Skip to content

Commit

Permalink
Merge pull request #165 from auth0/sec-v2
Browse files Browse the repository at this point in the history 
Security v2
  • Loading branch information
@rwtombaugh
rwtombaugh committed Oct 23, 2017
2 parents 6b3ba0f + d89d441 commit 1b1c7df
Show file tree
Hide file tree
Showing 8 changed files with 394 additions and 24 deletions.
43 changes: 43 additions & 0 deletions bin/_plugins/profile.js
View file
Expand Up @@ -4,6 +4,7 @@ var Cli = require('structured-cli');
var ConfigFile = require('../../lib/config');
var Sandbox = require('sandboxjs');
var SuperagentProxy = require('superagent-proxy');
var UserAuthenticator = require('../../lib/userAuthenticator');
var _ = require('lodash');


Expand All @@ -22,6 +23,48 @@ function onBeforeHandler(context) {

function onProfile(profile) {
args.profile = profile;

// Ensure V2 access token is fresh enough

if (!args.profile.openid) return; // V1 webtask token, nothing to do

// If V2 access token expires in less than 5 mins, get a new one

var validUntil = new Date(args.profile.openid.valid_until);
var now = Date.now();
if ((validUntil - now) < 5 * 60 * 1000) {
var userAuthenticator = new UserAuthenticator({
sandboxUrl: args.profile.url,
authorizationServer: args.profile.openid.authorization_server,
clientId: args.profile.openid.client_id,
refreshToken: args.profile.openid.refresh_token,
});

return userAuthenticator
.login({
container: args.profile.container,
admin: args.profile.openid.scopes.indexOf('wt:admin') > -1,
profileName: args.profile.name,
requestedScopes: args.profile.openid.scope,
})
.then(function (profile) {
args.profile = profile;
var config = new ConfigFile();
config.load();
return config.setProfile(profile.name, {
url: profile.url,
token: profile.token,
container: profile.container,
openid: profile.openid,
})
.tap(function () {
return config.save();
});
});
}
else {
return; // access token still valid more than 5 mins
}
}
}

Expand Down
24 changes: 23 additions & 1 deletion bin/profile/init.js
View file
Expand Up @@ -6,6 +6,7 @@ var PrintProfile = require('../../lib/printProfile');
var Promptly = Bluebird.promisifyAll(require('promptly'));
var Sandbox = require('sandboxjs');
var UserVerifier = require('../../lib/userVerifier');
var UserAuthenticator = require('../../lib/userAuthenticator');
var _ = require('lodash');


Expand All @@ -14,6 +15,13 @@ module.exports = Cli.createCommand('init', {
plugins: [
require('../_plugins/profileOptions'),
],
options: {
'admin': {
description: 'Request admin permissions',
dest: 'admin',
type: 'boolean',
},
},
params: {
'email_or_phone': {
description: 'Email or phone number that will be used to configure a new webtask profile.',
Expand Down Expand Up @@ -58,14 +66,15 @@ function handleProfileInit(args) {
function verifyUserOrReturnProfile() {
return (args.token && args.container && args.url)
? Sandbox.init(args)
: getVerifiedProfile(args);
: detectAuthMode(args);
}

function updateProfile(profile) {
return config.setProfile(args.profile, {
url: profile.url,
token: profile.token,
container: profile.container,
openid: profile.openid,
})
.tap(function () {
return config.save();
Expand All @@ -82,6 +91,19 @@ function handleProfileInit(args) {

// Private helper functions

function detectAuthMode(args) {
return UserAuthenticator.create(args.url)
.then(userAuthenticator => {
if (!userAuthenticator) {
if (args.admin) {
throw Cli.error.invalid('Server does not support --admin flag.');
}
return getVerifiedProfile();
}
return userAuthenticator.login({ container: args.container, admin: args.admin });
});
}

function getVerifiedProfile (args) {
var profile$ = args.email_or_phone
? sendVerificationCode(args.email_or_phone)
Expand Down
3 changes: 2 additions & 1 deletion lib/config.js
View file
Expand Up @@ -42,6 +42,7 @@ ConfigFile.prototype.load = function (cb) {
var profile = Sandbox.init(profileData);

profile.name = profileName;
profile.openid = profileData.openid;

return profile;
});
Expand All @@ -54,7 +55,7 @@ ConfigFile.prototype.load = function (cb) {
};

ConfigFile.prototype.save = function (cb) {
var data = _.mapValues(this.profiles, _.partialRight(_.pick, ['url', 'token', 'container']));
var data = _.mapValues(this.profiles, _.partialRight(_.pick, ['url', 'token', 'container', 'openid']));
var profileData = JSON.stringify(data, null, 2);

var promise$ = Fs.writeFileAsync(this.configPath, profileData, 'utf8');
Expand Down
13 changes: 13 additions & 0 deletions lib/printProfile.js
View file
Expand Up @@ -14,6 +14,19 @@ function printProfile(profile, options) {
console.log(Chalk.blue(Pad('Profile:', WIDTH)), Chalk.green(profile.name));
console.log(Chalk.blue(Pad('URL:', WIDTH)), profile.url);
console.log(Chalk.blue(Pad('Container:', WIDTH)), profile.container);

if (profile.openid) {
console.log(Chalk.blue(Pad('Version:', WIDTH)), Chalk.green('v2'));
console.log(Chalk.blue(Pad('Scopes:', WIDTH)), Chalk.green(profile.openid.scopes.join(', ')));
var still_valid = (new Date() - new Date(profile.openid.valid_until)) < 0
if (still_valid)
console.log(Chalk.blue(Pad('Expires:', WIDTH)), Chalk.green(profile.openid.valid_until), Chalk.green('(valid)'));
else
console.log(Chalk.blue(Pad('Expires:', WIDTH)), Chalk.red(profile.openid.valid_until), Chalk.red('(expired)'));
}
else {
console.log(Chalk.blue(Pad('Version:', WIDTH)), Chalk.green('v1'));
}

if (options.token) {
console.log(Chalk.blue(Pad('Token:', WIDTH)), profile.token);
Expand Down

0 comments on commit 1b1c7df

Please sign in to comment.