From 9e829a90aabb8a37da0e60538d9ab7cc312beb90 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Sat, 27 Apr 2019 01:44:28 +0200 Subject: [PATCH] lint: Format javascript test code Signed-off-by: aeneasr --- cypress/helpers/index.js | 49 ++- cypress/integration/oauth2/authorize_error.js | 88 ++--- cypress/integration/oauth2/consent.js | 54 +-- cypress/integration/openid/logout.js | 84 ++-- cypress/support/commands.js | 30 +- test/e2e/oauth2-client/src/index.js | 361 +++++++++--------- 6 files changed, 342 insertions(+), 324 deletions(-) diff --git a/cypress/helpers/index.js b/cypress/helpers/index.js index 525275b7a3..fbe22fe885 100644 --- a/cypress/helpers/index.js +++ b/cypress/helpers/index.js @@ -3,23 +3,31 @@ export const prng = () => .toString(36) .substring(2)}${Math.random() .toString(36) - .substring(2)}` + .substring(2)}`; const isStatusOk = res => res.ok ? Promise.resolve(res) : Promise.reject( - new Error(`Received unexpected status code ${res.statusCode}`) - ) + new Error(`Received unexpected status code ${res.statusCode}`) + ); export const findEndUserAuthorization = subject => - fetch(Cypress.env('admin_url') + '/oauth2/auth/sessions/consent?subject='+subject) + fetch( + Cypress.env('admin_url') + + '/oauth2/auth/sessions/consent?subject=' + + subject + ) .then(isStatusOk) - .then((res) => res.json()) + .then(res => res.json()); export const revokeEndUserAuthorization = subject => - fetch(Cypress.env('admin_url') + '/oauth2/auth/sessions/consent?subject='+subject, { method: 'DELETE' }) - .then(isStatusOk) + fetch( + Cypress.env('admin_url') + + '/oauth2/auth/sessions/consent?subject=' + + subject, + { method: 'DELETE' } + ).then(isStatusOk); export const createClient = client => fetch(Cypress.env('admin_url') + '/clients', { @@ -29,7 +37,7 @@ export const createClient = client => }) .then(isStatusOk) .then(res => { - return res.json() + return res.json(); }) .then(body => getClient(client.client_id).then(actual => { @@ -38,32 +46,31 @@ export const createClient = client => new Error( `Expected client_id's to match: ${actual.client_id} !== ${ body.client - }` + }` ) - ) + ); } - return Promise.resolve(body) + return Promise.resolve(body); }) - ) + ); export const deleteClients = () => fetch(Cypress.env('admin_url') + '/clients', { - method: 'GET', + method: 'GET' }) .then(isStatusOk) - .then((res) => res.json()) - .then((body) => { - body.forEach(({ client_id }) => deleteClient(client_id)) - }) + .then(res => res.json()) + .then(body => { + body.forEach(({ client_id }) => deleteClient(client_id)); + }); const deleteClient = client_id => fetch(Cypress.env('admin_url') + '/clients/' + client_id, { - method: 'DELETE', - }) - .then(isStatusOk) + method: 'DELETE' + }).then(isStatusOk); const getClient = id => fetch(Cypress.env('admin_url') + '/clients/' + id) .then(isStatusOk) - .then((res) => res.json()) + .then(res => res.json()); diff --git a/cypress/integration/oauth2/authorize_error.js b/cypress/integration/oauth2/authorize_error.js index 708cc89009..3d977273e4 100644 --- a/cypress/integration/oauth2/authorize_error.js +++ b/cypress/integration/oauth2/authorize_error.js @@ -1,5 +1,5 @@ -import { createClient, prng } from '../../helpers' -import qs from 'querystring' +import { createClient, prng } from '../../helpers'; +import qs from 'querystring'; describe('OAuth 2.0 Authorization Endpoint Error Handling', () => { it('should return an error when an OAuth 2.0 Client ID is used that does not exist', () => { @@ -8,16 +8,16 @@ describe('OAuth 2.0 Authorization Endpoint Error Handling', () => { 'client_url' )}/oauth2/code?client_id=i-do-not-exist&client_secret=i-am-not-correct}`, { failOnStatusCode: false } - ) + ); cy.location().should(({ search, port }) => { - const query = qs.parse(search.substr(1)) - expect(query.error).to.equal('invalid_client') + const query = qs.parse(search.substr(1)); + expect(query.error).to.equal('invalid_client'); // Should show ORY Hydra's Error URL because a redirect URL could not be determined - expect(port).to.equal(Cypress.env('public_port')) - }) - }) + expect(port).to.equal(Cypress.env('public_port')); + }); + }); it('should return an error when an OAuth 2.0 Client requests a scope that is not allowed to be requested', () => { const c = { @@ -26,24 +26,24 @@ describe('OAuth 2.0 Authorization Endpoint Error Handling', () => { scope: 'foo', redirect_uris: [`${Cypress.env('client_url')}/oauth2/callback`], grant_types: ['authorization_code'] - } - cy.wrap(createClient(c)) + }; + cy.wrap(createClient(c)); cy.visit( `${Cypress.env('client_url')}/oauth2/code?client_id=${ c.client_id - }&client_secret=${c.client_secret}&scope=bar`, + }&client_secret=${c.client_secret}&scope=bar`, { failOnStatusCode: false } - ) + ); cy.location().should(({ search, port }) => { - const query = qs.parse(search.substr(1)) - expect(query.error).to.equal('invalid_scope') + const query = qs.parse(search.substr(1)); + expect(query.error).to.equal('invalid_scope'); // This is a client error so we expect the client app to show the error - expect(port).to.equal(Cypress.env('client_port')) - }) - }) + expect(port).to.equal(Cypress.env('client_port')); + }); + }); it('should return an error when an OAuth 2.0 Client requests a response type it is not allowed to call', () => { const c = { @@ -51,18 +51,18 @@ describe('OAuth 2.0 Authorization Endpoint Error Handling', () => { client_secret: prng(), redirect_uris: [`${Cypress.env('client_url')}/oauth2/callback`], response_types: ['token'] // disallows Authorization Code Grant - } - cy.wrap(createClient(c)) + }; + cy.wrap(createClient(c)); cy.visit( `${Cypress.env('client_url')}/oauth2/code?client_id=${ c.client_id - }&client_secret=${c.client_secret}`, + }&client_secret=${c.client_secret}`, { failOnStatusCode: false } - ) + ); - cy.get('body').should('contain', 'unsupported_response_type') - }) + cy.get('body').should('contain', 'unsupported_response_type'); + }); it('should return an error when an OAuth 2.0 Client requests a grant type it is not allowed to call', () => { const c = { @@ -70,23 +70,23 @@ describe('OAuth 2.0 Authorization Endpoint Error Handling', () => { client_secret: prng(), redirect_uris: [`${Cypress.env('client_url')}/oauth2/callback`], grant_types: ['client_credentials'] - } - cy.wrap(createClient(c)) + }; + cy.wrap(createClient(c)); cy.visit( `${Cypress.env('client_url')}/oauth2/code?client_id=${ c.client_id - }&client_secret=${c.client_secret}&scope=`, + }&client_secret=${c.client_secret}&scope=`, { failOnStatusCode: false } - ) + ); - cy.get('#email').type('foo@bar.com', { delay: 1 }) - cy.get('#password').type('foobar', { delay: 1 }) - cy.get('#accept').click() - cy.get('#accept').click() + cy.get('#email').type('foo@bar.com', { delay: 1 }); + cy.get('#password').type('foobar', { delay: 1 }); + cy.get('#accept').click(); + cy.get('#accept').click(); - cy.get('body').should('contain', 'invalid_grant') - }) + cy.get('body').should('contain', 'invalid_grant'); + }); it('should return an error when an OAuth 2.0 Client requests a redirect_uri that is not preregistered', () => { const c = { @@ -94,23 +94,23 @@ describe('OAuth 2.0 Authorization Endpoint Error Handling', () => { client_secret: prng(), redirect_uris: ['http://some-other-domain/not-callback'], grant_types: ['client_credentials'] - } - cy.wrap(createClient(c)) + }; + cy.wrap(createClient(c)); cy.visit( `${Cypress.env('client_url')}/oauth2/code?client_id=${ c.client_id - }&client_secret=${c.client_secret}&scope=`, + }&client_secret=${c.client_secret}&scope=`, { failOnStatusCode: false } - ) + ); cy.location().should(({ search, port }) => { - const query = qs.parse(search.substr(1)) - expect(query.error).to.equal('invalid_request') - expect(query.error_hint).to.contain('redirect_uri') + const query = qs.parse(search.substr(1)); + expect(query.error).to.equal('invalid_request'); + expect(query.error_hint).to.contain('redirect_uri'); // Should show ORY Hydra's Error URL because a redirect URL could not be determined - expect(port).to.equal(Cypress.env('public_port')) - }) - }) -}) + expect(port).to.equal(Cypress.env('public_port')); + }); + }); +}); diff --git a/cypress/integration/oauth2/consent.js b/cypress/integration/oauth2/consent.js index dfd26b685b..59d5b544a5 100644 --- a/cypress/integration/oauth2/consent.js +++ b/cypress/integration/oauth2/consent.js @@ -1,4 +1,4 @@ -import { prng } from '../../helpers' +import { prng } from '../../helpers'; describe('OAuth 2.0 End-User Authorization', () => { const nc = () => ({ @@ -7,42 +7,52 @@ describe('OAuth 2.0 End-User Authorization', () => { scope: 'offline_access', redirect_uris: [`${Cypress.env('client_url')}/oauth2/callback`], grant_types: ['authorization_code', 'refresh_token'] - }) + }); const hasConsent = (client, body) => { - let found = false + let found = false; body.forEach(({ consent_request: { client: { client_id } } }) => { if (client_id === client.client_id) { - found = true + found = true; } - }) - return found - } + }); + return found; + }; it('should check if end user authorization exists', () => { - const client = nc() + const client = nc(); cy.authCodeFlow(client, { consent: { scope: ['offline_access'], remember: true } - }) + }); - cy.request(Cypress.env('admin_url') + '/oauth2/auth/sessions/consent?subject=foo@bar.com') + cy.request( + Cypress.env('admin_url') + + '/oauth2/auth/sessions/consent?subject=foo@bar.com' + ) .its('body') - .then((body) => { - expect(body.length).to.be.greaterThan(0) - expect(hasConsent(client, body)).to.be.true - }) + .then(body => { + expect(body.length).to.be.greaterThan(0); + expect(hasConsent(client, body)).to.be.true; + }); - cy.request('DELETE', Cypress.env('admin_url') + '/oauth2/auth/sessions/consent?subject=foo@bar.com') + cy.request( + 'DELETE', + Cypress.env('admin_url') + + '/oauth2/auth/sessions/consent?subject=foo@bar.com' + ); - cy.request(Cypress.env('admin_url') + '/oauth2/auth/sessions/consent?subject=foo@bar.com') + cy.request( + Cypress.env('admin_url') + + '/oauth2/auth/sessions/consent?subject=foo@bar.com' + ) .its('body') - .then((body) => { - expect(body.length).to.eq(0) - expect(hasConsent(client, body)).to.be.false - }) + .then(body => { + expect(body.length).to.eq(0); + expect(hasConsent(client, body)).to.be.false; + }); cy.request(`${Cypress.env('client_url')}/oauth2/introspect/at`) .its('body') @@ -57,5 +67,5 @@ describe('OAuth 2.0 End-User Authorization', () => { expect(body.result).to.equal('success'); expect(body.body.active).to.be.false; }); - }) -}) + }); +}); diff --git a/cypress/integration/openid/logout.js b/cypress/integration/openid/logout.js index 1a09cbd6f7..30f12a8475 100644 --- a/cypress/integration/openid/logout.js +++ b/cypress/integration/openid/logout.js @@ -1,4 +1,4 @@ -import { deleteClients, prng } from '../../helpers' +import { deleteClients, prng } from '../../helpers'; const nc = () => ({ client_id: prng(), @@ -7,12 +7,12 @@ const nc = () => ({ subject_type: 'public', redirect_uris: [`${Cypress.env('client_url')}/openid/callback`], grant_types: ['authorization_code'] -}) +}); describe('OpenID Connect Logout', () => { after(() => { - cy.wrap(deleteClients()) - }) + cy.wrap(deleteClients()); + }); // The Back-Channel test should run before the front-channel test because otherwise both tests need a long time to finish. describe('Back-Channel', () => { @@ -20,21 +20,21 @@ describe('OpenID Connect Logout', () => { Cypress.Cookies.preserveOnce( 'oauth2_authentication_session', 'connect.sid' - ) - }) + ); + }); before(() => { - cy.wrap(deleteClients()) - }) + cy.wrap(deleteClients()); + }); const client = { ...nc(), backchannel_logout_uri: `${Cypress.env( 'client_url' )}/openid/session/end/bc` - } + }; - it('should log in and remember login with back-channel', function () { + it('should log in and remember login with back-channel', function() { cy.authCodeFlow( client, { @@ -42,56 +42,56 @@ describe('OpenID Connect Logout', () => { consent: { scope: ['openid'], remember: true } }, 'openid' - ) + ); cy.request(`${Cypress.env('client_url')}/openid/session/check`) .its('body') .then(({ has_session }) => { - expect(has_session).to.be.true - }) - }) + expect(has_session).to.be.true; + }); + }); it('should show the logout page and complete logout with back-channel', () => { cy.request(`${Cypress.env('client_url')}/openid/session/check`) .its('body') .then(({ has_session }) => { - expect(has_session).to.be.true - }) + expect(has_session).to.be.true; + }); cy.visit(`${Cypress.env('client_url')}/openid/session/end`, { failOnStatusCode: false - }) + }); - cy.get('#accept').click() + cy.get('#accept').click(); - cy.get('h1').should('contain', 'Your log out request however succeeded.') + cy.get('h1').should('contain', 'Your log out request however succeeded.'); cy.request(`${Cypress.env('client_url')}/openid/session/check`) .its('body') .then(({ has_session }) => { - expect(has_session).to.be.false - }) - }) - }) + expect(has_session).to.be.false; + }); + }); + }); describe('Front-Channel', () => { beforeEach(() => { Cypress.Cookies.preserveOnce( 'oauth2_authentication_session', 'connect.sid' - ) - }) + ); + }); before(() => { - cy.wrap(deleteClients()) - }) + cy.wrap(deleteClients()); + }); const client = { ...nc(), frontchannel_logout_uri: `${Cypress.env( 'client_url' )}/openid/session/end/fc` - } + }; it('should log in and remember login with front-channel', () => { cy.authCodeFlow( @@ -101,35 +101,35 @@ describe('OpenID Connect Logout', () => { consent: { scope: ['openid'], remember: true } }, 'openid' - ) + ); cy.request(`${Cypress.env('client_url')}/openid/session/check`) .its('body') .then(({ has_session }) => { - expect(has_session).to.be.true - }) - }) + expect(has_session).to.be.true; + }); + }); it('should show the logout page and complete logout with front-channel', () => { cy.request(`${Cypress.env('client_url')}/openid/session/check`) .its('body') .then(({ has_session }) => { - expect(has_session).to.be.true - }) + expect(has_session).to.be.true; + }); cy.visit(`${Cypress.env('client_url')}/openid/session/end`, { failOnStatusCode: false - }) + }); - cy.get('#accept').click() + cy.get('#accept').click(); - cy.get('h1').should('contain', 'Your log out request however succeeded.') + cy.get('h1').should('contain', 'Your log out request however succeeded.'); cy.request(`${Cypress.env('client_url')}/openid/session/check`) .its('body') .then(({ has_session }) => { - expect(has_session).to.be.false - }) - }) - }) -}) + expect(has_session).to.be.false; + }); + }); + }); +}); diff --git a/cypress/support/commands.js b/cypress/support/commands.js index 8906258cc3..f73bb605d6 100644 --- a/cypress/support/commands.js +++ b/cypress/support/commands.js @@ -23,7 +23,7 @@ // // -- This is will overwrite an existing command -- // Cypress.Commands.overwrite("visit", (originalFn, url, options) => { ... }) -import { createClient } from '../helpers' +import { createClient } from '../helpers'; Cypress.Commands.add( 'authCodeFlow', @@ -47,41 +47,41 @@ Cypress.Commands.add( } = {}, path = 'oauth2' ) => { - cy.wrap(createClient(client)) + cy.wrap(createClient(client)); cy.visit( `${Cypress.env('client_url')}/${path}/code?client_id=${client_id || - client.client_id}&client_secret=${client_secret || - client.client_secret}&scope=${(scope || client.scope).replace( + client.client_id}&client_secret=${client_secret || + client.client_secret}&scope=${(scope || client.scope).replace( ' ', '+' )}&prompt=${prompt}`, { failOnStatusCode: false } - ) + ); if (!skipLogin) { - cy.get('#email').type(username, { delay: 1 }) - cy.get('#password').type(password, { delay: 1 }) + cy.get('#email').type(username, { delay: 1 }); + cy.get('#password').type(password, { delay: 1 }); if (rememberLogin) { - cy.get('#remember').click() + cy.get('#remember').click(); } - cy.get('#accept').click() + cy.get('#accept').click(); } if (!skipConsent) { acceptScope.forEach(s => { - cy.get(`#${s}`).click() - }) + cy.get(`#${s}`).click(); + }); if (rememberConsent) { - cy.get('#remember').click() + cy.get('#remember').click(); } if (acceptConsent) { - cy.get('#accept').click() + cy.get('#accept').click(); } else { - cy.get('#reject').click() + cy.get('#reject').click(); } } } -) +); diff --git a/test/e2e/oauth2-client/src/index.js b/test/e2e/oauth2-client/src/index.js index 079d455cd5..41e3f739c3 100644 --- a/test/e2e/oauth2-client/src/index.js +++ b/test/e2e/oauth2-client/src/index.js @@ -1,37 +1,37 @@ -const express = require('express') -const session = require('express-session') -const uuid = require('node-uuid') -const oauth2 = require('simple-oauth2') -const fetch = require('node-fetch') -const ew = require('express-winston') -const winston = require('winston') -const { Issuer } = require('openid-client') -const { URLSearchParams } = require('url') -const bodyParser = require('body-parser') -const jwksClient = require('jwks-rsa') -const jwt = require('jsonwebtoken') +const express = require('express'); +const session = require('express-session'); +const uuid = require('node-uuid'); +const oauth2 = require('simple-oauth2'); +const fetch = require('node-fetch'); +const ew = require('express-winston'); +const winston = require('winston'); +const { Issuer } = require('openid-client'); +const { URLSearchParams } = require('url'); +const bodyParser = require('body-parser'); +const jwksClient = require('jwks-rsa'); +const jwt = require('jsonwebtoken'); -const app = express() +const app = express(); -app.use(bodyParser.urlencoded({ extended: true })) +app.use(bodyParser.urlencoded({ extended: true })); -const blacklistedSid = [] +const blacklistedSid = []; const isStatusOk = res => res.ok ? Promise.resolve(res) : Promise.reject( - new Error(`Received unexpected status code ${res.statusCode}`) - ) + new Error(`Received unexpected status code ${res.statusCode}`) + ); const config = { url: process.env.AUTHORIZATION_SERVER_URL || 'http://127.0.0.1:5000/', public: process.env.PUBLIC_URL || 'http://127.0.0.1:5000/', admin: process.env.ADMIN_URL || 'http://127.0.0.1:5001/', port: parseInt(process.env.PORT) || 5003 -} +}; -const redirect_uri = `http://127.0.0.1:${config.port}` +const redirect_uri = `http://127.0.0.1:${config.port}`; app.use( ew.logger({ @@ -41,7 +41,7 @@ app.use( winston.format.simple() ) }) -) +); app.use( session({ @@ -53,7 +53,7 @@ app.use( httpOnly: true } }) -) +); const nc = req => Issuer.discover(config.public).then(issuer => { @@ -61,22 +61,22 @@ const nc = req => issuer.metadata.token_endpoint = new URL( '/oauth2/token', config.public - ).toString() + ).toString(); issuer.metadata.jwks_uri = new URL( '/.well-known/jwks.json', config.public - ).toString() + ).toString(); issuer.metadata.revocation_endpoint = new URL( '/oauth2/revoke', config.public - ).toString() + ).toString(); issuer.metadata.introspection_endpoint = new URL( '/oauth2/introspect', config.admin - ).toString() + ).toString(); - return Promise.resolve(new issuer.Client(req.session.oidc_credentials)) - }) + return Promise.resolve(new issuer.Client(req.session.oidc_credentials)); + }); app.get('/oauth2/code', async (req, res) => { const credentials = { @@ -90,14 +90,14 @@ app.get('/oauth2/code', async (req, res) => { tokenPath: '/oauth2/token', authorizePath: '/oauth2/auth' } - } + }; - const state = uuid.v4() - const scope = req.query.scope || '' + const state = uuid.v4(); + const scope = req.query.scope || ''; - req.session.credentials = credentials - req.session.state = state - req.session.scope = scope.split(' ') + req.session.credentials = credentials; + req.session.state = state; + req.session.scope = scope.split(' '); res.redirect( oauth2.create(credentials).authorizationCode.authorizeURL({ @@ -105,58 +105,58 @@ app.get('/oauth2/code', async (req, res) => { scope, state }) - ) -}) + ); +}); app.get('/oauth2/callback', async (req, res) => { if (req.query.error) { - res.send(JSON.stringify(Object.assign({ result: 'error' }, req.query))) - return + res.send(JSON.stringify(Object.assign({ result: 'error' }, req.query))); + return; } if (req.query.state !== req.session.state) { - res.send(JSON.stringify({ result: 'error', error: 'states mismatch' })) - return + res.send(JSON.stringify({ result: 'error', error: 'states mismatch' })); + return; } if (!req.query.code) { - res.send(JSON.stringify({ result: 'error', error: 'no code given' })) - return + res.send(JSON.stringify({ result: 'error', error: 'no code given' })); + return; } oauth2 .create(req.session.credentials) .authorizationCode.getToken({ - redirect_uri: `${redirect_uri}/oauth2/callback`, - scope: req.session.scope, - code: req.query.code - }) + redirect_uri: `${redirect_uri}/oauth2/callback`, + scope: req.session.scope, + code: req.query.code + }) .then(token => { - req.session.oauth2_flow = { token } // code returns {access_token} because why not... - res.send({ result: 'success', token }) + req.session.oauth2_flow = { token }; // code returns {access_token} because why not... + res.send({ result: 'success', token }); }) .catch(err => { if (err.data.payload) { - res.send(JSON.stringify(err.data.payload)) - return + res.send(JSON.stringify(err.data.payload)); + return; } - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); -app.get('/oauth2/refresh', function (req, res) { +app.get('/oauth2/refresh', function(req, res) { oauth2 .create(req.session.credentials) .accessToken.create(req.session.oauth2_flow.token) .refresh() .then(token => { - req.session.oauth2_flow = token // refresh returns {token:{access_token}} because why not... - res.send({ result: 'success', token: token.token }) + req.session.oauth2_flow = token; // refresh returns {token:{access_token}} because why not... + res.send({ result: 'success', token: token.token }); }) .catch(err => { - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/oauth2/revoke', (req, res) => { oauth2 @@ -164,41 +164,41 @@ app.get('/oauth2/revoke', (req, res) => { .accessToken.create(req.session.oauth2_flow.token) .revoke(req.query.type || 'access_token') .then(() => { - res.sendStatus(201) + res.sendStatus(201); }) .catch(err => { - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/oauth2/validate-jwt', (req, res) => { const client = jwksClient({ jwksUri: new URL('/.well-known/jwks.json', config.public).toString() - }) + }); jwt.verify( req.session.oauth2_flow.token.access_token, (header, callback) => { - client.getSigningKey(header.kid, function (err, key) { - const signingKey = key.publicKey || key.rsaPublicKey - callback(null, signingKey) - }) + client.getSigningKey(header.kid, function(err, key) { + const signingKey = key.publicKey || key.rsaPublicKey; + callback(null, signingKey); + }); }, (err, decoded) => { if (err) { - console.error(err) - res.send(400) - return + console.error(err); + res.send(400); + return; } - res.send(decoded) + res.send(decoded); } - ) -}) + ); +}); app.get('/oauth2/introspect/at', (req, res) => { - const params = new URLSearchParams() - params.append('token', req.session.oauth2_flow.token.access_token) + const params = new URLSearchParams(); + params.append('token', req.session.oauth2_flow.token.access_token); fetch(new URL('/oauth2/introspect', config.admin).toString(), { method: 'POST', @@ -208,14 +208,14 @@ app.get('/oauth2/introspect/at', (req, res) => { .then(res => res.json()) .then(body => res.json({ result: 'success', body })) .catch(err => { - console.error(err) - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + console.error(err); + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/oauth2/introspect/rt', async (req, res) => { - const params = new URLSearchParams() - params.append('token', req.session.oauth2_flow.token.refresh_token) + const params = new URLSearchParams(); + params.append('token', req.session.oauth2_flow.token.refresh_token); fetch(new URL('/oauth2/introspect', config.admin).toString(), { method: 'POST', @@ -225,9 +225,9 @@ app.get('/oauth2/introspect/rt', async (req, res) => { .then(res => res.json()) .then(body => res.json({ result: 'success', body })) .catch(err => { - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); // client credentials @@ -244,23 +244,23 @@ app.get('/oauth2/cc', (req, res) => { options: { authorizationMethod: 'header' } - } + }; oauth2 .create(credentials) .clientCredentials.getToken({ scope: req.query.scope.split(' ') }) .then(token => { - res.send({ result: 'success', token }) + res.send({ result: 'success', token }); }) .catch(err => { if (err.data.payload) { - res.send(JSON.stringify(err.data.payload)) - return + res.send(JSON.stringify(err.data.payload)); + return; } - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); // openid @@ -268,45 +268,45 @@ app.get('/openid/code', async (req, res) => { const credentials = { client_id: req.query.client_id, client_secret: req.query.client_secret - } + }; - const state = uuid.v4() - const nonce = uuid.v4() - const scope = req.query.scope || '' + const state = uuid.v4(); + const nonce = uuid.v4(); + const scope = req.query.scope || ''; - req.session.oidc_credentials = credentials - req.session.state = state - req.session.nonce = nonce - req.session.scope = scope.split(' ') + req.session.oidc_credentials = credentials; + req.session.state = state; + req.session.nonce = nonce; + req.session.scope = scope.split(' '); - const client = await nc(req) + const client = await nc(req); const url = client.authorizationUrl({ redirect_uri: `${redirect_uri}/openid/callback`, scope: scope, state: state, nonce: nonce, prompt: req.query.prompt - }) - res.redirect(url) -}) + }); + res.redirect(url); +}); app.get('/openid/callback', async (req, res) => { if (req.query.error) { - res.send(JSON.stringify(Object.assign({ result: 'error' }, req.query))) - return + res.send(JSON.stringify(Object.assign({ result: 'error' }, req.query))); + return; } if (req.query.state !== req.session.state) { - res.send(JSON.stringify({ result: 'error', error: 'states mismatch' })) - return + res.send(JSON.stringify({ result: 'error', error: 'states mismatch' })); + return; } if (!req.query.code) { - res.send(JSON.stringify({ result: 'error', error: 'no code given' })) - return + res.send(JSON.stringify({ result: 'error', error: 'no code given' })); + return; } - const client = await nc(req) + const client = await nc(req); client .authorizationCallback(`${redirect_uri}/openid/callback`, req.query, { state: req.session.state, @@ -314,143 +314,144 @@ app.get('/openid/callback', async (req, res) => { response_type: 'code' }) .then(ts => { - req.session.openid_token = ts - req.session.openid_claims = ts.claims - res.send({ result: 'success', token: ts, claims: ts.claims }) + req.session.openid_token = ts; + req.session.openid_claims = ts.claims; + res.send({ result: 'success', token: ts, claims: ts.claims }); }) .catch(err => { - console.error(err) - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + console.error(err); + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/openid/userinfo', async (req, res) => { - const client = await nc(req) + const client = await nc(req); client .userinfo(req.session.openid_token.access_token) .then(ui => res.json(ui)) .catch(err => { - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/openid/revoke/at', async (req, res) => { - const client = await nc(req) + const client = await nc(req); client .revoke(req.session.openid_token.access_token) .then(() => res.json({ result: 'success' })) .catch(err => { - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/openid/revoke/rt', async (req, res) => { - const client = await nc(req) + const client = await nc(req); client .revoke(req.session.openid_token.refresh_token) .then(() => res.json({ result: 'success' })) .catch(err => { - res.send(JSON.stringify({ error: err.toString() })) - }) -}) + res.send(JSON.stringify({ error: err.toString() })); + }); +}); app.get('/openid/session/end', async (req, res) => { - const client = await nc(req) - const state = uuid.v4() + const client = await nc(req); + const state = uuid.v4(); - req.session.logout_state = state + req.session.logout_state = state; res.redirect( client.endSessionUrl({ state, id_token_hint: req.query.id_token_hint || req.session.openid_token.id_token }) - ) -}) + ); +}); app.get('/openid/session/end/fc', async (req, res) => { if (req.session.openid_claims.sid !== req.query.sid) { - res.sendStatus(400) - return + res.sendStatus(400); + return; } if (req.session.openid_claims.iss !== req.query.iss) { - res.sendStatus(400) - return + res.sendStatus(400); + return; } setTimeout(() => { req.session.destroy(() => { - res.send('ok') - }) - }, 500) -}) + res.send('ok'); + }); + }, 500); +}); app.post('/openid/session/end/bc', (req, res) => { const client = jwksClient({ jwksUri: new URL('/.well-known/jwks.json', config.public).toString() - }) + }); - jwt.verify(req.body.logout_token, (header, callback) => { + jwt.verify( + req.body.logout_token, + (header, callback) => { client.getSigningKey(header.kid, (err, key) => { if (err) { - console.error(err) - res.sendStatus(400) - return + console.error(err); + res.sendStatus(400); + return; } - callback(null, key.publicKey || key.rsaPublicKey) - }) - }, (err, decoded) => { + callback(null, key.publicKey || key.rsaPublicKey); + }); + }, + (err, decoded) => { if (err) { - console.error(err) - res.sendStatus(400) - return + console.error(err); + res.sendStatus(400); + return; } if (decoded.nonce) { - console.error("nonce is set but should not be", decoded.nonce) - res.sendStatus(400) - return + console.error('nonce is set but should not be', decoded.nonce); + res.sendStatus(400); + return; } if (decoded.sid.length === 0) { - console.error("sid should be set but is not", decoded.sid) - res.sendStatus(400) - return + console.error('sid should be set but is not', decoded.sid); + res.sendStatus(400); + return; } if (decoded.iss.indexOf(config.url) === -1) { - console.error("issuer is mismatching", decoded.iss, config.url) - res.sendStatus(400) - return + console.error('issuer is mismatching', decoded.iss, config.url); + res.sendStatus(400); + return; } - blacklistedSid.push(decoded.sid) - res.send('ok') + blacklistedSid.push(decoded.sid); + res.send('ok'); } - ) -}) + ); +}); app.get('/openid/session/check', async (req, res) => { - const { openid_claims: { sid = '' } = {} } = req.session + const { openid_claims: { sid = '' } = {} } = req.session; if (blacklistedSid.indexOf(sid) > -1) { req.session.destroy(() => { - res.json({ has_session: false }) - }) - return + res.json({ has_session: false }); + }); + return; } res.json({ has_session: - Boolean(req.session.oauth2_flow) || ( - Boolean(req.session.openid_token) && - Boolean(req.session.openid_claims) - ) - }) -}) - -app.listen(config.port, function () { - console.log(`Listening on port ${config.port}!`) -}) + Boolean(req.session.oauth2_flow) || + (Boolean(req.session.openid_token) && Boolean(req.session.openid_claims)) + }); +}); + +app.listen(config.port, function() { + console.log(`Listening on port ${config.port}!`); +});