"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "packages/hoppscotch-app/helpers/oauth.js" between
hoppscotch-2.2.1.tar.gz and hoppscotch-3.0.0.tar.gz

About: Hoppscotch is a light-weight, web based API development suite.

oauth.js  (hoppscotch-2.2.1):oauth.js  (hoppscotch-3.0.0)
skipping to change at line 24 skipping to change at line 24
* @param {String} url - The resource * @param {String} url - The resource
* @param {Object} params - Configuration options * @param {Object} params - Configuration options
* @returns {Object} * @returns {Object}
*/ */
const sendPostRequest = async (url, params) => { const sendPostRequest = async (url, params) => {
const body = Object.keys(params) const body = Object.keys(params)
.map((key) => `${key}=${params[key]}`) .map((key) => `${key}=${params[key]}`)
.join("&") .join("&")
const options = { const options = {
method: "post", method: "POST",
headers: { headers: {
"Content-type": "application/x-www-form-urlencoded; charset=UTF-8", "Content-type": "application/x-www-form-urlencoded; charset=UTF-8",
}, },
body, body,
} }
try { try {
const response = await fetch(url, options) const response = await fetch(url, options)
const data = await response.json() const data = await response.json()
return data return data
} catch (e) { } catch (e) {
skipping to change at line 91 skipping to change at line 91
/** /**
* Generates a secure random string using the browser crypto functions * Generates a secure random string using the browser crypto functions
* *
* @returns {Object} * @returns {Object}
*/ */
const generateRandomString = () => { const generateRandomString = () => {
const array = new Uint32Array(28) const array = new Uint32Array(28)
window.crypto.getRandomValues(array) window.crypto.getRandomValues(array)
return Array.from(array, (dec) => `0${dec.toString(16)}`.substr(-2)).join("") return Array.from(array, (dec) => `0${dec.toString(16)}`.slice(-2)).join("")
} }
/** /**
* Calculate the SHA256 hash of the input text * Calculate the SHA256 hash of the input text
* *
* @returns {Promise<ArrayBuffer>} * @returns {Promise<ArrayBuffer>}
*/ */
const sha256 = (plain) => { const sha256 = (plain) => {
const encoder = new TextEncoder() const encoder = new TextEncoder()
skipping to change at line 151 skipping to change at line 151
* @param {Object} - The necessary params * @param {Object} - The necessary params
* @returns {Void} * @returns {Void}
*/ */
const tokenRequest = async ({ const tokenRequest = async ({
oidcDiscoveryUrl, oidcDiscoveryUrl,
grantType, grantType,
authUrl, authUrl,
accessTokenUrl, accessTokenUrl,
clientId, clientId,
clientSecret,
scope, scope,
}) => { }) => {
// Check oauth configuration // Check oauth configuration
if (oidcDiscoveryUrl !== "") { if (oidcDiscoveryUrl !== "") {
// eslint-disable-next-line camelcase // eslint-disable-next-line camelcase
const { authorization_endpoint, token_endpoint } = const { authorization_endpoint, token_endpoint } =
await getTokenConfiguration(oidcDiscoveryUrl) await getTokenConfiguration(oidcDiscoveryUrl)
// eslint-disable-next-line camelcase // eslint-disable-next-line camelcase
authUrl = authorization_endpoint authUrl = authorization_endpoint
// eslint-disable-next-line camelcase // eslint-disable-next-line camelcase
accessTokenUrl = token_endpoint accessTokenUrl = token_endpoint
} }
// Store oauth information // Store oauth information
setLocalConfig("tokenEndpoint", accessTokenUrl) setLocalConfig("tokenEndpoint", accessTokenUrl)
setLocalConfig("client_id", clientId) setLocalConfig("client_id", clientId)
setLocalConfig("client_secret", clientSecret)
// Create and store a random state value // Create and store a random state value
const state = generateRandomString() const state = generateRandomString()
setLocalConfig("pkce_state", state) setLocalConfig("pkce_state", state)
// Create and store a new PKCE codeVerifier (the plaintext random secret) // Create and store a new PKCE codeVerifier (the plaintext random secret)
const codeVerifier = generateRandomString() const codeVerifier = generateRandomString()
setLocalConfig("pkce_codeVerifier", codeVerifier) setLocalConfig("pkce_codeVerifier", codeVerifier)
// Hash and base64-urlencode the secret to use as the challenge // Hash and base64-urlencode the secret to use as the challenge
skipping to change at line 224 skipping to change at line 225
if (getLocalConfig("pkce_state") !== q.state) { if (getLocalConfig("pkce_state") !== q.state) {
alert("Invalid state") alert("Invalid state")
Promise.reject(tokenResponse) Promise.reject(tokenResponse)
} else { } else {
try { try {
// Exchange the authorization code for an access token // Exchange the authorization code for an access token
tokenResponse = sendPostRequest(getLocalConfig("tokenEndpoint"), { tokenResponse = sendPostRequest(getLocalConfig("tokenEndpoint"), {
grant_type: "authorization_code", grant_type: "authorization_code",
code: q.code, code: q.code,
client_id: getLocalConfig("client_id"), client_id: getLocalConfig("client_id"),
client_secret: getLocalConfig("client_secret"),
redirect_uri: redirectUri, redirect_uri: redirectUri,
code_verifier: getLocalConfig("pkce_codeVerifier"), code_verifier: getLocalConfig("pkce_codeVerifier"),
}) })
} catch (e) { } catch (e) {
console.error(e) console.error(e)
return Promise.reject(tokenResponse) return Promise.reject(tokenResponse)
} }
} }
// Clean these up since we don't need them anymore // Clean these up since we don't need them anymore
removeLocalConfig("pkce_state") removeLocalConfig("pkce_state")
removeLocalConfig("pkce_codeVerifier") removeLocalConfig("pkce_codeVerifier")
removeLocalConfig("tokenEndpoint") removeLocalConfig("tokenEndpoint")
removeLocalConfig("client_id") removeLocalConfig("client_id")
removeLocalConfig("client_secret")
return tokenResponse return tokenResponse
} }
return Promise.reject(tokenResponse) return Promise.reject(tokenResponse)
} }
export { tokenRequest, oauthRedirect } export { tokenRequest, oauthRedirect }
 End of changes. 7 change blocks. 
3 lines changed or deleted 6 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)