grant pre-authorized tokens, duh

This commit is contained in:
AJ ONeal 2018-06-29 21:39:49 +00:00
parent 021629ea68
commit 5deefa9832
1 changed files with 11 additions and 6 deletions

View File

@ -234,14 +234,20 @@ module.exports.pairPin = function (opts) {
// From a WS connection
module.exports.authHelper = function (meta) {
console.log('[authHelper] 1');
var state = meta.state;
console.log('[authHelper] 2');
return state.Promise.resolve().then(function () {
console.log('[authHelper] 3');
var auth = meta.session;
if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
console.log('[authHelper] 4', auth);
if (!auth || 'string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
console.log('[authHelper] 5');
console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
console.error(auth);
return;
}
console.log("[authHelper] passing authzData right along", auth.authzData);
return auth.authzData;
});
};
@ -311,22 +317,21 @@ module.exports.authenticate = function (opts) {
console.log("[wss.ext.authenticate] [Error] could not parse token");
decoded = null;
}
console.log("[wss.ext.authenticate] incoming token decoded:");
console.log(decoded);
if (!auth) {
console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
console.log("[wss.ext.authenticate] no session / auth handshake. Pass to default auth");
return state.defaults.authenticate(opts.auth);
}
// TODO technically this could leak the token through a timing attack
// but it would require already knowing the semi-secret id and having
// completed the pair code
if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
if (auth.authn === opts.auth || auth.authz === opts.auth) {
if (!auth.authz) {
console.log("[wss.ext.authenticate] Create authz promise and passthru");
return getPromise(auth);
//return state.defaults.authenticate(opts.auth);
}
// If they used authn but now authz is available, use authz
@ -337,7 +342,7 @@ module.exports.authenticate = function (opts) {
auth._claimed = true;
}
console.log("[wss.ext.authenticate] Using authz");
console.log("[wss.ext.authenticate] Already using authz, skipping promise");
return module.exports.authHelper({ state: state, session: auth });
};