From dc67bee735d23730f75d9529e02f505392b1c30c Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Fri, 29 Jun 2018 11:02:13 +0000
Subject: [PATCH] passthru authn and await authz, better logging

---
 lib/extensions/index.js | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/lib/extensions/index.js b/lib/extensions/index.js
index 47d7085..5ee664d 100644
--- a/lib/extensions/index.js
+++ b/lib/extensions/index.js
@@ -226,8 +226,6 @@ module.exports.pairPin = function (opts) {
 // From a WS connection
 module.exports.authenticate = function (opts) {
   var jwt = require('jsonwebtoken');
-  var jwtoken = opts.auth;
-  var authReq = opts.auth;
   var state = opts.state;
   var auth;
   var decoded;
@@ -267,41 +265,44 @@ module.exports.authenticate = function (opts) {
     return auth.promise;
   }
 
-  if ('object' === typeof authReq && /^.+@.+\..+$/.test(authReq.subject)) {
-    console.log("[ext token] Looks Like Auth Object");
+  // Promise Authz on Auth Creds
+  // TODO: remove
+  if ('object' === typeof opts.auth && /^.+@.+\..+$/.test(opts.auth.subject)) {
+    console.log("[wss.ext.authenticate] [1] Request Pair for Credentials");
     return module.exports.pairRequest(opts).then(function (authnData) {
-      console.log("[ext token] Promises Like Auth Object");
+      console.log("[wss.ext.authenticate] [2] Promise Authz on Pair Complete");
       var auth = Auths.get(authnData.id);
       return getPromise(auth);
+      //getPromise(auth);
+      //return state.defaults.authenticate(authnData.jwt);
     });
   }
 
-  console.log("[ext token] Trying Token Parse");
   try {
-    decoded = jwt.decode(jwtoken, { complete: true });
+    decoded = jwt.decode(opts.auth, { complete: true });
     auth = Auths.get(decoded.payload.id);
   } catch(e) {
-    console.log("[ext token] Token Did Not Parse");
+    console.log("[wss.ext.authenticate] [Error] could not parse token");
     decoded = null;
   }
 
-  console.log("[ext token] decoded auth token:");
+  console.log("[wss.ext.authenticate] incoming token decoded:");
   console.log(decoded);
 
   if (!auth) {
-    console.log("[ext token] did not find auth object");
+    console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
   }
 
   // TODO technically this could leak the token through a timing attack
   // but it would require already knowing the semi-secret id and having
   // completed the pair code
-  if (auth && (auth.authn === jwtoken || auth.authz === jwtoken)) {
+  if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
     if (!auth.authz) {
-      console.log("[ext token] Promise Authz");
-      return getPromise(auth);
+      console.log("[wss.ext.authenticate] Create authz promise and passthru");
+      getPromise(auth);
+      return state.defaults.authenticate(opts.auth);
     }
 
-    console.log("[ext token] Use Available Authz");
     // If they used authn but now authz is available, use authz
     // (i.e. connects, but no domains or ports)
     opts.auth = auth.authz;
@@ -310,7 +311,7 @@ module.exports.authenticate = function (opts) {
     auth._claimed = true;
   }
 
-  console.log("[ext token] Continue With Auth Token");
+  console.log("[wss.ext.authenticate] Using authz");
   return state.defaults.authenticate(opts.auth);
 };