quickblox 2.17.2-beta.2-logger → 2.17.3-logger

package/strophejs-1.6.1/src/sasl-anon.js

@@ -0,0 +1,17 @@
+import SASLMechanism from './sasl.js';
+
+// Building SASL callbacks
+
+export default class SASLAnonymous extends SASLMechanism {
+
+    /** PrivateConstructor: SASLAnonymous
+     *  SASL ANONYMOUS authentication.
+     */
+    constructor (mechname='ANONYMOUS', isClientFirst=false, priority=20) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.authcid === null;
+    }
+}

package/strophejs-1.6.1/src/sasl-external.js

@@ -0,0 +1,27 @@
+import SASLMechanism from './sasl.js';
+
+export default class SASLExternal extends SASLMechanism {
+
+    /** PrivateConstructor: SASLExternal
+     *  SASL EXTERNAL authentication.
+     *
+     *  The EXTERNAL mechanism allows a client to request the server to use
+     *  credentials established by means external to the mechanism to
+     *  authenticate the client. The external means may be, for instance,
+     *  TLS services.
+     */
+    constructor (mechname='EXTERNAL', isClientFirst=true, priority=10) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    onChallenge (connection) { // eslint-disable-line class-methods-use-this
+        /** According to XEP-178, an authzid SHOULD NOT be presented when the
+         * authcid contained or implied in the client certificate is the JID (i.e.
+         * authzid) with which the user wants to log in as.
+         *
+         * To NOT send the authzid, the user should therefore set the authcid equal
+         * to the JID when instantiating a new Strophe.Connection object.
+         */
+        return connection.authcid === connection.authzid ? '' : connection.authzid;
+    }
+}

package/strophejs-1.6.1/src/sasl-oauthbearer.js

@@ -0,0 +1,30 @@
+import SASLMechanism from './sasl.js';
+import utils from './utils';
+
+export default class SASLOAuthBearer extends SASLMechanism {
+
+    /** PrivateConstructor: SASLOAuthBearer
+     *  SASL OAuth Bearer authentication.
+     */
+    constructor (mechname='OAUTHBEARER', isClientFirst=true, priority=40) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.pass !== null;
+    }
+
+    onChallenge (connection) {  // eslint-disable-line class-methods-use-this
+        let auth_str = 'n,';
+        if (connection.authcid !== null) {
+            auth_str = auth_str + 'a=' + connection.authzid;
+        }
+        auth_str = auth_str + ',';
+        auth_str = auth_str + "\u0001";
+        auth_str = auth_str + 'auth=Bearer ';
+        auth_str = auth_str + connection.pass;
+        auth_str = auth_str + "\u0001";
+        auth_str = auth_str + "\u0001";
+        return utils.utf16to8(auth_str);
+    }
+}

package/strophejs-1.6.1/src/sasl-plain.js

@@ -0,0 +1,32 @@
+import SASLMechanism from './sasl.js';
+import utils from './utils';
+
+
+export default class SASLPlain extends SASLMechanism {
+
+    /** PrivateConstructor: SASLPlain
+     *  SASL PLAIN authentication.
+     */
+    constructor (mechname='PLAIN', isClientFirst=true, priority=50) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.authcid !== null;
+    }
+
+    onChallenge (connection) { // eslint-disable-line class-methods-use-this
+        const { authcid, authzid, domain, pass } = connection;
+        if (!domain) {
+            throw new Error("SASLPlain onChallenge: domain is not defined!");
+        }
+        // Only include authzid if it differs from authcid.
+        // See: https://tools.ietf.org/html/rfc6120#section-6.3.8
+        let auth_str = (authzid !== `${authcid}@${domain}`) ? authzid : '';
+        auth_str = auth_str + "\u0000";
+        auth_str = auth_str + authcid;
+        auth_str = auth_str + "\u0000";
+        auth_str = auth_str + pass;
+        return utils.utf16to8(auth_str);
+    }
+}

package/strophejs-1.6.1/src/sasl-sha1.js

@@ -0,0 +1,24 @@
+import SASLMechanism from './sasl.js';
+import scram from './scram.js';
+
+export default class SASLSHA1 extends SASLMechanism {
+
+    /** PrivateConstructor: SASLSHA1
+     *  SASL SCRAM SHA 1 authentication.
+     */
+    constructor (mechname='SCRAM-SHA-1', isClientFirst=true, priority=60) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.authcid !== null;
+    }
+
+    async onChallenge (connection, challenge) { // eslint-disable-line class-methods-use-this, require-await
+        return scram.scramResponse(connection, challenge, "SHA-1", 160);
+    }
+
+    clientChallenge (connection, test_cnonce) {  // eslint-disable-line class-methods-use-this
+        return scram.clientChallenge(connection, test_cnonce);
+    }
+}

package/strophejs-1.6.1/src/sasl-sha256.js

@@ -0,0 +1,24 @@
+import SASLMechanism from './sasl.js';
+import scram from './scram.js';
+
+export default class SASLSHA256 extends SASLMechanism {
+
+    /** PrivateConstructor: SASLSHA256
+     *  SASL SCRAM SHA 256 authentication.
+     */
+    constructor (mechname='SCRAM-SHA-256', isClientFirst=true, priority=70) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.authcid !== null;
+    }
+
+    async onChallenge (connection, challenge) { // eslint-disable-line class-methods-use-this, require-await
+        return scram.scramResponse(connection, challenge, "SHA-256", 256);
+    }
+
+    clientChallenge (connection, test_cnonce) {  // eslint-disable-line class-methods-use-this
+        return scram.clientChallenge(connection, test_cnonce);
+    }
+}

package/strophejs-1.6.1/src/sasl-sha384.js

@@ -0,0 +1,24 @@
+import SASLMechanism from './sasl.js';
+import scram from './scram.js';
+
+export default class SASLSHA384 extends SASLMechanism {
+
+    /** PrivateConstructor: SASLSHA384
+     *  SASL SCRAM SHA 384 authentication.
+     */
+    constructor (mechname='SCRAM-SHA-384', isClientFirst=true, priority=71) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.authcid !== null;
+    }
+
+    async onChallenge (connection, challenge) { // eslint-disable-line class-methods-use-this, require-await
+        return scram.scramResponse(connection, challenge, "SHA-384", 384);
+    }
+
+    clientChallenge (connection, test_cnonce) {  // eslint-disable-line class-methods-use-this
+        return scram.clientChallenge(connection, test_cnonce);
+    }
+}

package/strophejs-1.6.1/src/sasl-sha512.js

@@ -0,0 +1,24 @@
+import SASLMechanism from './sasl.js';
+import scram from './scram.js';
+
+export default class SASLSHA512 extends SASLMechanism {
+
+    /** PrivateConstructor: SASLSHA512
+     *  SASL SCRAM SHA 512 authentication.
+     */
+    constructor (mechname='SCRAM-SHA-512', isClientFirst=true, priority=72) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.authcid !== null;
+    }
+
+    async onChallenge (connection, challenge) { // eslint-disable-line class-methods-use-this, require-await
+        return scram.scramResponse(connection, challenge, "SHA-512", 512);
+    }
+
+    clientChallenge (connection, test_cnonce) {  // eslint-disable-line class-methods-use-this
+        return scram.clientChallenge(connection, test_cnonce);
+    }
+}

package/strophejs-1.6.1/src/sasl-xoauth2.js

@@ -0,0 +1,27 @@
+import SASLMechanism from './sasl.js';
+import utils from './utils';
+
+
+export default class SASLXOAuth2 extends SASLMechanism {
+
+    /** PrivateConstructor: SASLXOAuth2
+     *  SASL X-OAuth2 authentication.
+     */
+    constructor (mechname='X-OAUTH2', isClientFirst=true, priority=30) {
+        super(mechname, isClientFirst, priority);
+    }
+
+    test (connection) { // eslint-disable-line class-methods-use-this
+        return connection.pass !== null;
+    }
+
+    onChallenge (connection) { // eslint-disable-line class-methods-use-this
+        let auth_str = '\u0000';
+        if (connection.authcid !== null) {
+            auth_str = auth_str + connection.authzid;
+        }
+        auth_str = auth_str + "\u0000";
+        auth_str = auth_str + connection.pass;
+        return utils.utf16to8(auth_str);
+    }
+}

package/strophejs-1.6.1/src/sasl.js

@@ -0,0 +1,143 @@
+/** Class: Strophe.SASLMechanism
+ *
+ *  Encapsulates an SASL authentication mechanism.
+ *
+ *  User code may override the priority for each mechanism or disable it completely.
+ *  See <priority> for information about changing priority and <test> for informatian on
+ *  how to disable a mechanism.
+ *
+ *  By default, all mechanisms are enabled and the priorities are
+ *
+ *      SCRAM-SHA-512 - 72
+ *      SCRAM-SHA-384 - 71
+ *      SCRAM-SHA-256 - 70
+ *      SCRAM-SHA-1   - 60
+ *      PLAIN         - 50
+ *      OAUTHBEARER   - 40
+ *      X-OAUTH2      - 30
+ *      ANONYMOUS     - 20
+ *      EXTERNAL      - 10
+ *
+ *  See: Strophe.Connection.addSupportedSASLMechanisms
+ */
+export default class SASLMechanism {
+
+    /**
+     * PrivateConstructor: Strophe.SASLMechanism
+     * SASL auth mechanism abstraction.
+     *
+     *  Parameters:
+     *    (String) name - SASL Mechanism name.
+     *    (Boolean) isClientFirst - If client should send response first without challenge.
+     *    (Number) priority - Priority.
+     *
+     *  Returns:
+     *    A new Strophe.SASLMechanism object.
+     */
+    constructor (name, isClientFirst, priority) {
+        /** PrivateVariable: mechname
+         *  Mechanism name.
+         */
+        this.mechname = name;
+
+        /** PrivateVariable: isClientFirst
+         *  If client sends response without initial server challenge.
+         */
+        this.isClientFirst = isClientFirst;
+
+        /** Variable: priority
+         *  Determines which <SASLMechanism> is chosen for authentication (Higher is better).
+         *  Users may override this to prioritize mechanisms differently.
+         *
+         *  Example: (This will cause Strophe to choose the mechanism that the server sent first)
+         *
+         *  > Strophe.SASLPlain.priority = Strophe.SASLSHA1.priority;
+         *
+         *  See <SASL mechanisms> for a list of available mechanisms.
+         *
+         */
+        this.priority = priority;
+    }
+
+    /**
+     *  Function: test
+     *  Checks if mechanism able to run.
+     *  To disable a mechanism, make this return false;
+     *
+     *  To disable plain authentication run
+     *  > Strophe.SASLPlain.test = function() {
+     *  >   return false;
+     *  > }
+     *
+     *  See <SASL mechanisms> for a list of available mechanisms.
+     *
+     *  Parameters:
+     *    (Strophe.Connection) connection - Target Connection.
+     *
+     *  Returns:
+     *    (Boolean) If mechanism was able to run.
+     */
+    test () { // eslint-disable-line class-methods-use-this
+        return true;
+    }
+
+    /** PrivateFunction: onStart
+     *  Called before starting mechanism on some connection.
+     *
+     *  Parameters:
+     *    (Strophe.Connection) connection - Target Connection.
+     */
+    onStart (connection) {
+        this._connection = connection;
+    }
+
+    /** PrivateFunction: onChallenge
+     *  Called by protocol implementation on incoming challenge.
+     *
+     *  By deafult, if the client is expected to send data first (isClientFirst === true),
+     *  this method is called with `challenge` as null on the first call,
+     *  unless `clientChallenge` is overridden in the relevant subclass.
+     *
+     *  Parameters:
+     *    (Strophe.Connection) connection - Target Connection.
+     *    (String) challenge - current challenge to handle.
+     *
+     *  Returns:
+     *    (String) Mechanism response.
+     */
+    onChallenge (connection, challenge) {  // eslint-disable-line
+        throw new Error("You should implement challenge handling!");
+    }
+
+    /** PrivateFunction: clientChallenge
+     *  Called by the protocol implementation if the client is expected to send
+     *  data first in the authentication exchange (i.e. isClientFirst === true).
+     *
+     *  Parameters:
+     *    (Strophe.Connection) connection - Target Connection.
+     *
+     *  Returns:
+     *    (String) Mechanism response.
+     */
+    clientChallenge (connection) {
+        if (!this.isClientFirst) {
+            throw new Error("clientChallenge should not be called if isClientFirst is false!");
+        }
+        return this.onChallenge(connection);
+    }
+
+    /** PrivateFunction: onFailure
+     *  Protocol informs mechanism implementation about SASL failure.
+     */
+    onFailure () {
+        this._connection = null;
+    }
+
+    /** PrivateFunction: onSuccess
+     *  Protocol informs mechanism implementation about SASL success.
+     */
+    onSuccess () {
+        this._connection = null;
+    }
+
+}

package/strophejs-1.6.1/src/scram.js

@@ -0,0 +1,182 @@
+import utils from './utils';
+import { Strophe } from './core.js';
+
+async function scramClientProof( authMessage, clientKey, hashName ) {
+    const storedKey = await window.crypto.subtle.importKey(
+      "raw",
+      await window.crypto.subtle.digest(hashName, clientKey),
+      { "name": "HMAC", "hash": hashName },
+      false,
+      ["sign"]
+    );
+    const clientSignature = await window.crypto.subtle.sign("HMAC", storedKey, utils.stringToArrayBuf(authMessage));
+
+    return utils.xorArrayBuffers(clientKey, clientSignature);
+}
+
+/* This function parses the information in a SASL SCRAM challenge response,
+ * into an object of the form
+ * { nonce: String,
+ *   salt:  ArrayBuffer,
+ *   iter:  Int
+ * }
+ * Returns undefined on failure.
+ */
+function scramParseChallenge ( challenge ) {
+    let nonce, salt, iter;
+    const attribMatch = /([a-z]+)=([^,]+)(,|$)/;
+    while (challenge.match(attribMatch)) {
+        const matches = challenge.match(attribMatch);
+        challenge = challenge.replace(matches[0], "");
+        switch (matches[1]) {
+        case "r":
+            nonce = matches[2];
+            break;
+        case "s":
+            salt = utils.base64ToArrayBuf(matches[2]);
+            break;
+        case "i":
+            iter = parseInt(matches[2], 10);
+            break;
+        default: return undefined;
+        }
+    }
+
+    // Consider iteration counts less than 4096 insecure, as reccommended by
+    // RFC 5802
+    if (isNaN(iter) || iter < 4096) {
+        Strophe.warn("Failing SCRAM authentication because server supplied iteration count < 4096.");
+        return undefined;
+    }
+
+    if (!salt) {
+        Strophe.warn("Failing SCRAM authentication because server supplied incorrect salt.");
+        return undefined;
+    }
+
+    return { "nonce": nonce, "salt": salt, "iter": iter };
+
+}
+
+/* Derive the client and server keys given a string password,
+ * a hash name, and a bit length.
+ * Returns an object of the following form:
+ * { ck: ArrayBuffer, the client key
+ *   sk: ArrayBuffer, the server key
+ * }
+ */
+async function scramDeriveKeys ( password, salt, iter, hashName, hashBits ) {
+    const saltedPasswordBits = await window.crypto.subtle.deriveBits(
+        { "name": "PBKDF2", "salt": salt, "iterations": iter, "hash": { "name": hashName } },
+        await window.crypto.subtle.importKey("raw", utils.stringToArrayBuf(password), "PBKDF2", false, ["deriveBits"]),
+        hashBits
+    );
+    const saltedPassword = await window.crypto.subtle.importKey(
+        "raw",
+        saltedPasswordBits,
+        { "name": "HMAC", "hash": hashName },
+        false,
+        ["sign"]
+    );
+
+    return { "ck": await window.crypto.subtle.sign("HMAC", saltedPassword, utils.stringToArrayBuf("Client Key")),
+             "sk": await window.crypto.subtle.sign("HMAC", saltedPassword, utils.stringToArrayBuf("Server Key"))
+           }
+}
+
+async function scramServerSign ( authMessage, sk, hashName ) {
+    const serverKey = await window.crypto.subtle.importKey(
+        "raw",
+        sk,
+        { "name": "HMAC", "hash": hashName },
+        false,
+        ["sign"]
+    );
+
+    return window.crypto.subtle.sign("HMAC", serverKey, utils.stringToArrayBuf(authMessage));
+}
+
+// Generate an ASCII nonce (not containing the ',' character)
+function generate_cnonce () {
+    // generate 16 random bytes of nonce, base64 encoded
+    const bytes = new Uint8Array(16);
+    return utils.arrayBufToBase64(crypto.getRandomValues(bytes).buffer);
+}
+
+const scram = {
+
+    /* On success, sets
+     * connection_sasl_data["server-signature"]
+     * and
+     * connection._sasl_data.keys
+     *
+     * The server signature should be verified after this function completes..
+     *
+     * On failure, returns connection._sasl_failure_cb();
+     */
+    async scramResponse ( connection, challenge, hashName, hashBits ) {
+        const cnonce = connection._sasl_data.cnonce;
+        const challengeData = scramParseChallenge(challenge);
+
+        // The RFC requires that we verify the (server) nonce has the client
+        // nonce as an initial substring.
+        if (!challengeData && challengeData?.nonce.slice(0, cnonce.length) !== cnonce) {
+            Strophe.warn("Failing SCRAM authentication because server supplied incorrect nonce.");
+            connection._sasl_data = {};
+            return connection._sasl_failure_cb();
+        }
+
+        let clientKey, serverKey;
+
+        // Either restore the client key and server key passed in, or derive new ones
+        if ( connection.pass?.name === hashName &&
+             connection.pass?.salt === utils.arrayBufToBase64(challengeData.salt) &&
+             connection.pass?.iter === challengeData.iter) {
+
+            clientKey = utils.base64ToArrayBuf(connection.pass.ck);
+            serverKey = utils.base64ToArrayBuf(connection.pass.sk);
+        } else if (typeof connection.pass === "string" || connection.pass instanceof String) {
+            const keys = await scramDeriveKeys(
+                connection.pass,
+                challengeData.salt,
+                challengeData.iter,
+                hashName,
+                hashBits);
+            clientKey = keys.ck;
+            serverKey = keys.sk;
+        } else {
+            return connection._sasl_failure_cb();
+        }
+
+        const clientFirstMessageBare = connection._sasl_data["client-first-message-bare"];
+        const serverFirstMessage = challenge;
+        const clientFinalMessageBare = `c=biws,r=${challengeData.nonce}`;
+
+        const authMessage = `${clientFirstMessageBare},${serverFirstMessage},${clientFinalMessageBare}`;
+
+        const clientProof     = await scramClientProof(authMessage, clientKey, hashName);
+        const serverSignature = await scramServerSign(authMessage, serverKey, hashName);
+
+        connection._sasl_data["server-signature"] = utils.arrayBufToBase64(serverSignature);
+        connection._sasl_data.keys =
+            { "name": hashName,
+              "iter": challengeData.iter,
+              "salt": utils.arrayBufToBase64(challengeData.salt),
+              "ck":   utils.arrayBufToBase64(clientKey),
+              "sk":   utils.arrayBufToBase64(serverKey)
+            };
+
+        return `${clientFinalMessageBare},p=${utils.arrayBufToBase64(clientProof)}`;
+    },
+
+    // Returns a string containing the client first message
+    clientChallenge ( connection, test_cnonce ) {
+        const cnonce = test_cnonce || generate_cnonce();
+        const client_first_message_bare = `n=${connection.authcid},r=${cnonce}`;
+        connection._sasl_data.cnonce = cnonce;
+        connection._sasl_data["client-first-message-bare"] = client_first_message_bare;
+        return `n,,${client_first_message_bare}`;
+    }
+}
+
+export { scram as default };

package/strophejs-1.6.1/src/shared-connection-worker.js

@@ -0,0 +1,114 @@
+let manager;
+
+
+const Status = {
+    ERROR: 0,
+    CONNECTING: 1,
+    CONNFAIL: 2,
+    AUTHENTICATING: 3,
+    AUTHFAIL: 4,
+    CONNECTED: 5,
+    DISCONNECTED: 6,
+    DISCONNECTING: 7,
+    ATTACHED: 8,
+    REDIRECT: 9,
+    CONNTIMEOUT: 10,
+    BINDREQUIRED: 11,
+    ATTACHFAIL: 12
+}
+
+
+/** Class: ConnectionManager
+ *
+ * Manages the shared websocket connection as well as the ports of the
+ * connected tabs.
+ */
+class ConnectionManager {
+
+    constructor () {
+        this.ports = [];
+    }
+
+    addPort (port) {
+        this.ports.push(port);
+        port.addEventListener('message', e => {
+            const method = e.data[0];
+            try {
+                this[method](e.data.splice(1))
+            } catch (e) {
+                console?.error(e);
+            }
+        });
+        port.start();
+    }
+
+    _connect (data) {
+        this.jid = data[1];
+        this._closeSocket();
+        this.socket = new WebSocket(data[0], "xmpp");
+        this.socket.onopen = () => this._onOpen();
+        this.socket.onerror = (e) => this._onError(e);
+        this.socket.onclose = (e) => this._onClose(e);
+        this.socket.onmessage = (message) => this._onMessage(message);
+    }
+
+    _attach () {
+        if (this.socket && this.socket.readyState !== WebSocket.CLOSED) {
+            this.ports.forEach(p => p.postMessage(['_attachCallback', Status.ATTACHED, this.jid]));
+        } else {
+            this.ports.forEach(p => p.postMessage(['_attachCallback', Status.ATTACHFAIL]));
+        }
+    }
+
+    send (str) {
+        this.socket.send(str);
+    }
+
+    close (str) {
+        if (this.socket && this.socket.readyState !== WebSocket.CLOSED) {
+            try {
+                this.socket.send(str);
+            } catch (e) {
+                this.ports.forEach(p => p.postMessage(['log', 'error', e]));
+                this.ports.forEach(p => p.postMessage(
+                    ['log', 'error', "Couldn't send <close /> tag."]));
+            }
+        }
+    }
+
+    _onOpen () {
+        this.ports.forEach(p => p.postMessage(['_onOpen']));
+    }
+
+    _onClose (e) {
+        this.ports.forEach(p => p.postMessage(['_onClose', e.reason]));
+    }
+
+    _onMessage (message) {
+        const o = { 'data': message.data }
+        this.ports.forEach(p => p.postMessage(['_onMessage', o]));
+    }
+
+    _onError (error) {
+        this.ports.forEach(p => p.postMessage(['_onError', error.reason]));
+    }
+
+    _closeSocket () {
+        if (this.socket) {
+            try {
+                this.socket.onclose = null;
+                this.socket.onerror = null;
+                this.socket.onmessage = null;
+                this.socket.close();
+            } catch (e) {
+                this.ports.forEach(p => p.postMessage(['log', 'error', e]));
+            }
+        }
+        this.socket = null;
+    }
+}
+
+onconnect = function (e) {  // eslint-disable-line no-undef
+    manager = manager || new ConnectionManager();
+    manager.addPort(e.ports[0]);
+}