coolaj86/oauth3.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into v1.0

Browse Source
This commit is contained in:
AJ ONeal 2017-03-29 17:23:02 -06:00
commit 0bfdd009b7
11 changed files with 16883 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "node_modules/terminal-forms.js"]
path = node_modules/terminal-forms.js
url = git@git.daplie.com:/OAuth3/terminal-forms.js

5
.npmignore Normal file
View File

@ -0,0 +1,5 @@
.git*
browserify/
prefactor/
gulpfile.js
bump-version.sh

4
README.md
View File

@ -211,6 +211,7 @@ You can create a very simple demo application like this:
```javascript ```javascript
var providerUri; var providerUri;
var opts = { client_uri: OAUTH3.utils.clientUri(window.location) };
// this is any OAuth3-compatible provider, such as oauth3.org // this is any OAuth3-compatible provider, such as oauth3.org
@ -218,7 +219,7 @@ var providerUri;
// //
function onChangeProvider(_providerUri) { function onChangeProvider(_providerUri) {
providerUri = _providerUri; providerUri = _providerUri;
return OAUTH3.discover(providerUri); // just to cache return OAUTH3.discover(providerUri, opts); // just to cache
} }
@ -226,7 +227,6 @@ function onChangeProvider(_providerUri) {
// //
function onClickLogin() { function onClickLogin() {
var opts = { client_uri: OAuth3.clientUri(window.location) };
return OAUTH3.implicitGrant(providerUri, opts).then(function (session) { return OAUTH3.implicitGrant(providerUri, opts).then(function (session) {
console.info('Authentication was Successful:'); console.info('Authentication was Successful:');

289
bin/oauth3.js
View File

@ -15,138 +15,195 @@ OAUTH3._hooks.session.get = require('../oauth3.node.storage.js').sessions.get;
OAUTH3._hooks.session.set = require('../oauth3.node.storage.js').sessions.set; OAUTH3._hooks.session.set = require('../oauth3.node.storage.js').sessions.set;
*/ */
var url = require('url'); // opts = { email, providerUri }
//console.log('stdin tty', process.stdin.isTTY); module.exports.login = function (options) {
//console.log('stdout tty', process.stdout.isTTY); options = options || {};
var oauth3; var url = require('url');
var opts = { //console.log('stdin tty', process.stdin.isTTY);
providerUri: undefined //console.log('stdout tty', process.stdout.isTTY);
}; var oauth3;
var opts = {
email: options.email
, providerUri: options.providerUri
};
if (opts.form) {
form = opts.form;
}
var email;
var providerUrl;
var providerUri;
var sameProvider;
var username;
function getCurrentUserEmail() { function getSession() {
return form.ask({ label: "What's your email (or cloud mail) address? ", type: 'email' }).then(function (emailResult) {
var emailParts = (emailResult.result || emailResult.input).split('@');
var domain = emailParts[1];
var username; var username;
var sameProvider;
var urlObj = url.parse(opts.providerUri || domain); // TODO lookup uuid locally before performing loginMeta
// TODO get unique client id for bootstrapping app // TODO lookup token locally before performing loginMeta / otp
oauth3 = OAUTH3.create(urlObj); return OAUTH3.authn.loginMeta(oauth3._providerDirectives, { email: email }).then(function (/*result*/) {
form.println("got to setProvider"); return { node: email, type: 'email' };
return oauth3.setProvider(domain).then(function () { }, function (/*err*/) {
form.println("got to setProvider SUCCESS"); // TODO require hashcash to create user account
sameProvider = true; function confirmCreateAccount() {
// ignore // TODO directives should specify private (invite-only) vs internal (request) vs public (allow) accounts
}, function () { return form.ask({
form.println("got to setProvider ERROR"); label: "We don't recognize that address. Do you want to create a new account? [Y/n] "
function askOauth3Url() { , type: 'text' // TODO boolean with default Y or N
return form.ask({ label: "What's your OAuth3 Provider URL? ", type: 'url' }).then(function (urlResult) { }).then(function (result) {
var urlObj = url.parse(urlResult.result || urlResult.input); if (!result.input) {
// TODO get unique client id for bootstrapping app result.input = 'Y';
oauth3 = OAUTH3.create(urlObj); }
return oauth3.setProvider(urlResult.result || urlResult.input).then(function () {
// ignore // TODO needs backup address if email is on same domain as login
}, function (err) { result.input = result.input.toLowerCase();
form.println(err.stack || err.message || err.toString());
return askOauth3Url(); if ('y' !== result.input) {
return getCurrentUserEmail();
}
if (!sameProvider) {
return { node: email, type: 'email' };
}
return form.ask({
label: "What's your recovery email (or cloud mail) address? ", type: 'email'
}).then(function (recoveryResult) {
return {
node: email
, type: 'name'
, recovery: recoveryResult.result || recoveryResult.input
};
}); });
}); });
} }
return askOauth3Url(); return confirmCreateAccount();
}).then(function () { }).then(function (user) {
// TODO lookup uuid locally before performing loginMeta // TODO skip if token exists locally
// TODO lookup token locally before performing loginMeta / otp var email = (user.recovery || user.node);
form.println("got to loginMeta"); form.println("Sending login code to '" + email + "'...");
return OAUTH3.authn.loginMeta(oauth3._providerDirectives, { email: emailResult.input }).then(function (/*result*/) { return OAUTH3.authn.otp(oauth3._providerDirectives, { email: email }).then(function (otpResult) {
return { node: emailResult.result || emailResult.input, type: 'email' }; return form.ask({
}, function (/*err*/) { label: "What's your login code? "
// TODO require hashcash to create user account , help: "(it was sent to '" + email + "' and looks like 1234-5678-9012)"
function confirmCreateAccount() { // onkeyup
// TODO directives should specify private (invite-only) vs internal (request) vs public (allow) accounts // ondebounce
// onchange
// regexp // html5 name?
, onReturnAsync: function (rs, ws, input/*, ch*/) {
var formatted = input.toLowerCase().replace(/[^\d]+/g, '');
if (12 !== formatted.length) {
return form.PromiseA.reject(new Error("invalid code please try again in the format xxxx-yyyy-zzzz"));
}
formatted = formatted.match(/.{4,4}/g).join('-');
if (14 !== formatted.split('').length) {
return form.PromiseA.reject(new Error("invalid code '" + formatted + "', please try again xxxx-yyyy-zzzz"));
}
var data = {
username: email
, username_type: 'email'
, client_id: OAUTH3.uri.normalize(oauth3._providerDirectives.issuer)
, client_uri: OAUTH3.uri.normalize(oauth3._providerDirectives.issuer)
, otp_code: formatted
, otp_uuid: otpResult.data.uuid
};
// returns session instead of input
var colors = require('colors');
form.setStatus(colors.dim("authenticating with server..."));
return OAUTH3.authn.resourceOwnerPassword(oauth3._providerDirectives, data).then(function (result) {
return result;
}, function (/*err*/) {
// TODO test error
return form.PromiseA.reject(new Error("The code '" + formatted + "' is mistyped or incorrect. Double check and try again."));
});
}
});
});
});
}
function getCurrentUserEmail() {
return form.ask({
label: "What's your email (or cloud mail) address? ", type: 'email', value: opts.email
}).then(function (emailResult) {
opts.email = undefined;
email = (emailResult.result || emailResult.input);
var emailParts = email.split('@');
var domain = emailParts[1];
username = emailParts[0];
providerUrl = 'https://' + domain;
providerUri = domain;
var urlObj = url.parse(providerUrl);
// TODO get unique client id for bootstrapping app
oauth3 = OAUTH3.create(urlObj);
return oauth3.setProvider(domain).then(function () {
sameProvider = true;
// ignore
}, function () {
function askOauth3Url() {
return form.ask({ return form.ask({
label: "We don't recognize that address. Do you want to create a new account? [Y/n] " label: "What's your OAuth3 Provider URL? ", type: 'url', value: opts.providerUri
, type: 'text' // TODO boolean with default Y or N }).then(function (urlResult) {
}).then(function (result) { opts.providerUri = undefined;
if (!result.input) { providerUrl = urlResult.result || urlResult.input;
result.input = 'Y'; providerUri = OAUTH3.uri.normalize(providerUrl);
}
// TODO needs backup address if email is on same domain as login var urlObj = url.parse(providerUrl);
result.input = result.input.toLowerCase(); // TODO get unique client id for bootstrapping app
oauth3 = OAUTH3.create(urlObj);
if ('y' !== result.input) { return oauth3.setProvider(providerUri).then(function () {
return getCurrentUserEmail(); // ignore
} }, function (err) {
form.println(err.stack || err.message || err.toString());
if (!sameProvider) { return askOauth3Url();
return { node: emailResult.result || emailResult.input, type: 'email' };
}
return form.ask({
label: "What's your recovery email (or cloud mail) address? ", type: 'email'
}).then(function (recoveryResult) {
username = emailParts[0];
return {
node: emailResult.result || emailResult.input
, type: 'name'
, recovery: recoveryResult.result || recoveryResult.input
};
}); });
}); });
} }
return confirmCreateAccount(); return askOauth3Url();
}); });
}); });
}); }
}
return getCurrentUserEmail().then(function (user) { return getCurrentUserEmail().then(function () {
// TODO skip if token exists locally return OAUTH3._hooks.meta.get(email).then(function (id) {
var email = (user.recovery || user.node); if (!id) {
form.println("Sending login code to '" + email + "'..."); return null;
return OAUTH3.authn.otp(oauth3._providerDirectives, { email: email }).then(function (otpResult) {
return form.ask({
label: "What's your login code? "
, help: "(it was sent to '" + email + "' and looks like 1234-5678-9012)"
// onkeyup
// ondebounce
// onchange
// regexp // html5 name?
, onReturnAsync: function (rs, ws, input/*, ch*/) {
var formatted = input.toLowerCase().replace(/[^\d]+/g, '');
if (12 !== formatted.length) {
return form.PromiseA.reject(new Error("invalid code please try again in the format xxxx-yyyy-zzzz"));
}
formatted = formatted.match(/.{4,4}/g).join('-');
if (14 !== formatted.split('').length) {
return form.PromiseA.reject(new Error("invalid code '" + formatted + "', please try again xxxx-yyyy-zzzz"));
}
var data = {
username: email
, username_type: 'email'
, client_id: OAUTH3.uri.normalize(oauth3._providerDirectives.issuer)
, client_uri: OAUTH3.uri.normalize(oauth3._providerDirectives.issuer)
, otp_code: formatted
, otp_uuid: otpResult.data.uuid
};
// returns session instead of input
var colors = require('colors');
form.setStatus(colors.dim("authenticating with server..."));
return OAUTH3.authn.resourceOwnerPassword(oauth3._providerDirectives, data);
} }
}).then(function (results) { return OAUTH3._hooks.sessions.get(providerUri, id).then(function (session) {
var session = results.result; if (session) {
return session;
form.println('session:'); }
form.println(session); return null;
});
}); });
}).then(function (session) {
if (session) {
return session;
}
return getSession().then(function (sessionResult) {
console.log('sessionResult');
console.log(sessionResult);
var session = sessionResult.result;
var id = require('crypto').createHash('sha256').update(session.token.sub || '').digest('hex');
return OAUTH3._hooks.sessions.set(providerUri, session, id).then(function (session) {
return OAUTH3._hooks.meta.set(email, id).then(function () {
return session;
});
});
});
}).then(function (session) {
form.println('session:');
form.println(session);
oauth3.__session = session;
return oauth3;
}); });
}); };

5
bower.json
View File

@ -29,6 +29,11 @@
"homepage": "https://git.daplie.com/OAuth3/oauth3.js", "homepage": "https://git.daplie.com/OAuth3/oauth3.js",
"ignore": [ "ignore": [
"**/.*", "**/.*",
"browserify",
"prefactor",
"gulpfile.js",
"bump-version.sh",
"oauth3.node.*",
"node_modules", "node_modules",
"bower_components", "bower_components",
"test", "test",

2
node_modules/terminal-forms.js generated vendored

@ -1 +1 @@
Subproject commit f078d479b085e8658fb2039eb3e4de49afd9db0e Subproject commit 91efb1bbf2ab8f4db86f3e93a5c82bf541f1cc67

8
oauth3.core.js
View File

@ -1134,6 +1134,7 @@
return OAUTH3.implicitGrant(me._providerDirectives, opts).then(function (session) { return OAUTH3.implicitGrant(me._providerDirectives, opts).then(function (session) {
me._session = true; me._session = true;
me.__session = session;
return session; return session;
}); });
} }
@ -1149,7 +1150,7 @@
preq.client_id = this._clientUri; preq.client_id = this._clientUri;
preq.method = preq.method || 'GET'; preq.method = preq.method || 'GET';
if (this._session) { if (this._session) {
preq.session = preq.session || OAUTH3.hooks.session._getCached(this._providerUri); preq.session = preq.session || this.session(); // OAUTH3.hooks.session._getCached(this._providerUri);
} }
// TODO maybe use a baseUrl from the directives file? // TODO maybe use a baseUrl from the directives file?
preq.url = OAUTH3.url.resolve(this._providerUri, preq.url); preq.url = OAUTH3.url.resolve(this._providerUri, preq.url);
@ -1157,6 +1158,8 @@
return OAUTH3.request(preq, opts); return OAUTH3.request(preq, opts);
} }
, logout: function (opts) { , logout: function (opts) {
this.__session = false;
this._session = false;
opts = opts || {}; opts = opts || {};
opts.client_uri = this._clientUri; opts.client_uri = this._clientUri;
opts.client_id = this._clientUri; opts.client_id = this._clientUri;
@ -1167,7 +1170,8 @@
, api: function (api, opts) { , api: function (api, opts) {
opts = opts || {}; opts = opts || {};
opts.api = api; opts.api = api;
opts.session = OAUTH3.hooks.session._getCached(this._providerUri); opts.session = this.__session || OAUTH3.hooks.session._getCached(this._providerUri);
return OAUTH3.api(this._providerUri, opts); return OAUTH3.api(this._providerUri, opts);
} }
}; };

16578
oauth3.crypto.fallback.js Normal file
View File

File diff suppressed because it is too large Load Diff

8
oauth3.crypto.fallback.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

114
oauth3.node.storage.js
View File

@ -1,46 +1,134 @@
'use strict'; 'use strict';
var fs = require('fs'); var PromiseA = require('bluebird');
var fs = PromiseA.promisifyAll(require('fs'));
var path = require('path'); var path = require('path');
//var oauth3dir = process.cwd();
var oauth3dir = path.join(require('os').homedir(), '.oauth3', 'v1');
var sessionsdir = path.join(oauth3dir, 'sessions');
var directivesdir = path.join(oauth3dir, 'directives');
var metadir = path.join(oauth3dir, 'meta');
if (!fs.existsSync(oauth3dir)) {
fs.mkdirSync(oauth3dir);
}
if (!fs.existsSync(directivesdir)) {
fs.mkdirSync(directivesdir);
}
if (!fs.existsSync(sessionsdir)) {
fs.mkdirSync(sessionsdir);
}
if (!fs.existsSync(metadir)) {
fs.mkdirSync(metadir);
}
module.exports = { module.exports = {
directives: { directives: {
get: function (providerUri) { all: function () {
return fs.readdirAsync(directivesdir).then(function (nodes) {
return nodes.map(function (node) {
try {
return require(path.join(directivesdir, node));
} catch(e) {
return null;
}
}).filter(Boolean);
});
}
, get: function (providerUri) {
// TODO make safe // TODO make safe
try { try {
return require(path.join(process.cwd(), providerUri + '.directives.json')); return require(path.join(directivesdir, providerUri + '.json'));
} catch(e) { } catch(e) {
return null; return null;
} }
} }
, set: function (providerUri, directives) { , set: function (providerUri, directives) {
fs.writeFileSync(path.join(process.cwd(), providerUri + '.directives.json'), JSON.stringify(directives, null, 2)); return fs.writeFileAsync(
return directives; path.join(directivesdir, providerUri + '.json')
, JSON.stringify(directives, null, 2)
).then(function () {
return directives;
});
}
, clear: function () {
return fs.readdirAsync(directivesdir).then(function (nodes) {
return PromiseA.all(nodes.map(function (node) {
return fs.unlinkAsync(path.join(directivesdir, node)).then(function () { }, function () { });
}));
});
} }
} }
, sessions: { , sessions: {
get: function (providerUri, id) { all: function (providerUri) {
// TODO make safe var dirname = path.join(oauth3dir, 'sessions');
return fs.readdirAsync(dirname).then(function (nodes) {
return nodes.map(function (node) {
var result = require(path.join(dirname, node));
if (result.link) {
return null;
}
}).filter(Boolean).filter(function (result) {
if (!providerUri || providerUri === result.issuer) {
return result;
}
});
});
}
, get: function (providerUri, id) {
var result;
try { try {
if (id) { if (id) {
return require(path.join(process.cwd(), providerUri + '.' + id + '.session.json')); return PromiseA.resolve(require(path.join(sessionsdir, providerUri + '.' + id + '.json')));
} }
else { else {
return require(path.join(process.cwd(), providerUri + '.session.json')); result = require(path.join(sessionsdir, providerUri + '.json'));
// TODO make safer
if (result.link && '/' !== result.link[0] && !/\.\./.test(result.link)) {
result = require(path.join(oauth3dir, 'sessions', result.link));
}
} }
} catch(e) { } catch(e) {
return null; return PromiseA.resolve(null);
} }
return PromiseA.resolve(result);
} }
, set: function (providerUri, session, id) { , set: function (providerUri, session, id) {
var p;
if (id) { if (id) {
fs.writeFileSync(path.join(process.cwd(), providerUri + '.' + id + '.session.json'), JSON.stringify(session, null, 2)); p = fs.writeFileAsync(path.join(sessionsdir, providerUri + '.' + id + '.json'), JSON.stringify(session, null, 2));
} }
else { else {
fs.writeFileSync(path.join(process.cwd(), providerUri + '.session.json'), JSON.stringify(session, null, 2)); p = fs.writeFileAsync(path.join(sessionsdir, providerUri + '.json'), JSON.stringify(session, null, 2));
} }
return session; return p.then(function () {
return session;
});
}
, clear: function () {
var dirname = path.join(oauth3dir, 'sessions');
return fs.readdirAsync(dirname).then(function (nodes) {
return PromiseA.all(nodes.map(function (node) {
return fs.unlinkAsync(path.join(dirname, node));
}));
});
}
}
, meta: {
get: function (key) {
// TODO make safe
try {
return PromiseA.resolve(require(path.join(metadir, key + '.json')));
} catch(e) {
return PromiseA.resolve(null);
}
}
, set: function (key, value) {
return fs.writeFileAsync(path.join(metadir, key + '.json'), JSON.stringify(value, null, 2)).then(function () {
return value;
});
} }
} }
}; };

7
package.json
View File

@ -4,7 +4,7 @@
"description": "The world's smallest, fastest, and most secure OAuth3 (and OAuth2) JavaScript implementation.", "description": "The world's smallest, fastest, and most secure OAuth3 (and OAuth2) JavaScript implementation.",
"main": "oauth3.node.js", "main": "oauth3.node.js",
"scripts": { "scripts": {
"install": "./node_modules/.bin/gulp", "prepare": "gulp",
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"repository": { "repository": {
@ -32,7 +32,8 @@
"sign" "sign"
], ],
"dependencies": { "dependencies": {
"elliptic": "^6.4.0" "elliptic": "^6.4.0",
"terminal-forms.js": "git+https://git.daplie.com/OAuth3/terminal-forms.js.git#v1"
}, },
"devDependencies": { "devDependencies": {
"browserify-aes": "^1.0.6", "browserify-aes": "^1.0.6",
@ -46,6 +47,6 @@
"gulp-uglify": "^2.1.0", "gulp-uglify": "^2.1.0",
"vinyl-source-stream": "^1.1.0" "vinyl-source-stream": "^1.1.0"
}, },
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", "author": "AJ ONeal <aj@daplie.com> (https://daplie.com/)",
"license": "(MIT OR Apache-2.0)" "license": "(MIT OR Apache-2.0)"
} }