regression fix: pass updated jwts with grant
This commit is contained in:
parent
bbee698322
commit
57f1de5f2d
|
@ -167,11 +167,13 @@ module.exports.pairRequest = function (opts) {
|
||||||
, pin: pin
|
, pin: pin
|
||||||
, dt: now
|
, dt: now
|
||||||
, exp: now + (2 * 60 * 60 * 1000)
|
, exp: now + (2 * 60 * 60 * 1000)
|
||||||
, authnData: authnData
|
|
||||||
, authn: jwt.sign(authnData, state.secret)
|
|
||||||
, request: authReq
|
, request: authReq
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Setting extra authnData
|
||||||
|
auth.authn = jwt.sign(authnData, state.secret);
|
||||||
authnData.jwt = auth.authn;
|
authnData.jwt = auth.authn;
|
||||||
|
auth.authnData = authnData;
|
||||||
Auths.set(auth, authReq.id, authReq.secret);
|
Auths.set(auth, authReq.id, authReq.secret);
|
||||||
return authnData;
|
return authnData;
|
||||||
});
|
});
|
||||||
|
@ -183,6 +185,7 @@ module.exports.pairPin = function (opts) {
|
||||||
var secret = opts.secret;
|
var secret = opts.secret;
|
||||||
var auth = Auths.getBySecret(secret);
|
var auth = Auths.getBySecret(secret);
|
||||||
|
|
||||||
|
console.log('[pairPin] validating secret and pin');
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
throw new Error("Invalid magic link token '" + secret + "'");
|
throw new Error("Invalid magic link token '" + secret + "'");
|
||||||
}
|
}
|
||||||
|
@ -192,9 +195,11 @@ module.exports.pairPin = function (opts) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth._offered) {
|
if (auth._offered) {
|
||||||
|
console.log('[pairPin] already has offer to return');
|
||||||
return auth._offered;
|
return auth._offered;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
console.log('[pairPin] generating offer');
|
||||||
var hri = require('human-readable-ids').hri;
|
var hri = require('human-readable-ids').hri;
|
||||||
var hrname = hri.random() + '.' + state.config.sharedDomain;
|
var hrname = hri.random() + '.' + state.config.sharedDomain;
|
||||||
// TODO check used / unused names and ports
|
// TODO check used / unused names and ports
|
||||||
|
@ -208,9 +213,14 @@ module.exports.pairPin = function (opts) {
|
||||||
};
|
};
|
||||||
var pathname = path.join(__dirname, 'emails', auth.subject + '.' + hrname + '.data');
|
var pathname = path.join(__dirname, 'emails', auth.subject + '.' + hrname + '.data');
|
||||||
auth.authz = jwt.sign(authzData, state.secret);
|
auth.authz = jwt.sign(authzData, state.secret);
|
||||||
|
auth.authzData = authzData;
|
||||||
authzData.jwt = auth.authz;
|
authzData.jwt = auth.authz;
|
||||||
|
auth._offered = authzData;
|
||||||
if (auth.resolve) {
|
if (auth.resolve) {
|
||||||
|
console.log('[pairPin] resolving');
|
||||||
auth.resolve(auth);
|
auth.resolve(auth);
|
||||||
|
} else {
|
||||||
|
console.log('[pairPin] not resolvable');
|
||||||
}
|
}
|
||||||
fs.writeFile(pathname, JSON.stringify(authzData), function (err) {
|
fs.writeFile(pathname, JSON.stringify(authzData), function (err) {
|
||||||
if (err) {
|
if (err) {
|
||||||
|
@ -218,12 +228,24 @@ module.exports.pairPin = function (opts) {
|
||||||
console.error(err);
|
console.error(err);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
auth._offered = authzData;
|
|
||||||
return authzData;
|
return authzData;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
// From a WS connection
|
// From a WS connection
|
||||||
|
module.exports.authHelper = function (meta) {
|
||||||
|
var state = meta.state;
|
||||||
|
return state.Promise.resolve().then(function () {
|
||||||
|
var auth = meta.session;
|
||||||
|
if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
|
||||||
|
console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
|
||||||
|
console.error(auth);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
return auth.authzData;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
// opts = { state: state, auth: auth_request OR access_token }
|
||||||
module.exports.authenticate = function (opts) {
|
module.exports.authenticate = function (opts) {
|
||||||
var jwt = require('jsonwebtoken');
|
var jwt = require('jsonwebtoken');
|
||||||
var state = opts.state;
|
var state = opts.state;
|
||||||
|
@ -245,7 +267,6 @@ module.exports.authenticate = function (opts) {
|
||||||
// this will cause the websocket to disconnect
|
// this will cause the websocket to disconnect
|
||||||
|
|
||||||
auth.resolve = function (auth) {
|
auth.resolve = function (auth) {
|
||||||
opts.auth = auth.authz;
|
|
||||||
auth.resolve = null;
|
auth.resolve = null;
|
||||||
auth.reject = null;
|
auth.reject = null;
|
||||||
// NOTE XXX: This is premature in the sense that we can't be 100% sure
|
// NOTE XXX: This is premature in the sense that we can't be 100% sure
|
||||||
|
@ -253,7 +274,12 @@ module.exports.authenticate = function (opts) {
|
||||||
// sort of check that the client actually received the token
|
// sort of check that the client actually received the token
|
||||||
// (i.e. when the grant event gets an ack)
|
// (i.e. when the grant event gets an ack)
|
||||||
auth._claimed = true;
|
auth._claimed = true;
|
||||||
return state.defaults.authenticate(opts.auth).then(resolve);
|
// this is probably not necessary anymore
|
||||||
|
opts.auth = auth.authz;
|
||||||
|
return module.exports.authHelper({
|
||||||
|
state: state
|
||||||
|
, session: auth
|
||||||
|
}).then(resolve);
|
||||||
};
|
};
|
||||||
auth.reject = function (err) {
|
auth.reject = function (err) {
|
||||||
auth.resolve = null;
|
auth.resolve = null;
|
||||||
|
@ -312,7 +338,7 @@ module.exports.authenticate = function (opts) {
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log("[wss.ext.authenticate] Using authz");
|
console.log("[wss.ext.authenticate] Using authz");
|
||||||
return state.defaults.authenticate(opts.auth);
|
return module.exports.authHelper({ state: state, session: auth });
|
||||||
};
|
};
|
||||||
|
|
||||||
//var loaded = false;
|
//var loaded = false;
|
||||||
|
|
Loading…
Reference in New Issue