Update lib/ to reflect pr #10

Author: dmitrizagidulin

lib/AuthenticationResponse.js

@@ -19,38 +19,65 @@ var FormUrlEncoded = require('./FormUrlEncoded');
 var IDToken = require('./IDToken');
 var Session = require('./Session');
 var onHttpError = require('./onHttpError');
+var HttpError = require('standard-http-error');
 
 /**
  * AuthenticationResponse
  */
 
 var AuthenticationResponse = function () {
-  function AuthenticationResponse() {
+  /**
+   * @param rp {RelyingParty}
+   * @param [redirect] {string} req.query
+   * @param [body] {string} req.body.text
+   * @param session {Session|Storage} req.session or localStorage or similar
+   * @param params {object} hashmap
+   * @param mode {string} 'query'/'fragment'/'form_post',
+   *   determined in `parseResponse()`
+   */
+  function AuthenticationResponse(_ref) {
+    var rp = _ref.rp,
+        redirect = _ref.redirect,
+        body = _ref.body,
+        session = _ref.session,
+        mode = _ref.mode,
+        _ref$params = _ref.params,
+        params = _ref$params === undefined ? {} : _ref$params;
+
     _classCallCheck(this, AuthenticationResponse);
+
+    this.rp = rp;
+    this.redirect = redirect;
+    this.body = body;
+    this.session = session;
+    this.mode = mode;
+    this.params = params;
   }
 
-  _createClass(AuthenticationResponse, null, [{
-    key: 'validateResponse',
+  /**
+   * validateResponse
+   *
+   * @description
+   * Authentication response validation.
+   *
+   * @param {string|Object} response
+   *
+   * @returns {Promise<Session>}
+   */
 
 
-    /**
-     * validateResponse
-     *
-     * @description
-     * Authentication response validation.
-     *
-     * @param {string|Object} response
-     * @returns {Promise}
-     */
+  _createClass(AuthenticationResponse, null, [{
+    key: 'validateResponse',
     value: function validateResponse(response) {
-      return Promise.resolve(response).then(this.parseResponse).then(this.matchRequest).then(this.validateStateParam).then(this.errorResponse).then(this.validateResponseMode).then(this.validateResponseParams).then(this.exchangeAuthorizationCode).then(this.validateIDToken).then(Session.fromAuthResponse);
+      return Promise.resolve(response).then(this.parseResponse).then(this.errorResponse).then(this.matchRequest).then(this.validateStateParam).then(this.validateResponseMode).then(this.validateResponseParams).then(this.exchangeAuthorizationCode).then(this.validateIDToken).then(Session.fromAuthResponse);
     }
 
     /**
      * parseResponse
      *
-     * @param {Object} response
-     * @returns {Promise}
+     * @param {object} response
+     *
+     * @returns {object}
      */
 
   }, {
@@ -62,7 +89,7 @@ var AuthenticationResponse = function () {
       // response must be either a redirect uri or request body, but not both
 
       if (redirect && body || !redirect && !body) {
-        throw new Error('Invalid response mode');
+        throw new HttpError(400, 'Invalid response mode');
       }
 
       // parse redirect uri
@@ -73,7 +100,7 @@ var AuthenticationResponse = function () {
 
 
         if (search && hash || !search && !hash) {
-          throw new Error('Invalid response mode');
+          throw new HttpError(400, 'Invalid response mode');
         }
 
         if (search) {
@@ -96,6 +123,40 @@ var AuthenticationResponse = function () {
       return response;
     }
 
+    /**
+     * errorResponse
+     *
+     * @param {AuthenticationResponse} response
+     *
+     * @throws {Error} If response params include the OAuth2 'error' param,
+     *   throws an error based on it.
+     *
+     * @returns {AuthenticationResponse} Chainable
+     *
+     * @todo Figure out HTTP status code (typically 400, 401 or 403)
+     *   based on the OAuth2/OIDC `error` code, probably using an external library
+     */
+
+  }, {
+    key: 'errorResponse',
+    value: function errorResponse(response) {
+      var errorCode = response.params.error;
+
+      if (errorCode) {
+        var errorParams = {};
+        errorParams['error'] = errorCode;
+        errorParams['error_description'] = response.params['error_description'];
+        errorParams['error_uri'] = response.params['error_uri'];
+        errorParams['state'] = response.params['state'];
+
+        var error = new Error('AuthenticationResponse error: ' + errorCode);
+        error.info = errorParams;
+        throw error;
+      }
+
+      return response;
+    }
+
     /**
      * matchRequest
      *
@@ -150,25 +211,6 @@ var AuthenticationResponse = function () {
       });
     }
 
-    /**
-     * errorResponse
-     *
-     * @param {Object} response
-     * @returns {Promise}
-     */
-
-  }, {
-    key: 'errorResponse',
-    value: function errorResponse(response) {
-      var error = response.params.error;
-
-      if (error) {
-        return Promise.reject(error);
-      }
-
-      return Promise.resolve(response);
-    }
-
     /**
      * validateResponseMode
      *
@@ -341,17 +383,28 @@ var AuthenticationResponse = function () {
     /**
      * decodeIDToken
      *
-     * @param {Object} response
-     * @returns {Promise}
+     * Note: If the `id_token` is not present in params, this method does not
+     * get called (short-circuited in `validateIDToken()`).
+     *
+     * @param response {AuthenticationResponse}
+     * @param response.params {object}
+     * @param [response.params.id_token] {string} IDToken encoded as a JWT
+     *
+     * @returns {AuthenticationResponse} Chainable
      */
 
   }, {
     key: 'decodeIDToken',
     value: function decodeIDToken(response) {
       var jwt = response.params.id_token;
 
-      if (jwt) {
+      try {
         response.decoded = IDToken.decode(jwt);
+      } catch (decodeError) {
+        var error = new HttpError(400, 'Error decoding ID Token');
+        error.cause = decodeError;
+        error.info = { id_token: jwt };
+        throw error;
       }
 
       return response;

lib/RelyingParty.js

@@ -212,22 +212,26 @@ var RelyingParty = function (_JSONDocument) {
      *
      * @param response {string} req.query or req.body.text
      * @param session {Session|Storage} req.session or localStorage or similar
-     * @returns {Promise<Object>} Custom response object, with `params` and
-     *   `mode` properties
+     *
+     * @returns {Promise<Session>}
      */
 
   }, {
     key: 'validateResponse',
-    value: function validateResponse(response, session) {
-      session = session || this.store;
+    value: function validateResponse(response) {
+      var session = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : this.store;
+
+      var options = void 0;
 
       if (response.match(/^http(s?):\/\//)) {
-        response = { rp: this, redirect: response, session: session };
+        options = { rp: this, redirect: response, session: session };
       } else {
-        response = { rp: this, body: response, session: session };
+        options = { rp: this, body: response, session: session };
       }
 
-      return AuthenticationResponse.validateResponse(response);
+      var authResponse = new AuthenticationResponse(options);
+
+      return AuthenticationResponse.validateResponse(authResponse);
     }
 
     /**

lib/Session.js

@@ -146,15 +146,15 @@ var Session = function () {
     /**
      * @param response {AuthenticationResponse}
      *
-     * @returns {Session}
+     * @returns {Session} RelyingParty Session object
      */
 
   }, {
     key: 'fromAuthResponse',
     value: function fromAuthResponse(response) {
       var RelyingParty = require('./RelyingParty'); // import here due to circular dep
 
-      var payload = response.decoded.payload;
+      var idClaims = response.decoded && response.decoded.payload || {};
 
       var rp = response.rp;
 
@@ -169,14 +169,14 @@ var Session = function () {
       var options = {
         credentialType: credentialType,
         sessionKey: sessionKey,
-        issuer: payload.iss,
+        issuer: idClaims.iss,
+        idClaims: idClaims,
         authorization: {
           client_id: registration['client_id'],
           access_token: response.params['access_token'],
           id_token: response.params['id_token'],
           refresh_token: response.params['refresh_token']
-        },
-        idClaims: response.decoded && response.decoded.payload
+        }
       };
 
       return Session.from(options);