forked from meteor/meteor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoauth_client.js
218 lines (192 loc) · 7.43 KB
/
oauth_client.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
// credentialToken -> credentialSecret. You must provide both the
// credentialToken and the credentialSecret to retrieve an access token from
// the _pendingCredentials collection.
var credentialSecrets = {};
OAuth = {};
// Determine the login style (popup or redirect) for this login flow.
//
//
OAuth._loginStyle = function (service, config, options) {
var loginStyle = (options && options.loginStyle) || config.loginStyle || 'popup';
if (! _.contains(["popup", "redirect"], loginStyle))
throw new Error("Invalid login style: " + loginStyle);
// If we don't have session storage (for example, Safari in private
// mode), the redirect login flow won't work, so fallback to the
// popup style.
if (loginStyle === 'redirect') {
try {
sessionStorage.setItem('Meteor.oauth.test', 'test');
sessionStorage.removeItem('Meteor.oauth.test');
} catch (e) {
loginStyle = 'popup';
}
}
return loginStyle;
};
OAuth._stateParam = function (loginStyle, credentialToken) {
state = {
loginStyle: loginStyle,
credentialToken: credentialToken
};
if (loginStyle === 'redirect')
state.redirectUrl = '' + window.location;
// Encode base64 as not all login services URI-encode the state
// parameter when they pass it back to us.
return btoa(JSON.stringify(state));
};
// At the beginning of the redirect login flow, before we redirect to
// the login service, save the credential token for this login attempt
// in the reload migration data.
//
OAuth.saveDataForRedirect = function (loginService, credentialToken) {
Reload._onMigrate('oauth', function () {
return [true, {loginService: loginService, credentialToken: credentialToken}];
});
Reload._migrate(null, {immediateMigration: true});
};
// At the end of the redirect login flow, when we've redirected back
// to the application, retrieve the credentialToken and (if the login
// was successful) the credentialSecret.
//
// Called at application startup. Returns null if this is normal
// application startup and we weren't just redirected at the end of
// the login flow.
//
OAuth.getDataAfterRedirect = function () {
var migrationData = Reload._migrationData('oauth');
if (! (migrationData && migrationData.credentialToken))
return null;
var credentialToken = migrationData.credentialToken;
var key = OAuth._storageTokenPrefix + credentialToken;
var credentialSecret;
try {
credentialSecret = sessionStorage.getItem(key);
sessionStorage.removeItem(key);
} catch (e) {
Meteor._debug('error retrieving credentialSecret', e);
}
return {
loginService: migrationData.loginService,
credentialToken: credentialToken,
credentialSecret: credentialSecret
};
}
// Launch an OAuth login flow. For the popup login style, show the
// popup. For the redirect login style, save the credential token for
// this login attempt in the reload migration data, and redirect to
// the service for the login.
//
// options:
// loginService: "facebook", "google", etc.
// loginStyle: "popup" or "redirect"
// loginUrl: The URL at the login service provider to start the OAuth flow.
// credentialRequestCompleteCallback: for the popup flow, call when the popup
// is closed and we have the credential from the login service.
// credentialToken: our identifier for this login flow.
//
OAuth.launchLogin = function (options) {
if (! options.loginService)
throw new Error('loginService required');
if (options.loginStyle === 'popup') {
OAuth.showPopup(
options.loginUrl,
_.bind(options.credentialRequestCompleteCallback, null, options.credentialToken),
options.popupOptions);
} else if (options.loginStyle === 'redirect') {
OAuth.saveDataForRedirect(options.loginService, options.credentialToken);
window.location = options.loginUrl;
} else {
throw new Error('invalid login style');
}
};
// Open a popup window, centered on the screen, and call a callback when it
// closes.
//
// @param url {String} url to show
// @param callback {Function} Callback function to call on completion. Takes no
// arguments.
// @param dimensions {optional Object(width, height)} The dimensions of
// the popup. If not passed defaults to something sane.
OAuth.showPopup = function (url, callback, dimensions) {
// default dimensions that worked well for facebook and google
var popup = openCenteredPopup(
url,
(dimensions && dimensions.width) || 650,
(dimensions && dimensions.height) || 331
);
var checkPopupOpen = setInterval(function() {
try {
// Fix for #328 - added a second test criteria (popup.closed === undefined)
// to humour this Android quirk:
// http://code.google.com/p/android/issues/detail?id=21061
var popupClosed = popup.closed || popup.closed === undefined;
} catch (e) {
// For some unknown reason, IE9 (and others?) sometimes (when
// the popup closes too quickly?) throws "SCRIPT16386: No such
// interface supported" when trying to read 'popup.closed'. Try
// again in 100ms.
return;
}
if (popupClosed) {
clearInterval(checkPopupOpen);
callback();
}
}, 100);
};
var openCenteredPopup = function(url, width, height) {
var screenX = typeof window.screenX !== 'undefined'
? window.screenX : window.screenLeft;
var screenY = typeof window.screenY !== 'undefined'
? window.screenY : window.screenTop;
var outerWidth = typeof window.outerWidth !== 'undefined'
? window.outerWidth : document.body.clientWidth;
var outerHeight = typeof window.outerHeight !== 'undefined'
? window.outerHeight : (document.body.clientHeight - 22);
// XXX what is the 22?
// Use `outerWidth - width` and `outerHeight - height` for help in
// positioning the popup centered relative to the current window
var left = screenX + (outerWidth - width) / 2;
var top = screenY + (outerHeight - height) / 2;
var features = ('width=' + width + ',height=' + height +
',left=' + left + ',top=' + top + ',scrollbars=yes');
var newwindow = window.open(url, 'Login', features);
if (newwindow.focus)
newwindow.focus();
return newwindow;
};
// XXX COMPAT WITH 0.7.0.1
// Private interface but probably used by many oauth clients in atmosphere.
OAuth.initiateLogin = function (credentialToken, url, callback, dimensions) {
OAuth.showPopup(
url,
_.bind(callback, null, credentialToken),
dimensions
);
};
// Called by the popup when the OAuth flow is completed, right before
// the popup closes.
OAuth._handleCredentialSecret = function (credentialToken, secret) {
check(credentialToken, String);
check(secret, String);
if (! _.has(credentialSecrets,credentialToken)) {
credentialSecrets[credentialToken] = secret;
} else {
throw new Error("Duplicate credential token from OAuth login");
}
};
// Used by accounts-oauth, which needs both a credentialToken and the
// corresponding to credential secret to call the `login` method over DDP.
OAuth._retrieveCredentialSecret = function (credentialToken) {
// First check the secrets collected by OAuth._handleCredentialSecret,
// then check localStorage. This matches what we do in
// end_of_login_response.html.
var secret = credentialSecrets[credentialToken];
if (! secret) {
var localStorageKey = OAuth._storageTokenPrefix + credentialToken;
secret = Meteor._localStorage.getItem(localStorageKey);
Meteor._localStorage.removeItem(localStorageKey);
} else {
delete credentialSecrets[credentialToken];
}
return secret;
};