openid-client
Advanced tools
Comparing version 1.5.1 to 1.5.2
@@ -20,2 +20,6 @@ # openid-client CHANGELOG | ||
## Version 1.5.0 | ||
### Version 1.5.2 | ||
- [DIFF](https://github.com/panva/node-openid-client/compare/v1.5.1...v1.5.2) | ||
- fixed passport strategy, have it use prototype instead of ES6 class syntax | ||
### Version 1.5.1 | ||
@@ -22,0 +26,0 @@ - [DIFF](https://github.com/panva/node-openid-client/compare/v1.5.0...v1.5.1) |
'use strict'; | ||
/* eslint-disable no-underscore-dangle */ | ||
const _ = require('lodash'); | ||
@@ -10,8 +12,2 @@ const uuid = require('uuid'); | ||
const privates = new WeakMap(); | ||
function instance(ctx) { | ||
if (!privates.has(ctx)) privates.set(ctx, {}); | ||
return privates.get(ctx); | ||
} | ||
const MANDATORY = ['authorization_endpoint', 'jwks_uri', 'token_endpoint', 'userinfo_endpoint']; | ||
@@ -30,109 +26,107 @@ | ||
class OpenIDConnectStrategy { | ||
constructor(options, verify) { | ||
const opts = (() => { | ||
if (options instanceof Client) return { client: options }; | ||
return options; | ||
})(); | ||
function OpenIDConnectStrategy(options, verify) { | ||
const opts = (() => { | ||
if (options instanceof Client) return { client: options }; | ||
return options; | ||
})(); | ||
const client = opts.client; | ||
const client = opts.client; | ||
assert.equal(client instanceof Client, true); | ||
assert.equal(typeof verify, 'function'); | ||
assert.equal(client instanceof Client, true); | ||
assert.equal(typeof verify, 'function'); | ||
assert(client.issuer && client.issuer.issuer, 'client must have an issuer with an identifier'); | ||
MANDATORY.forEach((prop) => { | ||
assert(client.issuer[prop], `client's issuer must have ${prop} configured`); | ||
}); | ||
assert(client.issuer && client.issuer.issuer, 'client must have an issuer with an identifier'); | ||
MANDATORY.forEach((prop) => { | ||
assert(client.issuer[prop], `client's issuer must have ${prop} configured`); | ||
}); | ||
instance(this).client = client; | ||
instance(this).issuer = client.issuer; | ||
instance(this).verify = verify; | ||
const params = instance(this).params = opts.params || {}; | ||
this._client = client; | ||
this._issuer = client.issuer; | ||
this._verify = verify; | ||
const params = this._params = opts.params || {}; | ||
this.name = url.parse(client.issuer.issuer).hostname; | ||
this.name = url.parse(client.issuer.issuer).hostname; | ||
if (!params.response_type) params.response_type = _.get(client, 'response_types[0]', 'code'); | ||
if (!params.redirect_uri) params.redirect_uri = _.get(client, 'redirect_uris[0]'); | ||
if (!params.scope) params.scope = 'openid'; | ||
} | ||
if (!params.response_type) params.response_type = _.get(client, 'response_types[0]', 'code'); | ||
if (!params.redirect_uri) params.redirect_uri = _.get(client, 'redirect_uris[0]'); | ||
if (!params.scope) params.scope = 'openid'; | ||
} | ||
authenticate(req, options) { | ||
const client = instance(this).client; | ||
const issuer = instance(this).issuer; | ||
try { | ||
if (!req.session) throw new Error('authentication requires session support when using state, max_age or nonce'); | ||
const reqParams = client.callbackParams(req); | ||
const sessionKey = `oidc:${url.parse(issuer.issuer).hostname}`; | ||
OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, options) { | ||
const client = this._client; | ||
const issuer = this._issuer; | ||
try { | ||
if (!req.session) throw new Error('authentication requires session support when using state, max_age or nonce'); | ||
const reqParams = client.callbackParams(req); | ||
const sessionKey = `oidc:${url.parse(issuer.issuer).hostname}`; | ||
/* start authentication request */ | ||
if (_.isEmpty(reqParams)) { | ||
// provide options objecti with extra authentication parameters | ||
const opts = _.defaults({}, options, instance(this).params, { | ||
state: uuid(), | ||
}); | ||
/* start authentication request */ | ||
if (_.isEmpty(reqParams)) { | ||
// provide options objecti with extra authentication parameters | ||
const opts = _.defaults({}, options, this._params, { | ||
state: uuid(), | ||
}); | ||
if (!opts.nonce && opts.response_type.includes('id_token')) { | ||
opts.nonce = uuid(); | ||
} | ||
req.session[sessionKey] = _.pick(opts, 'nonce', 'state', 'max_age'); | ||
this.redirect(client.authorizationUrl(opts)); | ||
return; | ||
if (!opts.nonce && opts.response_type.includes('id_token')) { | ||
opts.nonce = uuid(); | ||
} | ||
/* end authentication request */ | ||
/* start authentication response */ | ||
const session = _.get(req, `session.${sessionKey}`, {}); | ||
const state = session.state; | ||
const maxAge = session.max_age; | ||
const nonce = session.nonce; | ||
req.session[sessionKey] = _.pick(opts, 'nonce', 'state', 'max_age'); | ||
this.redirect(client.authorizationUrl(opts)); | ||
return; | ||
} | ||
/* end authentication request */ | ||
if (req.session) delete req.session[sessionKey]; | ||
/* start authentication response */ | ||
const session = req.session[sessionKey]; | ||
const state = _.get(session, 'state'); | ||
const maxAge = _.get(session, 'max_age'); | ||
const nonce = _.get(session, 'nonce'); | ||
const opts = _.defaults({}, options, { | ||
redirect_uri: instance(this).params.redirect_uri, | ||
if (req.session) delete req.session[sessionKey]; | ||
const opts = _.defaults({}, options, { | ||
redirect_uri: this._params.redirect_uri, | ||
}); | ||
const checks = { state, nonce, max_age: maxAge }; | ||
let callback = client.authorizationCallback(opts.redirect_uri, reqParams, checks) | ||
.then((tokenset) => { | ||
const result = { tokenset }; | ||
return result; | ||
}); | ||
const checks = { state, nonce, max_age: maxAge }; | ||
let callback = client.authorizationCallback(opts.redirect_uri, reqParams, checks) | ||
.then((tokenset) => { | ||
const result = { tokenset }; | ||
const loadUserinfo = this._verify.length > 2; | ||
if (loadUserinfo) { | ||
callback = callback.then((result) => { | ||
const userinfoRequest = client.userinfo(result.tokenset); | ||
return userinfoRequest.then((userinfo) => { | ||
result.userinfo = userinfo; | ||
return result; | ||
}); | ||
}); | ||
} | ||
const loadUserinfo = instance(this).verify.length > 2; | ||
if (loadUserinfo) { | ||
callback = callback.then((result) => { | ||
const userinfoRequest = client.userinfo(result.tokenset); | ||
return userinfoRequest.then((userinfo) => { | ||
result.userinfo = userinfo; | ||
return result; | ||
}); | ||
}); | ||
callback.then((result) => { | ||
if (result.userinfo) { | ||
this._verify(result.tokenset, result.userinfo, verified.bind(this)); | ||
} else { | ||
this._verify(result.tokenset, verified.bind(this)); | ||
} | ||
callback.then((result) => { | ||
if (result.userinfo) { | ||
instance(this).verify(result.tokenset, result.userinfo, verified.bind(this)); | ||
} else { | ||
instance(this).verify(result.tokenset, verified.bind(this)); | ||
} | ||
}).catch((error) => { | ||
if (error instanceof OpenIdConnectError && | ||
error.error !== 'server_error' && | ||
!error.error.startsWith('invalid')) { | ||
this.fail(error); | ||
} else { | ||
this.error(error); | ||
} | ||
}); | ||
/* end authentication response */ | ||
} catch (err) { | ||
this.error(err); | ||
} | ||
}).catch((error) => { | ||
if (error instanceof OpenIdConnectError && | ||
error.error !== 'server_error' && | ||
!error.error.startsWith('invalid')) { | ||
this.fail(error); | ||
} else { | ||
this.error(error); | ||
} | ||
}); | ||
/* end authentication response */ | ||
} catch (err) { | ||
this.error(err); | ||
} | ||
} | ||
}; | ||
module.exports = OpenIDConnectStrategy; |
{ | ||
"name": "openid-client", | ||
"version": "1.5.1", | ||
"version": "1.5.2", | ||
"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
67613
1208