coolaj86
/
oauth3.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'v1.2'

This commit is contained in:
AJ ONeal 2017-11-16 05:30:53 +00:00
parent 2438081487 b7aa754c48
commit e6fa1d5314
3 changed files with 64 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth3.core.js
View File

@ -706,7 +706,7 @@
*/ */
return OAUTH3._browser.request(preq, opts); return OAUTH3._browser.request(preq, opts);
} }
, implicitGrant: function(directives, opts) { , implicitGrant: function (directives, opts) {
var promise; var promise;
var providerUri = directives.azp || directives.issuer || directives; var providerUri = directives.azp || directives.issuer || directives;

56
oauth3.crypto.js
View File

@ -8,6 +8,9 @@
OAUTH3.crypto.core = require('./oauth3.node.crypto'); OAUTH3.crypto.core = require('./oauth3.node.crypto');
} catch (error) { } catch (error) {
OAUTH3.crypto.core = {}; OAUTH3.crypto.core = {};
OAUTH3.crypto.core.ready = false;
var finishBeforeReady = [];
var deferedCalls = [];
// We don't currently have a fallback method for this function, so we assign // We don't currently have a fallback method for this function, so we assign
// it directly to the core object instead of the webCrypto object. // it directly to the core object instead of the webCrypto object.
@ -17,10 +20,31 @@
}; };
var webCrypto = {}; var webCrypto = {};
var deferCryptoCall = function(name) {
return function() {
var args = arguments;
return new OAUTH3.PromiseA(function(resolve, reject) {
deferedCalls.push(function(){
try {
webCrypto[name].apply(webCrypto, args)
.then(function(result){
resolve(result);
});
} catch(e) {
reject(e);
}
});
});
};
};
OAUTH3.crypto.core.sha256 = deferCryptoCall("sha256");
webCrypto.sha256 = function (buf) { webCrypto.sha256 = function (buf) {
return OAUTH3._browser.window.crypto.subtle.digest({name: 'SHA-256'}, buf); return OAUTH3._browser.window.crypto.subtle.digest({name: 'SHA-256'}, buf);
}; };
OAUTH3.crypto.core.pbkdf2 = deferCryptoCall("pbkdf2");
webCrypto.pbkdf2 = function (password, salt) { webCrypto.pbkdf2 = function (password, salt) {
return OAUTH3._browser.window.crypto.subtle.importKey('raw', OAUTH3._binStr.binStrToBuffer(password), {name: 'PBKDF2'}, false, ['deriveKey']) return OAUTH3._browser.window.crypto.subtle.importKey('raw', OAUTH3._binStr.binStrToBuffer(password), {name: 'PBKDF2'}, false, ['deriveKey'])
.then(function (key) { .then(function (key) {
@ -32,12 +56,15 @@
}); });
}; };
OAUTH3.crypto.core.encrypt = deferCryptoCall("encrypt");
webCrypto.encrypt = function (rawKey, iv, data) { webCrypto.encrypt = function (rawKey, iv, data) {
return OAUTH3._browser.window.crypto.subtle.importKey('raw', rawKey, {name: 'AES-GCM'}, false, ['encrypt']) return OAUTH3._browser.window.crypto.subtle.importKey('raw', rawKey, {name: 'AES-GCM'}, false, ['encrypt'])
.then(function (key) { .then(function (key) {
return OAUTH3._browser.window.crypto.subtle.encrypt({name: 'AES-GCM', iv: iv}, key, data); return OAUTH3._browser.window.crypto.subtle.encrypt({name: 'AES-GCM', iv: iv}, key, data);
}); });
}; };
OAUTH3.crypto.core.decrypt = deferCryptoCall("decrypt");
webCrypto.decrypt = function (rawKey, iv, data) { webCrypto.decrypt = function (rawKey, iv, data) {
return OAUTH3._browser.window.crypto.subtle.importKey('raw', rawKey, {name: 'AES-GCM'}, false, ['decrypt']) return OAUTH3._browser.window.crypto.subtle.importKey('raw', rawKey, {name: 'AES-GCM'}, false, ['decrypt'])
.then(function (key) { .then(function (key) {
@ -45,6 +72,7 @@
}); });
}; };
OAUTH3.crypto.core.genEcdsaKeyPair = deferCryptoCall("genEcdsaKeyPair");
webCrypto.genEcdsaKeyPair = function () { webCrypto.genEcdsaKeyPair = function () {
return OAUTH3._browser.window.crypto.subtle.generateKey({name: 'ECDSA', namedCurve: 'P-256'}, true, ['sign', 'verify']) return OAUTH3._browser.window.crypto.subtle.generateKey({name: 'ECDSA', namedCurve: 'P-256'}, true, ['sign', 'verify'])
.then(function (keyPair) { .then(function (keyPair) {
@ -57,6 +85,7 @@
}); });
}; };
OAUTH3.crypto.core.sign = deferCryptoCall("sign");
webCrypto.sign = function (jwk, msg) { webCrypto.sign = function (jwk, msg) {
return OAUTH3._browser.window.crypto.subtle.importKey('jwk', jwk, {name: 'ECDSA', namedCurve: jwk.crv}, false, ['sign']) return OAUTH3._browser.window.crypto.subtle.importKey('jwk', jwk, {name: 'ECDSA', namedCurve: jwk.crv}, false, ['sign'])
.then(function (key) { .then(function (key) {
@ -66,6 +95,8 @@
return new Uint8Array(sig); return new Uint8Array(sig);
}); });
}; };
OAUTH3.crypto.core.verify = deferCryptoCall("verify");
webCrypto.verify = function (jwk, msg, signature) { webCrypto.verify = function (jwk, msg, signature) {
// If the JWK has properties that should only exist on the private key or is missing // If the JWK has properties that should only exist on the private key or is missing
// "verify" in the key_ops, importing in as a public key won't work. // "verify" in the key_ops, importing in as a public key won't work.
@ -103,18 +134,19 @@
return prom; return prom;
}; };
function checkException(name, func) { function checkException(name, func) {
OAUTH3.PromiseA.resolve().then(func) return OAUTH3.PromiseA.resolve().then(func)
.then(function () { .then(function () {
OAUTH3.crypto.core[name] = webCrypto[name]; OAUTH3.crypto.core[name] = webCrypto[name];
}, function (err) { }, function (err) {
console.warn('error with WebCrypto', name, '- using fallback', err); console.warn('error with WebCrypto', name, '- using fallback', err);
loadFallback().then(function () { return loadFallback().then(function () {
OAUTH3.crypto.core[name] = OAUTH3_crypto_fallback[name]; OAUTH3.crypto.core[name] = OAUTH3_crypto_fallback[name];
}); });
}); });
} }
function checkResult(name, expected, func) { function checkResult(name, expected, func) {
checkException(name, function () {
finishBeforeReady.push(checkException(name, function () {
return func() return func()
.then(function (result) { .then(function (result) {
if (typeof expected === typeof result) { if (typeof expected === typeof result) {
@ -127,7 +159,7 @@
throw new Error("result ("+result+") doesn't match expectation ("+expected+")"); throw new Error("result ("+result+") doesn't match expectation ("+expected+")");
} }
}); });
}); }));
} }
var zeroBuf = new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]); var zeroBuf = new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);
@ -159,12 +191,20 @@
return webCrypto.verify(jwk, dataBuf, sig); return webCrypto.verify(jwk, dataBuf, sig);
}); });
// The results of these functions are less predictable, so we can't check their return value. // The results of these functions are less predictable, so we can't check their return value.
checkException('genEcdsaKeyPair', function () { finishBeforeReady.push(checkException('genEcdsaKeyPair', function () {
return webCrypto.genEcdsaKeyPair(); return webCrypto.genEcdsaKeyPair();
}); }));
checkException('sign', function () { finishBeforeReady.push(checkException('sign', function () {
return webCrypto.sign(jwk, dataBuf); return webCrypto.sign(jwk, dataBuf);
}); }));
OAUTH3.PromiseA.all(finishBeforeReady)
.then(function(results) {
OAUTH3.crypto.core.ready = true;
deferedCalls.forEach(function(request) {
request();
});
});
} }
checkWebCrypto(); checkWebCrypto();
} }

22
oauth3.issuer.js
View File

@ -192,8 +192,9 @@ OAUTH3.urls.grants = function (directive, opts) {
} }
var url = OAUTH3.url.resolve(directive.api, grantsDir.url) var url = OAUTH3.url.resolve(directive.api, grantsDir.url)
.replace(/(:azp|:client_id)/g, OAUTH3.uri.normalize(opts.client_id || opts.client_uri))
.replace(/(:sub|:account_id)/g, opts.session.token.sub || 'ISSUER:GRANT:TOKEN_SUB:UNDEFINED') .replace(/(:sub|:account_id)/g, opts.session.token.sub || 'ISSUER:GRANT:TOKEN_SUB:UNDEFINED')
.replace(/(:azp|:client_id)/g, !opts.all && OAUTH3.uri.normalize(opts.client_id || opts.client_uri) || '')
.replace(/\/\/$/, '/') // if there's a double slash due to the sub not existing
; ;
var data = { var data = {
client_id: opts.client_id client_id: opts.client_id
@ -287,21 +288,25 @@ OAUTH3.urls.publishKey = function (directive, opts) {
, session: opts.session , session: opts.session
}; };
}; };
OAUTH3.urls.credentialMeta = function (directive, opts) {
return OAUTH3.url.resolve(directive.api, directive.credential_meta.url)
.replace(':type', 'email')
.replace(':id', opts.email)
};
OAUTH3.authn = {}; OAUTH3.authn = {};
OAUTH3.authn.loginMeta = function (directive, opts) { OAUTH3.authn.loginMeta = function (directive, opts) {
var url = OAUTH3.urls.credentialMeta(directive, opts);
return OAUTH3.request({ return OAUTH3.request({
method: directive.credential_meta.method || 'GET' method: directive.credential_meta.method || 'GET'
// TODO lint urls // TODO lint urls
// TODO client_uri // TODO client_uri
, url: OAUTH3.url.resolve(directive.api, directive.credential_meta.url) , url: url
.replace(':type', 'email')
.replace(':id', opts.email)
}); });
}; };
OAUTH3.authn.otp = function (directive, opts) { OAUTH3.urls.otp = function (directive, opts) {
// TODO client_uri // TODO client_uri
var preq = { return {
method: directive.credential_otp.method || 'POST' method: directive.credential_otp.method || 'POST'
, url: OAUTH3.url.resolve(directive.api, directive.credential_otp.url) , url: OAUTH3.url.resolve(directive.api, directive.credential_otp.url)
, data: { , data: {
@ -314,6 +319,9 @@ OAUTH3.authn.otp = function (directive, opts) {
, username: opts.email , username: opts.email
} }
}; };
};
OAUTH3.authn.otp = function (directive, opts) {
var preq = OAUTH3.urls.otp(directive, opts);
return OAUTH3.request(preq); return OAUTH3.request(preq);
}; };
@ -425,7 +433,7 @@ OAUTH3.authz.grants = function (providerUri, opts) {
} }
// the responses for GET and POST requests are now the same, so we should alway be able to // the responses for GET and POST requests are now the same, so we should alway be able to
// use the response and save it the same way. // use the response and save it the same way.
if ('GET' !== opts.method && 'POST' !== opts.method) { if (opts.all || ('GET' !== opts.method && 'POST' !== opts.method)) {
return grants; return grants;
} }