coolaj86/issuer.html
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:playground
coolaj86:v1.2
coolaj86:remember-me
coolaj86:v1
coolaj86:checkbox-fix
coolaj86:v1.2.2
coolaj86:v1.2.1
coolaj86:v1.0.37
coolaj86:v1.2.0
coolaj86:pre-issuer-rewrite
coolaj86:2017-09-13
coolaj86:2017-08-01
..
compare: coolaj86:2017-08-01
Branches Tags
coolaj86:playground
coolaj86:master
coolaj86:v1.2
coolaj86:remember-me
coolaj86:v1
coolaj86:checkbox-fix
coolaj86:v1.2.2
coolaj86:v1.2.1
coolaj86:v1.0.37
coolaj86:v1.2.0
coolaj86:pre-issuer-rewrite
coolaj86:2017-09-13
coolaj86:2017-08-01

No commits in common. "master" and "2017-08-01" have entirely different histories.
master ... 2017-08-01

10 changed files with 193 additions and 248 deletions
Show Stats Expand all files Collapse all files

2
.well-known/oauth3
View File

@ -1 +1 @@
../assets/oauth3.org/.well-known/oauth3 ../assets/org.oauth3/.well-known/oauth3

5
CHANGELOG
View File

@ -1,5 +0,0 @@
v1.2.1 - Authorization Dialog for ID Issuer
* Resource Owner Password token exchange
* Public / Private Keypair generation
* Public key (remember device) syncing
* BUG: Remember me is not operational

41
LICENSE
View File

@ -1,41 +0,0 @@
Copyright 2017 Daplie, Inc
This is open source software; you can redistribute it and/or modify it under the
terms of either:
a) the "MIT License"
b) the "Apache-2.0 License"
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Apache-2.0 License Summary
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

26
README.md
View File

@ -1,30 +1,16 @@
issuer.html This is a WALNUT module representing the html package for oauth3.org.
===========
| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js) It must be installed to `/srv/walnut/packages/pages/org.oauth3`
| *issuer.html*
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
| [issuer.srv](https://git.oauth3.org/OAuth3/issuer.srv)
| Sponsored by [ppl](https://ppl.family)
This is a browser application which implements the issuer side of the *authorization_dialog* flow for OAuth3.
It may be used client-side only (public key or granted scope syncing will be disabled),
or will the *issuer.rest.walnut.js* APIs on the backend for full functionality.
For use with walnut it must be installed to `/opt/walnut/packages/pages/issuer@oauth3.org`
```bash ```bash
git clone git@git.oauth3.org:OAuth3/org.oauth3.git /opt/walnut/packages/pages/issuer@oauth3.org git clone git@git.daplie.com:OAuth3/org.oauth3.git /srv/walnut/packages/pages/org.oauth3
pushd /opt/walnut/packages/pages/issuer@oauth3.org pushd /srv/walnut/packages/pages/org.oauth3
bash ./install.sh bash ./install.sh
popd popd
``` ```
```bash ```bash
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/EXAMPLE.COM echo "org.oauth3" >> /srv/walnut/packages/sites/EXAMPLE.COM
``` ```
This uses the OAuth3 JavaScript SDK `oauth3.js` as a subpackage in This uses the OAuth3 JavaScript SDK `oauth3.js` as a subpackage in `/srv/walnut/packages/pages/org.oauth3/assets/org.oauth3`.
`/opt/walnut/packages/pages/issuer@oauth3.org/assets/oauth3.org`.

4
css/daplie-installer-overrides.css
View File

@ -12,6 +12,10 @@ html, body {
background-color: #282828; background-color: #282828;
color: #FFFFFF; color: #FFFFFF;
} }
/*override bootstrap fade*/
.fade {
opacity: 1;
}
input.emailInput::placeholder { input.emailInput::placeholder {
font-family : Brown Regular; font-family : Brown Regular;
font-size : 14px; font-size : 14px;

99
index.html
View File

@ -1,31 +1,30 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<title>Login Facilitator: OAuth3.org</title> <title>Login Facilitator: OAuth3.org</title>
<link rel="stylesheet" type="text/css" href="/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="/css/bootstrap.min.css">
<!-- <link rel="stylesheet" type="text/css" href="/css/style.css"> --> <!-- <link rel="stylesheet" type="text/css" href="/css/style.css"> -->
<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Lato:300"> <link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Lato:300">
<script src="https://use.fontawesome.com/3af0faae66.js"></script> <script src="https://use.fontawesome.com/3af0faae66.js"></script>
<link rel="stylesheet" type="text/css" href="/css/daplie-installer-overrides.css"> <link rel="stylesheet" type="text/css" href="/css/daplie-installer-overrides.css">
</head> </head>
<body> <body class="fade mock-main">
<div class="fade mock-main">
<!-- STEP 1: ask the user where they want to log in --> <!-- STEP 1: ask the user where they want to log in -->
<!-- STEP 2: ask the user for their email --> <!-- STEP 2: ask the user for their email -->
<!-- STEP 3+4: ask for login code and to remember device --> <!-- STEP 3+4: ask for login code and to remember device -->
<!-- TODO: remember-me-not implementation? --> <!-- TODO: remember-me-not implementation? -->
<!-- <button class="btn btn-secondary js-authz-show js-authz-remember-me-not">Just this once</button>--> <!-- <button class="btn btn-secondary js-authz-show js-authz-remember-me-not">Just this once</button>-->
<!-- Step 5: ask for permissions --> <!-- Step 5: ask for permissions -->
<div class="dap-bordered js-userid-container"> <div class="dap-bordered js-userid-container">
<p class="org-title">daplie.me</p> <p class="org-title">Safelogin.org</p>
<p class="dap-centered-text dap-normal-text welcome-text center-it">Welcome to a new way to login. daplie.me helps you create an Internet ID that allows you to choose what info is shared about you when you login into a site or app online.</p> <p class="dap-centered-text dap-normal-text welcome-text center-it">Welcome to a new way to login. Safelogin.org helps you create an Internet ID that allows you to choose what info is shared about you when you login into a site or app online.</p>
<form method="post" action=""> <form method="post" action="">
<div class="form-group"> <div class="form-group">
<input type="email" class="form-control dap-input js-oauth3-email emailInput" placeholder="Enter an email address to start"></input> <input type="email" class="form-control dap-input js-oauth3-email emailInput" placeholder="Enter an email address to start"></input>
@ -46,7 +45,7 @@
</div> </div>
<div class="dap-bordered js-authn"> <div class="dap-bordered js-authn">
<p class="org-title">daplie.me</p> <p class="org-title">Safelogin.org</p>
<!-- <div class="dap-normal-text"> <!-- <div class="dap-normal-text">
<span class="fa fa-3x icon-centered-3x fa-purple fa-envelope"></span> <span class="fa fa-3x icon-centered-3x fa-purple fa-envelope"></span>
</div> </div>
@ -72,7 +71,8 @@
<input class="js-remember-checkbox hidden" type="checkbox"></input> <input class="js-remember-checkbox hidden" type="checkbox"></input>
</label> </label>
</div> </div>
<button type="submit" class="btn btn-primary submit-btn dap-full-button-green js-submit-code-btn" disabled>Submit</button> <!-- <button class="dap-full-button-green js-remember-btn js-authz-remember-me">SIGN IN ONCE</button> -->
<button type="submit" class="btn btn-primary submit-btn dap-full-button-green js-remember-btn js-authz-remember-me" disabled>Submit</button>
<!-- <a href="./authnocode.html" target="_blank" class="btn btn-primary">Send Code Again</a> --> <!-- <a href="./authnocode.html" target="_blank" class="btn btn-primary">Send Code Again</a> -->
<button class="btn btn-primary js-edit-email-button" type="button">Edit My Email</button> <button class="btn btn-primary js-edit-email-button" type="button">Edit My Email</button>
</form> </form>
@ -86,14 +86,14 @@
</div> </div>
<div class="dap-bordered dap-normal-text js-authz"> <div class="dap-bordered dap-normal-text js-authz">
<p class="org-title">daplie.me</p> <p class="org-title">Safelogin.org</p>
<!-- <br> --> <!-- <br> -->
<!-- <div class="dap-user-plus-app"> <!-- <div class="dap-user-plus-app">
<span class="fa fa-3x fa-purple fa-user-circle"></span> <span class="fa fa-3x fa-purple fa-user-circle"></span>
<span class="fa fa-2x fa-gray fa-plus"></span> <span class="fa fa-2x fa-gray fa-plus"></span>
<img class="dap-lab-logo" src="./img/Daplie-Badge-Purple.png" alt="Daplie Labs Logo"> <img class="dap-lab-logo" src="./img/Daplie-Badge-Purple.png" alt="Daplie Labs Logo">
</div> --> </div> -->
<p class="dap-centered-text dap-normal-text almost-done-text">Almost done. Now it's time to set your preferences.</p> <p class="dap-centered-text dap-normal-text almost-done-text">Almost done. Now its time to set your preferences.</p>
<br> <br>
<form class="js-authorization-decision" action="#"> <form class="js-authorization-decision" action="#">
@ -140,60 +140,17 @@
<button type="button" class="dap-full-button-green js-logout btn btn-primary">Sign Out</button> <button type="button" class="dap-full-button-green js-logout btn btn-primary">Sign Out</button>
<img src="./img/sponsored-by.png" class="sponsored-by-logo"> <img src="./img/sponsored-by.png" class="sponsored-by-logo">
</div> </div>
</div>
<div class="fade mock-bare">
<div class="container">
<div class="jumbotron">
<h1>OAuth3 Playground</h1>
</div>
<div class="row">
<div class="col-md-3">
Login Status:
</div>
<div class="col-md-9">
...
</div>
</div>
<div class="row">
<div class="col-md-3">
Current Sessions:
</div>
<div class="col-md-9">
...
</div>
</div>
<div class="row">
<div class="col-md-3">
Approved Devices:
</div>
<div class="col-md-9">
...
</div>
</div>
<div class="row">
<div class="col-md-3">
Approved Applications:
</div>
<div class="col-md-9">
...
</div>
</div>
</div>
</div>
<!--[if IE]><script src="bower_components/rsvp.js/rsvp.js"></script><![endif]--> <!--[if IE]><script src="bower_components/rsvp.js/rsvp.js"></script><![endif]-->
<script src="./js/jquery-2.2.0.min.js"></script> <script src="./js/jquery-2.2.0.min.js"></script>
<script src="./js/jquery.mask.min.js"></script> <script src="./js/jquery.mask.min.js"></script>
<script src="./js/bootstrap.min.js"></script> <script src="./js/bootstrap.min.js"></script>
<script src="/assets/oauth3.org/oauth3.core.js"></script>
<script src="/assets/oauth3.org/oauth3.crypto.js"></script>
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
<script src="./js/issuer.js"></script> <script src="./js/issuer.js"></script>
<script src="./js/script.js"></script> <script src="./js/script.js"></script>
<script src="/assets/org.oauth3/oauth3.core.js"></script>
<script src="/assets/org.oauth3/oauth3.issuer.js"></script>
<!--script src="/assets/org.oauth3/oauth3.mock.js"></script-->
</body> </body>
</html> </html>

11
install.sh
View File

@ -2,15 +2,14 @@
set -e set -e
set -u set -u
# git clone https://git.oauth3.org/OAuth3/issuer.html.git /srv/walnut/packages/pages/issuer@oauth3.org # git clone git@git.daplie.com:OAuth3/org.oauth3.git /srv/walnut/packages/pages/org.oauth3
# git clone https://git.oauth3.org/OAuth3/azp.html.git /srv/walnut/packages/pages/azp@oauth3.org
mkdir -p assets mkdir -p assets
if ! [ -d ./assets/oauth3.org ]; then if ! [ -d ./assets/org.oauth3 ]; then
git clone https://git.oauth3.org/OAuth3/oauth3.js.git ./assets/oauth3.org git clone git@git.daplie.com:OAuth3/oauth3.js.git ./assets/org.oauth3
fi fi
pushd ./assets/oauth3.org pushd ./assets/org.oauth3
git checkout v1.2 git checkout v1
git pull git pull
popd popd

2
js/app.js
View File

@ -10,7 +10,7 @@ $(function () {
var auth = OAUTH3.create(); var auth = OAUTH3.create();
auth.init().then(function () { auth.init().then(function () {
$('.mock-main').addClass('in'); $('body').addClass('in');
}); });
auth.setProvider(providerUri).then(function () { auth.setProvider(providerUri).then(function () {

226
js/issuer.js
View File

@ -9,7 +9,7 @@ $(function () {
var OAUTH3 = window.OAUTH3; var OAUTH3 = window.OAUTH3;
var CONFIG = { var CONFIG = {
host: OAUTH3.clientUri(window.location) host: OAUTH3.utils.clientUri(window.location)
, directives: null // will be populated before the login button appears , directives: null // will be populated before the login button appears
}; };
var loc = window.location; var loc = window.location;
@ -20,8 +20,22 @@ $(function () {
}; };
$('.js-scopes-container').html(''); $('.js-scopes-container').html('');
/*
OAUTH3._hooks.sessions.all = function (providerUri) {
};
*/
OAUTH3._hooks = { sessions: {} };
OAUTH3._hooks.sessions.get = function (providerUri, id) {
return JSON.parse(window.localStorage.getItem('session-' + providerUri + (id || '')) || 'null');
};
OAUTH3._hooks.sessions.set = function (providerUri, newSession, id) {
window.localStorage.setItem('session-' + providerUri, JSON.stringify(newSession));
window.localStorage.setItem('session-' + providerUri + (id || newSession.id || newSession.token.id || ''), JSON.stringify(newSession));
return newSession;
};
// TODO let query.parse do location.hash || location.search || location // TODO let query.parse do location.hash || location.search || location
var clientParams = OAUTH3.query.parse(loc.hash || loc.search); var clientParams = OAUTH3.query.parse(window.location.hash || window.location.search);
if (/authorization_dialog/.test(window.location.href)) { if (/authorization_dialog/.test(window.location.href)) {
// OAUTH3.lintClientParams(params, window) // OAUTH3.lintClientParams(params, window)
// OAUTH3.normalizeClientParams(params, window) // OAUTH3.normalizeClientParams(params, window)
@ -44,12 +58,12 @@ $(function () {
+ "'" + OAUTH3.url.normalize(window.document.referrer) + "'" + "'" + OAUTH3.url.normalize(window.document.referrer) + "'"
); );
} }
if (clientParams.client_uri && clientParams.client_uri !== clientParams.client_id) { if (clientParams.client_uri) {
console.warn("'client_id' should be used instead of 'client_uri'"); console.warn("'client_id' should be used instead of 'client_uri'");
} }
if (!(clientParams.client_id || clientParams.client_uri)) { if (!(clientParams.client_id || clientParams.client_uri)) {
window.alert("'client_id' must exist as the uri identifying the client"); window.alert("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)");
console.error("'client_id' must exist as the uri identifying the client"); console.error("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)");
clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer); clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer);
} }
if (!clientParams.redirect_uri) { if (!clientParams.redirect_uri) {
@ -74,31 +88,30 @@ $(function () {
function getSession(providerUri) { function getSession(providerUri) {
return OAUTH3.hooks.session.get(providerUri).then(function (session) { return OAUTH3.hooks.session.get(providerUri).then(function (session) {
if (session && session.access_token) { if (session && session.access_token) {
normalizeSession(session); normalizeSession(session);
return OAUTH3.PromiseA.resolve(session); return OAUTH3.PromiseA.resolve(session);
} }
else { else {
return OAUTH3.PromiseA.reject(new Error("no access_token in session")); return OAUTH3.PromiseA.reject(new Error("no access_token in session"));
} }
}); });
} }
function getGrants(session) { function getGrants(session) {
var clientLogo = OAUTH3.url.normalize(clientParams.client_uri) // optional relative logo ? var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
var clientLogo = OAUTH3.url.normalize(clientObj.client_uri) // optional relative logo ?
+ '/.well-known/oauth3/logo-128x128.png' + '/.well-known/oauth3/logo-128x128.png'
; ;
var callbackUrl;
// TODO put in directives.json or similar // TODO put in directives.json or similar
var grantDescriptions = { var grantDescriptions = {
// deprecated // deprecated
'oauth3_authn': "Basic secure authentication" 'oauth3_authn': "Basic secure authentication"
, 'auth@oauth3.org': "Basic secure authentication"
, 'wallet': "Access to payments and subscriptions" , 'wallet': "Access to payments and subscriptions"
, 'bucket': "Access to file storage" , 'bucket': "Access to file storage"
, 'db': "Access to app data" , 'db': "Access to app data"
, 'domains': "Domain registration (and Glue and NS records)" // TODO make an alias , 'domains': "Domain registration (and Glue and NS records)" // TODO make an alias
, 'domains@oauth3.org': "Domain registration (and Glue and NS records)" // TODO make an alias
, 'domains:glue': "Glue Record management (for vanity nameservers)" , 'domains:glue': "Glue Record management (for vanity nameservers)"
, 'domains:ns': "Name Server management" , 'domains:ns': "Name Server management"
, 'dns': "DNS records (A/AAAA, TXT, SRV, MX, etc)" , 'dns': "DNS records (A/AAAA, TXT, SRV, MX, etc)"
@ -113,8 +126,6 @@ $(function () {
, 'domains:glue@oauth3.org': "Glue Record management (for vanity nameservers)" , 'domains:glue@oauth3.org': "Glue Record management (for vanity nameservers)"
, 'domains:ns@oauth3.org': "Name Server management" , 'domains:ns@oauth3.org': "Name Server management"
, 'dns@oauth3.org': "DNS records (A/AAAA, TXT, SRV, MX, etc)" , 'dns@oauth3.org': "DNS records (A/AAAA, TXT, SRV, MX, etc)"
, 'www@daplie.com': "Websites and webapps"
, '*': "FULL ACCOUNT ACCESS" , '*': "FULL ACCOUNT ACCESS"
}; };
@ -128,10 +139,10 @@ $(function () {
$('.js-client-logo').attr('src', clientLogo); $('.js-client-logo').attr('src', clientLogo);
//$('.js-user-avatar').attr('src', userAvatar); //$('.js-user-avatar').attr('src', userAvatar);
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) { return OAUTH3.authz.scopes(CONFIG.host, session, clientObj).then(function (scopes) {
if (!scopes.pending.length) { if (!scopes.pending.length) {
// looks like we've done all of this before // looks like we've done all of this before
OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes); OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientObj, scopes);
return; return;
} }
@ -139,12 +150,10 @@ $(function () {
// TODO secure iFrame from click-jacking by requiring input? // TODO secure iFrame from click-jacking by requiring input?
// ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"] // ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"]
if (OAUTH3._browser.isIframe()) { if (OAUTH3._browser.isIframe()) {
location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({ callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description='
state: clientParams.state + encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted")
, error: 'access_denied' + '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED');
, error_description: encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted") location.href = callbackUrl;
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
});
return; return;
} }
@ -168,13 +177,8 @@ $(function () {
$scope.find('.js-scope-desc').text(grantDescriptions[scope]); $scope.find('.js-scope-desc').text(grantDescriptions[scope]);
} }
else { else {
//This disables the check/checkbox when we have an unrecognized grant. $scope.find('.js-scope-toggle').prop('checked', false);
//This is disabled for testing until we can discover grants automatically. $scope.find('.js-scope-toggle').prop('disabled', true);
//TODO: Enable this when grants are discoverable
//TODO: Indicate to user that this is disabled, not just unchecked.
//$scope.find('.js-scope-toggle').prop('checked', false);
//$scope.find('.check').attr("src", "./img/unpressed-check.png");
//$scope.find('.js-scope-toggle').prop('disabled', true);
$scope.find('.js-scope-desc').text(scope); $scope.find('.js-scope-desc').text(scope);
} }
@ -182,6 +186,9 @@ $(function () {
}); });
$('.js-authz').show().addClass('in'); $('.js-authz').show().addClass('in');
}, function (err) {
window.alert('grantResults: ' + err.message);
console.error('scope results', err);
}); });
} }
@ -217,27 +224,56 @@ $(function () {
// TODO loading // TODO loading
email = $('.js-oauth3-email').val(); email = $('.js-oauth3-email').val();
return OAUTH3.authn.otp(CONFIG.directives, {email: email, mock: true}).then(function (otpResults) { return OAUTH3.authn.loginMeta(CONFIG.directives, {email: email, mock: true}).then(function (userResults) {
if (!userResults.data.error) {
if (otpResults.data.error) { console.log('User exists:', userResults);
window.alert('otpResults: ' + otpResults.data.error_description || otpResults.data.error.message);
return;
} }
var ua = window.navigator.userAgent; if (userResults.data.error) {
$('.js-sniffed-device').text(ua); $('.js-authn-show').removeAttr('disabled');
$('.js-userid-container').removeClass('in').hide(); console.warn('User does not exist:', email);
$('.js-authn').show().addClass('in'); console.warn('User Results:', userResults);
$('.js-authn-otp-uuid').val(otpResults.data.uuid); //window.alert('userResults: ' + userResults.data.error_description || userResults.data.error.message);
//return;
}
$('.js-user-email').text(email); return OAUTH3.authn.otp(CONFIG.directives, {email: email, mock: true}).then(function (otpResults) {
if (otpResults.data.error) {
window.alert('otpResults: ' + otpResults.data.error_description || otpResults.data.error.message);
return;
}
var ua = window.navigator.userAgent;
$('.js-sniffed-device').text(ua);
$('.js-userid-container').removeClass('in').hide();
$('.js-authn').show().addClass('in');
$('.js-authn-otp-uuid').val(otpResults.data.uuid);
$('.js-user-email').text(email);
});
});
};
util.rememberDevice = function (ev) {
ev.preventDefault();
ev.stopPropagation();
util.submitLoginCode({
rememberDevice: true
});
};
util.rememberDeviceNot = function (ev) {
ev.preventDefault();
ev.stopPropagation();
util.submitLoginCode({
rememberDevice: false
}); });
}; };
// Reference Implementation // Reference Implementation
util.submitLoginCode = function (ev) {
ev.preventDefault(); util.submitLoginCode = function (opts) {
ev.stopPropagation();
// TODO // TODO
// perhaps we should check that the code is valid before continuing to login (so that we don't send the key) // perhaps we should check that the code is valid before continuing to login (so that we don't send the key)
@ -245,6 +281,7 @@ $(function () {
// TODO // TODO
// we should be sending the public key for this device as a jwk along with the authentication // we should be sending the public key for this device as a jwk along with the authentication
// (and how long to remember this device) // (and how long to remember this device)
var uuid = $('.js-authn-otp-uuid').val(); var uuid = $('.js-authn-otp-uuid').val();
var code = $('.js-authn-otp-code').val().trim(); var code = $('.js-authn-otp-code').val().trim();
return OAUTH3.authn.resourceOwnerPassword(CONFIG.directives, { return OAUTH3.authn.resourceOwnerPassword(CONFIG.directives, {
@ -258,35 +295,38 @@ $(function () {
// TODO should be otp_id (agnostic of uuid) // TODO should be otp_id (agnostic of uuid)
, otp_uuid: uuid , otp_uuid: uuid
// add expiration to the refresh token and/or public key // add expiration to the refresh token and/or public key
, remember_device: $('.js-remember-label').find('.js-remember-checkbox').prop('checked') , expire: opts.rememberDevice || (1 * 60 * 60 * 1000)
, mock: true , mock: true
}).then(function (session) { }).then(function (session) {
$('.js-authn').removeClass('in').hide(); $('.js-authn').removeClass('in').hide();
if (session.token.sub) {
return OAUTH3.PromiseA.resolve(session); function getAccount(session) {
if (session.token.sub) {
return OAUTH3.PromiseA.resolve(session);
}
return OAUTH3.requests.accounts.create(CONFIG.directives, session, {
display_name: email.replace(/@.*/, '')
, comment: "created for '" + email + "' by '" + CONFIG.host + "'"
, priority: 1000 // default priority for first account
, name: undefined // TODO we could ask in the UI
}).then(function (resp) {
var results = resp.data;
return OAUTH3.hooks.session.refresh(session, {
access_token: (results.access_token || results.accessToken)
, refresh_token: (results.refresh_token || results.refreshToken)
});
});
} }
return OAUTH3.requests.accounts.create(CONFIG.directives, session, { return getAccount(session).then(function () {
display_name: email.replace(/@.*/, '') return getGrants(session);
, comment: "created for '" + email + "' by '" + CONFIG.host + "'"
, priority: 1000 // default priority for first account
, name: undefined // TODO we could ask in the UI
}).then(function (resp) {
var results = resp.data;
return OAUTH3.hooks.session.refresh(session, {
access_token: (results.access_token || results.accessToken)
, refresh_token: (results.refresh_token || results.refreshToken)
});
});
}).then(function (session) {
return getGrants(session).catch(function (err) {
window.alert('grantResults: ' + err.message);
console.error('scope results', err);
}); });
}, function (error) { }, function (error) {
console.error(error);
$('.error-msg').text('Incorrect code'); $('.error-msg').text('Incorrect code');
}); });
}; };
util.acceptScopesAndLogin = function (ev) { util.acceptScopesAndLogin = function (ev) {
ev.preventDefault(); ev.preventDefault();
@ -303,6 +343,8 @@ $(function () {
}); });
getSession(CONFIG.host).then(function (session) { getSession(CONFIG.host).then(function (session) {
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) { return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
scopes.new = acceptedScopes; scopes.new = acceptedScopes;
return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes); return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
@ -316,17 +358,21 @@ $(function () {
ev.preventDefault(); ev.preventDefault();
ev.stopPropagation(); ev.stopPropagation();
var loginWinObj = OAUTH3.query.parse(loc.hash || loc.search);
var denyObj = { var denyObj = {
error: 'access_denied' error: 'access_denied'
, error_description: 'The user has denied access.' , error_description: 'The user has denied access.'
, error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied' , error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied'
, state: clientParams.state , state: loginWinObj.state
, scope: clientParams.scope , scope: loginWinObj.scope
}; };
window.location = clientParams.redirect_uri + '#' + OAUTH3.query.stringify(denyObj); window.location = loginWinObj.redirect_uri + '#' + OAUTH3.query.stringify(denyObj);
}; };
util.handleLogout = function () { util.handleLogout = function () {
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
localStorage.clear(); localStorage.clear();
clientParams.redirect_uri += '?' + OAUTH3.query.stringify({ clientParams.redirect_uri += '?' + OAUTH3.query.stringify({
@ -339,21 +385,21 @@ $(function () {
util.editEmail = function () { util.editEmail = function () {
$('.js-authn').hide(); $('.js-authn').hide();
$('.js-userid-container').show(); $('.js-userid-container').show();
debugger;
}; };
// //
// Page Setup // Page Setup
// //
$('.js-authorization-dialog').hide();
$('.js-logout-container').hide();
$('.js-userid-container').hide(); $('.js-userid-container').hide();
$('.js-authn').hide(); $('.js-authn').hide();
$('.js-authz').hide(); $('.js-authz').hide();
$('body').on('click', '.js-logout', util.handleLogout); $('body').on('click', '.js-logout', util.handleLogout);
$('body').on('click', '.js-authn-show', util.submitAuthEmail); $('body').on('click', '.js-authn-show', util.submitAuthEmail);
$('body').on('click', '.js-submit-code-btn', util.submitLoginCode); $('body').on('click', '.js-authz-remember-me', util.rememberDevice);
$('body').on('click', '.js-authz-remember-me-not', util.rememberDeviceNot);
$('body').on('click', '.js-login-allow', util.acceptScopesAndLogin); $('body').on('click', '.js-login-allow', util.acceptScopesAndLogin);
$('body').on('click', '.js-login-deny', util.closeLoginDeny); $('body').on('click', '.js-login-deny', util.closeLoginDeny);
$('body').on('click', '.js-edit-email-button', util.editEmail); $('body').on('click', '.js-edit-email-button', util.editEmail);
@ -362,33 +408,40 @@ $(function () {
function handleAuthorizationDialog() { function handleAuthorizationDialog() {
return getSession(CONFIG.host).then(function (session) { return getSession(CONFIG.host).then(function (session) {
return getGrants(session); return getGrants(session);
}).catch(function () { }, function (e) {
var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
// TODO select the providers the client wants to show // TODO select the providers the client wants to show
// providers=daplie.com,facebook.com,google.com // etc // providers=daplie.com,facebook.com,google.com // etc
// TODO let the client specify switch_user // TODO let the client specify switch_user
// TODO let the client specify relogin if stale // TODO let the client specify relogin if stale
if (OAUTH3._browser.isIframe()) { if (OAUTH3._browser.isIframe()) {
location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({ var callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description='
state: clientParams.state + encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated")
, error: 'access_denied' + '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED');
, error_description: encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated") location.href = callbackUrl;
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
});
} }
if (clientParams.subject) { if (clientParams.subject) {
$('.js-oauth3-email').val(clientParams.subject); $('.js-oauth3-email').val(clientParams.subject);
$('.js-authn-show').prop('disabled', false); $('.js-authn-show').prop('disabled', false);
} }
$('.js-userid-container').show(); $('.js-userid-container').show();
}).then(function () {
//$('body').addClass('in');
}); });
} }
// Session initialization // Session initialization
return OAUTH3.discover(CONFIG.host, { client_uri: CONFIG.host }).then(function (directives) { return OAUTH3.discover(
OAUTH3.clientUri(window.location)
, { client_uri: OAUTH3.clientUri(window.location) }
).then(function (directives) {
// TODO cache directives in memory (and storage) // TODO cache directives in memory (and storage)
CONFIG.directives = directives; CONFIG.directives = directives;
directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, ''); directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, '');
$('.js-authorization-dialog').hide();
$('.js-logout-container').hide();
if (/authorization_dialog/.test(window.location.href)) { if (/authorization_dialog/.test(window.location.href)) {
$('.js-authorization-dialog').show(); $('.js-authorization-dialog').show();
handleAuthorizationDialog(); handleAuthorizationDialog();
@ -397,13 +450,8 @@ $(function () {
$('.js-logout-container').show(); $('.js-logout-container').show();
} }
if (document.location.hash.slice(1) || document.location.search) { $('body').addClass('in');
console.log('[DEBUG] search:', document.location.search);
console.log('[DEBUG] hash:', document.location.search);
$('.mock-main').addClass('in');
} else {
console.log('[DEBUG] not an auth window');
$('.mock-bare').addClass('in');
}
}); });
}); });

25
js/script.js
View File

@ -47,28 +47,25 @@ $('body').on('click', '.js-remember-label', function (ev) {
$('body').on('click', '.check', function () { $('body').on('click', '.check', function () {
'use strict'; 'use strict';
var $img = $(this);
if($img.attr("src") === "./img/pressed-check.png") {
$img.attr("src", "./img/unpressed-check.png");
$img.removeClass("is-checked");
} else if($img.attr("src") === "./img/unpressed-check.png") {
$img.attr("src", "./img/pressed-check.png");
$img.addClass("is-checked");
}
}); });
$('body').on('click', '.js-auth-li-enabled', function (ev) { $('body').on('click', '.js-auth-li-enabled', function (ev) {
'use strict'; 'use strict';
ev.preventDefault(); ev.preventDefault();
ev.stopPropagation(); ev.stopPropagation();
var $this = $(this); var $this = $(this);
var $hiddenCheckbox = $this.find('.js-auth-checkbox'); if ($this.find('.js-auth-checkbox').is(':checked') === true) {
var $img = $this.find('.check'); $this.find('.js-auth-checkbox').prop( "checked", false );
var newStatus = $hiddenCheckbox.prop('checked') ? "unchecked" : "checked";
if(newStatus === 'checked') {
$img.attr('src', './img/pressed-check.png');
$img.addClass("is-checked");
$hiddenCheckbox.prop( "checked", true );
} else { } else {
$img.attr("src", "./img/unpressed-check.png"); $this.find('.js-auth-checkbox').prop( "checked", true );
$img.removeClass("is-checked");
$hiddenCheckbox.prop( "checked", false );
} }
}); });