@feathersjs/authentication-oauth 5.0.0-pre.11 → 5.0.0-pre.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/CHANGELOG.md +54 -0
  2. package/LICENSE +1 -1
  3. package/README.md +1 -2
  4. package/lib/express.d.ts +3 -0
  5. package/lib/express.js +12 -3
  6. package/lib/express.js.map +1 -1
  7. package/lib/strategy.d.ts +1 -0
  8. package/lib/strategy.js +14 -1
  9. package/lib/strategy.js.map +1 -1
  10. package/package.json +17 -17
  11. package/src/express.ts +12 -4
  12. package/src/strategy.ts +18 -1
package/CHANGELOG.md CHANGED
@@ -3,6 +3,60 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
5
 
6
+ # [5.0.0-pre.17](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.16...v5.0.0-pre.17) (2022-02-15)
7
+
8
+ **Note:** Version bump only for package @feathersjs/authentication-oauth
9
+
10
+
11
+
12
+
13
+
14
+ # [5.0.0-pre.16](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.15...v5.0.0-pre.16) (2022-01-12)
15
+
16
+
17
+ ### Bug Fixes
18
+
19
+ * **authentication-oauth:** OAuth redirect lost sometimes due to session store race ([#2514](https://github.com/feathersjs/feathers/issues/2514)) ([#2515](https://github.com/feathersjs/feathers/issues/2515)) ([6109c44](https://github.com/feathersjs/feathers/commit/6109c44428c6b8f6bb4e089be760ea1a4ef3d01e))
20
+
21
+
22
+
23
+
24
+
25
+ # [5.0.0-pre.15](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.14...v5.0.0-pre.15) (2021-11-27)
26
+
27
+
28
+ ### Features
29
+
30
+ * **authentication-oauth:** Allow dynamic oAuth redirect ([#2469](https://github.com/feathersjs/feathers/issues/2469)) ([b7143d4](https://github.com/feathersjs/feathers/commit/b7143d4c0fbe961e714f79512be04449b9bbd7d9))
31
+
32
+
33
+
34
+
35
+
36
+ # [5.0.0-pre.14](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.13...v5.0.0-pre.14) (2021-10-13)
37
+
38
+ **Note:** Version bump only for package @feathersjs/authentication-oauth
39
+
40
+
41
+
42
+
43
+
44
+ # [5.0.0-pre.13](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.12...v5.0.0-pre.13) (2021-10-13)
45
+
46
+ **Note:** Version bump only for package @feathersjs/authentication-oauth
47
+
48
+
49
+
50
+
51
+
52
+ # [5.0.0-pre.12](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.11...v5.0.0-pre.12) (2021-10-12)
53
+
54
+ **Note:** Version bump only for package @feathersjs/authentication-oauth
55
+
56
+
57
+
58
+
59
+
6
60
  # [5.0.0-pre.11](https://github.com/feathersjs/feathers/compare/v5.0.0-pre.10...v5.0.0-pre.11) (2021-10-06)
7
61
 
8
62
  **Note:** Version bump only for package @feathersjs/authentication-oauth
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2021 Feathers
3
+ Copyright (c) 2022 Feathers
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -1,7 +1,6 @@
1
1
  # @feathersjs/authentication-oauth
2
2
 
3
3
  [![CI](https://github.com/feathersjs/feathers/workflows/CI/badge.svg)](https://github.com/feathersjs/feathers/actions?query=workflow%3ACI)
4
- [![Dependency Status](https://img.shields.io/david/feathersjs/feathers.svg?style=flat-square&path=packages/authentication-oauth)](https://david-dm.org/feathersjs/feathers?path=packages/authentication-oauth)
5
4
  [![Download Status](https://img.shields.io/npm/dm/@feathersjs/authentication-oauth.svg?style=flat-square)](https://www.npmjs.com/package/@feathersjs/authentication-oauth)
6
5
 
7
6
  > OAuth 1 and 2 authentication for Feathers. Powered by Grant.
@@ -18,6 +17,6 @@ Refer to the [Feathers oAuth authentication API documentation](https://docs.feat
18
17
 
19
18
  ## License
20
19
 
21
- Copyright (c) 2021 [Feathers contributors](https://github.com/feathersjs/feathers/graphs/contributors)
20
+ Copyright (c) 2022 [Feathers contributors](https://github.com/feathersjs/feathers/graphs/contributors)
22
21
 
23
22
  Licensed under the [MIT license](LICENSE).
package/lib/express.d.ts CHANGED
@@ -10,6 +10,9 @@ declare module 'express-session' {
10
10
  grant: {
11
11
  [key: string]: any;
12
12
  };
13
+ headers: {
14
+ [key: string]: any;
15
+ };
13
16
  }
14
17
  }
15
18
  declare const _default: (options: OauthSetupSettings) => (feathersApp: Application) => void;
package/lib/express.js CHANGED
@@ -35,11 +35,19 @@ exports.default = (options) => {
35
35
  }
36
36
  req.session.redirect = redirect;
37
37
  req.session.query = query;
38
- next();
38
+ req.session.headers = req.headers;
39
+ req.session.save((err) => {
40
+ if (err) {
41
+ next(`Error storing session: ${err}`);
42
+ }
43
+ else {
44
+ next();
45
+ }
46
+ });
39
47
  });
40
48
  authApp.get('/:name/authenticate', async (req, res, next) => {
41
49
  const { name } = req.params;
42
- const { accessToken, grant, query = {}, redirect } = req.session;
50
+ const { accessToken, grant, query = {}, redirect, headers } = req.session;
43
51
  const service = app.defaultAuthentication(authService);
44
52
  const [strategy] = service.getStrategies(name);
45
53
  const params = {
@@ -50,7 +58,8 @@ exports.default = (options) => {
50
58
  accessToken
51
59
  } : null,
52
60
  query,
53
- redirect
61
+ redirect,
62
+ headers
54
63
  };
55
64
  const sendResponse = async (data) => {
56
65
  try {
package/lib/express.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"express.js","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":";;;;;AAAA,kDAA0B;AAC1B,sEAAsC;AAEtC,iDAAkD;AAGlD,iDAG6B;AAI7B,MAAM,aAAa,GAAG,eAAK,CAAC,OAAO,EAAE,CAAC;AACtC,MAAM,KAAK,GAAG,IAAA,qBAAW,EAAC,0CAA0C,CAAC,CAAC;AAWtE,kBAAe,CAAC,OAA2B,EAAE,EAAE;IAC7C,OAAO,CAAC,WAAwB,EAAE,EAAE;QAClC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC;QAC9C,MAAM,GAAG,GAAG,WAAiC,CAAC;QAC9C,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEhC,IAAI,CAAC,MAAM,EAAE;YACX,KAAK,CAAC,4DAA4D,CAAC,CAAC;YACpE,OAAO;SACR;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QACnC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAA,yBAAO,EAAC;YACvD,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;YAC/C,iBAAiB,EAAE,IAAI;YACvB,MAAM,EAAE,IAAI;SACb,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,IAAA,kBAAe,GAAE,CAAC;QAElC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAE5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACzE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC;YAEzD,IAAI,cAAc,EAAE;gBAClB,KAAK,CAAC,qDAAqD,EAAE,cAAc,CAAC,CAAC;gBAC7E,GAAG,CAAC,OAAO,CAAC,WAAW,GAAG,cAAwB,CAAC;aACpD;YACD,GAAG,CAAC,OAAO,CAAC,QAAQ,GAAG,QAAkB,CAAC;YAC1C,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;YAE1B,IAAI,EAAE,CAAA;QACR,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC3F,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAE;YAC7B,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,GAAG,EAAE,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC;YACjE,MAAM,OAAO,GAAG,GAAG,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YACvD,MAAM,CAAE,QAAQ,CAAE,GAAG,OAAO,CAAC,aAAa,CAAC,IAAI,CAAoB,CAAC;YACpE,MAAM,MAAM,GAAG;gBACb,GAAG,GAAG,CAAC,QAAQ;gBACf,cAAc,EAAE,CAAE,IAAI,CAAE;gBACxB,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;oBAC5B,QAAQ,EAAE,YAAY;oBACtB,WAAW;iBACZ,CAAC,CAAC,CAAC,IAAI;gBACR,KAAK;gBACL,QAAQ;aACT,CAAC;YACF,MAAM,YAAY,GAAG,KAAK,EAAE,IAAgC,EAAE,EAAE;gBAC9D,IAAI;oBACF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;oBAE1D,IAAI,QAAQ,KAAK,IAAI,EAAE;wBACrB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;qBACxB;yBAAM,IAAI,IAAI,YAAY,KAAK,EAAE;wBAChC,MAAM,IAAI,CAAC;qBACZ;yBAAM;wBACL,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;qBAChB;iBACF;gBAAC,OAAO,KAAU,EAAE;oBACnB,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;oBAC5B,IAAI,CAAC,KAAK,CAAC,CAAC;iBACb;YACH,CAAC,CAAC;YAEF,IAAI;gBACF,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;oBACvD,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;gBAC7B,MAAM,cAAc,GAAG;oBACrB,QAAQ,EAAE,IAAI;oBACd,GAAG,OAAO;iBACX,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC1C,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE;wBACxB,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;wBACnB,OAAO,EAAE,CAAC;qBACX;oBAED,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBACnE,CAAC,CAAC,CAAC;gBAEH,KAAK,CAAC,WAAW,WAAW,wCAAwC,IAAI,EAAE,CAAC,CAAC;gBAE5E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAEhE,KAAK,CAAC,mDAAmD,CAAC,CAAC;gBAE3D,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;aAChC;YAAC,OAAO,KAAU,EAAE;gBACnB,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC1D,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;aAC3B;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEtB,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3B,CAAC,CAAC;AACJ,CAAC,CAAC"}
1
+ {"version":3,"file":"express.js","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":";;;;;AAAA,kDAA0B;AAC1B,sEAAsC;AAEtC,iDAAkD;AAGlD,iDAG6B;AAI7B,MAAM,aAAa,GAAG,eAAK,CAAC,OAAO,EAAE,CAAC;AACtC,MAAM,KAAK,GAAG,IAAA,qBAAW,EAAC,0CAA0C,CAAC,CAAC;AAYtE,kBAAe,CAAC,OAA2B,EAAE,EAAE;IAC7C,OAAO,CAAC,WAAwB,EAAE,EAAE;QAClC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC;QAC9C,MAAM,GAAG,GAAG,WAAiC,CAAC;QAC9C,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEhC,IAAI,CAAC,MAAM,EAAE;YACX,KAAK,CAAC,4DAA4D,CAAC,CAAC;YACpE,OAAO;SACR;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QACnC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAA,yBAAO,EAAC;YACvD,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;YAC/C,iBAAiB,EAAE,IAAI;YACvB,MAAM,EAAE,IAAI;SACb,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,IAAA,kBAAe,GAAE,CAAC;QAElC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAE5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACzE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC;YAEzD,IAAI,cAAc,EAAE;gBAClB,KAAK,CAAC,qDAAqD,EAAE,cAAc,CAAC,CAAC;gBAC7E,GAAG,CAAC,OAAO,CAAC,WAAW,GAAG,cAAwB,CAAC;aACpD;YACD,GAAG,CAAC,OAAO,CAAC,QAAQ,GAAG,QAAkB,CAAC;YAC1C,GAAG,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;YAC1B,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;YAClC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAQ,EAAE,EAAE;gBAC5B,IAAI,GAAG,EAAE;oBACP,IAAI,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;iBACvC;qBAAM;oBACL,IAAI,EAAE,CAAC;iBACR;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC3F,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAE;YAC7B,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC;YAC1E,MAAM,OAAO,GAAG,GAAG,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YACvD,MAAM,CAAE,QAAQ,CAAE,GAAG,OAAO,CAAC,aAAa,CAAC,IAAI,CAAoB,CAAC;YACpE,MAAM,MAAM,GAAG;gBACb,GAAG,GAAG,CAAC,QAAQ;gBACf,cAAc,EAAE,CAAE,IAAI,CAAE;gBACxB,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;oBAC5B,QAAQ,EAAE,YAAY;oBACtB,WAAW;iBACZ,CAAC,CAAC,CAAC,IAAI;gBACR,KAAK;gBACL,QAAQ;gBACR,OAAO;aACR,CAAC;YACF,MAAM,YAAY,GAAG,KAAK,EAAE,IAAgC,EAAE,EAAE;gBAC9D,IAAI;oBACF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;oBAE1D,IAAI,QAAQ,KAAK,IAAI,EAAE;wBACrB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;qBACxB;yBAAM,IAAI,IAAI,YAAY,KAAK,EAAE;wBAChC,MAAM,IAAI,CAAC;qBACZ;yBAAM;wBACL,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;qBAChB;iBACF;gBAAC,OAAO,KAAU,EAAE;oBACnB,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;oBAC5B,IAAI,CAAC,KAAK,CAAC,CAAC;iBACb;YACH,CAAC,CAAC;YAEF,IAAI;gBACF,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;oBACvD,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;gBAC7B,MAAM,cAAc,GAAG;oBACrB,QAAQ,EAAE,IAAI;oBACd,GAAG,OAAO;iBACX,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC1C,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE;wBACxB,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;wBACnB,OAAO,EAAE,CAAC;qBACX;oBAED,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBACnE,CAAC,CAAC,CAAC;gBAEH,KAAK,CAAC,WAAW,WAAW,wCAAwC,IAAI,EAAE,CAAC,CAAC;gBAE5E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAEhE,KAAK,CAAC,mDAAmD,CAAC,CAAC;gBAE3D,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;aAChC;YAAC,OAAO,KAAU,EAAE;gBACnB,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC1D,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;aAC3B;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEtB,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3B,CAAC,CAAC;AACJ,CAAC,CAAC"}
package/lib/strategy.d.ts CHANGED
@@ -15,6 +15,7 @@ export declare class OAuthStrategy extends AuthenticationBaseStrategy {
15
15
  }>;
16
16
  getProfile(data: AuthenticationRequest, _params: Params): Promise<any>;
17
17
  getCurrentEntity(params: Params): Promise<any>;
18
+ getAllowedOrigin(params?: Params): Promise<any>;
18
19
  getRedirect(data: AuthenticationResult | Error, params?: Params): Promise<string | null>;
19
20
  findEntity(profile: OAuthProfile, params: Params): Promise<any>;
20
21
  createEntity(profile: OAuthProfile, params: Params): Promise<any>;
package/lib/strategy.js CHANGED
@@ -51,9 +51,22 @@ class OAuthStrategy extends authentication_1.AuthenticationBaseStrategy {
51
51
  }
52
52
  return null;
53
53
  }
54
+ async getAllowedOrigin(params) {
55
+ var _a;
56
+ const { redirect, origins } = this.authentication.configuration.oauth;
57
+ if (Array.isArray(origins)) {
58
+ const referer = ((_a = params === null || params === void 0 ? void 0 : params.headers) === null || _a === void 0 ? void 0 : _a.referer) || '';
59
+ const allowedOrigin = origins.find(current => referer.toLowerCase().startsWith(current.toLowerCase()));
60
+ if (!allowedOrigin) {
61
+ throw new errors_1.NotAuthenticated(`Referer "${referer || '[header not available]'}" not allowed.`);
62
+ }
63
+ return allowedOrigin;
64
+ }
65
+ return redirect;
66
+ }
54
67
  async getRedirect(data, params) {
55
68
  const queryRedirect = (params && params.redirect) || '';
56
- const { redirect } = this.authentication.configuration.oauth;
69
+ const redirect = await this.getAllowedOrigin(params);
57
70
  if (!redirect) {
58
71
  return null;
59
72
  }
package/lib/strategy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"strategy.js","sourceRoot":"","sources":["../src/strategy.ts"],"names":[],"mappings":";;;;;;AAAA,sDAAsD;AACtD,aAAa;AACb,8DAAsC;AACtC,+DAEoC;AAEpC,+CAAsD;AACtD,iDAAqD;AAErD,MAAM,KAAK,GAAG,IAAA,qBAAW,EAAC,2CAA2C,CAAC,CAAC;AAOvE,MAAa,aAAc,SAAQ,2CAA0B;IAC3D,IAAI,aAAa;QACf,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;QAC/E,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEhC,OAAO;YACL,MAAM;YACN,OAAO;YACP,QAAQ;YACR,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ;QACV,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAE/B,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,IAAI,CAAC,aAAa,IAAK,aAAqB,CAAC,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,cAAc,CAAE,OAAqB,EAAE,OAAe;QAC1D,OAAO;YACL,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE;SAC9C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAE,OAAqB,EAAE,eAAoB,EAAE,OAAe;QAC/E,OAAO;YACL,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE;SAC9C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAE,IAA2B,EAAE,OAAe;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAE,MAAc;QACpC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;QAClC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC;QAEtC,IAAI,cAAc,IAAI,cAAc,CAAC,QAAQ,EAAE;YAC7C,KAAK,CAAC,sCAAsC,EAAE,cAAc,CAAC,CAAC;YAE9D,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC;YACpC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc;iBACzC,YAAY,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAElD,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;SAC3B;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,WAAW,CAAE,IAAgC,EAAE,MAAe;QAClE,MAAM,aAAa,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxD,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,KAAK,CAAC;QAE7D,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,IAAI,CAAC;SACb;QAED,MAAM,WAAW,GAAG,GAAG,QAAQ,GAAG,aAAa,EAAE,CAAC;QAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7C,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,UAAU,GAAyB,IAAI,CAAC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;YACrC,YAAY,EAAE,UAAU,CAAC,WAAW;SACrC,CAAC,CAAC,CAAC;YACF,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,qCAAqC;SAC7D,CAAC;QAEF,OAAO,GAAG,WAAW,GAAG,SAAS,GAAG,qBAAW,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU,CAAE,OAAqB,EAAE,MAAc;QACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEzD,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAEtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;YAC3C,GAAG,MAAM;YACT,KAAK;SACN,CAAC,CAAC;QACH,MAAM,CAAE,MAAM,GAAG,IAAI,CAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;QAE7D,KAAK,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAEtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,YAAY,CAAE,OAAqB,EAAE,MAAc;QACvD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAE7D,KAAK,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;QAEtC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,WAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,YAAY,CAAE,MAAW,EAAE,OAAqB,EAAE,MAAc;QACpE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAE/D,KAAK,CAAC,wBAAwB,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QAEnD,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,WAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,SAAS,CAAE,MAAW,EAAE,MAAc;QAC1C,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAC/B,MAAM,EAAE,QAAQ,GAAI,aAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC;QAE5E,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,SAAS,EAAE;YAC/C,MAAM,IAAI,yBAAgB,CAAC,4BAA4B,CAAC,CAAC;SAC1D;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,OAAO,MAAM,CAAC;SACf;QAED,OAAO,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;YACzC,GAAG,WAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;YAC1B,CAAC,MAAM,CAAC,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAE,cAAqC,EAAE,cAAsB;QAC/E,MAAM,MAAM,GAAW,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;QACjD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,GAAG,cAAc,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC;eACxD,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzC,KAAK,CAAC,qCAAqC,EAAE,cAAc,CAAC,CAAC;QAE7D,MAAM,UAAU,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC;YAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAE7D,OAAO;YACL,cAAc,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;YACvC,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SAC3D,CAAC;IACJ,CAAC;CACF;AA7ID,sCA6IC"}
1
+ {"version":3,"file":"strategy.js","sourceRoot":"","sources":["../src/strategy.ts"],"names":[],"mappings":";;;;;;AAAA,sDAAsD;AACtD,aAAa;AACb,8DAAsC;AACtC,+DAEoC;AAEpC,+CAAsD;AACtD,iDAAqD;AAErD,MAAM,KAAK,GAAG,IAAA,qBAAW,EAAC,2CAA2C,CAAC,CAAC;AAOvE,MAAa,aAAc,SAAQ,2CAA0B;IAC3D,IAAI,aAAa;QACf,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;QAC/E,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEhC,OAAO;YACL,MAAM;YACN,OAAO;YACP,QAAQ;YACR,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ;QACV,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAE/B,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,IAAI,CAAC,aAAa,IAAK,aAAqB,CAAC,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,cAAc,CAAE,OAAqB,EAAE,OAAe;QAC1D,OAAO;YACL,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE;SAC9C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAE,OAAqB,EAAE,eAAoB,EAAE,OAAe;QAC/E,OAAO;YACL,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE;SAC9C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAE,IAA2B,EAAE,OAAe;QAC5D,OAAO,IAAI,CAAC,OAAO,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAE,MAAc;QACpC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;QAClC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC;QAEtC,IAAI,cAAc,IAAI,cAAc,CAAC,QAAQ,EAAE;YAC7C,KAAK,CAAC,sCAAsC,EAAE,cAAc,CAAC,CAAC;YAE9D,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC;YACpC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc;iBACzC,YAAY,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAElD,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;SAC3B;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAE,MAAe;;QACrC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,KAAK,CAAC;QAEtE,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAC1B,MAAM,OAAO,GAAG,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,0CAAE,OAAO,KAAI,EAAE,CAAC;YAC/C,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YAEvG,IAAG,CAAC,aAAa,EAAE;gBACjB,MAAM,IAAI,yBAAgB,CAAC,YAAY,OAAO,IAAI,wBAAwB,gBAAgB,CAAC,CAAC;aAC7F;YAED,OAAO,aAAa,CAAC;SACtB;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,WAAW,CAAE,IAAgC,EAAE,MAAe;QAClE,MAAM,aAAa,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAErD,IAAI,CAAC,QAAQ,EAAE;YACb,OAAO,IAAI,CAAC;SACb;QAED,MAAM,WAAW,GAAG,GAAG,QAAQ,GAAG,aAAa,EAAE,CAAC;QAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7C,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,UAAU,GAAyB,IAAI,CAAC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;YACrC,YAAY,EAAE,UAAU,CAAC,WAAW;SACrC,CAAC,CAAC,CAAC;YACF,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,qCAAqC;SAC7D,CAAC;QAEF,OAAO,GAAG,WAAW,GAAG,SAAS,GAAG,qBAAW,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,UAAU,CAAE,OAAqB,EAAE,MAAc;QACrD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEzD,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAEtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;YAC3C,GAAG,MAAM;YACT,KAAK;SACN,CAAC,CAAC;QACH,MAAM,CAAE,MAAM,GAAG,IAAI,CAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;QAE7D,KAAK,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAEtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,YAAY,CAAE,OAAqB,EAAE,MAAc;QACvD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAE7D,KAAK,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC;QAEtC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,WAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,YAAY,CAAE,MAAW,EAAE,OAAqB,EAAE,MAAc;QACpE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAE/D,KAAK,CAAC,wBAAwB,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QAEnD,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,WAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,SAAS,CAAE,MAAW,EAAE,MAAc;QAC1C,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAC/B,MAAM,EAAE,QAAQ,GAAI,aAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC;QAE5E,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,SAAS,EAAE;YAC/C,MAAM,IAAI,yBAAgB,CAAC,4BAA4B,CAAC,CAAC;SAC1D;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,OAAO,MAAM,CAAC;SACf;QAED,OAAO,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;YACzC,GAAG,WAAC,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;YAC1B,CAAC,MAAM,CAAC,EAAE,MAAM;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAE,cAAqC,EAAE,cAAsB;QAC/E,MAAM,MAAM,GAAW,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;QACjD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,GAAG,cAAc,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC;eACxD,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzC,KAAK,CAAC,qCAAqC,EAAE,cAAc,CAAC,CAAC;QAE7D,MAAM,UAAU,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC;YAC3E,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAE7D,OAAO;YACL,cAAc,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;YACvC,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SAC3D,CAAC;IACJ,CAAC;CACF;AA9JD,sCA8JC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@feathersjs/authentication-oauth",
3
3
  "description": "oAuth 1 and 2 authentication for Feathers. Powered by Grant.",
4
- "version": "5.0.0-pre.11",
4
+ "version": "5.0.0-pre.17",
5
5
  "homepage": "https://feathersjs.com",
6
6
  "main": "lib/",
7
7
  "types": "lib/",
@@ -52,27 +52,27 @@
52
52
  "access": "public"
53
53
  },
54
54
  "dependencies": {
55
- "@feathersjs/authentication": "^5.0.0-pre.11",
56
- "@feathersjs/commons": "^5.0.0-pre.11",
57
- "@feathersjs/errors": "^5.0.0-pre.11",
58
- "@feathersjs/express": "^5.0.0-pre.11",
59
- "@feathersjs/feathers": "^5.0.0-pre.11",
55
+ "@feathersjs/authentication": "^5.0.0-pre.17",
56
+ "@feathersjs/commons": "^5.0.0-pre.17",
57
+ "@feathersjs/errors": "^5.0.0-pre.17",
58
+ "@feathersjs/express": "^5.0.0-pre.17",
59
+ "@feathersjs/feathers": "^5.0.0-pre.17",
60
60
  "express-session": "^1.17.2",
61
- "grant": "^5.4.17",
61
+ "grant": "^5.4.20",
62
62
  "lodash": "^4.17.21"
63
63
  },
64
64
  "devDependencies": {
65
- "@feathersjs/memory": "^5.0.0-pre.11",
65
+ "@feathersjs/memory": "^5.0.0-pre.17",
66
66
  "@types/express": "^4.17.13",
67
67
  "@types/express-session": "^1.17.4",
68
- "@types/lodash": "^4.14.175",
69
- "@types/mocha": "^9.0.0",
70
- "@types/node": "^16.10.2",
71
- "axios": "^0.21.4",
72
- "mocha": "^9.1.2",
73
- "shx": "^0.3.3",
74
- "ts-node": "^10.2.1",
75
- "typescript": "^4.4.3"
68
+ "@types/lodash": "^4.14.178",
69
+ "@types/mocha": "^9.1.0",
70
+ "@types/node": "^17.0.15",
71
+ "axios": "^0.25.0",
72
+ "mocha": "^9.2.0",
73
+ "shx": "^0.3.4",
74
+ "ts-node": "^10.4.0",
75
+ "typescript": "^4.5.5"
76
76
  },
77
- "gitHead": "a9f7865cce8db2305b7c0d2ef4a165c2724034ef"
77
+ "gitHead": "d828748e57b40abfaa15710663afed417de14a1d"
78
78
  }
package/src/express.ts CHANGED
@@ -20,6 +20,7 @@ declare module 'express-session' {
20
20
  accessToken: string;
21
21
  query: { [key: string]: any };
22
22
  grant: { [key: string]: any };
23
+ headers: { [key: string]: any };
23
24
  }
24
25
  }
25
26
 
@@ -54,13 +55,19 @@ export default (options: OauthSetupSettings) => {
54
55
  }
55
56
  req.session.redirect = redirect as string;
56
57
  req.session.query = query;
57
-
58
- next()
58
+ req.session.headers = req.headers;
59
+ req.session.save((err: any) => {
60
+ if (err) {
61
+ next(`Error storing session: ${err}`);
62
+ } else {
63
+ next();
64
+ }
65
+ });
59
66
  });
60
67
 
61
68
  authApp.get('/:name/authenticate', async (req: Request, res: Response, next: NextFunction) => {
62
69
  const { name } = req.params ;
63
- const { accessToken, grant, query = {}, redirect } = req.session;
70
+ const { accessToken, grant, query = {}, redirect, headers } = req.session;
64
71
  const service = app.defaultAuthentication(authService);
65
72
  const [ strategy ] = service.getStrategies(name) as OAuthStrategy[];
66
73
  const params = {
@@ -71,7 +78,8 @@ export default (options: OauthSetupSettings) => {
71
78
  accessToken
72
79
  } : null,
73
80
  query,
74
- redirect
81
+ redirect,
82
+ headers
75
83
  };
76
84
  const sendResponse = async (data: AuthenticationResult|Error) => {
77
85
  try {
package/src/strategy.ts CHANGED
@@ -67,9 +67,26 @@ export class OAuthStrategy extends AuthenticationBaseStrategy {
67
67
  return null;
68
68
  }
69
69
 
70
+ async getAllowedOrigin (params?: Params) {
71
+ const { redirect, origins } = this.authentication.configuration.oauth;
72
+
73
+ if (Array.isArray(origins)) {
74
+ const referer = params?.headers?.referer || '';
75
+ const allowedOrigin = origins.find(current => referer.toLowerCase().startsWith(current.toLowerCase()));
76
+
77
+ if(!allowedOrigin) {
78
+ throw new NotAuthenticated(`Referer "${referer || '[header not available]'}" not allowed.`);
79
+ }
80
+
81
+ return allowedOrigin;
82
+ }
83
+
84
+ return redirect;
85
+ }
86
+
70
87
  async getRedirect (data: AuthenticationResult|Error, params?: Params): Promise<string | null> {
71
88
  const queryRedirect = (params && params.redirect) || '';
72
- const { redirect } = this.authentication.configuration.oauth;
89
+ const redirect = await this.getAllowedOrigin(params);
73
90
 
74
91
  if (!redirect) {
75
92
  return null;