passthru authn and await authz, better logging
This commit is contained in:
parent
7fd28d55a1
commit
dc67bee735
|
|
@ -226,8 +226,6 @@ module.exports.pairPin = function (opts) {
|
|||
// From a WS connection
|
||||
module.exports.authenticate = function (opts) {
|
||||
var jwt = require('jsonwebtoken');
|
||||
var jwtoken = opts.auth;
|
||||
var authReq = opts.auth;
|
||||
var state = opts.state;
|
||||
var auth;
|
||||
var decoded;
|
||||
|
|
@ -267,41 +265,44 @@ module.exports.authenticate = function (opts) {
|
|||
return auth.promise;
|
||||
}
|
||||
|
||||
if ('object' === typeof authReq && /^.+@.+\..+$/.test(authReq.subject)) {
|
||||
console.log("[ext token] Looks Like Auth Object");
|
||||
// Promise Authz on Auth Creds
|
||||
// TODO: remove
|
||||
if ('object' === typeof opts.auth && /^.+@.+\..+$/.test(opts.auth.subject)) {
|
||||
console.log("[wss.ext.authenticate] [1] Request Pair for Credentials");
|
||||
return module.exports.pairRequest(opts).then(function (authnData) {
|
||||
console.log("[ext token] Promises Like Auth Object");
|
||||
console.log("[wss.ext.authenticate] [2] Promise Authz on Pair Complete");
|
||||
var auth = Auths.get(authnData.id);
|
||||
return getPromise(auth);
|
||||
//getPromise(auth);
|
||||
//return state.defaults.authenticate(authnData.jwt);
|
||||
});
|
||||
}
|
||||
|
||||
console.log("[ext token] Trying Token Parse");
|
||||
try {
|
||||
decoded = jwt.decode(jwtoken, { complete: true });
|
||||
decoded = jwt.decode(opts.auth, { complete: true });
|
||||
auth = Auths.get(decoded.payload.id);
|
||||
} catch(e) {
|
||||
console.log("[ext token] Token Did Not Parse");
|
||||
console.log("[wss.ext.authenticate] [Error] could not parse token");
|
||||
decoded = null;
|
||||
}
|
||||
|
||||
console.log("[ext token] decoded auth token:");
|
||||
console.log("[wss.ext.authenticate] incoming token decoded:");
|
||||
console.log(decoded);
|
||||
|
||||
if (!auth) {
|
||||
console.log("[ext token] did not find auth object");
|
||||
console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
|
||||
}
|
||||
|
||||
// TODO technically this could leak the token through a timing attack
|
||||
// but it would require already knowing the semi-secret id and having
|
||||
// completed the pair code
|
||||
if (auth && (auth.authn === jwtoken || auth.authz === jwtoken)) {
|
||||
if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
|
||||
if (!auth.authz) {
|
||||
console.log("[ext token] Promise Authz");
|
||||
return getPromise(auth);
|
||||
console.log("[wss.ext.authenticate] Create authz promise and passthru");
|
||||
getPromise(auth);
|
||||
return state.defaults.authenticate(opts.auth);
|
||||
}
|
||||
|
||||
console.log("[ext token] Use Available Authz");
|
||||
// If they used authn but now authz is available, use authz
|
||||
// (i.e. connects, but no domains or ports)
|
||||
opts.auth = auth.authz;
|
||||
|
|
@ -310,7 +311,7 @@ module.exports.authenticate = function (opts) {
|
|||
auth._claimed = true;
|
||||
}
|
||||
|
||||
console.log("[ext token] Continue With Auth Token");
|
||||
console.log("[wss.ext.authenticate] Using authz");
|
||||
return state.defaults.authenticate(opts.auth);
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue