From 57b1c758f4047585e1e85631d4a36fcb225da2f1 Mon Sep 17 00:00:00 2001 From: zxan1285 Date: Wed, 6 Feb 2019 16:14:21 +0200 Subject: [PATCH] reverted token changes to fix audience issue (#14) --- .gitignore | 1 + CHANGELOG.md | 5 ++++ index.js | 5 +--- package.json | 4 ++- server/index.js | 28 +++++--------------- server/middleware/dashboardAdmins.js | 38 ++++++++++++++++++++++++++++ server/middleware/develop.js | 29 --------------------- server/views/index.js | 4 +-- webtask.json | 2 +- 9 files changed, 57 insertions(+), 59 deletions(-) create mode 100644 server/middleware/dashboardAdmins.js delete mode 100644 server/middleware/develop.js diff --git a/.gitignore b/.gitignore index bc2a040..5e55d79 100644 --- a/.gitignore +++ b/.gitignore @@ -32,5 +32,6 @@ node_modules .DS_Store .idea dist +server/config.json npm-debug.log diff --git a/CHANGELOG.md b/CHANGELOG.md index 014abbc..011fcea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.0.1] - 2019-02-06 + +### Fixed +- Admin tokens audience issue fixed + ## [2.0.0] - 2019-02-05 ### Changed diff --git a/index.js b/index.js index 54e9daf..a9435a6 100644 --- a/index.js +++ b/index.js @@ -36,10 +36,7 @@ nconf HOSTING_ENV: 'default', PORT: 3000, AUTH0_RTA: 'auth0.auth0.com', - AUTH0_DOMAIN: 'xan-test3.eu.auth0.com', - EXTENSION_SECRET: 'secret', - WT_URL: 'http://localhost:3000', - PUBLIC_WT_URL: 'https://49ddb5d2.ngrok.io' + EXTENSION_SECRET: 'secret' }); // Start the server. diff --git a/package.json b/package.json index 4ada40b..1082be9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "auth0-authentication-api-debugger-extension", - "version": "2.0.0", + "version": "2.0.1", "description": "My extension for ..", "main": "index.js", "scripts": { @@ -19,6 +19,7 @@ "externals": [ "auth0-extension-tools@1.3.2", "auth0-extension-express-tools@1.1.6", + "auth0-oauth2-express@1.2.0", "cors", "express@4.12.4", "handlebars", @@ -35,6 +36,7 @@ "dependencies": { "auth0-extension-express-tools": "^1.1.9", "auth0-extension-tools": "^1.3.3", + "auth0-oauth2-express": "1.2.0", "body-parser": "^1.15.2", "cors": "2.8.1", "crypto": "^0.0.3", diff --git a/server/index.js b/server/index.js index b4b8ac3..717ee87 100644 --- a/server/index.js +++ b/server/index.js @@ -3,11 +3,12 @@ const crypto = require('crypto'); const Express = require('express'); const bodyParser = require('body-parser'); const handlebars = require('handlebars'); -const { middlewares, routes, urlHelpers } = require('auth0-extension-express-tools'); +const { urlHelpers } = require('auth0-extension-express-tools'); const config = require('./lib/config'); const utils = require('./lib/utils'); const metadata = require('../webtask.json'); +const dashboardAdmins = require('./middleware/dashboardAdmins'); module.exports = (configProvider) => { config.setProvider(configProvider); @@ -16,30 +17,13 @@ module.exports = (configProvider) => { const partial = handlebars.compile(require('./views/partial')); const app = new Express(); - const adminsOnly = middlewares.authenticateAdmins({ - credentialsRequired: true, - secret: config('EXTENSION_SECRET'), - audience: 'urn:authentication-api-debugger', - baseUrl: config('PUBLIC_WT_URL'), - onLoginSuccess: (req, res, next) => { - next(); - } - }); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); - app.use(routes.dashboardAdmins({ - secret: config('EXTENSION_SECRET'), - audience: 'urn:authentication-api-debugger', - rta: config('AUTH0_RTA').replace('https://', ''), - domain: config('AUTH0_DOMAIN'), - baseUrl: config('PUBLIC_WT_URL'), - clientName: `Auth0 Authentication API Debugger`, - sessionStorageKey: 'auth-api-debugger:apiToken', - })); + app.use(dashboardAdmins(config('AUTH0_DOMAIN'), 'Authentication API Debugger Extension', config('AUTH0_RTA'))); - app.get('/pkce', adminsOnly, function (req, res) { + app.get('/pkce', function (req, res) { const verifier = utils.base64url(crypto.randomBytes(32)); return res.json({ verifier: verifier, @@ -47,7 +31,7 @@ module.exports = (configProvider) => { }) }); - app.get('/hash', adminsOnly, function (req, res) { + app.get('/hash', function (req, res) { res.send(partial({ hash: utils.syntaxHighlight(req.query), id_token: utils.jwt(req.query && req.query.id_token), @@ -55,7 +39,7 @@ module.exports = (configProvider) => { })); }); - app.post('/request', adminsOnly, function (req, res) { + app.post('/request', function (req, res) { const request = req.body.request; delete req.body.request; res.send(partial({ diff --git a/server/middleware/dashboardAdmins.js b/server/middleware/dashboardAdmins.js new file mode 100644 index 0000000..d06bbbf --- /dev/null +++ b/server/middleware/dashboardAdmins.js @@ -0,0 +1,38 @@ +const url = require('url'); +const auth0 = require('auth0-oauth2-express'); + +module.exports = function(domain, title, rta) { + if (!domain) throw new Error('Domain is required'); + if (!title) throw new Error('title is required'); + + const options = { + credentialsRequired: false, + scopes: 'read:clients read:client_keys', + clientName: title, + audience: function() { + return 'https://' + domain + '/api/v2/'; + }, + rootTenantAuthority: rta + }; + + const middleware = auth0(options); + return function(req, res, next) { + const protocol = 'https'; + const pathname = (req.x_wt) + ? url.parse(req.originalUrl).pathname + .replace(req.x_wt.container, 'req.x_wt.container') + .replace(req.path, '') + .replace('req.x_wt.container', req.x_wt.container) + : url.parse(req.originalUrl).pathname + .replace(req.path, ''); + + const baseUrl = url.format({ + protocol: protocol, + host: req.get('host'), + pathname: pathname + }); + + options.clientId = baseUrl; + return middleware(req, res, next); + }; +}; diff --git a/server/middleware/develop.js b/server/middleware/develop.js deleted file mode 100644 index 49e239f..0000000 --- a/server/middleware/develop.js +++ /dev/null @@ -1,29 +0,0 @@ -const path = require('path'); -const express = require('express'); -const dev = express.Router(); -const nconf = require('nconf'); - -if ((process.env.NODE_ENV || 'development') === 'development') { - - nconf - .argv() - .env() - .file(path.join(__dirname, './../config.json')); - - var token = require('crypto').randomBytes(32).toString('hex'); - - dev.use(function (req, res, next) { - req.webtaskContext = { - data: { - EXTENSION_SECRET: token, - AUTH0_DOMAIN: nconf.get('AUTH0_DOMAIN'), - AUTH0_CLIENT_ID: nconf.get('AUTH0_CLIENT_ID'), - AUTH0_CLIENT_SECRET: nconf.get('AUTH0_CLIENT_SECRET') - } - }; - - next(); - }); -} - -module.exports = dev; diff --git a/server/views/index.js b/server/views/index.js index 3b53b06..81b8628 100644 --- a/server/views/index.js +++ b/server/views/index.js @@ -44,7 +44,7 @@ module.exports = ` } @@ -569,7 +569,7 @@ $(function () { url: 'https://{{domain}}/api/v2/clients', type: 'GET', headers: { - 'Authorization': 'Bearer ' + sessionStorage.getItem("auth-api-debugger:apiToken") + 'Authorization': 'Bearer ' + sessionStorage.getItem("token") }}).done( function(data) { clients = _.map(data, function(client) { return _.pick(client, ['client_id', 'client_secret', 'name'] )} ); diff --git a/webtask.json b/webtask.json index 911d858..1018fbd 100644 --- a/webtask.json +++ b/webtask.json @@ -1,7 +1,7 @@ { "title": "Auth0 Authentication API Debugger", "name": "auth0-authentication-api-debugger", - "version": "2.0.0", + "version": "2.0.1", "author": "auth0", "useHashName": false, "description": "This extension allows you to test and debug the various Authentication API endpoints",