Merge branch 'v1.2'

2017-11-16 05:30:53 +00:00 · 2017-11-16 05:30:53 +00:00 · e6fa1d5314
commit e6fa1d5314
parent 2438081487 b7aa754c48
3 changed files with 64 additions and 16 deletions
--- a/oauth3.core.js
+++ b/oauth3.core.js
@ -706,7 +706,7 @@
      */
      return OAUTH3._browser.request(preq, opts);
    }
-  , implicitGrant: function(directives, opts) {
+  , implicitGrant: function (directives, opts) {
      var promise;
      var providerUri = directives.azp || directives.issuer || directives;

--- a/oauth3.crypto.js
+++ b/oauth3.crypto.js
@ -8,6 +8,9 @@
    OAUTH3.crypto.core = require('./oauth3.node.crypto');
  } catch (error) {
    OAUTH3.crypto.core = {};
+    OAUTH3.crypto.core.ready = false;
+    var finishBeforeReady = [];
+    var deferedCalls = [];

    // We don't currently have a fallback method for this function, so we assign
    // it directly to the core object instead of the webCrypto object.
@ -17,10 +20,31 @@
    };

    var webCrypto = {};
+
+    var deferCryptoCall = function(name) {
+      return function() {
+        var args = arguments;
+        return new OAUTH3.PromiseA(function(resolve, reject) {
+          deferedCalls.push(function(){
+            try {
+              webCrypto[name].apply(webCrypto, args)
+                .then(function(result){
+                  resolve(result);
+                });
+            } catch(e) {
+              reject(e);
+            }
+          });
+        });
+      };
+    };
+
+    OAUTH3.crypto.core.sha256 = deferCryptoCall("sha256");
    webCrypto.sha256 = function (buf) {
      return OAUTH3._browser.window.crypto.subtle.digest({name: 'SHA-256'}, buf);
    };

+    OAUTH3.crypto.core.pbkdf2 = deferCryptoCall("pbkdf2");
    webCrypto.pbkdf2 = function (password, salt) {
      return OAUTH3._browser.window.crypto.subtle.importKey('raw', OAUTH3._binStr.binStrToBuffer(password), {name: 'PBKDF2'}, false, ['deriveKey'])
        .then(function (key) {
@ -32,12 +56,15 @@
        });
    };

+    OAUTH3.crypto.core.encrypt = deferCryptoCall("encrypt");
    webCrypto.encrypt = function (rawKey, iv, data) {
      return OAUTH3._browser.window.crypto.subtle.importKey('raw', rawKey, {name: 'AES-GCM'}, false, ['encrypt'])
        .then(function (key) {
          return OAUTH3._browser.window.crypto.subtle.encrypt({name: 'AES-GCM', iv: iv}, key, data);
        });
    };
+
+    OAUTH3.crypto.core.decrypt = deferCryptoCall("decrypt");
    webCrypto.decrypt = function (rawKey, iv, data) {
      return OAUTH3._browser.window.crypto.subtle.importKey('raw', rawKey, {name: 'AES-GCM'}, false, ['decrypt'])
        .then(function (key) {
@ -45,6 +72,7 @@
        });
    };

+    OAUTH3.crypto.core.genEcdsaKeyPair = deferCryptoCall("genEcdsaKeyPair");
    webCrypto.genEcdsaKeyPair = function () {
      return OAUTH3._browser.window.crypto.subtle.generateKey({name: 'ECDSA', namedCurve: 'P-256'}, true, ['sign', 'verify'])
        .then(function (keyPair) {
@ -57,6 +85,7 @@
        });
    };

+    OAUTH3.crypto.core.sign = deferCryptoCall("sign");
    webCrypto.sign = function (jwk, msg) {
      return OAUTH3._browser.window.crypto.subtle.importKey('jwk', jwk, {name: 'ECDSA', namedCurve: jwk.crv}, false, ['sign'])
        .then(function (key) {
@ -66,6 +95,8 @@
          return new Uint8Array(sig);
        });
    };
+    
+    OAUTH3.crypto.core.verify = deferCryptoCall("verify");
    webCrypto.verify = function (jwk, msg, signature) {
      // If the JWK has properties that should only exist on the private key or is missing
      // "verify" in the key_ops, importing in as a public key won't work.
@ -103,18 +134,19 @@
        return prom;
      };
      function checkException(name, func) {
-        OAUTH3.PromiseA.resolve().then(func)
+        return OAUTH3.PromiseA.resolve().then(func)
          .then(function () {
            OAUTH3.crypto.core[name] = webCrypto[name];
          }, function (err) {
            console.warn('error with WebCrypto', name, '- using fallback', err);
-            loadFallback().then(function () {
+            return loadFallback().then(function () {
              OAUTH3.crypto.core[name] = OAUTH3_crypto_fallback[name];
            });
          });
      }
      function checkResult(name, expected, func) {
-        checkException(name, function () {
+        
+        finishBeforeReady.push(checkException(name, function () {
          return func()
            .then(function (result) {
              if (typeof expected === typeof result) {
@ -127,7 +159,7 @@
                throw new Error("result ("+result+") doesn't match expectation ("+expected+")");
              }
            });
-        });
+        }));
      }

      var zeroBuf = new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);
@ -159,12 +191,20 @@
        return webCrypto.verify(jwk, dataBuf, sig);
      });
      // The results of these functions are less predictable, so we can't check their return value.
-      checkException('genEcdsaKeyPair', function () {
+      finishBeforeReady.push(checkException('genEcdsaKeyPair', function () {
        return webCrypto.genEcdsaKeyPair();
-      });
-      checkException('sign', function () {
+      }));
+      finishBeforeReady.push(checkException('sign', function () {
        return webCrypto.sign(jwk, dataBuf);
-      });
+      }));
+      
+      OAUTH3.PromiseA.all(finishBeforeReady)
+        .then(function(results) {
+          OAUTH3.crypto.core.ready = true;
+          deferedCalls.forEach(function(request) {
+            request();
+          });
+        });
    }
    checkWebCrypto();
  }
--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@ -192,8 +192,9 @@ OAUTH3.urls.grants = function (directive, opts) {
  }

  var url = OAUTH3.url.resolve(directive.api, grantsDir.url)
-    .replace(/(:azp|:client_id)/g, OAUTH3.uri.normalize(opts.client_id || opts.client_uri))
    .replace(/(:sub|:account_id)/g, opts.session.token.sub || 'ISSUER:GRANT:TOKEN_SUB:UNDEFINED')
+    .replace(/(:azp|:client_id)/g, !opts.all && OAUTH3.uri.normalize(opts.client_id || opts.client_uri) || '')
+    .replace(/\/\/$/, '/') // if there's a double slash due to the sub not existing
    ;
  var data = {
    client_id: opts.client_id
@ -287,21 +288,25 @@ OAUTH3.urls.publishKey = function (directive, opts) {
  , session: opts.session
  };
 };
+OAUTH3.urls.credentialMeta = function (directive, opts) {
+  return OAUTH3.url.resolve(directive.api, directive.credential_meta.url)
+      .replace(':type', 'email')
+      .replace(':id', opts.email)
+};

 OAUTH3.authn = {};
 OAUTH3.authn.loginMeta = function (directive, opts) {
+  var url = OAUTH3.urls.credentialMeta(directive, opts);
  return OAUTH3.request({
    method: directive.credential_meta.method || 'GET'
    // TODO lint urls
    // TODO client_uri
-  , url: OAUTH3.url.resolve(directive.api, directive.credential_meta.url)
-      .replace(':type', 'email')
-      .replace(':id', opts.email)
+  , url: url
  });
 };
-OAUTH3.authn.otp = function (directive, opts) {
+OAUTH3.urls.otp = function (directive, opts) {
  // TODO client_uri
-  var preq = {
+  return {
    method: directive.credential_otp.method || 'POST'
  , url: OAUTH3.url.resolve(directive.api, directive.credential_otp.url)
  , data: {
@ -314,6 +319,9 @@ OAUTH3.authn.otp = function (directive, opts) {
    , username: opts.email
    }
  };
+};
+OAUTH3.authn.otp = function (directive, opts) {
+  var preq = OAUTH3.urls.otp(directive, opts);

  return OAUTH3.request(preq);
 };
@ -425,7 +433,7 @@ OAUTH3.authz.grants = function (providerUri, opts) {
    }
    // the responses for GET and POST requests are now the same, so we should alway be able to
    // use the response and save it the same way.
-    if ('GET' !== opts.method && 'POST' !== opts.method) {
+    if (opts.all || ('GET' !== opts.method && 'POST' !== opts.method)) {
      return grants;
    }