From b10ea6232b817f26a79bdf883fff50a69435cdfc Mon Sep 17 00:00:00 2001 From: Alexander Zaslonov Date: Thu, 11 Jun 2020 12:04:43 -0700 Subject: [PATCH] Upgraded client-oauth2 library. Removed auth flow filters. (#699) --- package-lock.json | 46 ++++++++++++++++++------------- package.json | 2 +- src/models/authorizationServer.ts | 3 +- src/services/oauthService.ts | 24 ++++++++-------- 4 files changed, 41 insertions(+), 34 deletions(-) diff --git a/package-lock.json b/package-lock.json index edd7d0c55..10c796ffe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -373,9 +373,9 @@ } }, "@types/tough-cookie": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-2.3.6.tgz", - "integrity": "sha512-wHNBMnkoEBiRAd3s8KTKwIuO9biFtTf0LehITzBhSco+HQI0xkXZbLOD55SW3Aqw3oUkHstkm5SPv58yaAdFPQ==" + "version": "2.3.7", + "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-2.3.7.tgz", + "integrity": "sha512-rMQbgMGxnLsdn8e9aPVyuN+zMQLrZ2QW8xlv7eWS1mydfGXN+tsTKffcIzd8rGCcLdmi3xvQw2MDaZI1bBNTaw==" }, "@types/tunnel": { "version": "0.0.1", @@ -1797,12 +1797,19 @@ } }, "client-oauth2": { - "version": "4.2.5", - "resolved": "https://registry.npmjs.org/client-oauth2/-/client-oauth2-4.2.5.tgz", - "integrity": "sha512-GAhVLveAbBkwcfEH/d5lTW9eCgcPR3Up93cx7v4qWTdLCa4O0m3ykNNn4aAVeWOiHfWL5skO+3u0F/gfAxZuPQ==", + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/client-oauth2/-/client-oauth2-4.3.0.tgz", + "integrity": "sha512-TLybiXlrQrEg+KBPSWva5/kbxyAisLrsnj11Rl/+jpMZowQvYzfTY8DUZNuDFkX6bSSvN9cVc2xhqNh9quC6JA==", "requires": { - "popsicle": "12.0.4", - "safe-buffer": "^5.1.1" + "popsicle": "^12.0.5", + "safe-buffer": "^5.2.0" + }, + "dependencies": { + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" + } } }, "clipboard": { @@ -7366,17 +7373,17 @@ "integrity": "sha1-TFd5ClCWkoMv2/EN+t3XlIxctXQ=" }, "popsicle": { - "version": "12.0.4", - "resolved": "https://registry.npmjs.org/popsicle/-/popsicle-12.0.4.tgz", - "integrity": "sha512-UuxhAFa4RXBecC6ZK24sKra/9va1bTxnb3CQpFsm+VBW72sl+UtTAmZv7LZTvvDNnGusAqisN+a6xSN9xSQzZA==", + "version": "12.0.5", + "resolved": "https://registry.npmjs.org/popsicle/-/popsicle-12.0.5.tgz", + "integrity": "sha512-PZt2+KfNQVwYXEwaAdJPLsYFJ+j0M25+26GhBovxhq9TZFRJfigAlJ5JfioCf/9R4RcTSu9VeaovJcb20Br7mw==", "requires": { "popsicle-content-encoding": "^1.0.0", "popsicle-cookie-jar": "^1.0.0", - "popsicle-redirects": "^1.0.0", - "popsicle-transport-http": "^1.0.0", - "popsicle-transport-xhr": "^1.0.0", + "popsicle-redirects": "^1.1.0", + "popsicle-transport-http": "^1.0.6", + "popsicle-transport-xhr": "^1.0.2", "popsicle-user-agent": "^1.0.0", - "servie": "^4.0.6", + "servie": "^4.3.2", "throwback": "^4.1.0", "tough-cookie": "^3.0.1" } @@ -7401,9 +7408,9 @@ "integrity": "sha512-XCpzVjVk7tty+IJnSdqWevmOr1n8HNDhL86v7mZ6T1JIIf2KGybxUk9mm7ZFOhWMkGB0e8XkacHip7BV8AQWQA==" }, "popsicle-transport-http": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/popsicle-transport-http/-/popsicle-transport-http-1.0.7.tgz", - "integrity": "sha512-UVpbAfJn9Z19A84WdIklHzbK8EHt7o1w0u6JEkAx6BTlkSxI6T2Lo5Vr989YO8pPmbFZhNClz3Eir8fldAYWpQ==", + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/popsicle-transport-http/-/popsicle-transport-http-1.0.8.tgz", + "integrity": "sha512-5jeUUNSAElwNnFkb6LE1b/YlOHlaFWKN8N8BBdHZWIK6QQzb34nuXkbKJZxn7xK5VrGpCAraHayycQf7KpIJOw==", "requires": { "make-error-cause": "^2.2.0", "pump": "^3.0.0" @@ -11429,7 +11436,8 @@ }, "yargs-parser": { "version": "13.1.1", - "resolved": "", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.1.tgz", + "integrity": "sha512-oVAVsHz6uFrg3XQheFII8ESO2ssAf9luWuAd6Wexsu4F3OtIW0o8IribPXYrD4WC24LWtPrJlGy87y5udK+dxQ==", "dev": true, "requires": { "camelcase": "^5.0.0", diff --git a/package.json b/package.json index fed87eb3f..6dc964626 100644 --- a/package.json +++ b/package.json @@ -70,7 +70,7 @@ "@webcomponents/shadydom": "^1.7.3", "adal-vanilla": "^1.0.18", "applicationinsights-js": "^1.0.21", - "client-oauth2": "^4.2.5", + "client-oauth2": "4.3.0", "core-js": "^3.6.5", "d3": "^5.16.0", "google-maps": "^4.2.3", diff --git a/src/models/authorizationServer.ts b/src/models/authorizationServer.ts index ffa59a929..8286b28f7 100644 --- a/src/models/authorizationServer.ts +++ b/src/models/authorizationServer.ts @@ -21,7 +21,6 @@ export class AuthorizationServer { ? contract.properties.defaultScope.split(" ") : []; - // Temporarily filtering out other flows, until backend starts support them. - this.grantTypes = contract.properties.grantTypes.filter(x => x === GrantTypes.implicit); + this.grantTypes = contract.properties.grantTypes; } } \ No newline at end of file diff --git a/src/services/oauthService.ts b/src/services/oauthService.ts index 5fa6d5481..fe4b37f70 100644 --- a/src/services/oauthService.ts +++ b/src/services/oauthService.ts @@ -12,11 +12,7 @@ export class OAuthService { try { const pageOfAuthservers = await this.mapiClient.get>("/authorizationServers"); - return pageOfAuthservers - .value - .map(authServer => new AuthorizationServer(authServer)) - // Temporarily filtering out other flows, until backend starts support them. - .filter(authServer => authServer.grantTypes.includes(GrantTypes.implicit)); + return pageOfAuthservers.value.map(authServer => new AuthorizationServer(authServer)); } catch (error) { throw new Error(`Unable to fetch configured authorization servers.`); @@ -30,7 +26,7 @@ export class OAuthService { case GrantTypes.implicit: accessToken = await this.authenticateImplicit(authorizationServer); break; - + case GrantTypes.authorizationCode: accessToken = await this.authenticateCode(authorizationServer); break; @@ -47,11 +43,13 @@ export class OAuthService { } public authenticateImplicit(authorizationServer: AuthorizationServer): Promise { + const redirectUri = `https://${location.hostname}/signin-oauth/implicit/callback`; + const oauthClient = new ClientOAuth2({ clientId: authorizationServer.clientId, accessTokenUri: authorizationServer.tokenEndpoint, authorizationUri: authorizationServer.authorizationEndpoint, - redirectUri: `https://${location.hostname}/signin-oauth/implicit/callback`, + redirectUri: redirectUri, scopes: authorizationServer.scopes }); @@ -59,14 +57,14 @@ export class OAuthService { window.open(oauthClient.token.getUri(), "_blank", "width=400,height=500"); const receiveMessage = async (event: MessageEvent) => { - const uri = event.data["uri"]; + const tokenHash = event.data["uri"]; - if (!uri) { + if (!tokenHash) { return; } - const user = await oauthClient.token.getToken(uri); - resolve(`${user.tokenType} ${user.accessToken}`); + const oauthToken = await oauthClient.token.getToken(redirectUri + tokenHash); + resolve(`${oauthToken.tokenType} ${oauthToken.accessToken}`); }; window.addEventListener("message", receiveMessage, false); @@ -74,11 +72,13 @@ export class OAuthService { } public async authenticateCode(authorizationServer: AuthorizationServer): Promise { + const redirectUri = `https://${location.hostname}/signin-oauth/code/callback/${authorizationServer.id}`; + const oauthClient = new ClientOAuth2({ clientId: authorizationServer.clientId, accessTokenUri: authorizationServer.tokenEndpoint, authorizationUri: authorizationServer.authorizationEndpoint, - redirectUri: `https://${location.hostname}/signin-oauth/code/callback/${authorizationServer.id}`, + redirectUri: redirectUri, scopes: authorizationServer.scopes });