Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 | 1x 9x 9x 9x 9x 9x 9x 9x 9x 1x 1x 2x 1x 1x 1x 2x 2x 2x 2x 2x 1x 2x 2x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x | 'use strict'
const url = require('url')
class AuthCallbackRequest {
constructor (options) {
this.requestUri = options.requestUri
this.issuer = options.issuer
this.oidcManager = options.oidcManager
this.response = options.response
this.session = options.session
this.returnToUrl = options.returnToUrl || '/'
this.serverUri = options.serverUri
this.debug = options.debug || console.log.bind(console)
}
/**
* Usage:
*
* ```
* router.get('/api/oidc/rp/:issuer_id', AuthCallbackRequest.get)
* ```
*
* @param req {IncomingRequest}
* @param res {ServerResponse}
* @param next {Function}
*
* @returns {Promise}
*/
static get (req, res, next) {
const request = AuthCallbackRequest.fromParams(req, res)
return AuthCallbackRequest.handle(request)
.catch(error => {
request.debug('Error in AuthCallbackRequest.get:', error)
next(error)
})
}
/**
* Factory method, creates and returns an initialized and validated instance
* of AuthCallbackRequest from a redirected GET request.
*
* @param req {IncomingRequest}
*
* @param res {ServerResponse}
* @return {AuthCallbackRequest}
*/
static fromParams (req, res) {
let oidcManager, serverUri
if (req.app && req.app.locals) {
const locals = req.app.locals
oidcManager = locals.oidc
serverUri = locals.host.serverUri
}
const requestUri = AuthCallbackRequest.fullUriFor(req)
const issuer = AuthCallbackRequest.extractIssuer(req)
const options = {
issuer,
requestUri,
oidcManager,
serverUri,
returnToUrl: req.session.returnToUrl,
response: res,
session: req.session
}
const request = new AuthCallbackRequest(options)
return request
}
static fullUriFor (req) {
return url.format({
protocol: req.protocol,
host: req.get('host'),
pathname: req.path,
query: req.query
})
}
// Exchange authorization code for id token
static handle (request) {
return Promise.resolve()
.then(() => request.validate())
.then(() => request.loadClient())
.then(rpClient => request.validateResponse(rpClient))
.then(session => request.initSessionUserAuth(session))
.then(() => request.resumeUserWorkflow())
}
static extractIssuer (req) {
return req.params && decodeURIComponent(req.params.issuer_id)
}
validate () {
if (!this.issuer) {
const error = new Error('Issuer id is missing from request params')
error.statusCode = 400
throw error
}
}
loadClient () {
const rpClientStore = this.oidcManager.clients
return rpClientStore.clientForIssuer(this.issuer)
}
/**
* @param rpSession {Session} RelyingParty Session object
*
* @returns {Promise}
*/
async initSessionUserAuth (rpSession) {
try {
const webId = await this.oidcManager.webIdFromClaims(rpSession.idClaims)
this.session.userId = webId
this.session.credentials = {
webId,
idClaims: rpSession.idClaims,
authorization: rpSession.authorization
}
} catch (err) {
const error = new Error('Could not verify Web ID from token claims')
error.statusCode = 401
error.cause = err
error.info = { credentials: this.session.credentials }
throw error
}
}
/**
* Validates the authentication response and decodes the credentials.
* Also performs auth code exchange (trading an authorization code for an
* id token and access token), if applicable.
*
* @param client {RelyingParty}
*
* @return {Session} Containing the `idToken` and `accessToken` properties
*/
validateResponse (client) {
return client.validateResponse(this.requestUri, this.session)
.catch(error => {
error.statusCode = 400
console.log('Error in callback/validateResponse:', error)
throw error
})
}
/**
* Redirects the user back to their original requested resource, at the end
* of the OIDC authentication process.
*/
resumeUserWorkflow () {
this.debug(' Resuming workflow, redirecting to ' + this.returnToUrl)
delete this.session.returnToUrl
return this.response.redirect(302, this.returnToUrl)
}
}
module.exports = AuthCallbackRequest
|