passthru authn and await authz, better logging

This commit is contained in:
AJ ONeal 2018-06-29 11:02:13 +00:00
parent 7fd28d55a1
commit dc67bee735
1 changed files with 16 additions and 15 deletions

View File

@ -226,8 +226,6 @@ module.exports.pairPin = function (opts) {
// From a WS connection // From a WS connection
module.exports.authenticate = function (opts) { module.exports.authenticate = function (opts) {
var jwt = require('jsonwebtoken'); var jwt = require('jsonwebtoken');
var jwtoken = opts.auth;
var authReq = opts.auth;
var state = opts.state; var state = opts.state;
var auth; var auth;
var decoded; var decoded;
@ -267,41 +265,44 @@ module.exports.authenticate = function (opts) {
return auth.promise; return auth.promise;
} }
if ('object' === typeof authReq && /^.+@.+\..+$/.test(authReq.subject)) { // Promise Authz on Auth Creds
console.log("[ext token] Looks Like Auth Object"); // TODO: remove
if ('object' === typeof opts.auth && /^.+@.+\..+$/.test(opts.auth.subject)) {
console.log("[wss.ext.authenticate] [1] Request Pair for Credentials");
return module.exports.pairRequest(opts).then(function (authnData) { return module.exports.pairRequest(opts).then(function (authnData) {
console.log("[ext token] Promises Like Auth Object"); console.log("[wss.ext.authenticate] [2] Promise Authz on Pair Complete");
var auth = Auths.get(authnData.id); var auth = Auths.get(authnData.id);
return getPromise(auth); return getPromise(auth);
//getPromise(auth);
//return state.defaults.authenticate(authnData.jwt);
}); });
} }
console.log("[ext token] Trying Token Parse");
try { try {
decoded = jwt.decode(jwtoken, { complete: true }); decoded = jwt.decode(opts.auth, { complete: true });
auth = Auths.get(decoded.payload.id); auth = Auths.get(decoded.payload.id);
} catch(e) { } catch(e) {
console.log("[ext token] Token Did Not Parse"); console.log("[wss.ext.authenticate] [Error] could not parse token");
decoded = null; decoded = null;
} }
console.log("[ext token] decoded auth token:"); console.log("[wss.ext.authenticate] incoming token decoded:");
console.log(decoded); console.log(decoded);
if (!auth) { if (!auth) {
console.log("[ext token] did not find auth object"); console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
} }
// TODO technically this could leak the token through a timing attack // TODO technically this could leak the token through a timing attack
// but it would require already knowing the semi-secret id and having // but it would require already knowing the semi-secret id and having
// completed the pair code // completed the pair code
if (auth && (auth.authn === jwtoken || auth.authz === jwtoken)) { if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
if (!auth.authz) { if (!auth.authz) {
console.log("[ext token] Promise Authz"); console.log("[wss.ext.authenticate] Create authz promise and passthru");
return getPromise(auth); getPromise(auth);
return state.defaults.authenticate(opts.auth);
} }
console.log("[ext token] Use Available Authz");
// If they used authn but now authz is available, use authz // If they used authn but now authz is available, use authz
// (i.e. connects, but no domains or ports) // (i.e. connects, but no domains or ports)
opts.auth = auth.authz; opts.auth = auth.authz;
@ -310,7 +311,7 @@ module.exports.authenticate = function (opts) {
auth._claimed = true; auth._claimed = true;
} }
console.log("[ext token] Continue With Auth Token"); console.log("[wss.ext.authenticate] Using authz");
return state.defaults.authenticate(opts.auth); return state.defaults.authenticate(opts.auth);
}; };