Merge de433f6 into f296874

ibm-cloud-security · Oct 28, 2019 · 1aa7e1b · 1aa7e1b
2 parents f296874 + de433f6
commit 1aa7e1b
Show file tree

Hide file tree

Showing 7 changed files with 738 additions and 107 deletions.
diff --git a/dist/appid.min.js b/dist/appid.min.js
diff --git a/dist/appid.umd.min.js b/dist/appid.umd.min.js
diff --git a/src/RequestHandler.js b/src/RequestHandler.js
@@ -13,9 +13,13 @@ class RequestHandler {
 		if (!response.ok || response.status > 300) {
 			throw new RequestError(`Failed to fetch ${url}. Response=${text}`, response.status);
 		}
+
 		try {
 			return JSON.parse(text);
 		} catch(err) {
+			if (text !== '') {
+				return text;
+			}
 			throw new RequestError(`Invalid response while trying to fetch ${url}. Response=${text}`, response.status, err);
 		}
 	};

diff --git a/src/TokenValidator.js b/src/TokenValidator.js
@@ -22,7 +22,7 @@ class TokenValidator {
 		const publicKey = this.getPublicKey(publicKeys.keys, kid);
 
 		const myKey = this.jwt.KEYUTIL.getKey(publicKey);
-		const isValid =  this.jwt.KJUR.jws.JWS.verify(token, myKey, {alg:[constants.TOKEN_ALG]});
+		const isValid = this.jwt.KJUR.jws.JWS.verify(token, myKey, {alg: [constants.TOKEN_ALG]});
 		if (!isValid) {
 			throw new TokenError(constants.INVALID_SIGNATURE);
 		}
@@ -56,7 +56,7 @@ class TokenValidator {
 
 	getPublicKey(keys, kid) {
 		let publicKey;
-		for(let i = 0; i < keys.length; i++) {
+		for (let i = 0; i < keys.length; i++) {
 			if (keys[i].kid === kid) {
 				publicKey = keys[i];
 			}
@@ -68,4 +68,5 @@ class TokenValidator {
 		return publicKey;
 	}
 }
+
 module.exports = TokenValidator;
diff --git a/src/constants.js b/src/constants.js
@@ -16,6 +16,10 @@ module.exports = {
 	NOT_CD_USER: 'Must be a Cloud Directory user',
 	MISSING_CLIENT_ID: 'Missing client ID',
 	MISSING_ID_TOKEN: 'Missing id token string',
+	MISSING_ID_TOKEN_PAYLOAD: 'Missing id token payload',
+	MISSING_TOKENS: 'Missing tokens',
+	MISSING_ACCESS_TOKEN: 'Missing access token string',
+	MISSING_ID_TOKEN: 'Missing access token string',
 	INVALID_DISCOVERY_ENDPOINT: 'Invalid discovery endpoint',
 	FAIL_TO_INITIALIZE: 'You must call and wait for init() before calling this function.',
 	RESPONSE_TYPE: 'code',
@@ -29,6 +33,8 @@ module.exports = {
 	TOKEN_ALG: 'RS256',
 	VERSION: 4,
 	CHANGE_PASSWORD: '/cloud_directory/change_password',
+	GENERATE_CODE: '/cloud_directory/generate_code',
+	CHANGE_DETAILS: '/cloud_directory/change_details',
 	OAUTH: '/oauth/v4/',
 	MALFORMED_ACCESS_TOKEN: 'eyJpc3MiOiJtb2JpbGVjbGllbnRhY2Nlc3Muc3RhZ2UxLm5nLmJsdWVtaXgubmV0IiwiZXhwIjoxNDg3MDg0ODc4LCJhdWQiOiIyNmNiMDEyZWIzMjdjNjEyZDkwYTY4MTkxNjNiNmJjYmQ0ODQ5Y2JiIiwiaWF0IjoxNDg3MDgxMjc4LCJhdXRoX2J5IjoiZmFjZWJvb2siLCJ0ZW5hbnQiOiI0ZGJhOTQzMC01NGU2LTRjZjItYTUxNi02ZjczZmViNzAyYmIiLCJzY29wZSI6ImFwcGlkX2RlZmF1bHQgYXBwaWRfcmVhZHByb2ZpbGUgYXBwaWRfcmVhZHVzZXJhdHRyIGFwcGlkX3dyaXRldXNlcmF0dHIifQ.HHterec250JSDY1965cM2DadBznl2wTKmzKNSnfjpdTAqax9VZvV3EwuFbEnGp9-i6AC-OlsVj7xvbALkdjwG2lZvpQx0M_gRc_3E0NiYuOGVolcm0wEXtbtDUFFqZQAf9BYYOPZ8OintdBiwUGETbH1ZRVtUvt3nalIko1OPE1Q12LvuRlhz5MClNHmvxJcXc7kucxCx4s4UFFy_HJA1gow7HWFqc9-PZf4JMWA-siYqPrdw_zYeBTBzE5co92F6JBEtGLLCjhJVz9eYgLLECXbak3z6hOaY9352Weuj7AgMOWxzw56jKKsiixMtvzrCzLVIcRUG96UJszwPHtPlA',
 	INVALID_SIGNATURE_TOKEN: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2p3dC1pZHAuZXhhbXBsZS5jb20iLCJzdWIiOiJtYWlsdG86bWlrZUBleGFtcGxlLmNvbSIsIm5iZiI6MTU2NjMxMDg5NSwiZXhwIjoxNTY2MzE0NDk1LCJpYXQiOjE1NjYzMTA4OTUsImp0aSI6ImlkMTIzNDU2IiwidHlwIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9yZWdpc3RlciIsImF1ZCI6WyJodHRwOi8vZm9vMS5jb20iLCJodHRwOi8vZm9vMi5jb20iXX0.NBDYg8VZxW770qcbIl40OFvaQntO-FVYUUJocE5ZgcyrvFTuomwF997OcEJghO8BE_Y2m67PbfPFsbN0VI6j'

diff --git a/src/index.js b/src/index.js
@@ -216,6 +216,43 @@ class AppID {
 		});
 	}
 
+	/**
+	 * This method will open a popup to the change details widget for Cloud Directory users.
+	 * You must enable users to manage their account from your app in Cloud Directory settings.
+	 * @param {Object} tokens App ID tokens
+	 * @returns {Promise<Tokens>}
+	 * @throws {AppIDError} "Missing id token string"
+	 * @throws {AppIDError} "Missing access token string"
+	 * @throws {AppIDError} "Missing tokens object"
+	 * @example
+	 * let tokens = {accessToken, idToken}
+	 * let newTokens = await appID.changeDetails(tokens);
+	 */
+	async changeDetails({accessToken, idToken}) {
+		if (!accessToken && typeof accessToken !== 'string') {
+			throw new AppIDError(constants.MISSING_ACCESS_TOKEN);
+		}
+
+		if (!idToken && typeof idToken !== 'string') {
+			throw new AppIDError(constants.MISSING_ID_TOKEN);
+		}
+
+		const generateCodeUrl = this.openIdConfigResource.getIssuer() + constants.GENERATE_CODE;
+		const changeDetailsCode = await this.request(generateCodeUrl, {
+			headers: {
+				'Authorization': 'Bearer ' + accessToken + ' ' + idToken
+			}
+		});
+		const endpoint = this.openIdConfigResource.getIssuer() + constants.CHANGE_DETAILS;
+
+		return this.utils.performOAuthFlowAndGetTokens({
+			origin: this.window.origin,
+			clientId: this.clientId,
+			endpoint,
+			changeDetailsCode
+		});
+	}
+
 	/**
 	 *
 	 * @private

diff --git a/src/utils.js b/src/utils.js
@@ -45,7 +45,7 @@ class Utils {
 		return {codeVerifier, codeChallenge, state, nonce};
 	}
 
-	getAuthParamsAndUrl({clientId, origin, prompt, endpoint, userId}) {
+	getAuthParamsAndUrl({clientId, origin, prompt, endpoint, userId, changeDetailsCode}) {
 		const {codeVerifier, codeChallenge, state, nonce} = this.getPKCEFields();
 		let authParams = {
 			client_id: clientId,
@@ -67,6 +67,10 @@ class Utils {
 			authParams.user_id = userId;
 		}
 
+		if (changeDetailsCode) {
+			authParams.code = changeDetailsCode;
+		}
+
 		const url = endpoint + '?' + this.buildParams(authParams);
 		return {
 			codeVerifier,
@@ -76,8 +80,8 @@ class Utils {
 		};
 	}
 
-	async performOAuthFlowAndGetTokens({userId, origin, clientId, endpoint}) {
-		const {codeVerifier, state, nonce, url} = this.getAuthParamsAndUrl({userId, origin, clientId, endpoint});
+	async performOAuthFlowAndGetTokens({userId, origin, clientId, endpoint, changeDetailsCode}) {
+		const {codeVerifier, state, nonce, url} = this.getAuthParamsAndUrl({userId, origin, clientId, endpoint, changeDetailsCode});
 
 		this.popup.open();
 		this.popup.navigate(url);
@@ -135,8 +139,7 @@ class Utils {
 			token: tokens.access_token,
 			publicKeys,
 			issuer,
-			clientId,
-			nonce
+			clientId
 		});
 
 		const idTokenPayload = this.tokenValidator.decodeAndValidate({