Server : Apache System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 User : pragmatice ( 1003) PHP Version : 8.2.24 Disable Function : NONE Directory :  /tmp/tsx-1023/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

{"code":"(()=>{\nvar __create=Object.create;var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __getProtoOf=Object.getPrototypeOf;var __hasOwnProp=Object.prototype.hasOwnProperty;var __name=(target,value)=>__defProp(target,\"name\",{value,configurable:true});var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __copyProps=(to,from,except,desc)=>{if(from&&typeof from===\"object\"||typeof from===\"function\"){for(let key of __getOwnPropNames(from))if(!__hasOwnProp.call(to,key)&&key!==except)__defProp(to,key,{get:()=>from[key],enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable})}return to};var __toESM=(mod,isNodeMode,target)=>(target=mod!=null?__create(__getProtoOf(mod)):{},__copyProps(isNodeMode||!mod||!mod.__esModule?__defProp(target,\"default\",{value:mod,enumerable:true}):target,mod));var __toCommonJS=mod=>__copyProps(__defProp({},\"__esModule\",{value:true}),mod);var authorization_code_exports={};__export(authorization_code_exports,{handler:()=>handler,parameters:()=>parameters});module.exports=__toCommonJS(authorization_code_exports);var import_errors=require(\"../../helpers/errors.js\");var import_validate_presence=__toESM(require(\"../../helpers/validate_presence.js\"));var import_weak_cache=__toESM(require(\"../../helpers/weak_cache.js\"));var import_pkce=__toESM(require(\"../../helpers/pkce.js\"));var import_revoke=__toESM(require(\"../../helpers/revoke.js\"));var import_filter_claims=__toESM(require(\"../../helpers/filter_claims.js\"));var import_validate_dpop=__toESM(require(\"../../helpers/validate_dpop.js\"));var import_resolve_resource=__toESM(require(\"../../helpers/resolve_resource.js\"));var import_epoch_time=__toESM(require(\"../../helpers/epoch_time.js\"));const gty=\"authorization_code\";const handler=__name(async function authorizationCodeHandler(ctx,next){const{issueRefreshToken,allowOmittingSingleRegisteredRedirectUri,conformIdTokenClaims,features:{userinfo,mTLS:{getCertificate},resourceIndicators}}=(0,import_weak_cache.default)(ctx.oidc.provider).configuration();if(allowOmittingSingleRegisteredRedirectUri&&ctx.oidc.params.redirect_uri===void 0){const{0:uri,length}=ctx.oidc.client.redirectUris;if(uri&&length===1){ctx.oidc.params.redirect_uri=uri}}(0,import_validate_presence.default)(ctx,\"code\",\"redirect_uri\");const dPoP=await(0,import_validate_dpop.default)(ctx);const code=await ctx.oidc.provider.AuthorizationCode.find(ctx.oidc.params.code,{ignoreExpiration:true});if(!code){throw new import_errors.InvalidGrant(\"authorization code not found\")}if(code.clientId!==ctx.oidc.client.clientId){throw new import_errors.InvalidGrant(\"client mismatch\")}if(code.isExpired){throw new import_errors.InvalidGrant(\"authorization code is expired\")}const grant=await ctx.oidc.provider.Grant.find(code.grantId,{ignoreExpiration:true});if(!grant){throw new import_errors.InvalidGrant(\"grant not found\")}if(grant.isExpired){throw new import_errors.InvalidGrant(\"grant is expired\")}(0,import_pkce.default)(ctx.oidc.params.code_verifier,code.codeChallenge,code.codeChallengeMethod);let cert;if(ctx.oidc.client.tlsClientCertificateBoundAccessTokens){cert=getCertificate(ctx);if(!cert){throw new import_errors.InvalidGrant(\"mutual TLS client certificate not provided\")}}if(!dPoP&&ctx.oidc.client.dpopBoundAccessTokens){throw new import_errors.InvalidGrant(\"DPoP proof JWT not provided\")}if(grant.clientId!==ctx.oidc.client.clientId){throw new import_errors.InvalidGrant(\"client mismatch\")}if(code.redirectUri!==ctx.oidc.params.redirect_uri){throw new import_errors.InvalidGrant(\"authorization code redirect_uri mismatch\")}if(code.consumed){await(0,import_revoke.default)(ctx,code.grantId);throw new import_errors.InvalidGrant(\"authorization code already consumed\")}await code.consume();ctx.oidc.entity(\"AuthorizationCode\",code);ctx.oidc.entity(\"Grant\",grant);const account=await ctx.oidc.provider.Account.findAccount(ctx,code.accountId,code);if(!account){throw new import_errors.InvalidGrant(\"authorization code invalid (referenced account not found)\")}if(code.accountId!==grant.accountId){throw new import_errors.InvalidGrant(\"accountId mismatch\")}ctx.oidc.entity(\"Account\",account);const{AccessToken,IdToken,RefreshToken,ReplayDetection}=ctx.oidc.provider;const at=new AccessToken({accountId:account.accountId,client:ctx.oidc.client,expiresWithSession:code.expiresWithSession,grantId:code.grantId,gty,sessionUid:code.sessionUid,sid:code.sid});if(ctx.oidc.client.tlsClientCertificateBoundAccessTokens){at.setThumbprint(\"x5t\",cert)}if(code.dpopJkt&&!dPoP){throw new import_errors.InvalidGrant(\"missing DPoP proof JWT\")}if(dPoP){const unique=await ReplayDetection.unique(ctx.oidc.client.clientId,dPoP.jti,(0,import_epoch_time.default)()+300);ctx.assert(unique,new import_errors.InvalidGrant(\"DPoP proof JWT Replay detected\"));if(code.dpopJkt&&code.dpopJkt!==dPoP.thumbprint){throw new import_errors.InvalidGrant(\"DPoP proof key thumbprint does not match dpop_jkt\")}at.setThumbprint(\"jkt\",dPoP.thumbprint)}const resource=await(0,import_resolve_resource.default)(ctx,code,{userinfo,resourceIndicators});if(resource){const resourceServerInfo=await resourceIndicators.getResourceServerInfo(ctx,resource,ctx.oidc.client);at.resourceServer=new ctx.oidc.provider.ResourceServer(resource,resourceServerInfo);at.scope=grant.getResourceScopeFiltered(resource,code.scopes)}else{at.claims=code.claims;at.scope=grant.getOIDCScopeFiltered(code.scopes)}ctx.oidc.entity(\"AccessToken\",at);const accessToken=await at.save();let refreshToken;if(await issueRefreshToken(ctx,ctx.oidc.client,code)){const rt=new RefreshToken({accountId:account.accountId,acr:code.acr,amr:code.amr,authTime:code.authTime,claims:code.claims,client:ctx.oidc.client,expiresWithSession:code.expiresWithSession,grantId:code.grantId,gty,nonce:code.nonce,resource:code.resource,rotations:0,scope:code.scope,sessionUid:code.sessionUid,sid:code.sid});if(ctx.oidc.client.clientAuthMethod===\"none\"){if(at.jkt){rt.jkt=at.jkt}if(at[\"x5t#S256\"]){rt[\"x5t#S256\"]=at[\"x5t#S256\"]}}ctx.oidc.entity(\"RefreshToken\",rt);refreshToken=await rt.save()}let idToken;if(code.scopes.has(\"openid\")){const claims=(0,import_filter_claims.default)(code.claims,\"id_token\",grant);const rejected=grant.getRejectedOIDCClaims();const token=new IdToken({...await account.claims(\"id_token\",code.scope,claims,rejected),acr:code.acr,amr:code.amr,auth_time:code.authTime},{ctx});if(conformIdTokenClaims&&userinfo.enabled&&!at.aud){token.scope=\"openid\"}else{token.scope=grant.getOIDCScopeFiltered(code.scopes)}token.mask=claims;token.rejected=rejected;token.set(\"nonce\",code.nonce);token.set(\"at_hash\",accessToken);token.set(\"sid\",code.sid);idToken=await token.issue({use:\"idtoken\"})}ctx.body={access_token:accessToken,expires_in:at.expiration,id_token:idToken,refresh_token:refreshToken,scope:at.scope,token_type:at.tokenType};await next()},\"authorizationCodeHandler\");const parameters=new Set([\"code\",\"code_verifier\",\"redirect_uri\"]);0&&(module.exports={handler,parameters});\n})()\n","warnings":[],"map":{"version":3,"mappings":";i/BAAA,iMAA6B,mCAC7B,6BAAqB,uDACrB,sBAAqB,gDACrB,gBAAsB,0CACtB,kBAAmB,4CACnB,yBAAyB,mDACzB,yBAAyB,mDACzB,4BAA4B,sDAC5B,sBAAsB,gDAEtB,MAAM,IAAM,qBAEL,MAAM,QAAU,sBAAe,yBAAyB,IAAK,KAAM,CACxE,KAAM,CACJ,kBACA,yCACA,qBACA,SAAU,CACR,SACA,KAAM,CAAE,cAAe,EACvB,kBACF,CACF,KAAI,kBAAAA,SAAS,IAAI,KAAK,QAAQ,EAAE,cAAc,EAE9C,GAAI,0CAA4C,IAAI,KAAK,OAAO,eAAiB,OAAW,CAE1F,KAAM,CAAE,EAAG,IAAK,MAAO,EAAI,IAAI,KAAK,OAAO,aAC3C,GAAI,KAAO,SAAW,EAAG,CACvB,IAAI,KAAK,OAAO,aAAe,GACjC,CACF,IAEA,yBAAAC,SAAS,IAAK,OAAQ,cAAc,EAEpC,MAAM,KAAO,QAAM,qBAAAC,SAAa,GAAG,EAEnC,MAAM,KAAO,MAAM,IAAI,KAAK,SAAS,kBAAkB,KAAK,IAAI,KAAK,OAAO,KAAM,CAChF,iBAAkB,IACpB,CAAC,EAED,GAAI,CAAC,KAAM,CACT,MAAM,IAAI,2BAAa,8BAA8B,CACvD,CAEA,GAAI,KAAK,WAAa,IAAI,KAAK,OAAO,SAAU,CAC9C,MAAM,IAAI,2BAAa,iBAAiB,CAC1C,CAEA,GAAI,KAAK,UAAW,CAClB,MAAM,IAAI,2BAAa,+BAA+B,CACxD,CAEA,MAAM,MAAQ,MAAM,IAAI,KAAK,SAAS,MAAM,KAAK,KAAK,QAAS,CAC7D,iBAAkB,IACpB,CAAC,EAED,GAAI,CAAC,MAAO,CACV,MAAM,IAAI,2BAAa,iBAAiB,CAC1C,CAEA,GAAI,MAAM,UAAW,CACnB,MAAM,IAAI,2BAAa,kBAAkB,CAC3C,IAEA,YAAAC,SAAU,IAAI,KAAK,OAAO,cAAe,KAAK,cAAe,KAAK,mBAAmB,EAErF,IAAI,KACJ,GAAI,IAAI,KAAK,OAAO,sCAAuC,CACzD,KAAO,eAAe,GAAG,EACzB,GAAI,CAAC,KAAM,CACT,MAAM,IAAI,2BAAa,4CAA4C,CACrE,CACF,CAEA,GAAI,CAAC,MAAQ,IAAI,KAAK,OAAO,sBAAuB,CAClD,MAAM,IAAI,2BAAa,6BAA6B,CACtD,CAEA,GAAI,MAAM,WAAa,IAAI,KAAK,OAAO,SAAU,CAC/C,MAAM,IAAI,2BAAa,iBAAiB,CAC1C,CAEA,GAAI,KAAK,cAAgB,IAAI,KAAK,OAAO,aAAc,CACrD,MAAM,IAAI,2BAAa,0CAA0C,CACnE,CAEA,GAAI,KAAK,SAAU,CACjB,QAAM,cAAAC,SAAO,IAAK,KAAK,OAAO,EAC9B,MAAM,IAAI,2BAAa,qCAAqC,CAC9D,CAEA,MAAM,KAAK,QAAQ,EAEnB,IAAI,KAAK,OAAO,oBAAqB,IAAI,EACzC,IAAI,KAAK,OAAO,QAAS,KAAK,EAE9B,MAAM,QAAU,MAAM,IAAI,KAAK,SAAS,QAAQ,YAAY,IAAK,KAAK,UAAW,IAAI,EAErF,GAAI,CAAC,QAAS,CACZ,MAAM,IAAI,2BAAa,2DAA2D,CACpF,CAEA,GAAI,KAAK,YAAc,MAAM,UAAW,CACtC,MAAM,IAAI,2BAAa,oBAAoB,CAC7C,CAEA,IAAI,KAAK,OAAO,UAAW,OAAO,EAElC,KAAM,CACJ,YAAa,QAAS,aAAc,eACtC,EAAI,IAAI,KAAK,SAEb,MAAM,GAAK,IAAI,YAAY,CACzB,UAAW,QAAQ,UACnB,OAAQ,IAAI,KAAK,OACjB,mBAAoB,KAAK,mBACzB,QAAS,KAAK,QACd,IACA,WAAY,KAAK,WACjB,IAAK,KAAK,GACZ,CAAC,EAED,GAAI,IAAI,KAAK,OAAO,sCAAuC,CACzD,GAAG,cAAc,MAAO,IAAI,CAC9B,CAEA,GAAI,KAAK,SAAW,CAAC,KAAM,CACzB,MAAM,IAAI,2BAAa,wBAAwB,CACjD,CAEA,GAAI,KAAM,CACR,MAAM,OAAS,MAAM,gBAAgB,OACnC,IAAI,KAAK,OAAO,SAChB,KAAK,OACL,kBAAAC,SAAU,EAAI,GAChB,EAEA,IAAI,OAAO,OAAQ,IAAI,2BAAa,gCAAgC,CAAC,EAErE,GAAI,KAAK,SAAW,KAAK,UAAY,KAAK,WAAY,CACpD,MAAM,IAAI,2BAAa,mDAAmD,CAC5E,CAEA,GAAG,cAAc,MAAO,KAAK,UAAU,CACzC,CAEA,MAAM,SAAW,QAAM,wBAAAC,SAAgB,IAAK,KAAM,CAAE,SAAU,kBAAmB,CAAC,EAElF,GAAI,SAAU,CACZ,MAAM,mBAAqB,MAAM,mBAC9B,sBAAsB,IAAK,SAAU,IAAI,KAAK,MAAM,EACvD,GAAG,eAAiB,IAAI,IAAI,KAAK,SAAS,eAAe,SAAU,kBAAkB,EACrF,GAAG,MAAQ,MAAM,yBAAyB,SAAU,KAAK,MAAM,CACjE,KAAO,CACL,GAAG,OAAS,KAAK,OACjB,GAAG,MAAQ,MAAM,qBAAqB,KAAK,MAAM,CACnD,CAEA,IAAI,KAAK,OAAO,cAAe,EAAE,EACjC,MAAM,YAAc,MAAM,GAAG,KAAK,EAElC,IAAI,aACJ,GAAI,MAAM,kBAAkB,IAAK,IAAI,KAAK,OAAQ,IAAI,EAAG,CACvD,MAAM,GAAK,IAAI,aAAa,CAC1B,UAAW,QAAQ,UACnB,IAAK,KAAK,IACV,IAAK,KAAK,IACV,SAAU,KAAK,SACf,OAAQ,KAAK,OACb,OAAQ,IAAI,KAAK,OACjB,mBAAoB,KAAK,mBACzB,QAAS,KAAK,QACd,IACA,MAAO,KAAK,MACZ,SAAU,KAAK,SACf,UAAW,EACX,MAAO,KAAK,MACZ,WAAY,KAAK,WACjB,IAAK,KAAK,GACZ,CAAC,EAED,GAAI,IAAI,KAAK,OAAO,mBAAqB,OAAQ,CAC/C,GAAI,GAAG,IAAK,CACV,GAAG,IAAM,GAAG,GACd,CAEA,GAAI,GAAG,UAAU,EAAG,CAClB,GAAG,UAAU,EAAI,GAAG,UAAU,CAChC,CACF,CAEA,IAAI,KAAK,OAAO,eAAgB,EAAE,EAClC,aAAe,MAAM,GAAG,KAAK,CAC/B,CAEA,IAAI,QACJ,GAAI,KAAK,OAAO,IAAI,QAAQ,EAAG,CAC7B,MAAM,UAAS,qBAAAC,SAAa,KAAK,OAAQ,WAAY,KAAK,EAC1D,MAAM,SAAW,MAAM,sBAAsB,EAC7C,MAAM,MAAQ,IAAI,QAAQ,CACxB,GAAG,MAAM,QAAQ,OAAO,WAAY,KAAK,MAAO,OAAQ,QAAQ,EAChE,IAAK,KAAK,IACV,IAAK,KAAK,IACV,UAAW,KAAK,QAClB,EAAG,CAAE,GAAI,CAAC,EAEV,GAAI,sBAAwB,SAAS,SAAW,CAAC,GAAG,IAAK,CACvD,MAAM,MAAQ,QAChB,KAAO,CACL,MAAM,MAAQ,MAAM,qBAAqB,KAAK,MAAM,CACtD,CAEA,MAAM,KAAO,OACb,MAAM,SAAW,SAEjB,MAAM,IAAI,QAAS,KAAK,KAAK,EAC7B,MAAM,IAAI,UAAW,WAAW,EAChC,MAAM,IAAI,MAAO,KAAK,GAAG,EAEzB,QAAU,MAAM,MAAM,MAAM,CAAE,IAAK,SAAU,CAAC,CAChD,CAEA,IAAI,KAAO,CACT,aAAc,YACd,WAAY,GAAG,WACf,SAAU,QACV,cAAe,aACf,MAAO,GAAG,MACV,WAAY,GAAG,SACjB,EAEA,MAAM,KAAK,CACb,EA5NuB,4BA8NhB,MAAM,WAAa,IAAI,IAAI,CAAC,OAAQ,gBAAiB,cAAc,CAAC","names":["instance","presence","dpopValidate","checkPKCE","revoke","epochTime","resolveResource","filterClaims"],"ignoreList":[],"sources":["/home/etherpad/node_modules/.pnpm/oidc-provider@8.4.6/node_modules/oidc-provider/lib/actions/grants/authorization_code.js"],"sourcesContent":[null]}}