From 57f1de5f2dbd0949b5771f7b112dc5502423d38a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 29 Jun 2018 20:05:24 +0000 Subject: [PATCH] regression fix: pass updated jwts with grant --- lib/extensions/index.js | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/lib/extensions/index.js b/lib/extensions/index.js index 3e6cf52..9e6dc36 100644 --- a/lib/extensions/index.js +++ b/lib/extensions/index.js @@ -167,11 +167,13 @@ module.exports.pairRequest = function (opts) { , pin: pin , dt: now , exp: now + (2 * 60 * 60 * 1000) - , authnData: authnData - , authn: jwt.sign(authnData, state.secret) , request: authReq }; + + // Setting extra authnData + auth.authn = jwt.sign(authnData, state.secret); authnData.jwt = auth.authn; + auth.authnData = authnData; Auths.set(auth, authReq.id, authReq.secret); return authnData; }); @@ -183,6 +185,7 @@ module.exports.pairPin = function (opts) { var secret = opts.secret; var auth = Auths.getBySecret(secret); + console.log('[pairPin] validating secret and pin'); if (!auth) { throw new Error("Invalid magic link token '" + secret + "'"); } @@ -192,9 +195,11 @@ module.exports.pairPin = function (opts) { } if (auth._offered) { + console.log('[pairPin] already has offer to return'); return auth._offered; } + console.log('[pairPin] generating offer'); var hri = require('human-readable-ids').hri; var hrname = hri.random() + '.' + state.config.sharedDomain; // TODO check used / unused names and ports @@ -208,9 +213,14 @@ module.exports.pairPin = function (opts) { }; var pathname = path.join(__dirname, 'emails', auth.subject + '.' + hrname + '.data'); auth.authz = jwt.sign(authzData, state.secret); + auth.authzData = authzData; authzData.jwt = auth.authz; + auth._offered = authzData; if (auth.resolve) { + console.log('[pairPin] resolving'); auth.resolve(auth); + } else { + console.log('[pairPin] not resolvable'); } fs.writeFile(pathname, JSON.stringify(authzData), function (err) { if (err) { @@ -218,12 +228,24 @@ module.exports.pairPin = function (opts) { console.error(err); } }); - auth._offered = authzData; return authzData; }); }; // From a WS connection +module.exports.authHelper = function (meta) { + var state = meta.state; + return state.Promise.resolve().then(function () { + var auth = meta.session; + if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) { + console.error("[SANITY FAIL] should not complete auth without authz data and access_token"); + console.error(auth); + return; + } + return auth.authzData; + }); +}; +// opts = { state: state, auth: auth_request OR access_token } module.exports.authenticate = function (opts) { var jwt = require('jsonwebtoken'); var state = opts.state; @@ -245,7 +267,6 @@ module.exports.authenticate = function (opts) { // this will cause the websocket to disconnect auth.resolve = function (auth) { - opts.auth = auth.authz; auth.resolve = null; auth.reject = null; // NOTE XXX: This is premature in the sense that we can't be 100% sure @@ -253,7 +274,12 @@ module.exports.authenticate = function (opts) { // sort of check that the client actually received the token // (i.e. when the grant event gets an ack) auth._claimed = true; - return state.defaults.authenticate(opts.auth).then(resolve); + // this is probably not necessary anymore + opts.auth = auth.authz; + return module.exports.authHelper({ + state: state + , session: auth + }).then(resolve); }; auth.reject = function (err) { auth.resolve = null; @@ -312,7 +338,7 @@ module.exports.authenticate = function (opts) { } console.log("[wss.ext.authenticate] Using authz"); - return state.defaults.authenticate(opts.auth); + return module.exports.authHelper({ state: state, session: auth }); }; //var loaded = false;