grant pre-authorized tokens, duh
This commit is contained in:
parent
021629ea68
commit
5deefa9832
|
@ -234,14 +234,20 @@ module.exports.pairPin = function (opts) {
|
||||||
|
|
||||||
// From a WS connection
|
// From a WS connection
|
||||||
module.exports.authHelper = function (meta) {
|
module.exports.authHelper = function (meta) {
|
||||||
|
console.log('[authHelper] 1');
|
||||||
var state = meta.state;
|
var state = meta.state;
|
||||||
|
console.log('[authHelper] 2');
|
||||||
return state.Promise.resolve().then(function () {
|
return state.Promise.resolve().then(function () {
|
||||||
|
console.log('[authHelper] 3');
|
||||||
var auth = meta.session;
|
var auth = meta.session;
|
||||||
if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
|
console.log('[authHelper] 4', auth);
|
||||||
|
if (!auth || 'string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
|
||||||
|
console.log('[authHelper] 5');
|
||||||
console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
|
console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
|
||||||
console.error(auth);
|
console.error(auth);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
console.log("[authHelper] passing authzData right along", auth.authzData);
|
||||||
return auth.authzData;
|
return auth.authzData;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
@ -311,22 +317,21 @@ module.exports.authenticate = function (opts) {
|
||||||
console.log("[wss.ext.authenticate] [Error] could not parse token");
|
console.log("[wss.ext.authenticate] [Error] could not parse token");
|
||||||
decoded = null;
|
decoded = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log("[wss.ext.authenticate] incoming token decoded:");
|
console.log("[wss.ext.authenticate] incoming token decoded:");
|
||||||
console.log(decoded);
|
console.log(decoded);
|
||||||
|
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
|
console.log("[wss.ext.authenticate] no session / auth handshake. Pass to default auth");
|
||||||
|
return state.defaults.authenticate(opts.auth);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO technically this could leak the token through a timing attack
|
// TODO technically this could leak the token through a timing attack
|
||||||
// but it would require already knowing the semi-secret id and having
|
// but it would require already knowing the semi-secret id and having
|
||||||
// completed the pair code
|
// completed the pair code
|
||||||
if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
|
if (auth.authn === opts.auth || auth.authz === opts.auth) {
|
||||||
if (!auth.authz) {
|
if (!auth.authz) {
|
||||||
console.log("[wss.ext.authenticate] Create authz promise and passthru");
|
console.log("[wss.ext.authenticate] Create authz promise and passthru");
|
||||||
return getPromise(auth);
|
return getPromise(auth);
|
||||||
//return state.defaults.authenticate(opts.auth);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// If they used authn but now authz is available, use authz
|
// If they used authn but now authz is available, use authz
|
||||||
|
@ -337,7 +342,7 @@ module.exports.authenticate = function (opts) {
|
||||||
auth._claimed = true;
|
auth._claimed = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log("[wss.ext.authenticate] Using authz");
|
console.log("[wss.ext.authenticate] Already using authz, skipping promise");
|
||||||
return module.exports.authHelper({ state: state, session: auth });
|
return module.exports.authHelper({ state: state, session: auth });
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue