From 64516b8a085915d26e9a9a01c9e25a9d9f5e8d4b Mon Sep 17 00:00:00 2001 From: SleepWalker Date: Tue, 17 Oct 2017 20:50:34 +0300 Subject: [PATCH] #359: detect unknown oauth scopes on frontend and log if found any. Provide user friendly fallback in case if no translation for some of scopes --- src/components/auth/actions.js | 17 ++++++++++++++++- .../auth/permissions/PermissionsBody.js | 15 ++++++++++++--- src/index.js | 1 + 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/components/auth/actions.js b/src/components/auth/actions.js index 52369a6..4a5b821 100644 --- a/src/components/auth/actions.js +++ b/src/components/auth/actions.js @@ -189,6 +189,12 @@ export function clearErrors() { return setErrors(null); } +const KNOWN_SCOPES = [ + 'minecraft_server_session', + 'offline_access', + 'account_info', + 'account_email', +]; /** * @param {object} oauthData * @param {string} oauthData.clientId @@ -213,18 +219,27 @@ export function oAuthValidate(oauthData) { return wrapInLoader((dispatch) => oauth.validate(oauthData) .then((resp) => { + const scopes = resp.session.scopes; + const invalidScopes = scopes.filter((scope) => !KNOWN_SCOPES.includes(scope)); let prompt = (oauthData.prompt || 'none').split(',').map((item) => item.trim); + if (prompt.includes('none')) { prompt = ['none']; } + if (invalidScopes.length) { + logger.error('Got invalid scopes after oauth validation', { + invalidScopes + }); + } + dispatch(setClient(resp.client)); dispatch(setOAuthRequest({ ...resp.oAuth, prompt: oauthData.prompt || 'none', loginHint: oauthData.loginHint })); - dispatch(setScopes(resp.session.scopes)); + dispatch(setScopes(scopes)); localStorage.setItem('oauthData', JSON.stringify({ // @see services/authFlow/AuthFlow timestamp: Date.now(), payload: oauthData diff --git a/src/components/auth/permissions/PermissionsBody.js b/src/components/auth/permissions/PermissionsBody.js index 2f5210d..042adb5 100644 --- a/src/components/auth/permissions/PermissionsBody.js +++ b/src/components/auth/permissions/PermissionsBody.js @@ -43,9 +43,18 @@ export default class PermissionsBody extends BaseAuthBody { diff --git a/src/index.js b/src/index.js index ed75d93..0f51030 100644 --- a/src/index.js +++ b/src/index.js @@ -86,6 +86,7 @@ function _trackPageView(location) { if (process.env.NODE_ENV !== 'production') { // some shortcuts for testing on localhost window.testOAuth = (loginHint = '') => location.href = `/oauth2/v1/ely?client_id=ely&redirect_uri=http%3A%2F%2Fely.by%2Fauthorization%2Foauth&response_type=code&scope=account_info%2Caccount_email&login_hint=${loginHint}`; + window.testOAuthPermissions = () => location.href = '/oauth2/v1/tlauncher?client_id=tlauncher&redirect_uri=http%3A%2F%2Flocalhost%3A8080&response_type=code&scope=account_info,account_email'; window.testOAuthPromptAccount = () => location.href = '/oauth2/v1/ely?client_id=ely&redirect_uri=http%3A%2F%2Fely.by%2Fauthorization%2Foauth&response_type=code&scope=account_info%2Caccount_email&prompt=select_account'; window.testOAuthPromptPermissions = (loginHint = '') => location.href = `/oauth2/v1/ely?client_id=ely&redirect_uri=http%3A%2F%2Fely.by%2Fauthorization%2Foauth&response_type=code&scope=account_info%2Caccount_email&prompt=consent&login_hint=${loginHint}`; window.testOAuthPromptAll = () => location.href = '/oauth2/v1/ely?client_id=ely&redirect_uri=http%3A%2F%2Fely.by%2Fauthorization%2Foauth&response_type=code&scope=account_info%2Caccount_email&prompt=select_account,consent';