#11898

pending completion

Build # #11898

Build Type

push

circleci

Committed by

web-flow

Commit Message

Merge pull request #2770 from mozilla/license

Add license headers in source files

Run Details

282 of 1138 branches covered (24.78%)

Branch coverage included in aggregate %.

959 of 3049 relevant lines covered (31.45%)

2.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/utils/fxa.js

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import ClientOAuth2 from 'client-oauth2'
import crypto from 'crypto'
import { URL } from 'url'

import AppConstants from '../app-constants.js'

// This object exists instead of inlining the env vars to make it easy
// to abstract fetching API endpoints from the OAuth server (instead
// of specifying them in the environment) in the future.
const FxAOAuthUtils = {
  get authorizationUri () { return AppConstants.OAUTH_AUTHORIZATION_URI },
  get tokenUri () { return AppConstants.OAUTH_TOKEN_URI },
  get profileUri () { return AppConstants.OAUTH_PROFILE_URI }
}

const FxAOAuthClient = new ClientOAuth2({
  clientId: AppConstants.OAUTH_CLIENT_ID,
  clientSecret: AppConstants.OAUTH_CLIENT_SECRET,
  accessTokenUri: FxAOAuthUtils.tokenUri,
  authorizationUri: FxAOAuthUtils.authorizationUri,
  redirectUri: AppConstants.SERVER_URL + '/oauth/confirmed',
  scopes: ['profile']
})

async function postTokenRequest (path, token) {
  const fxaTokenOrigin = new URL(AppConstants.OAUTH_TOKEN_URI).origin
  const tokenUrl = `${fxaTokenOrigin}${path}`
  const tokenBody = (typeof token === 'object') ? token : { token }
  const tokenOptions = {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify(tokenBody)
  }

  try {
    const response = await fetch(tokenUrl, tokenOptions)
    if (!response.ok) throw new Error(`bad response: ${response.status}`)
    return await response.json()
  } catch (e) {
    console.error('postTokenRequest', { stack: e.stack })
    return e
  }
}

async function verifyOAuthToken (token) {
  try {
    const response = await postTokenRequest('/v1/verify', token)
    return response
  } catch (e) {
    console.error('verifyOAuthToken', { stack: e.stack })
  }
}

async function destroyOAuthToken (token) {
  try {
    const response = await postTokenRequest('/v1/destroy', token)
    return response
  } catch (e) {
    console.error('destroyOAuthToken', { stack: e.stack })
  }
}

async function revokeOAuthTokens (subscriber) {
  await destroyOAuthToken({ token: subscriber.fxa_access_token })
  await destroyOAuthToken({ refresh_token: subscriber.fxa_refresh_token })
}

async function getProfileData (accessToken) {
  try {
    const response = await fetch(FxAOAuthUtils.profileUri, {
      headers: { Authorization: `Bearer ${accessToken}` }
    })
    if (!response.ok) throw new Error(`bad response: ${response.status}`)
    return await response.text()
  } catch (e) {
    console.warn('getProfileData', { stack: e.stack })
    return e
  }
}

async function sendMetricsFlowPing (path) {
  const fxaMetricsFlowUrl = new URL(path, AppConstants.FXA_SETTINGS_URL)
  try {
    const response = await fetch(fxaMetricsFlowUrl, {
      headers: { Origin: AppConstants.SERVER_URL }
    })
    if (!response.ok) throw new Error(`bad response: ${response.status}`)
    console.info('pinged FXA metrics flow.')
    return response
  } catch (e) {
    console.error('sendMetricsFlowPing', { stack: e.stack })
    return false
  }
}

function getSha1 (email) {
  return crypto.createHash('sha1').update(email).digest('hex')
}

export {
  FxAOAuthClient,
  verifyOAuthToken,
  destroyOAuthToken,
  revokeOAuthTokens,
  getProfileData,
  sendMetricsFlowPing,
  getSha1
}

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	import ClientOAuth2 from 'client-oauth2'
6	import crypto from 'crypto'
7	import { URL } from 'url'
8
9	import AppConstants from '../app-constants.js'
10
11	// This object exists instead of inlining the env vars to make it easy
12	// to abstract fetching API endpoints from the OAuth server (instead
13	// of specifying them in the environment) in the future.
14	const FxAOAuthUtils = {	×
15	get authorizationUri () { return AppConstants.OAUTH_AUTHORIZATION_URI },	×
16	get tokenUri () { return AppConstants.OAUTH_TOKEN_URI },	×
17	get profileUri () { return AppConstants.OAUTH_PROFILE_URI }	×
18	}
19
20	const FxAOAuthClient = new ClientOAuth2({	×
21	clientId: AppConstants.OAUTH_CLIENT_ID,
22	clientSecret: AppConstants.OAUTH_CLIENT_SECRET,
23	accessTokenUri: FxAOAuthUtils.tokenUri,
24	authorizationUri: FxAOAuthUtils.authorizationUri,
25	redirectUri: AppConstants.SERVER_URL + '/oauth/confirmed',
26	scopes: ['profile']
27	})
28
29	async function postTokenRequest (path, token) {
30	const fxaTokenOrigin = new URL(AppConstants.OAUTH_TOKEN_URI).origin	×
31	const tokenUrl = `${fxaTokenOrigin}${path}`	×
32	const tokenBody = (typeof token === 'object') ? token : { token }	×
33	const tokenOptions = {	×
34	method: 'POST',
35	headers: {
36	'Content-Type': 'application/json'
37	},
38	body: JSON.stringify(tokenBody)
39	}
40
41	try {	×
42	const response = await fetch(tokenUrl, tokenOptions)	×
43	if (!response.ok) throw new Error(`bad response: ${response.status}`)	×
44	return await response.json()	×
45	} catch (e) {
46	console.error('postTokenRequest', { stack: e.stack })	×
47	return e	×
48	}
49	}
50
51	async function verifyOAuthToken (token) {
52	try {	×
53	const response = await postTokenRequest('/v1/verify', token)	×
54	return response	×
55	} catch (e) {
56	console.error('verifyOAuthToken', { stack: e.stack })	×
57	}
58	}
59
60	async function destroyOAuthToken (token) {
61	try {	×
62	const response = await postTokenRequest('/v1/destroy', token)	×
63	return response	×
64	} catch (e) {
65	console.error('destroyOAuthToken', { stack: e.stack })	×
66	}
67	}
68
69	async function revokeOAuthTokens (subscriber) {
70	await destroyOAuthToken({ token: subscriber.fxa_access_token })	×
71	await destroyOAuthToken({ refresh_token: subscriber.fxa_refresh_token })	×
72	}
73
74	async function getProfileData (accessToken) {
75	try {	×
76	const response = await fetch(FxAOAuthUtils.profileUri, {	×
77	headers: { Authorization: `Bearer ${accessToken}` }
78	})
79	if (!response.ok) throw new Error(`bad response: ${response.status}`)	×
80	return await response.text()	×
81	} catch (e) {
82	console.warn('getProfileData', { stack: e.stack })	×
83	return e	×
84	}
85	}
86
87	async function sendMetricsFlowPing (path) {
88	const fxaMetricsFlowUrl = new URL(path, AppConstants.FXA_SETTINGS_URL)	×
89	try {	×
90	const response = await fetch(fxaMetricsFlowUrl, {	×
91	headers: { Origin: AppConstants.SERVER_URL }
92	})
93	if (!response.ok) throw new Error(`bad response: ${response.status}`)	×
94	console.info('pinged FXA metrics flow.')	×
95	return response	×
96	} catch (e) {
97	console.error('sendMetricsFlowPing', { stack: e.stack })	×
98	return false	×
99	}
100	}
101
102	function getSha1 (email) {
103	return crypto.createHash('sha1').update(email).digest('hex')	×
104	}
105
106	export {
107	FxAOAuthClient,
108	verifyOAuthToken,
109	destroyOAuthToken,
110	revokeOAuthTokens,
111	getProfileData,
112	sendMetricsFlowPing,
113	getSha1
114	}

mozilla / blurts-server / #11898

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous