WIP placeholder for authorizations

This commit is contained in:
AJ ONeal 2018-08-10 09:45:05 +00:00
parent b60658ee81
commit 616458a87a
1 changed files with 55 additions and 30 deletions

View File

@ -134,6 +134,37 @@ Accounts.create = function (req) {
});
});
};
Accounts._associateEmails = function (req) {
if (-1 === (req._state.config.trustedIssuers||TRUSTED_ISSUERS).indexOf(req.auth.data.iss)) {
// again, make sure that untrusted issuers do not get
return null;
}
// oauth3.org, issuer@oauth3.org, profile
return OAUTH3.request({
url: "https://api." + req.auth.data.iss + "/api/issuer@oauth3.org/acl/profile"
, session: { accessToken: req.auth.jwt, token: req.auth.data }
}).then(function (resp) {
var email;
var err;
(resp.data.nodes||[]).some(function (/*node*/) {
// TODO use verified email addresses
return true;
});
// back-compat for current way email is stored
if (!email && /@/.test(resp.data.username)) {
email = resp.data.username;
}
if (!email) {
err = new Error ("could not find a verified email address in profile settings");
err.code = "E_NO_EMAIL";
return PromiseA.reject(err);
}
return [ { scheme: 'mailto', type: 'email', name: email } ];
});
};
/*
// TODO an owner of an asset can give permission to another entity
// but that does not mean that that owner has access to that entity's things
@ -163,6 +194,7 @@ Accounts.getOrCreate = function (req) {
});
};
function sendMail(state, auth) {
console.log('[DEBUG] ext auth', auth);
/*
@ -717,36 +749,6 @@ app.use('/api', CORS({
app.use('/api', bodyParser.json());
app.use('/api/telebit.cloud/account', oauth3Auth);
Accounts._associateEmails = function (req) {
if (-1 === (req._state.config.trustedIssuers||TRUSTED_ISSUERS).indexOf(req.auth.data.iss)) {
// again, make sure that untrusted issuers do not get
return null;
}
// oauth3.org, issuer@oauth3.org, profile
return OAUTH3.request({
url: "https://api." + req.auth.data.iss + "/api/issuer@oauth3.org/acl/profile"
, session: { accessToken: req.auth.jwt, token: req.auth.data }
}).then(function (resp) {
var email;
var err;
(resp.data.nodes||[]).some(function (/*node*/) {
// TODO use verified email addresses
return true;
});
// back-compat for current way email is stored
if (!email && /@/.test(resp.data.username)) {
email = resp.data.username;
}
if (!email) {
err = new Error ("could not find a verified email address in profile settings");
err.code = "E_NO_EMAIL";
return PromiseA.reject(err);
}
return [ { scheme: 'mailto', type: 'email', name: email } ];
});
};
app.get('/api/telebit.cloud/account', function (req, res) {
return Accounts.getOrCreate(req).then(function (acc) {
var hasEmail = acc.nodes.some(function (node) {
@ -816,6 +818,29 @@ app.post('/api/telebit.cloud/account', function (req, res) {
});
});
// Challenge Nodes / Email, Domains / DNS
app.post('/api/telebit.cloud/account/authorizations/new', function (req, res) {
// Send email via SMTP, confirm client's chosen pin
res.statusCode = 500;
res.send({ error: { code: "E_NO_IMPL", message: "not implemented" } });
});
app.get('/api/telebit.cloud/account/authorizations/status/:id', function (req, res) {
// For client to check on status
res.statusCode = 500;
res.send({ error: { code: "E_NO_IMPL", message: "not implemented" } });
});
app.get('/api/telebit.cloud/account/authorizations/meta/:secret', function (req, res) {
// For agent to retrieve metadata
res.statusCode = 500;
res.send({ error: { code: "E_NO_IMPL", message: "not implemented" } });
});
app.post('/api/telebit.cloud/account/authorizations/new/:magic/:pin', function (req, res) {
// For agent to confirm user's intent
res.statusCode = 500;
res.send({ error: { code: "E_NO_IMPL", message: "not implemented" } });
});
// From Device (which knows id, but not secret)
app.post('/api/telebit.cloud/pair_request', function (req, res) {
var auth = req.body;