Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var authenticator = (challenge, callback) => {
// Create a new authentication context.
var context = new adalNode.AuthenticationContext(challenge.authorization);
// Use the context to acquire an authentication token.
return context.acquireTokenWithClientCredentials(challenge.resource, clientId, clientSecret, function(err, tokenResponse) {
if (err) throw err;
// Calculate the value to be set in the request's Authorization header and resume the call.
var authorizationValue = tokenResponse.tokenType + ' ' + tokenResponse.accessToken;
return callback(null, authorizationValue);
});
};
return function (challenge, callback) {
// Function to take token Response and format a authorization value
function _formAuthorizationValue(err, tokenResponse) {
if (err) {
return callback(err);
}
// Calculate the value to be set in the request's Authorization header and resume the call.
var authorizationValue = tokenResponse.tokenType + ' ' + tokenResponse.accessToken;
return callback(null, authorizationValue);
}
// Create a new authentication context.
let context = new AuthenticationContext(challenge.authorization, true, credentials.context && credentials.context.cache);
if (credentials instanceof ApplicationTokenCredentials) {
return context.acquireTokenWithClientCredentials(
challenge.resource, credentials.clientId, credentials.secret, _formAuthorizationValue);
} else if (credentials instanceof UserTokenCredentials) {
return context.acquireTokenWithUsernamePassword(
challenge.resource, credentials.username, credentials.password, credentials.clientId, _formAuthorizationValue);
} else if (credentials instanceof DeviceTokenCredentials) {
return context.acquireToken(
challenge.resource, credentials.username, credentials.clientId, _formAuthorizationValue);
} else if (credentials instanceof MSITokenCredentials) {
return credentials.getToken(_formAuthorizationValue);
} else {
callback(new Error('credentials must be one of: ApplicationTokenCredentials, UserTokenCredentials, ' +
'DeviceTokenCredentials, MSITokenCredentials'));
}
var acquireTokenWithAuthorizationCode = (authorizationCode) => {
var authenticationContext = new AuthenticationContext(adalConfig.authorityUrl);
var p = new Promise((resolve, reject) => {
authenticationContext.acquireTokenWithAuthorizationCode(
authorizationCode,
adalConfig.redirectUri, // This URL must be the same as the redirect_uri of the original request or the reply url of the Azure AD App. Otherwise, it will throw an error.
adalConfig.resource,
adalConfig.clientId,
adalConfig.clientSecret,
(err, response) => {
if (err) {
reject('error: ' + err.message + '\n');
} else {
resolve({
try {
if (req.cookies.authstate !== req.query.state) {
console.log('/accesstoken req.query.state:' + req.query.state);
console.log('/accesstoken req.cookies.authstate:' + req.cookies.authstate);
res.status(400).send('error: state does not match');
return;
}
if (req.query.error) {
if (typeof(req.cookies.redirect_uri) != 'undefined' && req.cookies.redirect_uri != 'undefined') {
res.redirect(req.cookies.redirect_uri);
return;
}
}
var authenticationContext = new AuthenticationContext(authorityUrl);
authenticationContext.acquireTokenWithAuthorizationCode(
req.query.code,
redirectUri,
ad_resource,
config_clientId,
config_clientSecret,
function (err, response) {
var errorMessage = '';
if (err) {
errorMessage = 'error: ' + err.message + '\n';
res.status(500).send(errorMessage);
} else {
console.log('/accesstoken get by auth code');
//console.dir(response);
req.session.ad_tenantid = response.tenantId;
req.session.ad_accesstoken = [response.tokenType, response.accessToken].join(' ');
if (!options.tokenCache) {
options.tokenCache = new adal.MemoryCache();
}
if (!options.language) {
options.language = azureConstants.DEFAULT_LANGUAGE;
}
this.tokenAudience = options.tokenAudience;
this.environment = options.environment;
this.domain = options.domain;
this.clientId = options.clientId;
this.tokenCache = options.tokenCache;
this.language = options.language;
var authorityUrl = this.environment.activeDirectoryEndpointUrl + this.domain;
this.context = new adal.AuthenticationContext(authorityUrl, this.environment.validateAuthority, this.tokenCache);
var self = this;
var tenantList = [];
async.waterfall([
//acquire usercode
function (callback) {
self.context.acquireUserCode(self.environment.activeDirectoryResourceId, self.clientId, self.language, function (err, userCodeResponse) {
if (err) return callback(err);
console.log(userCodeResponse.message);
return callback(null, userCodeResponse);
});
},
//acquire token with device code and set the username to userId received from tokenResponse.
function (userCodeResponse, callback) {
self.context.acquireTokenWithDeviceCode(self.environment.activeDirectoryResourceId, self.clientId, userCodeResponse, function (err, tokenResponse) {
if (err) return callback(err);
self.username = tokenResponse.userId;
const authenticator = (challenge, authCallback) => {
const context = new adalNode.AuthenticationContext(challenge.authorization);
return context.acquireTokenWithClientCredentials(challenge.resource, kvConfig.clientId, kvConfig.clientSecret, (tokenAcquisitionError, tokenResponse) => {
if (tokenAcquisitionError) {
return authCallback(tokenAcquisitionError);
}
const authorizationValue = `${tokenResponse.tokenType} ${tokenResponse.accessToken}`;
return authCallback(null, authorizationValue);
});
};
const credentials = new azureKeyVault.KeyVaultCredentials(authenticator);
var acquireTokenWithRefreshToken = (refreshToken) => {
var authenticationContext = new AuthenticationContext(adalConfig.authorityUrl);
var p = new Promise((resolve, reject) => {
authenticationContext.acquireTokenWithRefreshToken(
refreshToken,
adalConfig.clientId,
adalConfig.clientSecret,
adalConfig.resource,
(err, response) => {
if (err) {
reject(errorMessage = 'error: ' + err.message + '\n');
} else {
resolve({
userName: (response.givenName + " " + response.familyName),
constructor(private _tenant: string,
private _clientId: string,
private _secret: string,
private _resource = "https://graph.microsoft.com",
private _authority = "https://login.windows.net") {
this.authContext = new AuthenticationContext(combine(this._authority, this._tenant));
}
}
if (domain.toLowerCase() === 'common') {
throw new Error('If the tokenAudience is specified as \'graph\' then \'domain\' cannot be the default \'commmon\' tenant. ' +
'It must be the actual tenant (preferrably a string in a guid format).');
}
}
this.tokenAudience = options.tokenAudience;
this.environment = options.environment;
this.authorizationScheme = options.authorizationScheme;
this.tokenCache = options.tokenCache;
this.clientId = clientId;
this.domain = domain;
this.secret = secret;
var authorityUrl = this.environment.activeDirectoryEndpointUrl + this.domain;
this.context = new adal.AuthenticationContext(authorityUrl, this.environment.validateAuthority, this.tokenCache);
}
export function getTokenFromCode(code, callback) {
const authContext = new AuthenticationContext(adalConfiguration.authority);
authContext.acquireTokenWithAuthorizationCode(
code,
adalConfiguration.redirectUri,
resource,
adalConfiguration.clientID,
adalConfiguration.clientSecret,
(error, token) => {
if (error) callback(error, null);
else callback(null, token);
}
);
}