UNPKG

@strongnguyen/oidc-provider

Version:

OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect

github.com/strongnguyen29/node-oidc-provider.git

strongnguyen29/node-oidc-provider

118 lines (95 loc) 3.34 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
const url = require('url'); const upperFirst = require('../../helpers/_/upper_first'); const camelCase = require('../../helpers/_/camel_case'); const nanoid = require('../../helpers/nanoid'); const errors = require('../../helpers/errors'); const instance = require('../../helpers/weak_cache'); const Params = require('../../helpers/params'); const formPost = require('../../response_modes/form_post'); const ssHandler = require('../../helpers/samesite_handler'); const epochTime = require('../../helpers/epoch_time'); module.exports = async function resumeAction(allowLisst, resumeRouteName, ctx, next) { const cookieOptions = instance(ctx.oidc.provider).configuration('cookies.short'); const cookieId = ssHandler.get( ctx.oidc.cookies, ctx.oidc.provider.cookieName('resume'), cookieOptions, ); if (!cookieId) { throw new errors.SessionNotFound('authorization request has expired'); } const interactionSession = await ctx.oidc.provider.Interaction.find(cookieId); if (!interactionSession) { throw new errors.SessionNotFound('interaction session not found'); } ctx.oidc.entity('Interaction', interactionSession); if (cookieId !== interactionSession.uid) { throw new errors.SessionNotFound('authorization session and cookie identifier mismatch'); } const { result, params: storedParams = {}, trusted = [], session: originSession, } = interactionSession; const { session } = ctx.oidc; if (originSession && originSession.uid && originSession.uid !== session.uid) { throw new errors.SessionNotFound('interaction session and authentication session mismatch'); } if ( result && result.login && session.accountId && session.accountId !== result.login.accountId ) { if (interactionSession.session && interactionSession.session.uid) { delete interactionSession.session.uid; await interactionSession.save(interactionSession.exp - epochTime()); } session.state = { secret: nanoid(), clientId: storedParams.client_id, postLogoutRedirectUri: ctx.oidc.urlFor(ctx.oidc.route, ctx.params), }; await formPost(ctx, ctx.oidc.urlFor('end_session_confirm'), { xsrf: session.state.secret, logout: 'yes', }); return; } await interactionSession.destroy(); const params = new (Params(allowLisst))(storedParams); ctx.oidc.params = params; ctx.oidc.trusted = trusted; ctx.oidc.redirectUriCheckPerformed = true; const clearOpts = { ...cookieOptions, path: url.parse(ctx.oidc.urlFor(resumeRouteName, { uid: interactionSession.uid })).pathname, }; ssHandler.set( ctx.oidc.cookies, ctx.oidc.provider.cookieName('resume'), null, clearOpts, ); if (result && result.error) { const className = upperFirst(camelCase(result.error)); if (errors[className]) { throw new errors[className](result.error_description); } throw new errors.CustomOIDCProviderError(result.error, result.error_description); } if (result && result.login) { const { remember = true, accountId, ts: loginTs, amr, acr, } = result.login; session.loginAccount({ accountId, loginTs, amr, acr, transient: !remember, }); } ctx.oidc.result = result; if (!session.new) { session.resetIdentifier(); } await next(); };