308,12 +308,13 @@ function create(deps, app) {
}
function getProfile() {
var query = { username: 'IN ' + joins.map(function (el) { return el.profileId }).join(',') };
var query = { id: 'IN ' + joins.map(function (el) { return el.profileId }).join(',') };
//var query = { username: 'IN ' + joins.map(function (el) { return el.profileId }).join(',') };
//var query = { accountId: 'IN ' + joins.map(function (el) { return el.profileId }).join(',') };
//var query = { accountId: joins.map(function (el) { return el.profileId })[0] };
console.log('[DEBUG] query profiles:');
console.log(query);
return req.Models.IssuerOauth3OrgAccounts.find(query).then(function (profiles) {
return req.Models.IssuerOauth3OrgProfiles.find(query).then(function (profiles) {
console.log('[DEBUG] Profiles:');
console.log(profiles);
@ -363,7 +364,7 @@ function create(deps, app) {
var store;
var promise = req.getSiteStore().then(function (_store) {
store = _store;
store.IssuerOauth3OrgProfiles = store.IssuerOauth3OrgProfiles || store.IssuerOauth3OrgAccounts;
//store.IssuerOauth3OrgProfiles = store.IssuerOauth3OrgProfiles || store.IssuerOauth3OrgAccounts;
if (!req.body || !req.body.grant_type) {
throw new OpErr("missing 'grant_type' from the body");
}
@ -486,19 +487,20 @@ function create(deps, app) {
var codeId = crypto.createHash('sha256').update(params.username_type+':'+params.username).digest('base64');
codeId = makeB64UrlSafe(codeId);
return req.getSiteStore().then(function (store) {
store.IssuerOauth3OrgProfiles = store.IssuerOauth3OrgProfiles || store.IssuerOauth3OrgAccounts;
//store.IssuerOauth3OrgProfiles = store.IssuerOauth3OrgProfiles || store.IssuerOauth3OrgAccounts;
return validateOtp(store.IssuerOauth3OrgCodes, codeId, params.password)
.then(function () {
return getOrCreate(store, params.username);
return getOrCreate(store, req.experienceId, params.username);
}).then(function (account) {
var contactClaimId = crypto.createHash('sha256').update(account.accountId+':'+params.username_type+':'+params.username).digest('base64');
var contactClaimId = crypto.createHash('sha256').update(account.sub+':'+params.username_type+':'+params.username).digest('base64');
//var contactClaimId = crypto.createHash('sha256').update(account.accountId+':'+params.username_type+':'+params.username).digest('base64');
return req.Models.IssuerOauth3OrgContactNodes.get(contactClaimId).then(function (contactClaim) {
var now = Date.now();
if (!contactClaim) { contactClaim = { id: contactClaimId }; }
if (!contactClaim.verifiedAt) { contactClaim.verifiedAt = now; }
contactClaim.lastVerifiedAt = now;
console.log('contactClaim');
console.log('[DEBUG] contactClaim');
console.log(contactClaim);
return req.Models.IssuerOauth3OrgContactNodes.upsert(contactClaim).then(function () {
return {
@ -540,7 +542,7 @@ function create(deps, app) {
};
restful.getProfile = function (req, res) {
var promise = req.Models.IssuerOauth3OrgAccounts.get(req.oauth3.accountIdx).then(function (result) {
var promise = req.Models.IssuerOauth3OrgProfiles.get(req.oauth3._IDX_ || req.oauth3.accountIdx).then(function (result) {
if (!result) { result = { id: undefined }; }
result.id = undefined;
@ -551,11 +553,11 @@ function create(deps, app) {
app.handlePromise(req, res, promise, '[issuer@oauth3.org] get profile');
};
restful.setProfile = function (req, res) {
console.log('req.oauth3');
console.log('[setProfile] req.oauth3:');
console.log(req.oauth3);
var body = req.body;
var promise = req.Models.IssuerOauth3OrgAccounts.find({ accountId: req.oauth3.ppid }).then(function (results) {
var promise = req.Models.IssuerOauth3OrgProfiles.find({ sub: req.oauth3.ppid, iss: req.experienceId }).then(function (results) {
var result = results[0];
var changed = false;
@ -575,7 +577,7 @@ function create(deps, app) {
});
if (changed) {
return req.Models.IssuerOauth3OrgAccounts.upsert(result).then(function () { console.log('update updated'); return result; });
return req.Models.IssuerOauth3OrgProfiles.upsert(result).then(function () { console.log('update updated'); return result; });
}
return result;
@ -626,7 +628,8 @@ function create(deps, app) {
throw new OpErr("code didn't have contact node and type information");
}
var contactClaimId = crypto.createHash('sha256').update(req.oauth3.accountIdx+':'+code.node.type+':'+code.node.node).digest('base64');
// TODO this token may represent a 3rd-party credential or 1st-party profile. What should the ID be?
var contactClaimId = crypto.createHash('sha256').update((req.oauth3._IDX_ || req.oauth3.accountIdx)+':'+code.node.type+':'+code.node.node).digest('base64');
return req.Models.IssuerOauth3OrgContactNodes.get(contactClaimId).then(function (contactClaim) {
var now = Date.now();
if (!contactClaim) { contactClaim = { id: contactClaimId }; }

11
models.js
View File

@ -18,7 +18,7 @@ module.exports = [
tablename: apiname + '_credentials',
idname: 'id',
// credentialId = ppid@iss
indices: baseFields.concat([ 'credentialId', 'sub', 'iss', 'typ' ]), // comment, recoveryCredential
indices: baseFields.concat([ 'username', 'sub', 'iss', 'typ', 'salt', 'shadow' ]), // comment, recoveryCredential
},
{
tablename: apiname + '_credentials_profiles',
@ -26,15 +26,16 @@ module.exports = [
// credentialId = ppid@iss
indices: baseFields.concat([ 'credentialId', 'profileId' ]),
},
{ // TODO rename to profiles
tablename: apiname + '_accounts',
idname: 'username',
{
tablename: apiname + '_profiles',
idname: 'id',
// make sub an ecdsa256 key
indices: baseFields.concat([ 'accountId', 'sub', 'iss', 'typ', 'privateKey' ]), // comment, recoveryNode
indices: baseFields.concat([ 'username', 'sub', 'iss', 'typ', 'privateKey' ]), // comment, recoveryNodes
},
{
tablename: apiname + '_contact_nodes',
idname: 'id',
// contact nodes could apply to either credential or profile?
indices: baseFields.concat([ 'accountId', 'verifiedAt', 'lastVerifiedAt' ]),
},
{