Finished adding resources, ready to merge back into master

djluck · Apr 6, 2015 · 280151f · 280151f
1 parent 921fc0f
commit 280151f
Show file tree

Hide file tree

Showing 9 changed files with 85 additions and 108 deletions.
diff --git a/azure_ad_client.js b/azure_ad_client.js
@@ -12,7 +12,14 @@ AzureAd.requestCredential = function (options, credentialRequestCompleteCallback
         options = {};
     }
 
-    var config = AzureAd.getConfiguration();
+    var config = AzureAd.getConfiguration(true);
+    if (!config) {
+        credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+            new ServiceConfiguration.ConfigError());
+        return;
+    }
+
+    var loginStyle = OAuth._loginStyle('azureAd', config, options);
     var credentialToken = Random.secret();
 
     var baseUrl = "https://login.windows.net/" + config.tennantId + "/oauth2/authorize?";

diff --git a/azure_ad_server.js b/azure_ad_server.js
@@ -1,3 +1,5 @@
+AzureAd.whitelistedFields = ['objectId', 'userPrincipleName', 'mail', 'displayName', 'surname', 'givenName'];
+
 OAuth.registerService('azureAd', 2, null, function(query) {
 
     var tokens = getTokensFromCode(AzureAd.resources.graph.resourceUri, query.code);
@@ -7,7 +9,7 @@ OAuth.registerService('azureAd', 2, null, function(query) {
         expiresAt: (+new Date) + (1000 * tokens.expiresIn)
     };
 
-    var fields = _.pick(graphUser, AzureAd.resources.graph.whitelistedFields);
+    var fields = _.pick(graphUser, AzureAd.whitelistedFields);
 
     //must re-write the objectId field to id - meteor expects a field named "id"
     fields.id = fields.objectId; //we should add

diff --git a/lib/azureAd.js b/lib/azureAd.js
@@ -1 +1,16 @@
-AzureAd = {}
+AzureAd = {}
+
+AzureAd.getConfiguration = function(returnNullIfMissing){
+    var config = ServiceConfiguration.configurations.findOne({service: 'azureAd'});
+
+    if (!config && !returnNullIfMissing)
+        throw new ServiceConfiguration.ConfigError();
+    else if (!config && returnNullIfMissing)
+        return null;
+
+    //MUST be "popup" - currently Azure AD does not allow for url parameters in redirect URI's. If a null popup style is assigned, then
+    //the url parameter "close" is appended and authentication will fail.
+    config.loginStyle = "popup";
+
+    return config;
+};
diff --git a/lib/config.js b/lib/config.js
diff --git a/lib/resources.js b/lib/resources.js
@@ -1,27 +1,64 @@
 AzureAd.resources = {};
 
-AzureAd.resources.collection = {} //create collection here that just stores names
-
-AzureAd.resources.registerResource = function(resourceUri) {
+var resources = {};
 
+AzureAd.resources.registerResource = function(friendlyName, resourceUri){
+    resources[friendlyName] = resourceUri;
 };
 
-AzureAd.resources.getOrUpdateUserAccessToken = function(resourceUri, user){
-    //check for null user
-
-    //check for un-authenticated user
+AzureAd.resources.getOrUpdateUserAccessToken = function(friendlyName, user){
+    checkResourceExists(friendlyName);
+    checkUserIsDefined(user);
+    ensureAzureAdResourcesOnUser(user, friendlyName);
 
-    //get token using refresh token
+    if (isAccessTokenMissingOrExpired(user, friendlyName)){
+        var tokens = getTokensForResource(user, friendlyName);
+        saveTokensForUser(user, friendlyName, tokens);
+    }
 
-    //probably a good idea to include
-    //serviceData.resources - graph + office?
+    return user.azureAdResources[friendlyName].accessToken;
+}
 
-    return AzureAd.http.getAccessTokensBase(resourceUri, {
+function getTokensForResource(user, friendlyName){
+    return AzureAd.http.getAccessTokensBase(resources[friendlyName], {
         grant_type: 'refresh_token',
-        refresh_token: refreshToken
+        refresh_token: user.services.azureAd.refreshToken
     });
 }
 
+function saveTokensForUser(user, friendlyName, tokens){
+    user.azureAdResources[friendlyName] = tokens;
+    var modifier = { "$set" : {} };
+    modifier["$set"]["azureAdResources." + friendlyName] = user.azureAdResources[friendlyName];
+
+    Meteor.users.update(user._id, modifier);
+}
+
+function isAccessTokenMissingOrExpired(user, friendlyName){
+    return !user.azureAdResources[friendlyName].accessToken || user.azureAdResources[friendlyName].expiresAt >= new Date();
+}
+
+function checkUserIsDefined(user) {
+    if (!user){
+        throw new Meteor.Error("azure-active-directory:User required", "The supplied user is null or undefined");
+    }
+}
+
+function ensureAzureAdResourcesOnUser(user, friendlyName){
+    if (!user.azureAdResources){
+        user.azureAdResources = {};
+    }
+    if (!user.azureAdResources[friendlyName]){
+        user.azureAdResources[friendlyName] = {};
+    }
+}
+
+function checkResourceExists(friendlyName){
+    if (!(friendlyName in resources)) {
+        var details = "Could not find a resource with the friendly name '" + friendlyName + "'.";
+        throw new Meteor.Error("azure-active-directory:Resource not registered", details);
+    }
+}
 
 
 

diff --git a/lib/serverHttp.js b/lib/serverHttp.js
@@ -7,7 +7,10 @@ AzureAd.http.call = function (method, url, options) {
         response = HTTP.call(method, url, options)
     }
     catch (err) {
-        var details = JSON.stringify({url : url});
+        var details = JSON.stringify({
+            url : url,
+            requestParams : options.params
+        });
         throw new Meteor.Error("azure-active-directory:failed HTTP request", err.message, details);
     }
 
@@ -46,7 +49,6 @@ AzureAd.http.getAccessTokensBase = function (resourceUri, additionalRequestParam
         resource: resourceUri
     };
     var requestBody = _.extend(baseParams, additionalRequestParams);
-
     var response = AzureAd.http.call("POST", url, { params: requestBody });
 
     return {

diff --git a/package.js b/package.js
@@ -1,6 +1,6 @@
 Package.describe({
     summary: "Azure Active Directory OAuth flow",
-    version: "0.2.5",
+    version: "0.3.0",
     name: "wiseguyeh:azure-active-directory",
     git: "https://github.com/djluck/azure-active-directory"
 });
@@ -14,10 +14,9 @@ Package.onUse(function(api) {
     api.use('[email protected]', ['client', 'server']);
 
     api.export('AzureAd');
-    api.export('Graph');
 
-    api.addFiles(['azureAd.js', 'config.js']);
-    api.addFiles(['resources.js', 'serverHttp.js', 'resources/graph.js'], 'server');
+    api.addFiles(['lib/azureAd.js']);
+    api.addFiles(['lib/resources.js', 'lib/serverHttp.js', 'resources/graph.js'], 'server');
     api.addFiles(['azure_ad_configure.html', 'azure_ad_configure.js'], 'client');
     api.addFiles('azure_ad_server.js', 'server');
     api.addFiles('azure_ad_client.js', 'client');

diff --git a/resources/graph.js b/resources/graph.js
@@ -1,6 +1,6 @@
 AzureAd.resources.graph = {};
+AzureAd.resources.graph.friendlyName = "graph";
 AzureAd.resources.graph.resourceUri = "https://graph.windows.net/";
-AzureAd.resources.graph.whitelistedFields = ['objectId', 'userPrincipleName', 'mail', 'displayName', 'surname', 'givenName'];
 
 AzureAd.resources.graph.getUser = function (accessToken) {
     var config = AzureAd.getConfiguration();
@@ -11,6 +11,6 @@ AzureAd.resources.graph.getUser = function (accessToken) {
 
 if (Meteor.isServer){
     Meteor.startup(function(){
-        AzureAd.resources.registerResource(AzureAd.resources.graph.resourceUri);
+        AzureAd.resources.registerResource(AzureAd.resources.graph.friendlyName, AzureAd.resources.graph.resourceUri);
     });
 }
diff --git a/todo.js b/todo.js