-
Notifications
You must be signed in to change notification settings - Fork 263
/
Copy pathresponse.js
124 lines (104 loc) · 3.12 KB
/
response.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
var qs = require('qs')
var tokens = (provider, response) => {
var data = {}
if (provider.concur) {
data.access_token = response.replace(
/[\s\S]+<Token>([^<]+)<\/Token>[\s\S]+/, '$1')
data.refresh_token = response.replace(
/[\s\S]+<Refresh_Token>([^<]+)<\/Refresh_Token>[\s\S]+/, '$1')
}
else if (provider.getpocket) {
data.access_token = response.access_token
}
else if (provider.yammer) {
data.access_token = response.access_token.token
}
else if (provider.oauth === 1) {
if (response.oauth_token) {
data.access_token = response.oauth_token
}
if (response.oauth_token_secret) {
data.access_secret = response.oauth_token_secret
}
}
else if (provider.oauth === 2) {
if (response.id_token) {
data.id_token = response.id_token
}
if (response.access_token) {
data.access_token = response.access_token
}
if (response.refresh_token) {
data.refresh_token = response.refresh_token
}
}
return data
}
var oidc = (provider, session, response) => {
if (!/^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/.test(response.id_token)) {
return {error: 'Grant: OpenID Connect invalid id_token format'}
}
var [header, payload, signature] = response.id_token.split('.')
try {
header = JSON.parse(Buffer.from(header, 'base64').toString('binary'))
payload = JSON.parse(Buffer.from(payload, 'base64').toString('utf8'))
}
catch (err) {
return {error: 'Grant: OpenID Connect error decoding id_token'}
}
if (![].concat(payload.aud).includes(provider.key)) {
return {error: 'Grant: OpenID Connect invalid id_token audience'}
}
else if (session.nonce && (payload.nonce !== session.nonce)) {
return {error: 'Grant: OpenID Connect nonce mismatch'}
}
return {header, payload, signature}
}
var data = ({provider, input, input:{session}, output}) => {
if (output.error) {
return {provider, input, output}
}
if (output.id_token) {
var jwt = oidc(provider, session, output)
if (jwt.error) {
return {provider, input, output: jwt}
}
}
if (!provider.response) {
var data = tokens(provider, output)
data.raw = output
}
else {
var data = {}
var response = [].concat(provider.response)
if (response.find((key) => /token/.test(key))) {
data = tokens(provider, output)
}
if (response.includes('jwt') && jwt) {
data.jwt = {id_token: jwt}
}
if (response.includes('raw')) {
data.raw = output
}
}
return {provider, input, output: data}
}
var transport = ({provider, input, input:{params, state, session}, output}) => ({
location:
(params.override !== 'callback' && !output.error)
? output
: (!provider.transport || provider.transport === 'querystring')
? `${provider.callback || '/'}?${qs.stringify(output)}`
: provider.transport === 'session'
? provider.callback
: undefined,
session: (
provider.transport === 'session' ? session.response = output : null,
session
),
state: (
provider.transport === 'state' ? state.response = output : null,
state
),
})
module.exports = {data, transport}