From cd07f58535806f8c9ab09446c9f730860b6b2deb Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 5 May 2017 23:19:38 -0400 Subject: [PATCH] choose auth scheme based on token issuer --- src/services/apiService.js | 46 +++++++++++++++++++++--------------- src/services/tokenService.js | 10 ++++++++ 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/src/services/apiService.js b/src/services/apiService.js index bb72e9d6e6..9fb8c39391 100644 --- a/src/services/apiService.js +++ b/src/services/apiService.js @@ -19,7 +19,6 @@ function ApiService(tokenService, appIdService, utilsService, logoutCallback) { this.logoutCallback = logoutCallback; this.appIdService = appIdService; this.utilsService = utilsService; - this.accessTokenQs = "access_token3="; initApiService(); }; @@ -58,7 +57,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/accounts/revision-date?' + self.accessTokenQs + token, + url: self.baseUrl + '/accounts/revision-date?' + token, dataType: 'json', success: function (response) { success(response); @@ -77,7 +76,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/accounts/profile?' + self.accessTokenQs + token, + url: self.baseUrl + '/accounts/profile?' + token, dataType: 'json', success: function (response) { success(new ProfileResponse(response)); @@ -96,7 +95,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/accounts/keys?' + self.accessTokenQs + token, + url: self.baseUrl + '/accounts/keys?' + token, dataType: 'json', success: function (response) { success(new KeysResponse(response)); @@ -151,7 +150,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/settings/domains?excluded=false&' + self.accessTokenQs + token, + url: self.baseUrl + '/settings/domains?excluded=false&' + token, dataType: 'json', success: function (response) { success(new DomainsResponse(response)); @@ -172,7 +171,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/sites/' + id + '?' + self.accessTokenQs + token, + url: self.baseUrl + '/sites/' + id + '?' + token, dataType: 'json', success: function (response) { success(new LoginResponse(response)); @@ -191,7 +190,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'POST', - url: self.baseUrl + '/sites?' + self.accessTokenQs + token, + url: self.baseUrl + '/sites?' + token, data: JSON.stringify(loginRequest), contentType: 'application/json; charset=utf-8', dataType: 'json', @@ -212,7 +211,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'POST', - url: self.baseUrl + '/sites/' + id + '?' + self.accessTokenQs + token, + url: self.baseUrl + '/sites/' + id + '?' + token, data: JSON.stringify(loginRequest), contentType: 'application/json; charset=utf-8', dataType: 'json', @@ -235,7 +234,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/folders/' + id + '?' + self.accessTokenQs + token, + url: self.baseUrl + '/folders/' + id + '?' + token, dataType: 'json', success: function (response) { success(new FolderResponse(response)); @@ -254,7 +253,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/folders?' + self.accessTokenQs + token, + url: self.baseUrl + '/folders?' + token, dataType: 'json', success: function (response) { var data = []; @@ -278,7 +277,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'POST', - url: self.baseUrl + '/folders?' + self.accessTokenQs + token, + url: self.baseUrl + '/folders?' + token, data: JSON.stringify(folderRequest), contentType: 'application/json; charset=utf-8', dataType: 'json', @@ -299,7 +298,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'POST', - url: self.baseUrl + '/folders/' + id + '?' + self.accessTokenQs + token, + url: self.baseUrl + '/folders/' + id + '?' + token, data: JSON.stringify(folderRequest), contentType: 'application/json; charset=utf-8', dataType: 'json', @@ -322,7 +321,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/ciphers/' + id + '?' + self.accessTokenQs + token, + url: self.baseUrl + '/ciphers/' + id + '?' + token, dataType: 'json', success: function (response) { success(new CipherResponse(response)); @@ -341,8 +340,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'GET', - url: self.baseUrl + '/ciphers?includeFolders=false&includeShared=true&' + - self.accessTokenQs + token, + url: self.baseUrl + '/ciphers?includeFolders=false&includeShared=true&' + token, dataType: 'json', success: function (response) { var data = []; @@ -366,7 +364,7 @@ function initApiService() { handleTokenState(self).then(function (token) { $.ajax({ type: 'POST', - url: self.baseUrl + '/ciphers/' + id + '/delete?' + self.accessTokenQs + token, + url: self.baseUrl + '/ciphers/' + id + '/delete?' + token, dataType: 'text', success: function (response) { success(); @@ -419,7 +417,7 @@ function initApiService() { }, function (token) { self.tokenService.clearAuthBearer(function () { tokenService.setTokens(token.accessToken, token.refreshToken, function () { - deferred.resolve(token.accessToken); + resolveTokenQs(token.accessToken, self, deferred); }); }); }, function (jqXHR) { @@ -440,7 +438,7 @@ function initApiService() { refresh_token: refreshToken }, function (token) { tokenService.setTokens(token.accessToken, token.refreshToken, function () { - deferred.resolve(token.accessToken); + resolveTokenQs(token.accessToken, self, deferred); }); }, function (jqXHR) { deferred.reject(jqXHR); @@ -452,7 +450,7 @@ function initApiService() { self.tokenService.clearAuthBearer(function () { }); } - deferred.resolve(accessToken); + resolveTokenQs(accessToken, self, deferred); } }); }); @@ -460,6 +458,16 @@ function initApiService() { return deferred.promise } + function resolveTokenQs(token, self, deferred) { + var issuer = self.tokenService.getIssuer(); + if (issuer === self.baseUrl) { + deferred.resolve('access_token2=' + token); + } + else { + deferred.resolve('access_token3=' + token); + } + } + function postConnectToken(self, data, success, error) { $.ajax({ type: 'POST', diff --git a/src/services/tokenService.js b/src/services/tokenService.js index 581f013711..439a38718d 100644 --- a/src/services/tokenService.js +++ b/src/services/tokenService.js @@ -214,6 +214,16 @@ function initTokenService() { return decoded.name; }; + TokenService.prototype.getIssuer = function () { + var decoded = this.decodeToken(); + + if (typeof decoded.iss === 'undefined') { + throw 'No issuer found'; + } + + return decoded.iss; + }; + function urlBase64Decode(str) { var output = str.replace(/-/g, '+').replace(/_/g, '/'); switch (output.length % 4) {