Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

remix-auth-oauth2

Package Overview
Dependencies
Maintainers
1
Versions
24
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

remix-auth-oauth2 - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

2

build/index.d.ts

@@ -104,3 +104,3 @@ import { AppLoadContext, SessionStorage } from "@remix-run/server-runtime";

*/
protected authorizationParams(): URLSearchParams;
protected authorizationParams(params: URLSearchParams): URLSearchParams;
/**

@@ -107,0 +107,0 @@ * Return extra parameters to be included in the token request.

65

build/index.js
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.OAuth2Strategy = void 0;
const server_runtime_1 = require("@remix-run/server-runtime");
const debug_1 = __importDefault(require("debug"));
const remix_auth_1 = require("remix-auth");
const uuid_1 = require("uuid");
let debug = (0, debug_1.default)("OAuth2Strategy");
/**

@@ -62,2 +67,3 @@ * The OAuth 2.0 authentication strategy authenticates requests using the OAuth

var _a;
debug("Request URL", request.url);
let url = new URL(request.url);

@@ -68,13 +74,14 @@ let session = await sessionStorage.getSession(request.headers.get("Cookie"));

if (user) {
if (options.successRedirect)
throw (0, server_runtime_1.redirect)(options.successRedirect);
else
return user;
debug("User is authenticated");
return this.success(user, request, sessionStorage, options);
}
let callbackURL = this.getCallbackURL(url);
debug("Callback URL", callbackURL);
// Redirect the user to the callback URL
if (url.pathname !== callbackURL.pathname) {
debug("Redirecting to callback URL");
let state = this.generateState();
debug("State", state);
session.set(this.sessionStateKey, state);
throw (0, server_runtime_1.redirect)(this.getAuthorizationURL(state).toString(), {
throw (0, server_runtime_1.redirect)(this.getAuthorizationURL(request, state).toString(), {
headers: { "Set-Cookie": await sessionStorage.commitSession(session) },

@@ -84,6 +91,13 @@ });

// Validations of the callback URL params
let state = url.searchParams.get("state");
if (!state)
throw (0, server_runtime_1.json)({ message: "Missing state." }, { status: 400 });
if (session.get(this.sessionStateKey) === state) {
let stateUrl = url.searchParams.get("state");
debug("State from URL", stateUrl);
if (!stateUrl)
throw (0, server_runtime_1.json)({ message: "Missing state on URL." }, { status: 400 });
let stateSession = session.get(this.sessionStateKey);
debug("State from session", stateSession);
if (!stateSession) {
throw (0, server_runtime_1.json)({ message: "Missing state on session." }, { status: 400 });
}
if (stateSession === stateUrl) {
debug("State is valid");
session.unset(this.sessionStateKey);

@@ -114,25 +128,8 @@ }

catch (error) {
debug("Failed to verify user", error);
let message = error.message;
// if we don't have a failureRedirect, we'll just throw a 401 error
if (!options.failureRedirect) {
throw (0, server_runtime_1.json)({ message }, { status: 401 });
}
// if we do have a failureRedirect, we'll redirect to it and set the
// error on the session with the key oauth2:error
session.set("oauth2:error", { message });
let cookie = await sessionStorage.commitSession(session);
throw (0, server_runtime_1.redirect)(options.failureRedirect, {
headers: { "Set-Cookie": cookie },
});
return await this.failure(message, request, sessionStorage, options);
}
// if a successRedirect is not provided, we'll just return the user
if (!options.successRedirect)
return user;
// if we get the successRedirect, we'll set the user in the session and then
// redirect to the successRedirect URL
session.set(options.sessionKey, user);
let cookie = await sessionStorage.commitSession(session);
throw (0, server_runtime_1.redirect)(options.successRedirect, {
headers: { "Set-Cookie": cookie },
});
debug("User authenticated");
return await this.success(user, request, sessionStorage, options);
}

@@ -163,4 +160,4 @@ /**

*/
authorizationParams() {
return new URLSearchParams();
authorizationParams(params) {
return new URLSearchParams(params);
}

@@ -197,4 +194,4 @@ /**

}
getAuthorizationURL(state) {
let params = new URLSearchParams(this.authorizationParams());
getAuthorizationURL(request, state) {
let params = new URLSearchParams(this.authorizationParams(new URL(request.url).searchParams));
params.set("response_type", "code");

@@ -201,0 +198,0 @@ params.set("client_id", this.clientID);

4

package.json
{
"name": "remix-auth-oauth2",
"version": "1.1.0",
"version": "1.2.0",
"main": "./build/index.js",

@@ -37,2 +37,3 @@ "types": "./build/index.d.ts",

"@remix-run/server-runtime": "^1.0.0",
"@types/debug": "^4.1.7",
"@types/jest": "^26.0.23",

@@ -57,2 +58,3 @@ "@types/uuid": "^8.3.3",

"dependencies": {
"debug": "^4.3.3",
"remix-auth": "^3.1.0",

@@ -59,0 +61,0 @@ "uuid": "^8.3.2"

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc