diff options
Diffstat (limited to '.sandstorm-meteor-1.8/oidc_server.js')
| -rw-r--r-- | .sandstorm-meteor-1.8/oidc_server.js | 116 |
1 files changed, 65 insertions, 51 deletions
diff --git a/.sandstorm-meteor-1.8/oidc_server.js b/.sandstorm-meteor-1.8/oidc_server.js index 326238da..91b0e8a4 100644 --- a/.sandstorm-meteor-1.8/oidc_server.js +++ b/.sandstorm-meteor-1.8/oidc_server.js @@ -1,13 +1,12 @@ Oidc = {}; -OAuth.registerService('oidc', 2, null, function (query) { - +OAuth.registerService('oidc', 2, null, function(query) { var debug = process.env.DEBUG || false; var token = getToken(query); if (debug) console.log('XXX: register token:', token); var accessToken = token.access_token || token.id_token; - var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10)); + var expiresAt = +new Date() + 1000 * parseInt(token.expires_in, 10); var userinfo = getUserInfo(accessToken); if (debug) console.log('XXX: userinfo:', userinfo); @@ -22,12 +21,14 @@ OAuth.registerService('oidc', 2, null, function (query) { if (accessToken) { var tokenContent = getTokenContent(accessToken); - var fields = _.pick(tokenContent, getConfiguration().idTokenWhitelistFields); + var fields = _.pick( + tokenContent, + getConfiguration().idTokenWhitelistFields, + ); _.extend(serviceData, fields); } - if (token.refresh_token) - serviceData.refreshToken = token.refresh_token; + if (token.refresh_token) serviceData.refreshToken = token.refresh_token; if (debug) console.log('XXX: serviceData:', serviceData); var profile = {}; @@ -37,88 +38,101 @@ OAuth.registerService('oidc', 2, null, function (query) { return { serviceData: serviceData, - options: { profile: profile } + options: { profile: profile }, }; }); -var userAgent = "Meteor"; +var userAgent = 'Meteor'; if (Meteor.release) { - userAgent += "/" + Meteor.release; + userAgent += '/' + Meteor.release; } -var getToken = function (query) { +var getToken = function(query) { var debug = process.env.DEBUG || false; var config = getConfiguration(); - if(config.tokenEndpoint.includes('https://')){ + if (config.tokenEndpoint.includes('https://')) { var serverTokenEndpoint = config.tokenEndpoint; - }else{ + } else { var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint; } var requestPermissions = config.requestPermissions; var response; try { - response = HTTP.post( - serverTokenEndpoint, - { - headers: { - Accept: 'application/json', - "User-Agent": userAgent - }, - params: { - code: query.code, - client_id: config.clientId, - client_secret: OAuth.openSecret(config.secret), - redirect_uri: OAuth._redirectUri('oidc', config), - grant_type: 'authorization_code', - scope: requestPermissions, - state: query.state - } - } - ); + response = HTTP.post(serverTokenEndpoint, { + headers: { + Accept: 'application/json', + 'User-Agent': userAgent, + }, + params: { + code: query.code, + client_id: config.clientId, + client_secret: OAuth.openSecret(config.secret), + redirect_uri: OAuth._redirectUri('oidc', config), + grant_type: 'authorization_code', + scope: requestPermissions, + state: query.state, + }, + }); } catch (err) { - throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message), - { response: err.response }); + throw _.extend( + new Error( + 'Failed to get token from OIDC ' + + serverTokenEndpoint + + ': ' + + err.message, + ), + { response: err.response }, + ); } if (response.data.error) { // if the http response was a json object with an error attribute - throw new Error("Failed to complete handshake with OIDC " + serverTokenEndpoint + ": " + response.data.error); + throw new Error( + 'Failed to complete handshake with OIDC ' + + serverTokenEndpoint + + ': ' + + response.data.error, + ); } else { if (debug) console.log('XXX: getToken response: ', response.data); return response.data; } }; -var getUserInfo = function (accessToken) { +var getUserInfo = function(accessToken) { var debug = process.env.DEBUG || false; var config = getConfiguration(); // Some userinfo endpoints use a different base URL than the authorization or token endpoints. // This logic allows the end user to override the setting by providing the full URL to userinfo in their config. - if (config.userinfoEndpoint.includes("https://")) { + if (config.userinfoEndpoint.includes('https://')) { var serverUserinfoEndpoint = config.userinfoEndpoint; } else { var serverUserinfoEndpoint = config.serverUrl + config.userinfoEndpoint; } var response; try { - response = HTTP.get( - serverUserinfoEndpoint, - { - headers: { - "User-Agent": userAgent, - "Authorization": "Bearer " + accessToken - } - } - ); + response = HTTP.get(serverUserinfoEndpoint, { + headers: { + 'User-Agent': userAgent, + Authorization: 'Bearer ' + accessToken, + }, + }); } catch (err) { - throw _.extend(new Error("Failed to fetch userinfo from OIDC " + serverUserinfoEndpoint + ": " + err.message), - {response: err.response}); + throw _.extend( + new Error( + 'Failed to fetch userinfo from OIDC ' + + serverUserinfoEndpoint + + ': ' + + err.message, + ), + { response: err.response }, + ); } if (debug) console.log('XXX: getUserInfo response: ', response.data); return response.data; }; -var getConfiguration = function () { +var getConfiguration = function() { var config = ServiceConfiguration.configurations.findOne({ service: 'oidc' }); if (!config) { throw new ServiceConfiguration.ConfigError('Service oidc not configured.'); @@ -126,7 +140,7 @@ var getConfiguration = function () { return config; }; -var getTokenContent = function (token) { +var getTokenContent = function(token) { var content = null; if (token) { try { @@ -137,13 +151,13 @@ var getTokenContent = function (token) { var signed = parts[0] + '.' + parts[1]; } catch (err) { this.content = { - exp: 0 + exp: 0, }; } } return content; -} +}; -Oidc.retrieveCredential = function (credentialToken, credentialSecret) { +Oidc.retrieveCredential = function(credentialToken, credentialSecret) { return OAuth.retrieveCredential(credentialToken, credentialSecret); }; |