2017-02-11 02:34:00 +00:00
|
|
|
;(function (exports) {
|
|
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
var OAUTH3 = window.OAUTH3 || require('./oauth3.js');
|
|
|
|
|
|
|
|
|
|
OAUTH3.authz = OAUTH3.authz || {};
|
|
|
|
|
OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
|
|
|
|
|
// OAuth3.requests.grants(providerUri, {}); // return list of grants
|
|
|
|
|
// OAuth3.checkGrants(providerUri, {}); //
|
|
|
|
|
var clientUri = OAUTH3.core.normalizeUri(clientParams.client_id || clientParams.client_uri);
|
|
|
|
|
var scope = clientParams.scope || '';
|
|
|
|
|
var clientObj = clientParams;
|
|
|
|
|
|
|
|
|
|
if (!scope) {
|
|
|
|
|
scope = 'oauth3_authn';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return OAUTH3.requests.grants(providerUri, {
|
|
|
|
|
method: 'GET'
|
|
|
|
|
, client_id: clientUri
|
|
|
|
|
, client_uri: clientUri
|
|
|
|
|
, session: session
|
|
|
|
|
}).then(function (grants) {
|
|
|
|
|
var myGrants;
|
|
|
|
|
var grantedScopes;
|
|
|
|
|
var grantedScopesMap;
|
|
|
|
|
var pendingScopes;
|
|
|
|
|
var acceptedScopes;
|
|
|
|
|
var acceptedScopesMap;
|
|
|
|
|
var scopes = OAUTH3.core.parsescope(scope);
|
|
|
|
|
var callbackUrl;
|
|
|
|
|
|
|
|
|
|
console.log('previous grants:');
|
|
|
|
|
console.log(grants);
|
|
|
|
|
|
|
|
|
|
// it doesn't matter who the referrer is as long as the destination
|
|
|
|
|
// is an authorized destination for the client in question
|
|
|
|
|
// (though it may not hurt to pass the referrer's info on to the client)
|
|
|
|
|
if (!OAUTH3.checkRedirect(grants.client, clientObj)) {
|
|
|
|
|
callbackUrl = 'https://oauth3.org/docs/errors#E_REDIRECT_ATTACK'
|
|
|
|
|
+ '?redirect_uri=' + clientObj.redirect_uri
|
|
|
|
|
+ '&allowed_urls=' + grants.client.url
|
|
|
|
|
+ '&client_id=' + clientUri
|
|
|
|
|
+ '&referrer_uri=' + OAUTH3.core.normalizeUri(window.document.referrer)
|
|
|
|
|
;
|
|
|
|
|
location.href = callbackUrl;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-13 17:46:12 +00:00
|
|
|
console.warn("What are grants? Baby don't hurt me. Don't hurt me. No more.");
|
|
|
|
|
console.warn(grants);
|
|
|
|
|
|
2017-02-11 02:34:00 +00:00
|
|
|
myGrants = grants.grants.filter(function (grant) {
|
|
|
|
|
if (clientUri === (grant.azp || grant.oauth_client_id || grant.oauthClientId)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
grantedScopesMap = {};
|
|
|
|
|
acceptedScopesMap = {};
|
|
|
|
|
pendingScopes = scopes.filter(function (requestedScope) {
|
|
|
|
|
return myGrants.every(function (grant) {
|
|
|
|
|
if (!grant.scope) {
|
|
|
|
|
grant.scope = 'oauth3_authn';
|
|
|
|
|
}
|
|
|
|
|
var gscopes = grant.scope.split(/[+, ]/g);
|
|
|
|
|
gscopes.forEach(function (s) { grantedScopesMap[s] = true; });
|
|
|
|
|
if (-1 !== gscopes.indexOf(requestedScope)) {
|
|
|
|
|
// already accepted in the past
|
|
|
|
|
acceptedScopesMap[requestedScope] = true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// true, is pending
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
grantedScopes = Object.keys(grantedScopesMap);
|
|
|
|
|
acceptedScopes = Object.keys(acceptedScopesMap);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
pending: pendingScopes // not yet accepted
|
|
|
|
|
, granted: grantedScopes // all granted, ever
|
|
|
|
|
, requested: scopes // all requested, now
|
|
|
|
|
, accepted: acceptedScopes // granted (ever) and requested (now)
|
|
|
|
|
, client: grants.client
|
|
|
|
|
, grants: grants.grants
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
exports.OAUTH3_PROVIDER = OAUTH3;
|
|
|
|
|
|
|
|
|
|
if ('undefined' !== typeof module) {
|
|
|
|
|
module.exports = OAUTH3;
|
|
|
|
|
}
|
|
|
|
|
}('undefined' !== typeof exports ? exports : window));
|
