allow attaching of custom data
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
@@ -37,6 +37,8 @@ class AuthRequest {
|
|||||||
public is_basic: boolean;
|
public is_basic: boolean;
|
||||||
public user: string;
|
public user: string;
|
||||||
public password: string;
|
public password: string;
|
||||||
|
public token_data?: Record<string, unknown>;
|
||||||
|
public token_id?: string;
|
||||||
public body: string;
|
public body: string;
|
||||||
|
|
||||||
private _cookie_name?: string;
|
private _cookie_name?: string;
|
||||||
@@ -202,6 +204,9 @@ export default function create_auth_handler (
|
|||||||
return Promise.resolve ();
|
return Promise.resolve ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
request.token_data = token_data.data;
|
||||||
|
request.token_id = token_data.id;
|
||||||
|
|
||||||
if (
|
if (
|
||||||
typeof options !== 'undefined'
|
typeof options !== 'undefined'
|
||||||
&& typeof options.refresh !== 'undefined'
|
&& typeof options.refresh !== 'undefined'
|
||||||
|
|||||||
@@ -20,8 +20,10 @@ interface VerificationResult {
|
|||||||
authorized: boolean;
|
authorized: boolean;
|
||||||
valid: boolean;
|
valid: boolean;
|
||||||
type: TokenType;
|
type: TokenType;
|
||||||
|
id: string;
|
||||||
next_module?: string;
|
next_module?: string;
|
||||||
data?: Record<string, unknown>;
|
data?: Record<string, unknown>;
|
||||||
|
error?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
interface SignatureResult {
|
interface SignatureResult {
|
||||||
@@ -40,7 +42,8 @@ class Authority {
|
|||||||
const result: VerificationResult = {
|
const result: VerificationResult = {
|
||||||
authorized: false,
|
authorized: false,
|
||||||
valid: false,
|
valid: false,
|
||||||
type: 'none'
|
type: 'none',
|
||||||
|
id: ''
|
||||||
};
|
};
|
||||||
const data = verify_signature_get_info (
|
const data = verify_signature_get_info (
|
||||||
key,
|
key,
|
||||||
@@ -55,13 +58,18 @@ class Authority {
|
|||||||
(info) => info.valid_for * 1000
|
(info) => info.valid_for * 1000
|
||||||
);
|
);
|
||||||
|
|
||||||
if (data === null)
|
if (data === null) {
|
||||||
|
result.error = 'invalid signature';
|
||||||
return result;
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
result.id = data.id;
|
||||||
result.type = data.type;
|
result.type = data.type;
|
||||||
|
|
||||||
if (!blacklist.is_valid (data.id))
|
if (!blacklist.is_valid (data.id)) {
|
||||||
|
result.error = 'blacklisted';
|
||||||
return result;
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
result.valid = true;
|
result.valid = true;
|
||||||
result.authorized = result.type === 'access_token';
|
result.authorized = result.type === 'access_token';
|
||||||
|
|||||||
@@ -65,7 +65,14 @@ class GatewayClass {
|
|||||||
if (auth === null)
|
if (auth === null)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return authority.verify (auth).authorized;
|
const ver = authority.verify (auth);
|
||||||
|
|
||||||
|
const con = req.connection as Record<string, unknown>;
|
||||||
|
con.auth = {};
|
||||||
|
con.auth.token_id = ver.id;
|
||||||
|
con.auth.token_data = ver.data;
|
||||||
|
|
||||||
|
return ver.authorized;
|
||||||
}
|
}
|
||||||
|
|
||||||
public process_request (
|
public process_request (
|
||||||
|
|||||||
@@ -19,5 +19,6 @@ module.exports = {
|
|||||||
testRunner: 'jasmine',
|
testRunner: 'jasmine',
|
||||||
jasmineConfigFile: 'jasmine.json',
|
jasmineConfigFile: 'jasmine.json',
|
||||||
coverageAnalysis: 'perTest',
|
coverageAnalysis: 'perTest',
|
||||||
mutate: [ 'lib/*.ts' ]
|
mutate: [ 'lib/*.ts' ],
|
||||||
|
tsconfigFile: 'tsconfig.json'
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -204,7 +204,6 @@ describe ('auth handler', () => {
|
|||||||
.toEqual ({ error: 'invalid_client' });
|
.toEqual ({ error: 'invalid_client' });
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
it ('should process part token', async () => {
|
it ('should process part token', async () => {
|
||||||
const resp1 = await get ({ authorization: 'Basic part:bar' });
|
const resp1 = await get ({ authorization: 'Basic part:bar' });
|
||||||
expect (resp1.statusCode)
|
expect (resp1.statusCode)
|
||||||
|
|||||||
@@ -38,6 +38,10 @@ describe ('authority', () => {
|
|||||||
.toEqual ('access_token');
|
.toEqual ('access_token');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toBeUndefined ();
|
.toBeUndefined ();
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual (token.id);
|
||||||
|
expect (res.error)
|
||||||
|
.toBeUndefined ();
|
||||||
});
|
});
|
||||||
|
|
||||||
it ('should create a refresh token', () => {
|
it ('should create a refresh token', () => {
|
||||||
@@ -53,6 +57,10 @@ describe ('authority', () => {
|
|||||||
.toEqual ('refresh_token');
|
.toEqual ('refresh_token');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toBeUndefined ();
|
.toBeUndefined ();
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual (token.id);
|
||||||
|
expect (res.error)
|
||||||
|
.toBeUndefined ();
|
||||||
});
|
});
|
||||||
|
|
||||||
it ('should create a part token', () => {
|
it ('should create a part token', () => {
|
||||||
@@ -68,6 +76,10 @@ describe ('authority', () => {
|
|||||||
.toEqual ('part_token');
|
.toEqual ('part_token');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toEqual ('2fa');
|
.toEqual ('2fa');
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual (token.id);
|
||||||
|
expect (res.error)
|
||||||
|
.toBeUndefined ();
|
||||||
});
|
});
|
||||||
|
|
||||||
it ('should reject an invalid access token', () => {
|
it ('should reject an invalid access token', () => {
|
||||||
@@ -84,6 +96,10 @@ describe ('authority', () => {
|
|||||||
.toEqual ('none');
|
.toEqual ('none');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toBeUndefined ();
|
.toBeUndefined ();
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual ('');
|
||||||
|
expect (res.error)
|
||||||
|
.toEqual ('invalid signature');
|
||||||
});
|
});
|
||||||
|
|
||||||
it ('should reject blacklisted access token', () => {
|
it ('should reject blacklisted access token', () => {
|
||||||
@@ -100,6 +116,10 @@ describe ('authority', () => {
|
|||||||
.toEqual ('access_token');
|
.toEqual ('access_token');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toBeUndefined ();
|
.toBeUndefined ();
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual (token.id);
|
||||||
|
expect (res.error)
|
||||||
|
.toEqual ('blacklisted');
|
||||||
});
|
});
|
||||||
|
|
||||||
it ('should reject an invalid refresh token', () => {
|
it ('should reject an invalid refresh token', () => {
|
||||||
@@ -116,6 +136,10 @@ describe ('authority', () => {
|
|||||||
.toEqual ('none');
|
.toEqual ('none');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toBeUndefined ();
|
.toBeUndefined ();
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual ('');
|
||||||
|
expect (res.error)
|
||||||
|
.toEqual ('invalid signature');
|
||||||
});
|
});
|
||||||
|
|
||||||
it ('should reject a blacklisted refresh token', () => {
|
it ('should reject a blacklisted refresh token', () => {
|
||||||
@@ -132,5 +156,9 @@ describe ('authority', () => {
|
|||||||
.toEqual ('refresh_token');
|
.toEqual ('refresh_token');
|
||||||
expect (res.next_module)
|
expect (res.next_module)
|
||||||
.toBeUndefined ();
|
.toBeUndefined ();
|
||||||
|
expect (res.id)
|
||||||
|
.toEqual (token.id);
|
||||||
|
expect (res.error)
|
||||||
|
.toEqual ('blacklisted');
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
Reference in New Issue
Block a user