X-Git-Url: http://git.squeep.com/?p=squeep-indieauth-helper;a=blobdiff_plain;f=lib%2Fcommunication.js;h=d52d784690917d503e852309f4256650cfc4c60e;hp=8f6110f6e3a9c3438a0855ead9af3db3eb59b0e9;hb=30851a8cb9f8823b1b395ace8f53d62c5c53abd8;hpb=92b0d18597c3dc659182adec495f1d4b972f2f3e

diff --git a/lib/communication.js b/lib/communication.js
index 8f6110f..d52d784 100644
--- a/lib/communication.js
+++ b/lib/communication.js
@@ -22,6 +22,7 @@ const _fileScope  = common.fileScope(__filename);
 const noDotPathRE = /(\/\.\/|\/\.\.\/)/;
 const v6HostRE = /\[[0-9a-f:]+\]/;
 const loopback4 = new Address4('127.0.0.0/8');
+const scopeSplitRE = / +/;
 
 class Communication {
   /**
@@ -52,16 +53,28 @@ class Communication {
   }
 
 
+  /**
+   * Encode hashed verifier data for PKCE.
+   * @param {BinaryLike} verifier
+   * @returns {String}
+   */
   static _challengeFromVerifier(verifier) {
     const hash = createHash('sha256');
     hash.update(verifier);
     return base64ToBase64URL(hash.digest('base64'));
   }
 
+
+  /**
+   * @typedef PKCEData
+   * @property {String} codeChallengeMethod
+   * @property {String} codeVerifier
+   * @property {String} codeChallenge
+   */
   /**
    * Create a code verifier and its challenge.
    * @param {Number} length
-   * @returns {Object}
+   * @returns {Promise<PKCEData>}
    */
   static async generatePKCE(length = 128) {
     if (length < 43 || length > 128) {
@@ -135,6 +148,7 @@ class Communication {
     return (status >= 200 && status < 300) || status == 401;
   }
 
+
   /**
    * A request config skeleton.
    * @param {String} method
@@ -260,7 +274,7 @@ class Communication {
    * Retrieve and parse microformat data from url.
    * N.B. this absorbs any errors!
    * @param {URL} urlObj
-   * @returns {Object}
+   * @returns {Promise<Object>}
    */
   async fetchMicroformat(urlObj) {
     const _scope = _fileScope('fetchMicroformat');
@@ -317,7 +331,7 @@ class Communication {
    * Retrieve and parse JSON.
    * N.B. this absorbs any errors!
    * @param {URL} urlObj
-   * @returns {Object}
+   * @returns {Promise<Object>}
    */
   async fetchJSON(urlObj) {
     const _scope = _fileScope('fetchJSON');
@@ -390,6 +404,7 @@ class Communication {
    * N.B. Sets isLoopback on urlObj
    * @param {URL} urlObj
    * @param {Boolean} allowLoopback
+   * @returns {Promise<void>}
    */
   static async _urlNamedHost(urlObj, allowLoopback, resolveHostname) {
     let address;
@@ -479,12 +494,14 @@ class Communication {
    * @param {String} url
    * @param {Object} validationOptions
    * @param {Boolean} validationOptions.allowLoopback
+   * @param {Boolean} validationOptions.resolveHostname
+   * @returns {Promise<void>}
    */
   async validateProfile(url, validationOptions) {
     const _scope = _fileScope('validateProfile');
     const errorScope = 'invalid profile url';
 
-    const options = Object.assign({}, {
+    const options = Object.assign({
       allowLoopback: false,
       resolveHostname: false,
     }, validationOptions);
@@ -519,13 +536,13 @@ class Communication {
    * @param {Object} validationOptions
    * @param {Boolean} validationOptions.allowLoopback
    * @param {Boolean} validationOptions.resolveHostname
-   * @returns {URL}
+   * @returns {Promise<URL>}
    */
   async validateClientIdentifier(url, validationOptions) {
     const _scope = _fileScope('validateClientIdentifier');
     const errorScope = 'invalid client identifier url';
 
-    const options = Object.assign({}, {
+    const options = Object.assign({
       allowLoopback: true,
       resolveHostname: true,
     }, validationOptions);
@@ -619,6 +636,7 @@ class Communication {
    * @property {String} metadata.issuer
    * @property {String} metadata.authorizationEndpoint
    * @property {String} metadata.tokenEndpoint
+   * @property {String} metadata.ticketEndpoint
    * @property {String} metadata.introspectionEndpoint
    * @property {String} metadata.introspectionEndpointAuthMethodsSupported
    * @property {String} metadata.revocationEndpoint
@@ -669,6 +687,7 @@ class Communication {
     Object.entries({
       authorizationEndpoint: 'authorization_endpoint', // backwards compatibility
       tokenEndpoint: 'token_endpoint', // backwards compatibility
+      ticketEndpoint: 'ticket_endpoint', // backwards compatibility
     }).forEach(([p, r]) => {
       if (mfData && r in mfData.rels) {
         profile.metadata[p] = profile[p] = mfData.rels[r][0]; // eslint-disable-line security/detect-object-injection
@@ -697,6 +716,7 @@ class Communication {
             issuer: 'issuer',
             authorizationEndpoint: 'authorization_endpoint',
             tokenEndpoint: 'token_endpoint',
+            ticketEndpoint: 'ticket_endpoint',
             introspectionEndpoint: 'introspection_endpoint',
             introspectionEndpointAuthMethodsSupported: 'introspection_endpoint_auth_methods_supported',
             revocationEndpoint: 'revocation_endpoint',
@@ -715,7 +735,7 @@ class Communication {
           });
 
           // Populate legacy profile fields.
-          ['authorizationEndpoint', 'tokenEndpoint'].forEach((f) => {
+          ['authorizationEndpoint', 'tokenEndpoint', 'ticketEndpoint'].forEach((f) => {
             if (f in profile.metadata) {
               profile[f] = profile.metadata[f]; // eslint-disable-line security/detect-object-injection
             }
@@ -730,6 +750,7 @@ class Communication {
 
   /**
    * POST to the auth endpoint, to redeem a code for a profile object.
+   * FIXME: [name] this isn't specific to profile redemption, it works for tokens too
    * @param {URL} urlObj
    * @param {String} code
    * @param {String} codeVerifier
@@ -740,16 +761,15 @@ class Communication {
   async redeemProfileCode(urlObj, code, codeVerifier, clientId, redirectURI) {
     const _scope = _fileScope('redeemProfileCode');
 
-    const data = new URLSearchParams();
-    Object.entries({
+    const formData = common.formData({
       'grant_type': 'authorization_code',
       code,
       'client_id': clientId,
       'redirect_uri': redirectURI,
       'code_verifier': codeVerifier,
-    }).forEach(([name, value]) => data.set(name, value));
+    });
 
-    const postRedeemProfileCodeConfig = Communication._axiosConfig('POST', urlObj, data.toString(), {}, {
+    const postRedeemProfileCodeConfig = Communication._axiosConfig('POST', urlObj, formData, {}, {
       [Enum.Header.ContentType]: Enum.ContentType.ApplicationForm,
       [Enum.Header.Accept]: `${Enum.ContentType.ApplicationJson}, ${Enum.ContentType.Any};q=0.1`,
     });
@@ -768,6 +788,87 @@ class Communication {
     }
   }
 
+
+  /**
+   * Verify a token with an IdP endpoint, using the Authentication header supplied.
+   * @param {URL} introspectionUrlObj
+   * @param {String} authenticationHeader
+   * @param {String} token
+   */
+  async introspectToken(introspectionUrlObj, authenticationHeader, token) {
+    const _scope = _fileScope('introspectToken');
+
+    const formData = common.formData({ token });
+    const postIntrospectConfig = Communication._axiosConfig('POST', introspectionUrlObj, formData, {}, {
+      [Enum.Header.Authentication]: authenticationHeader,
+      [Enum.Header.ContentType]: Enum.ContentType.ApplicationForm,
+      [Enum.Header.Accept]: `${Enum.ContentType.ApplicationJson}, ${Enum.ContentType.Any};q=0.1`,
+    });
+    delete postIntrospectConfig.validateStatus;  // only accept success
+
+    let tokenInfo;
+    try {
+      const response = await this.axios(postIntrospectConfig);
+      this.logger.debug(_scope, 'response', { response });
+      // check status
+      try {
+        tokenInfo = JSON.parse(response.data);
+        const {
+          active,
+          me,
+          client_id: clientId,
+          scope,
+          exp,
+          iat,
+        } = tokenInfo;
+
+        return {
+          active,
+          ...(me && { me }),
+          ...(clientId && { clientId }),
+          ...(scope && { scope: scope.split(scopeSplitRE) }),
+          ...(exp && { exp: Number(exp) }),
+          ...(iat && { iat: Number(iat) }),
+        };
+      } catch (e) {
+        this.logger.error(_scope, 'failed to parse json', { error: e, response });
+        throw e;
+      }
+    } catch (e) {
+      this.logger.error(_scope, 'introspect token request failed', { error: e, url: introspectionUrlObj.href });
+      throw e;
+    }
+  }
+
+
+  /**
+   * Attempt to deliver a ticket to an endpoint.
+   * N.B. does not absorb errors
+   * @param {*} ticketEndpointUrlObj
+   * @param {*} resourceUrlObj
+   * @param {*} subjectUrlObj
+   * @param {*} ticket
+   * @returns {Promise<AxiosResponse>}
+   */
+  async deliverTicket(ticketEndpointUrlObj, resourceUrlObj, subjectUrlObj, ticket) {
+    const _scope = _fileScope('deliverTicket');
+
+    try {
+      const ticketPayload = {
+        ticket,
+        resource: resourceUrlObj.href,
+        subject: subjectUrlObj.href,
+      };
+      const ticketConfig = Communication._axiosConfig('POST', ticketEndpointUrlObj, ticketPayload, {}, {
+        [Enum.Header.ContentType]: Enum.ContentType.ApplicationForm,
+      });
+      return await this.axios(ticketConfig);
+    } catch (e) {
+      this.logger.error(_scope, 'ticket delivery request failed', { error: e, url: ticketEndpointUrlObj.href });
+      throw e;
+    }
+  }
+
 }
 
-module.exports = Communication;
\ No newline at end of file
+module.exports = Communication;