regression fix: pass updated jwts with grant

This commit is contained in:
AJ ONeal 2018-06-29 20:05:24 +00:00
parent bbee698322
commit 57f1de5f2d
1 changed files with 32 additions and 6 deletions

View File

@ -167,11 +167,13 @@ module.exports.pairRequest = function (opts) {
, pin: pin , pin: pin
, dt: now , dt: now
, exp: now + (2 * 60 * 60 * 1000) , exp: now + (2 * 60 * 60 * 1000)
, authnData: authnData
, authn: jwt.sign(authnData, state.secret)
, request: authReq , request: authReq
}; };
// Setting extra authnData
auth.authn = jwt.sign(authnData, state.secret);
authnData.jwt = auth.authn; authnData.jwt = auth.authn;
auth.authnData = authnData;
Auths.set(auth, authReq.id, authReq.secret); Auths.set(auth, authReq.id, authReq.secret);
return authnData; return authnData;
}); });
@ -183,6 +185,7 @@ module.exports.pairPin = function (opts) {
var secret = opts.secret; var secret = opts.secret;
var auth = Auths.getBySecret(secret); var auth = Auths.getBySecret(secret);
console.log('[pairPin] validating secret and pin');
if (!auth) { if (!auth) {
throw new Error("Invalid magic link token '" + secret + "'"); throw new Error("Invalid magic link token '" + secret + "'");
} }
@ -192,9 +195,11 @@ module.exports.pairPin = function (opts) {
} }
if (auth._offered) { if (auth._offered) {
console.log('[pairPin] already has offer to return');
return auth._offered; return auth._offered;
} }
console.log('[pairPin] generating offer');
var hri = require('human-readable-ids').hri; var hri = require('human-readable-ids').hri;
var hrname = hri.random() + '.' + state.config.sharedDomain; var hrname = hri.random() + '.' + state.config.sharedDomain;
// TODO check used / unused names and ports // TODO check used / unused names and ports
@ -208,9 +213,14 @@ module.exports.pairPin = function (opts) {
}; };
var pathname = path.join(__dirname, 'emails', auth.subject + '.' + hrname + '.data'); var pathname = path.join(__dirname, 'emails', auth.subject + '.' + hrname + '.data');
auth.authz = jwt.sign(authzData, state.secret); auth.authz = jwt.sign(authzData, state.secret);
auth.authzData = authzData;
authzData.jwt = auth.authz; authzData.jwt = auth.authz;
auth._offered = authzData;
if (auth.resolve) { if (auth.resolve) {
console.log('[pairPin] resolving');
auth.resolve(auth); auth.resolve(auth);
} else {
console.log('[pairPin] not resolvable');
} }
fs.writeFile(pathname, JSON.stringify(authzData), function (err) { fs.writeFile(pathname, JSON.stringify(authzData), function (err) {
if (err) { if (err) {
@ -218,12 +228,24 @@ module.exports.pairPin = function (opts) {
console.error(err); console.error(err);
} }
}); });
auth._offered = authzData;
return authzData; return authzData;
}); });
}; };
// From a WS connection // From a WS connection
module.exports.authHelper = function (meta) {
var state = meta.state;
return state.Promise.resolve().then(function () {
var auth = meta.session;
if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
console.error(auth);
return;
}
return auth.authzData;
});
};
// opts = { state: state, auth: auth_request OR access_token }
module.exports.authenticate = function (opts) { module.exports.authenticate = function (opts) {
var jwt = require('jsonwebtoken'); var jwt = require('jsonwebtoken');
var state = opts.state; var state = opts.state;
@ -245,7 +267,6 @@ module.exports.authenticate = function (opts) {
// this will cause the websocket to disconnect // this will cause the websocket to disconnect
auth.resolve = function (auth) { auth.resolve = function (auth) {
opts.auth = auth.authz;
auth.resolve = null; auth.resolve = null;
auth.reject = null; auth.reject = null;
// NOTE XXX: This is premature in the sense that we can't be 100% sure // NOTE XXX: This is premature in the sense that we can't be 100% sure
@ -253,7 +274,12 @@ module.exports.authenticate = function (opts) {
// sort of check that the client actually received the token // sort of check that the client actually received the token
// (i.e. when the grant event gets an ack) // (i.e. when the grant event gets an ack)
auth._claimed = true; auth._claimed = true;
return state.defaults.authenticate(opts.auth).then(resolve); // this is probably not necessary anymore
opts.auth = auth.authz;
return module.exports.authHelper({
state: state
, session: auth
}).then(resolve);
}; };
auth.reject = function (err) { auth.reject = function (err) {
auth.resolve = null; auth.resolve = null;
@ -312,7 +338,7 @@ module.exports.authenticate = function (opts) {
} }
console.log("[wss.ext.authenticate] Using authz"); console.log("[wss.ext.authenticate] Using authz");
return state.defaults.authenticate(opts.auth); return module.exports.authHelper({ state: state, session: auth });
}; };
//var loaded = false; //var loaded = false;