openid-client - npm Package Compare versions

Comparing version 1.5.1 to 1.5.2

CHANGELOG.md

		@@ -20,2 +20,6 @@ # openid-client CHANGELOG
		## Version 1.5.0
		### Version 1.5.2
		- [DIFF](https://github.com/panva/node-openid-client/compare/v1.5.1...v1.5.2)
		- fixed passport strategy, have it use prototype instead of ES6 class syntax

		### Version 1.5.1
		@@ -22,0 +26,0 @@ - [DIFF](https://github.com/panva/node-openid-client/compare/v1.5.0...v1.5.1)

178

lib/passport_strategy.js

		'use strict';

		/* eslint-disable no-underscore-dangle */

		const _ = require('lodash');
		@@ -10,8 +12,2 @@ const uuid = require('uuid');

		const privates = new WeakMap();
		function instance(ctx) {
		if (!privates.has(ctx)) privates.set(ctx, {});
		return privates.get(ctx);
		}

		const MANDATORY = ['authorization_endpoint', 'jwks_uri', 'token_endpoint', 'userinfo_endpoint'];
		@@ -30,109 +26,107 @@

		class OpenIDConnectStrategy {
		constructor(options, verify) {
		const opts = (() => {
		if (options instanceof Client) return { client: options };
		return options;
		})();
		function OpenIDConnectStrategy(options, verify) {
		const opts = (() => {
		if (options instanceof Client) return { client: options };
		return options;
		})();

		const client = opts.client;
		const client = opts.client;

		assert.equal(client instanceof Client, true);
		assert.equal(typeof verify, 'function');
		assert.equal(client instanceof Client, true);
		assert.equal(typeof verify, 'function');

		assert(client.issuer && client.issuer.issuer, 'client must have an issuer with an identifier');
		MANDATORY.forEach((prop) => {
		assert(client.issuer[prop], `client's issuer must have ${prop} configured`);
		});
		assert(client.issuer && client.issuer.issuer, 'client must have an issuer with an identifier');
		MANDATORY.forEach((prop) => {
		assert(client.issuer[prop], `client's issuer must have ${prop} configured`);
		});

		instance(this).client = client;
		instance(this).issuer = client.issuer;
		instance(this).verify = verify;
		const params = instance(this).params = opts.params \|\| {};
		this._client = client;
		this._issuer = client.issuer;
		this._verify = verify;
		const params = this._params = opts.params \|\| {};

		this.name = url.parse(client.issuer.issuer).hostname;
		this.name = url.parse(client.issuer.issuer).hostname;

		if (!params.response_type) params.response_type = _.get(client, 'response_types[0]', 'code');
		if (!params.redirect_uri) params.redirect_uri = _.get(client, 'redirect_uris[0]');
		if (!params.scope) params.scope = 'openid';
		}
		if (!params.response_type) params.response_type = _.get(client, 'response_types[0]', 'code');
		if (!params.redirect_uri) params.redirect_uri = _.get(client, 'redirect_uris[0]');
		if (!params.scope) params.scope = 'openid';
		}

		authenticate(req, options) {
		const client = instance(this).client;
		const issuer = instance(this).issuer;
		try {
		if (!req.session) throw new Error('authentication requires session support when using state, max_age or nonce');
		const reqParams = client.callbackParams(req);
		const sessionKey = `oidc:${url.parse(issuer.issuer).hostname}`;
		OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, options) {
		const client = this._client;
		const issuer = this._issuer;
		try {
		if (!req.session) throw new Error('authentication requires session support when using state, max_age or nonce');
		const reqParams = client.callbackParams(req);
		const sessionKey = `oidc:${url.parse(issuer.issuer).hostname}`;

		/* start authentication request */
		if (_.isEmpty(reqParams)) {
		// provide options objecti with extra authentication parameters
		const opts = _.defaults({}, options, instance(this).params, {
		state: uuid(),
		});
		/* start authentication request */
		if (_.isEmpty(reqParams)) {
		// provide options objecti with extra authentication parameters
		const opts = _.defaults({}, options, this._params, {
		state: uuid(),
		});

		if (!opts.nonce && opts.response_type.includes('id_token')) {
		opts.nonce = uuid();
		}

		req.session[sessionKey] = _.pick(opts, 'nonce', 'state', 'max_age');
		this.redirect(client.authorizationUrl(opts));
		return;
		if (!opts.nonce && opts.response_type.includes('id_token')) {
		opts.nonce = uuid();
		}
		/* end authentication request */

		/* start authentication response */
		const session = _.get(req, `session.${sessionKey}`, {});
		const state = session.state;
		const maxAge = session.max_age;
		const nonce = session.nonce;
		req.session[sessionKey] = _.pick(opts, 'nonce', 'state', 'max_age');
		this.redirect(client.authorizationUrl(opts));
		return;
		}
		/* end authentication request */

		if (req.session) delete req.session[sessionKey];
		/* start authentication response */
		const session = req.session[sessionKey];
		const state = _.get(session, 'state');
		const maxAge = _.get(session, 'max_age');
		const nonce = _.get(session, 'nonce');

		const opts = _.defaults({}, options, {
		redirect_uri: instance(this).params.redirect_uri,
		if (req.session) delete req.session[sessionKey];

		const opts = _.defaults({}, options, {
		redirect_uri: this._params.redirect_uri,
		});

		const checks = { state, nonce, max_age: maxAge };
		let callback = client.authorizationCallback(opts.redirect_uri, reqParams, checks)
		.then((tokenset) => {
		const result = { tokenset };
		return result;
		});

		const checks = { state, nonce, max_age: maxAge };
		let callback = client.authorizationCallback(opts.redirect_uri, reqParams, checks)
		.then((tokenset) => {
		const result = { tokenset };
		const loadUserinfo = this._verify.length > 2;

		if (loadUserinfo) {
		callback = callback.then((result) => {
		const userinfoRequest = client.userinfo(result.tokenset);
		return userinfoRequest.then((userinfo) => {
		result.userinfo = userinfo;
		return result;
		});
		});
		}

		const loadUserinfo = instance(this).verify.length > 2;

		if (loadUserinfo) {
		callback = callback.then((result) => {
		const userinfoRequest = client.userinfo(result.tokenset);
		return userinfoRequest.then((userinfo) => {
		result.userinfo = userinfo;
		return result;
		});
		});
		callback.then((result) => {
		if (result.userinfo) {
		this._verify(result.tokenset, result.userinfo, verified.bind(this));
		} else {
		this._verify(result.tokenset, verified.bind(this));
		}

		callback.then((result) => {
		if (result.userinfo) {
		instance(this).verify(result.tokenset, result.userinfo, verified.bind(this));
		} else {
		instance(this).verify(result.tokenset, verified.bind(this));
		}
		}).catch((error) => {
		if (error instanceof OpenIdConnectError &&
		error.error !== 'server_error' &&
		!error.error.startsWith('invalid')) {
		this.fail(error);
		} else {
		this.error(error);
		}
		});
		/* end authentication response */
		} catch (err) {
		this.error(err);
		}
		}).catch((error) => {
		if (error instanceof OpenIdConnectError &&
		error.error !== 'server_error' &&
		!error.error.startsWith('invalid')) {
		this.fail(error);
		} else {
		this.error(error);
		}
		});
		/* end authentication response */
		} catch (err) {
		this.error(err);
		}
		}
		};

		module.exports = OpenIDConnectStrategy;

package.json

		{
		"name": "openid-client",
		"version": "1.5.1",
		"version": "1.5.2",
		"description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js servers, supports passportjs",
		@@ -5,0 +5,0 @@ "main": "lib/index.js",

openid-client - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics