2019-07-29 10:58:47 +00:00
|
|
|
/*
|
|
|
|
Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
import MatrixClientPeg from './MatrixClientPeg';
|
|
|
|
|
|
|
|
export default class IdentityAuthClient {
|
|
|
|
constructor() {
|
|
|
|
this.accessToken = null;
|
2019-07-29 13:41:57 +00:00
|
|
|
this.authEnabled = true;
|
2019-07-29 10:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
hasCredentials() {
|
|
|
|
return this.accessToken != null; // undef or null
|
|
|
|
}
|
|
|
|
|
|
|
|
// Returns a promise that resolves to the access_token string from the IS
|
|
|
|
async getAccessToken() {
|
2019-07-29 13:41:57 +00:00
|
|
|
if (!this.authEnabled) {
|
|
|
|
// The current IS doesn't support authentication
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2019-07-29 10:58:47 +00:00
|
|
|
let token = this.accessToken;
|
|
|
|
if (!token) {
|
|
|
|
token = window.localStorage.getItem("mx_is_access_token");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!token) {
|
2019-07-29 13:41:57 +00:00
|
|
|
token = await this.registerForToken();
|
|
|
|
this.accessToken = token;
|
|
|
|
window.localStorage.setItem("mx_is_access_token", token);
|
2019-07-29 10:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2019-07-29 13:41:57 +00:00
|
|
|
await this._checkToken(token);
|
2019-07-29 10:58:47 +00:00
|
|
|
} catch (e) {
|
2019-07-29 13:41:57 +00:00
|
|
|
// Retry in case token expired
|
|
|
|
token = await this.registerForToken();
|
|
|
|
this.accessToken = token;
|
|
|
|
window.localStorage.setItem("mx_is_access_token", token);
|
2019-07-29 10:58:47 +00:00
|
|
|
}
|
2019-07-29 13:41:57 +00:00
|
|
|
|
|
|
|
return token;
|
2019-07-29 10:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
_checkToken(token) {
|
2019-07-30 09:09:38 +00:00
|
|
|
// TODO: Test current API token via `/account` endpoint
|
|
|
|
// At the moment, Sydent doesn't implement `/account`, so we can't use
|
|
|
|
// that yet. We could try a lookup for a null address perhaps...?
|
|
|
|
// In any case, we should ensure the token in `localStorage` is cleared
|
|
|
|
// appropriately. We already clear storage on sign out, but we'll need
|
|
|
|
// additional clearing when changing ISes in settings as part of future
|
|
|
|
// privacy work.
|
2019-07-29 10:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
async registerForToken() {
|
2019-07-29 13:41:57 +00:00
|
|
|
try {
|
|
|
|
const hsOpenIdToken = await MatrixClientPeg.get().getOpenIdToken();
|
2019-07-30 09:05:57 +00:00
|
|
|
const { access_token: identityAccessToken } =
|
2019-07-29 13:41:57 +00:00
|
|
|
await MatrixClientPeg.get().registerWithIdentityServer(hsOpenIdToken);
|
2019-07-30 09:05:57 +00:00
|
|
|
await this._checkToken(identityAccessToken);
|
|
|
|
return identityAccessToken;
|
2019-07-29 13:41:57 +00:00
|
|
|
} catch (err) {
|
|
|
|
if (err.cors === "rejected" || err.httpStatus === 404) {
|
|
|
|
// Assume IS only supports deprecated v1 API for now
|
|
|
|
// TODO: Remove this path once v2 is only supported version
|
|
|
|
console.warn("IS doesn't support v2 auth");
|
|
|
|
this.authEnabled = false;
|
|
|
|
}
|
|
|
|
}
|
2019-07-29 10:58:47 +00:00
|
|
|
}
|
|
|
|
}
|