forked from apportable/meteor-discourse-sso
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sso.js
72 lines (59 loc) · 2.04 KB
/
sso.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
var crypto, querystring,
__hasProp = {}.hasOwnProperty,
__extends = function(child, parent) {
for (var key in parent) {
if (__hasProp.call(parent, key)) child[key] = parent[key];
}
function ctor() { this.constructor = child; }
ctor.prototype = parent.prototype;
child.prototype = new ctor();
child.__super__ = parent.prototype;
return child;
};
crypto = Npm.require('crypto');
querystring = Npm.require('querystring');
this.SingleSignOn = (function(_super) {
var ACCESSORS;
__extends(SingleSignOn, _super);
function SingleSignOn() {
return SingleSignOn.__super__.constructor.apply(this, arguments);
}
ACCESSORS = ['nonce', 'name', 'email', 'external_id'];
SingleSignOn.parse = function(params, sso_secret) {
var decoded, decoded_hash, sso;
sso = this.init();
sso.sso_secret = sso_secret;
if (sso.sign(params.sso) !== params.sig) {
throw new Error("Bad signature for payload");
}
decoded = (new Buffer(params.sso, 'base64')).toString();
decoded_hash = querystring.parse(decoded);
_.each(ACCESSORS, function(k) {
return sso[k] = decoded_hash[k];
});
return sso;
};
SingleSignOn.prototype.sign = function(payload) {
return crypto.createHmac('sha256', this.sso_secret).update(payload).digest('hex');
};
SingleSignOn.prototype.to_url = function(base_url) {
return "" + base_url + (base_url.match(/\?/) ? '&' : '?') + (this.payload());
};
SingleSignOn.prototype.payload = function() {
var payload;
payload = new Buffer(this.unsigned_payload()).toString('base64');
return "sso=" + (encodeURIComponent(payload)) + "&sig=" + (this.sign(payload));
};
SingleSignOn.prototype.unsigned_payload = function() {
var unsigned_payload;
unsigned_payload = {};
_.each(ACCESSORS, function(k) {
var val;
if (val = this[k]) {
return unsigned_payload[k] = val;
}
}, this);
return querystring.stringify(unsigned_payload);
};
return SingleSignOn;
})(Minimongoid);