verify all tokens that are provided

This commit is contained in:
tigerbot 2017-08-11 17:00:18 -06:00
parent 92d052faf0
commit fa3816390b
1 changed files with 22 additions and 27 deletions

View File

@ -3,7 +3,7 @@
var PromiseA = require('bluebird');
function extractAccessToken(req) {
var token;
var token = null;
var parts;
var scheme;
var credentials;
@ -133,6 +133,13 @@ function verifyToken(token) {
url: OAUTH3.url.resolve(directives.api, url)
, method: args.method
, data: body
}).catch(function (err) {
return PromiseA.reject({
message: 'failed to retrieve public key from token issuer'
, code: 'E_NO_PUB_KEY'
, url: 'https://oauth3.org/docs/errors#E_NO_PUB_KEY'
, subErr: err.toString()
});
});
}, function (err) {
return PromiseA.reject({
@ -178,6 +185,7 @@ function attachOauth3(req, res, next) {
req.oauth3 = {};
extractAccessToken(req).then(function (token) {
req.oauth3.encodedToken = token;
req.oauth3.verifyAsync = function (jwt) {
return verifyToken(jwt || token);
};
@ -185,38 +193,25 @@ function attachOauth3(req, res, next) {
if (!token) {
return null;
}
var decoded;
try {
decoded = require('jsonwebtoken').decode(token);
} catch (e) {}
if (!decoded) {
return PromiseA.reject({
message: 'provided token not a JSON Web Token'
, code: 'E_NOT_JWT'
, url: 'https://oauth3.org/docs/errors#E_NOT_JWT'
});
}
if (!decoded.iss) {
return PromiseA.reject({
message: 'token missing iss'
, code: 'E_MISSING_ISS'
, url: 'https://oauth3.org/docs/errors#E_MISSING_ISS'
});
}
var ppid = decoded.sub || decoded.ppid || decoded.appScopedId;
req.oauth3.encodedToken = token;
return verifyToken(token);
}).then(function (decoded) {
req.oauth3.token = decoded;
if (!decoded) {
return null;
}
var ppid = decoded.sub || decoded.ppid || decoded.appScopedId;
req.oauth3.ppid = ppid;
req.oauth3.accountIdx = ppid+'@'+token.iss;
req.oauth3.accountHash = require('crypto').createHash('sha256').update(req.oauth3.accountIdx).digest('base64');
req.oauth3.accountHash = req.oauth3.accountHash.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+/g, '');
req.oauth3.accountIdx = ppid+'@'+decoded.iss;
var hash = require('crypto').createHash('sha256').update(req.oauth3.accountIdx).digest('base64');
hash = hash.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+/g, '');
req.oauth3.accountHash = hash;
req.oauth3.rescope = function (sub) {
// TODO: this function is supposed to convert PPIDs of different parties to some account
// ID that allows application to keep track of permisions and what-not.
return PromiseA.resolve(sub || ppid);
return PromiseA.resolve(sub || hash);
};
}).then(function () {
deepFreeze(req.oauth3);