Fix storing redirectTo URL in session

Author: dmitrizagidulin

lib/api/accounts/signin.js

@@ -29,7 +29,6 @@ function signin () {
       }
 
       const linkHeaders = li.parse(response.headers.link)
-      console.log(linkHeaders)
       if (!linkHeaders['oidc.issuer']) {
         res.status(400).send('The URI requested is not a valid endpoint')
         return

lib/create-app.js

@@ -110,7 +110,7 @@ function createApp (argv = {}) {
 
     app.use('/', express.static(path.join(__dirname, '../static/oidc')))
     app.use('/', oidcHandler.authenticate(oidcRpClient))
-    app.use('/api/oidc', oidcHandler.api(corsSettings))
+    app.use('/api/oidc', oidcHandler.api(corsSettings, oidcRpClient))
   }
 
   // Adding proxy

lib/handlers/error-pages.js

@@ -64,11 +64,16 @@ If you are not redirected automatically, follow the <a href='${url}'>link to log
 function redirectToLogin (req, res, next) {
   res.header('Content-Type', 'text/html')
   // var loginUrl = req.app.locals.oidc.urlForSignin(req)
-
+  var currentUrl = util.fullUrlForReq(req)
   let loginUrl = util.uriBase(req) + '/signin.html'
   debug('Redirecting to login: ' + loginUrl)
-  var currentUrl = util.fullUrlForReq(req)
-  req.session.returnToUrl = currentUrl
+
+  if (!req.session.returnToUrl) {
+    req.session.returnToUrl = currentUrl
+    debug('Saving current request as: ' + currentUrl)
+  } else {
+    debug('Not saving current request, already set!')
+  }
 
   var body = redirectBody(loginUrl)
   res.send(body)

lib/handlers/oidc.js

@@ -25,7 +25,7 @@ module.exports.oidcIssuerHeader = oidcIssuerHeader
  * @param corsSettings
  * @returns {Router} Express router
  */
-function api (corsSettings) {
+function api (corsSettings, oidcRpClient) {
   const router = express.Router('/')
 
   if (corsSettings) {
@@ -36,7 +36,7 @@ function api (corsSettings) {
   //   (req, res, next) => {
   //     // const userServer = req.body.oidcServer
   //   })
-  router.get('/rp', rpCallback)
+  router.get('/rp', authCallback(oidcRpClient), authSessionInit, rpCallback(oidcRpClient))
   // router.get('/signout', (req, res, next) => {
   //   req.session.userId = null
   //   req.session.identified = false
@@ -104,6 +104,9 @@ function authSessionInit (req, res, next) {
   }
   debug.oidc('authSessionInit: starting up user session, recording userId')
   var webId = req.userInfo.profile
+  if (!webId) {
+    debug.oidc('Error signing in: User\'s contains no WebId in the .profile')
+  }
   req.session.userId = webId
   req.session.identified = true
   debug.oidc('WebId: ' + webId)
@@ -170,11 +173,49 @@ function loadAuthClient (oidcRpClient) {
   }
 }
 
-function rpCallback (req, res, next) {
-  console.log('In authRp handler:')
-  if (req.session.returnToUrl) {
-    console.log('  Redirecting to ' + req.session.returnToUrl)
-    return res.redirect(302, req.session.returnToUrl)
+function authCallback (oidcRpClient) {
+  return (req, res, next) => {
+    debug.oidc('in authCallback():')
+    const tokenOptions = {
+      code: req.query.code
+    }
+    var accessToken
+    debug.oidc('code: ' + req.query.code)
+    oidcRpClient.trustedClient.client.token(tokenOptions)
+      .then((tokenResult) => {
+        const verifyOptions = {
+          allowNoToken: true,
+          loadUserInfo: true
+        }
+        accessToken = tokenResult.access_token
+        debug.oidc('Verifying token')
+        return oidcRpClient.trustedClient.verifyToken(req, accessToken, verifyOptions)
+      })
+      .then(() => {
+        return oidcRpClient.trustedClient.client.userInfo({ token: accessToken })
+      })
+      .then(function (userInfo) {
+        req.userInfo = userInfo
+        next()
+      })
+      .catch((err) => {
+        debug.oidc(err)
+        next(err)
+      })
+  }
+}
+
+function rpCallback (oidcRpClient) {
+  return (req, res, next) => {
+    debug.oidc('In authRp handler:')
+
+    if (req.session.returnToUrl) {
+      let returnToUrl = req.session.returnToUrl
+      debug.oidc('  Redirecting to ' + returnToUrl)
+      delete req.session.returnToUrl
+      return res.redirect(302, returnToUrl)
+    }
+    res.send('OK')
+    // next()
   }
-  res.send('OK')
 }

lib/oidc-rp-client.js

@@ -66,7 +66,7 @@ module.exports = class OidcRpClient {
         // client not already in store, create and register it
         let clientConfig = {
           issuer: issuer,
-          redirect_uri: this.trustedClient.redirect_uri,
+          redirect_uri: this.trustedClient.client.redirect_uri,
           scope: 'openid profile'
         }
         return this.initClient(clientConfig)
@@ -87,8 +87,8 @@ module.exports = class OidcRpClient {
         debug.idp('Client discovered, JWKs retrieved')
         if (!oidcExpress.client.client_id) {
           // Register if you haven't already.
-          debug.idp('Registering client')
-          return oidcExpress.client.register(this.registration)
+          debug.oidc('Registering client')
+          return oidcExpress.client.register(this.newClientConfig())
         }
       })
       .then(() => {
@@ -106,19 +106,31 @@ module.exports = class OidcRpClient {
       })
   }
 
+  newClientConfig () {
+    return {
+      client_name: 'Solid Server Remote Client',
+      grant_types: ['authorization_code', 'implicit'],
+      default_max_age: 86400, // one day in seconds
+      response_types: ['code', 'id_token token', 'code id_token token',
+        'refresh_token', 'client_credentials']
+    }
+  }
+
   /**
    * Returns the Signin page URL for the trusted OIDC provider
-   * @param client {OIDCExpressClient}
+   * @param oidcExpress {OIDCExpressClient}
    * @returns {String}
    */
-  urlForSignin (client) {
+  urlForSignin (oidcExpress) {
     // return 'https://anvil.local/authorize?stuff'
-    var loginUrl = client.client.authorizationUri({
+    var loginUrl = oidcExpress.client.authorizationUri({
       endpoint: 'signin',
-      nonce: '123',
-      response_mode: 'query',
-      response_type: 'token id_token',
-      redirect_uri: client.redirect_uri
+      // nonce: '123',
+      // response_mode: 'query',
+      // response_type: 'token id_token',
+      response_type: 'code',
+      // redirect_uri: client.redirect_uri
+      redirect_uri: oidcExpress.client.redirect_uri
     })
     return loginUrl
   }

lib/utils.js

@@ -21,11 +21,13 @@ var from = require('from2')
 var url = require('url')
 
 function fullUrlForReq (req) {
-  return url.format({
+  let fullUrl = url.format({
     protocol: req.protocol,
     host: req.get('host'),
     pathname: req.originalUrl
   })
+  console.log('URL: ' + fullUrl)
+  return fullUrl
 }
 
 function uriToFilename (uri, base) {