Apply changes from https://github.com/solid/oidc-auth-manager

package.json

@@ -1,12 +1,12 @@
 {
   "name": "oidc-auth-manager",
-  "version": "0.15.0",
+  "version": "0.15.1",
   "description": "An OpenID Connect (OIDC) authentication manager (OP, RP and RS) for decentralized peer-to-peer authentication",
   "main": "./src/index.js",
   "scripts": {
     "standard": "standard",
     "test": "npm run standard && npm run mocha",
-    "mocha": "nyc mocha test/**/*.js",
+    "mocha": "nyc mocha --exit test/**/*.js",
     "preversion": "npm test",
     "postversion": "git push --follow-tags"
   },
@@ -53,13 +53,13 @@
     "chai": "^4.1.0",
     "chai-as-promised": "^7.1.1",
     "dirty-chai": "^2.0.1",
-    "mocha": "^3.5.0",
-    "nock": "^9.0.14",
-    "node-mocks-http": "^1.6.4",
-    "nyc": "^11.1.0",
+    "mocha": "^5.2.0",
+    "nock": "^9.2.6",
+    "node-mocks-http": "^1.7.0",
+    "nyc": "^11.8.0",
     "sinon": "^2.4.1",
     "sinon-chai": "^2.12.0",
-    "standard": "^10.0.2",
+    "standard": "^11.0.1",
     "whatwg-url": "^6.1.0"
   },
   "nyc": {

src/handlers/auth-callback-request.js

@@ -55,17 +55,16 @@ class AuthCallbackRequest {
     }
 
     let requestUri = AuthCallbackRequest.fullUriFor(req)
-
     let issuer = AuthCallbackRequest.extractIssuer(req)
 
     let options = {
       issuer,
       requestUri,
       oidcManager,
       serverUri,
+      returnToUrl: req.session.returnToUrl,
       response: res,
-      session: req.session,
-      returnToUrl: req.session.returnToUrl
+      session: req.session
     }
 
     let request = new AuthCallbackRequest(options)
@@ -158,6 +157,7 @@ class AuthCallbackRequest {
     this.debug('  Resuming workflow, redirecting to ' + this.returnToUrl)
 
     delete this.session.returnToUrl
+
     return this.response.redirect(302, this.returnToUrl)
   }
 }

src/handlers/login-consent-request.js

@@ -16,14 +16,14 @@ class LoginConsentRequest {
   static handle (opAuthRequest, skipConsent = false) {
     let notLoggedIn = !opAuthRequest.subject
     if (notLoggedIn) {
-      return Promise.resolve(opAuthRequest)  // pass through
+      return Promise.resolve(opAuthRequest) // pass through
     }
 
     let consentRequest = LoginConsentRequest.from(opAuthRequest)
 
     if (skipConsent) {
       consentRequest.markConsentSuccess(opAuthRequest)
-      return Promise.resolve(opAuthRequest)  // pass through
+      return Promise.resolve(opAuthRequest) // pass through
     }
 
     return LoginConsentRequest.obtainConsent(consentRequest)

src/handlers/select-provider-request.js

@@ -12,13 +12,16 @@ class SelectProviderRequest {
    * @param [options.oidcManager] {OidcManager}
    * @param [options.response] {HttpResponse}
    * @param [options.serverUri] {string}
+   * @param [options.returnToUrl] {string} Url of the original resource
+   *   a client was trying to access before being redirected to select provider
    */
   constructor (options) {
     this.webId = options.webId
     this.oidcManager = options.oidcManager
     this.response = options.response
     this.session = options.session
     this.serverUri = options.serverUri
+    this.returnToUrl = options.returnToUrl
   }
 
   /**
@@ -58,8 +61,9 @@ class SelectProviderRequest {
    * @return {SelectProviderRequest}
    */
   static fromParams (req, res) {
-    let body = req.body || {}
-    let webId = SelectProviderRequest.normalizeUri(body.webid)
+    const body = req.body || {}
+    const query = req.query || {}
+    const webId = SelectProviderRequest.normalizeUri(body.webid)
 
     let oidcManager, serverUri
     if (req.app && req.app.locals) {
@@ -72,6 +76,7 @@ class SelectProviderRequest {
       webId,
       oidcManager,
       serverUri,
+      returnToUrl: query.returnToUrl,
       response: res,
       session: req.session
     }
@@ -124,6 +129,7 @@ class SelectProviderRequest {
   static handlePost (request) {
     return Promise.resolve()
       .then(() => request.validate())
+      .then(() => request.saveReturnToUrl())
       .then(() => request.selectProvider())
       .catch(err => request.error(err))
   }
@@ -163,6 +169,15 @@ class SelectProviderRequest {
       .then(providerAuthUrl => this.response.redirect(providerAuthUrl))
   }
 
+  /**
+   * Saves `returnToUrl` param for later use in AuthCallbackRequest handler,
+   * to redirect the client to the original resource they were trying to access
+   * before entering the authn workflow.
+   */
+  saveReturnToUrl () {
+    this.session.returnToUrl = this.returnToUrl
+  }
+
   /**
    * @throws {Error}
    *

src/host-api.js

@@ -77,7 +77,7 @@ function authenticatedUser (authRequest) {
  */
 function initSubjectClaim (authRequest, webId) {
   authRequest.subject = {
-    _id: webId  // put webId into the IDToken's subject claim
+    _id: webId // put webId into the IDToken's subject claim
   }
 }
 

src/oidc-manager.js

@@ -249,7 +249,7 @@ class OidcManager {
   }
 
   initRs () {
-    let rsConfig = {  // oidc-rs
+    let rsConfig = { // oidc-rs
       defaults: {
         handleErrors: false,
         optional: true,
@@ -381,7 +381,7 @@ class OidcManager {
     // Otherwise, verify that issuer is the preferred OIDC provider for the web id
     return discoverProviderFor(webId)
       .then(preferredProvider => {
-        if (preferredProvider === issuer) {  // everything checks out
+        if (preferredProvider === issuer) { // everything checks out
           return webId
         }
 
@@ -461,7 +461,7 @@ class OidcManager {
 
     try {
       webId = new URL(webId)
-      let webIdOrigin = webId.origin  // drop the path
+      let webIdOrigin = webId.origin // drop the path
 
       match = (issuer === webIdOrigin) || OidcManager.isSubdomain(webIdOrigin, issuer)
     } catch (err) {
@@ -482,10 +482,10 @@ class OidcManager {
     domain = new URL(domain)
 
     if (subdomain.protocol !== domain.protocol) {
-      return false  // protocols must match
+      return false // protocols must match
     }
 
-    subdomain = subdomain.host  // hostname + port, minus the protocol
+    subdomain = subdomain.host // hostname + port, minus the protocol
     domain = domain.host
 
     // Chop off the first subdomain (alice.databox.me -> databox.me)

src/preferred-provider.js

@@ -24,7 +24,7 @@ function preferredProviderFor (uri) {
   return providerExists(uri)
     .then(providerUri => {
       if (providerUri) {
-        return providerUri  // the given uri's origin hosts an OIDC provider
+        return providerUri // the given uri's origin hosts an OIDC provider
       }
 
       // Given uri is not a provider (for example, a static Web ID profile URI)
@@ -72,7 +72,7 @@ function discoverProviderFor (webId) {
         providerUri = (new URL(providerUri)).origin
       }
 
-      validateProviderUri(providerUri, webId)  // Throw an error if empty or invalid
+      validateProviderUri(providerUri, webId) // Throw an error if empty or invalid
 
       return providerUri
     })

test/unit/auth-callback-request.js

@@ -77,7 +77,8 @@ describe('AuthCallbackRequest', () => {
 
       let oidcManager = {}
       let host = { serverUri: 'https://example.com' }
-      let session = { returnToUrl: 'https://example.com/resource' }
+      let returnToUrl = 'https://example.com/resource#hash'
+      let session = { returnToUrl }
 
       let req = {
         session,
@@ -96,7 +97,7 @@ describe('AuthCallbackRequest', () => {
       expect(request.oidcManager).to.equal(oidcManager)
       expect(request.response).to.equal(res)
       expect(request.session).to.equal(session)
-      expect(request.returnToUrl).to.equal(session.returnToUrl)
+      expect(request.returnToUrl).to.equal(returnToUrl)
     })
   })
 

test/unit/preferred-provider-test.js

@@ -67,12 +67,12 @@ describe('preferred-provider.js', () => {
     it('should throw an error if webid is reachable but no provider uri found', done => {
       nock(serverUri)
         .options('/')
-        .reply(204, 'No content')  // no provider uri in OPTIONS headers
+        .reply(204, 'No content') // no provider uri in OPTIONS headers
 
       nock(serverUri)
         .get('/')
         .reply(200, '', {
-          'Content-Type': 'text/turtle'  // no provider triple in the profile
+          'Content-Type': 'text/turtle' // no provider triple in the profile
         })
 
       provider.discoverProviderFor(webId)

test/unit/select-provider-request.js

@@ -79,13 +79,17 @@ describe('SelectProviderRequest', () => {
     let res = HttpMocks.createResponse()
     let serverUri = 'https://example.com'
 
+    // 'https%3A%2F%2Foriginal.com%2Fpath%23hash'
+    const returnToUrl = encodeURIComponent('https://original.com/path#hash')
+
     it('should initialize a SelectProviderRequest instance', () => {
       let aliceWebId = 'https://alice.example.com'
       let oidcManager = {}
       let session = {}
       let req = {
         session,
         body: { webid: aliceWebId },
+        query: { returnToUrl },
         app: { locals: { oidc: oidcManager, host: { serverUri } } }
       }
 
@@ -95,6 +99,7 @@ describe('SelectProviderRequest', () => {
       expect(request.oidcManager).to.equal(oidcManager)
       expect(request.session).to.equal(session)
       expect(request.serverUri).to.equal(serverUri)
+      expect(request.returnToUrl).to.equal(returnToUrl)
     })
 
     it('should attempt to normalize an invalid webid uri', () => {
@@ -126,6 +131,19 @@ describe('SelectProviderRequest', () => {
     })
   })
 
+  describe('saveReturnToUrl()', () => {
+    it('should save the returnToUrl in session', () => {
+      let response = HttpMocks.createResponse()
+      let session = {}
+      let returnToUrl = encodeURIComponent('https://example.com/path#hash')
+      let request = new SelectProviderRequest({ response, session, returnToUrl })
+
+      request.saveReturnToUrl()
+
+      expect(request.session.returnToUrl).to.equal(returnToUrl)
+    })
+  })
+
   describe('selectProvider()', () => {
     it('should fetch the provider uri and redirect user to its /authorize endpoint', () => {
       let webId = 'https://example.com/#me'
@@ -178,11 +196,13 @@ describe('SelectProviderRequest', () => {
 
       request.validate = sinon.stub().resolves()
       request.selectProvider = sinon.stub().resolves()
+      request.saveReturnToUrl = sinon.stub()
 
       return SelectProviderRequest.handlePost(request)
         .then(() => {
           expect(request.validate).to.have.been.called()
           expect(request.selectProvider).to.have.been.called()
+          expect(request.saveReturnToUrl).to.have.been.called()
         })
     })