root
/
telebit-relay.js
mirror of https://git.coolaj86.com/coolaj86/telebit-relay.js.git
2
0
Fork 0
Code Issues Releases Wiki Activity

regression fix: pass updated jwts with grant

This commit is contained in:
AJ ONeal 2018-06-29 20:05:24 +00:00
parent bbee698322
commit 57f1de5f2d
1 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
lib/extensions/index.js
View File

@ -167,11 +167,13 @@ module.exports.pairRequest = function (opts) {
, pin: pin
, dt: now
, exp: now + (2 * 60 * 60 * 1000)
, authnData: authnData
, authn: jwt.sign(authnData, state.secret)
, request: authReq
};
// Setting extra authnData
auth.authn = jwt.sign(authnData, state.secret);
authnData.jwt = auth.authn;
auth.authnData = authnData;
Auths.set(auth, authReq.id, authReq.secret);
return authnData;
});
@ -183,6 +185,7 @@ module.exports.pairPin = function (opts) {
var secret = opts.secret;
var auth = Auths.getBySecret(secret);
console.log('[pairPin] validating secret and pin');
if (!auth) {
throw new Error("Invalid magic link token '" + secret + "'");
}
@ -192,9 +195,11 @@ module.exports.pairPin = function (opts) {
}
if (auth._offered) {
console.log('[pairPin] already has offer to return');
return auth._offered;
}
console.log('[pairPin] generating offer');
var hri = require('human-readable-ids').hri;
var hrname = hri.random() + '.' + state.config.sharedDomain;
// TODO check used / unused names and ports
@ -208,9 +213,14 @@ module.exports.pairPin = function (opts) {
};
var pathname = path.join(__dirname, 'emails', auth.subject + '.' + hrname + '.data');
auth.authz = jwt.sign(authzData, state.secret);
auth.authzData = authzData;
authzData.jwt = auth.authz;
auth._offered = authzData;
if (auth.resolve) {
console.log('[pairPin] resolving');
auth.resolve(auth);
} else {
console.log('[pairPin] not resolvable');
}
fs.writeFile(pathname, JSON.stringify(authzData), function (err) {
if (err) {
@ -218,12 +228,24 @@ module.exports.pairPin = function (opts) {
console.error(err);
}
});
auth._offered = authzData;
return authzData;
});
};
// From a WS connection
module.exports.authHelper = function (meta) {
var state = meta.state;
return state.Promise.resolve().then(function () {
var auth = meta.session;
if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
console.error(auth);
return;
}
return auth.authzData;
});
};
// opts = { state: state, auth: auth_request OR access_token }
module.exports.authenticate = function (opts) {
var jwt = require('jsonwebtoken');
var state = opts.state;
@ -245,7 +267,6 @@ module.exports.authenticate = function (opts) {
// this will cause the websocket to disconnect
auth.resolve = function (auth) {
opts.auth = auth.authz;
auth.resolve = null;
auth.reject = null;
// NOTE XXX: This is premature in the sense that we can't be 100% sure
@ -253,7 +274,12 @@ module.exports.authenticate = function (opts) {
// sort of check that the client actually received the token
// (i.e. when the grant event gets an ack)
auth._claimed = true;
return state.defaults.authenticate(opts.auth).then(resolve);
// this is probably not necessary anymore
opts.auth = auth.authz;
return module.exports.authHelper({
state: state
, session: auth
}).then(resolve);
};
auth.reject = function (err) {
auth.resolve = null;
@ -312,7 +338,7 @@ module.exports.authenticate = function (opts) {
}
console.log("[wss.ext.authenticate] Using authz");
return state.defaults.authenticate(opts.auth);
return module.exports.authHelper({ state: state, session: auth });
};
//var loaded = false;