Server : Apache
System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
User : pragmatice ( 1003)
PHP Version : 8.2.24
Disable Function : NONE
Directory : /tmp/tsx-1023/
|
Server : Apache System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 User : pragmatice ( 1003) PHP Version : 8.2.24 Disable Function : NONE Directory : /tmp/tsx-1023/ |
{"code":"(()=>{\nvar __create=Object.create;var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __getProtoOf=Object.getPrototypeOf;var __hasOwnProp=Object.prototype.hasOwnProperty;var __name=(target,value)=>__defProp(target,\"name\",{value,configurable:true});var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __copyProps=(to,from,except,desc)=>{if(from&&typeof from===\"object\"||typeof from===\"function\"){for(let key of __getOwnPropNames(from))if(!__hasOwnProp.call(to,key)&&key!==except)__defProp(to,key,{get:()=>from[key],enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable})}return to};var __toESM=(mod,isNodeMode,target)=>(target=mod!=null?__create(__getProtoOf(mod)):{},__copyProps(isNodeMode||!mod||!mod.__esModule?__defProp(target,\"default\",{value:mod,enumerable:true}):target,mod));var __toCommonJS=mod=>__copyProps(__defProp({},\"__esModule\",{value:true}),mod);var id_token_exports={};__export(id_token_exports,{default:()=>getIdToken});module.exports=__toCommonJS(id_token_exports);var import_node_util=require(\"node:util\");var import_oidc_token_hash=require(\"oidc-token-hash\");var import_merge=__toESM(require(\"../helpers/_/merge.js\"));var import_epoch_time=__toESM(require(\"../helpers/epoch_time.js\"));var JWT=__toESM(require(\"../helpers/jwt.js\"));var import_errors=require(\"../helpers/errors.js\");var import_weak_cache=__toESM(require(\"../helpers/weak_cache.js\"));var import_is_plain_object=__toESM(require(\"../helpers/_/is_plain_object.js\"));const hashes=[\"at_hash\",\"c_hash\",\"s_hash\",\"urn:openid:params:jwt:claim:rt_hash\"];const messages={sig:{idtoken:\"client secret is expired - cannot issue an ID Token (%s)\",logout:\"client secret is expired - cannot issue a Logout Token (%s)\",userinfo:\"client secret is expired - cannot respond with %s JWT UserInfo response\",introspection:\"client secret is expired - cannot respond with %s JWT Introspection response\"},enc:{idtoken:\"client secret is expired - cannot issue an encrypted ID Token (%s)\",logout:\"client secret is expired - cannot issue an encrypted Logout Token (%s)\",userinfo:\"client secret is expired - cannot respond with %s encrypted JWT UserInfo response\",introspection:\"client secret is expired - cannot respond with %s encrypted JWT Introspection response\"}};function getIdToken(provider){return class IdToken{static{__name(this,\"IdToken\")}constructor(available,{ctx,client=ctx?ctx.oidc.client:void 0}){if(!(0,import_is_plain_object.default)(available)){throw new TypeError(\"expected claims to be an object, are you sure claims() method resolves with or returns one?\")}this.extra={};this.available=available;this.client=client;this.ctx=ctx}static expiresIn(...args){const ttl=(0,import_weak_cache.default)(provider).configuration(`ttl.${this.name}`);if(typeof ttl===\"number\"){return ttl}return ttl(...args)}set(key,value){this.extra[key]=value}async payload(){const mask=new provider.Claims(this.available,{ctx:this.ctx,client:this.client});mask.scope(this.scope);mask.mask(this.mask);mask.rejected(this.rejected);return(0,import_merge.default)({},await mask.result(),this.extra)}async issue({use,expiresAt=null}={}){const{client}=this;const expiresIn=expiresAt?expiresAt-(0,import_epoch_time.default)():void 0;let alg;const payload=await this.payload();let signOptions;let encryption;switch(use){case\"idtoken\":alg=client.idTokenSignedResponseAlg;signOptions={audience:client.clientId,expiresIn:expiresIn||this.constructor.expiresIn(this.ctx,this,client),issuer:provider.issuer,subject:payload.sub};encryption={alg:client.idTokenEncryptedResponseAlg,enc:client.idTokenEncryptedResponseEnc};break;case\"logout\":alg=client.idTokenSignedResponseAlg;signOptions={audience:client.clientId,issuer:provider.issuer,subject:payload.sub,typ:\"logout+jwt\"};encryption={alg:client.idTokenEncryptedResponseAlg,enc:client.idTokenEncryptedResponseEnc};break;case\"userinfo\":alg=client.userinfoSignedResponseAlg;signOptions={audience:client.clientId,issuer:provider.issuer,subject:payload.sub,expiresIn};encryption={alg:client.userinfoEncryptedResponseAlg,enc:client.userinfoEncryptedResponseEnc};break;case\"introspection\":alg=client.introspectionSignedResponseAlg;signOptions={audience:client.clientId,issuer:provider.issuer,typ:\"token-introspection+jwt\"};encryption={alg:client.introspectionEncryptedResponseAlg,enc:client.introspectionEncryptedResponseEnc};break;case\"authorization\":alg=client.authorizationSignedResponseAlg;signOptions={audience:client.clientId,expiresIn:120,issuer:provider.issuer,noIat:true};encryption={alg:client.authorizationEncryptedResponseAlg,enc:client.authorizationEncryptedResponseEnc};break;default:throw new TypeError(\"invalid use option\")}const signed=await(async()=>{if(typeof alg!==\"string\"){throw new Error}let jwk2;let key;if(alg.startsWith(\"HS\")){if(use!==\"authorization\"){client.checkClientSecretExpiration((0,import_node_util.format)(messages.sig[use],alg))}[jwk2]=client.symmetricKeyStore.selectForSign({alg,use:\"sig\"});key=await client.symmetricKeyStore.getKeyObject(jwk2,alg)}else{[jwk2]=(0,import_weak_cache.default)(provider).keystore.selectForSign({alg,use:\"sig\"});key=await(0,import_weak_cache.default)(provider).keystore.getKeyObject(jwk2,alg).catch(()=>{throw new Error(`provider key (kid: ${jwk2.kid}) is invalid`)})}if(use===\"idtoken\"){hashes.forEach(claim=>{if(payload[claim]){payload[claim]=(0,import_oidc_token_hash.generate)(payload[claim],alg,jwk2.crv)}})}if(jwk2){signOptions.fields={kid:jwk2.kid}}return JWT.sign(payload,key,alg,signOptions)})();if(!encryption.enc){return signed}if(/^(A|dir$)/.test(encryption.alg)){if(use!==\"authorization\"){client.checkClientSecretExpiration((0,import_node_util.format)(messages.enc[use],encryption.alg))}}let jwk;let encryptionKey;if(encryption.alg===\"dir\"){[jwk]=client.symmetricKeyStore.selectForEncrypt({alg:encryption.enc,use:\"enc\"});jwk&&(encryptionKey=await client.symmetricKeyStore.getKeyObject(jwk,encryption.enc))}else if(encryption.alg.startsWith(\"A\")){[jwk]=client.symmetricKeyStore.selectForEncrypt({alg:encryption.alg,use:\"enc\"});jwk&&(encryptionKey=await client.symmetricKeyStore.getKeyObject(jwk,encryption.alg))}else{await client.asymmetricKeyStore.refresh();[jwk]=client.asymmetricKeyStore.selectForEncrypt({alg:encryption.alg,use:\"enc\"});jwk&&(encryptionKey=await client.asymmetricKeyStore.getKeyObject(jwk,encryption.alg))}if(!encryptionKey){throw new import_errors.InvalidClientMetadata(`no suitable encryption key found (${encryption.alg})`)}const{kid}=jwk;return JWT.encrypt(signed,encryptionKey,{enc:encryption.enc,alg:encryption.alg,fields:{cty:\"JWT\",kid,iss:signOptions.issuer,aud:signOptions.audience}})}static async validate(jwt,client){const alg=client.idTokenSignedResponseAlg;let keyOrStore;if(alg.startsWith(\"HS\")){client.checkClientSecretExpiration(\"client secret is expired - cannot validate ID Token Hint\");keyOrStore=client.symmetricKeyStore}else{keyOrStore=(0,import_weak_cache.default)(provider).keystore}const opts={ignoreExpiration:true,audience:client.clientId,issuer:provider.issuer,clockTolerance:(0,import_weak_cache.default)(provider).configuration(\"clockTolerance\"),algorithm:alg,subject:true};if(keyOrStore===void 0){const decoded=JWT.decode(jwt);JWT.assertHeader(decoded.header,opts);JWT.assertPayload(decoded.payload,opts);return decoded}return JWT.verify(jwt,keyOrStore,opts)}}}__name(getIdToken,\"getIdToken\");\n})()\n","warnings":[],"map":{"version":3,"mappings":";i/BAAA,0HACA,qBAAuB,qBAEvB,2BAAsC,2BAEtC,iBAAkB,0CAClB,sBAAsB,6CACtB,QAAqB,sCACrB,kBAAsC,gCACtC,sBAAqB,6CACrB,2BAA0B,oDAE1B,MAAM,OAAS,CAAC,UAAW,SAAU,SAAU,qCAAqC,EAEpF,MAAM,SAAW,CACf,IAAK,CACH,QAAS,2DACT,OAAQ,8DACR,SAAU,0EACV,cAAe,8EACjB,EACA,IAAK,CACH,QAAS,qEACT,OAAQ,yEACR,SAAU,oFACV,cAAe,wFACjB,CACF,EAEe,SAAR,WAA4B,SAAU,CAC3C,OAAO,MAAM,OAAQ,CA9BvB,MA8BuB,wBACnB,YAAY,UAAW,CAAE,IAAK,OAAS,IAAM,IAAI,KAAK,OAAS,MAAU,EAAG,CAC1E,GAAI,IAAC,uBAAAA,SAAc,SAAS,EAAG,CAC7B,MAAM,IAAI,UAAU,6FAA6F,CACnH,CACA,KAAK,MAAQ,CAAC,EACd,KAAK,UAAY,UACjB,KAAK,OAAS,OACd,KAAK,IAAM,GACb,CAEA,OAAO,aAAa,KAAM,CACxB,MAAM,OAAM,kBAAAC,SAAS,QAAQ,EAAE,cAAc,OAAO,KAAK,IAAI,EAAE,EAE/D,GAAI,OAAO,MAAQ,SAAU,CAC3B,OAAO,GACT,CAEA,OAAO,IAAI,GAAG,IAAI,CACpB,CAEA,IAAI,IAAK,MAAO,CAAE,KAAK,MAAM,GAAG,EAAI,KAAO,CAE3C,MAAM,SAAU,CACd,MAAM,KAAO,IAAI,SAAS,OAAO,KAAK,UAAW,CAAE,IAAK,KAAK,IAAK,OAAQ,KAAK,MAAO,CAAC,EAEvF,KAAK,MAAM,KAAK,KAAK,EACrB,KAAK,KAAK,KAAK,IAAI,EACnB,KAAK,SAAS,KAAK,QAAQ,EAE3B,SAAO,aAAAC,SAAM,CAAC,EAAG,MAAM,KAAK,OAAO,EAAG,KAAK,KAAK,CAClD,CAEA,MAAM,MAAM,CAAE,IAAK,UAAY,IAAK,EAAI,CAAC,EAAG,CAC1C,KAAM,CAAE,MAAO,EAAI,KACnB,MAAM,UAAY,UAAY,aAAY,kBAAAC,SAAU,EAAI,OACxD,IAAI,IAEJ,MAAM,QAAU,MAAM,KAAK,QAAQ,EACnC,IAAI,YACJ,IAAI,WAEJ,OAAQ,IAAK,CACX,IAAK,UACH,IAAM,OAAO,yBACb,YAAc,CACZ,SAAU,OAAO,SACjB,UAAY,WAAa,KAAK,YAAY,UAAU,KAAK,IAAK,KAAM,MAAM,EAC1E,OAAQ,SAAS,OACjB,QAAS,QAAQ,GACnB,EACA,WAAa,CACX,IAAK,OAAO,4BACZ,IAAK,OAAO,2BACd,EACA,MACF,IAAK,SACH,IAAM,OAAO,yBACb,YAAc,CACZ,SAAU,OAAO,SACjB,OAAQ,SAAS,OACjB,QAAS,QAAQ,IACjB,IAAK,YACP,EACA,WAAa,CACX,IAAK,OAAO,4BACZ,IAAK,OAAO,2BACd,EACA,MACF,IAAK,WACH,IAAM,OAAO,0BACb,YAAc,CACZ,SAAU,OAAO,SACjB,OAAQ,SAAS,OACjB,QAAS,QAAQ,IACjB,SACF,EACA,WAAa,CACX,IAAK,OAAO,6BACZ,IAAK,OAAO,4BACd,EACA,MACF,IAAK,gBACH,IAAM,OAAO,+BACb,YAAc,CACZ,SAAU,OAAO,SACjB,OAAQ,SAAS,OACjB,IAAK,yBACP,EACA,WAAa,CACX,IAAK,OAAO,kCACZ,IAAK,OAAO,iCACd,EACA,MACF,IAAK,gBACH,IAAM,OAAO,+BACb,YAAc,CACZ,SAAU,OAAO,SACjB,UAAW,IACX,OAAQ,SAAS,OACjB,MAAO,IACT,EACA,WAAa,CACX,IAAK,OAAO,kCACZ,IAAK,OAAO,iCACd,EACA,MACF,QACE,MAAM,IAAI,UAAU,oBAAoB,CAC5C,CAEA,MAAM,OAAS,MAAO,SAAY,CAChC,GAAI,OAAO,MAAQ,SAAU,CAC3B,MAAM,IAAI,KACZ,CACA,IAAIC,KACJ,IAAI,IACJ,GAAI,IAAI,WAAW,IAAI,EAAG,CACxB,GAAI,MAAQ,gBAAiB,CAC3B,OAAO,+BAA4B,yBAAO,SAAS,IAAI,GAAG,EAAG,GAAG,CAAC,CACnE,CACA,CAACA,IAAG,EAAI,OAAO,kBAAkB,cAAc,CAAE,IAAK,IAAK,KAAM,CAAC,EAClE,IAAM,MAAM,OAAO,kBAAkB,aAAaA,KAAK,GAAG,CAC5D,KAAO,CACL,CAACA,IAAG,KAAI,kBAAAH,SAAS,QAAQ,EAAE,SAAS,cAAc,CAAE,IAAK,IAAK,KAAM,CAAC,EACrE,IAAM,QAAM,kBAAAA,SAAS,QAAQ,EAAE,SAAS,aAAaG,KAAK,GAAG,EAAE,MAAM,IAAM,CACzE,MAAM,IAAI,MAAM,sBAAsBA,KAAI,GAAG,cAAc,CAC7D,CAAC,CACH,CAEA,GAAI,MAAQ,UAAW,CACrB,OAAO,QAAS,OAAU,CACxB,GAAI,QAAQ,KAAK,EAAG,CAClB,QAAQ,KAAK,KAAI,uBAAAC,UAAU,QAAQ,KAAK,EAAG,IAAKD,KAAI,GAAG,CACzD,CACF,CAAC,CACH,CAEA,GAAIA,KAAK,CACP,YAAY,OAAS,CAAE,IAAKA,KAAI,GAAI,CACtC,CAEA,OAAO,IAAI,KAAK,QAAS,IAAK,IAAK,WAAW,CAChD,GAAG,EAEH,GAAI,CAAC,WAAW,IAAK,CACnB,OAAO,MACT,CAEA,GAAI,YAAY,KAAK,WAAW,GAAG,EAAG,CACpC,GAAI,MAAQ,gBAAiB,CAC3B,OAAO,+BAA4B,yBAAO,SAAS,IAAI,GAAG,EAAG,WAAW,GAAG,CAAC,CAC9E,CACF,CAEA,IAAI,IACJ,IAAI,cACJ,GAAI,WAAW,MAAQ,MAAO,CAC5B,CAAC,GAAG,EAAI,OAAO,kBAAkB,iBAAiB,CAAE,IAAK,WAAW,IAAK,IAAK,KAAM,CAAC,EACrF,MAAQ,cAAgB,MAAM,OAAO,kBAAkB,aAAa,IAAK,WAAW,GAAG,EACzF,SAAW,WAAW,IAAI,WAAW,GAAG,EAAG,CACzC,CAAC,GAAG,EAAI,OAAO,kBAAkB,iBAAiB,CAAE,IAAK,WAAW,IAAK,IAAK,KAAM,CAAC,EACrF,MAAQ,cAAgB,MAAM,OAAO,kBAAkB,aAAa,IAAK,WAAW,GAAG,EACzF,KAAO,CACL,MAAM,OAAO,mBAAmB,QAAQ,EACxC,CAAC,GAAG,EAAI,OAAO,mBAAmB,iBAAiB,CAAE,IAAK,WAAW,IAAK,IAAK,KAAM,CAAC,EACtF,MAAQ,cAAgB,MAAM,OAAO,mBAAmB,aAAa,IAAK,WAAW,GAAG,EAC1F,CAEA,GAAI,CAAC,cAAe,CAClB,MAAM,IAAI,oCAAsB,qCAAqC,WAAW,GAAG,GAAG,CACxF,CAEA,KAAM,CAAE,GAAI,EAAI,IAEhB,OAAO,IAAI,QAAQ,OAAQ,cAAe,CACxC,IAAK,WAAW,IAChB,IAAK,WAAW,IAChB,OAAQ,CACN,IAAK,MACL,IACA,IAAK,YAAY,OACjB,IAAK,YAAY,QACnB,CACF,CAAC,CACH,CAEA,aAAa,SAAS,IAAK,OAAQ,CACjC,MAAM,IAAM,OAAO,yBAEnB,IAAI,WACJ,GAAI,IAAI,WAAW,IAAI,EAAG,CACxB,OAAO,4BAA4B,0DAA0D,EAC7F,WAAa,OAAO,iBACtB,KAAO,CACL,cAAa,kBAAAH,SAAS,QAAQ,EAAE,QAClC,CAEA,MAAM,KAAO,CACX,iBAAkB,KAClB,SAAU,OAAO,SACjB,OAAQ,SAAS,OACjB,kBAAgB,kBAAAA,SAAS,QAAQ,EAAE,cAAc,gBAAgB,EACjE,UAAW,IACX,QAAS,IACX,EAEA,GAAI,aAAe,OAAW,CAC5B,MAAM,QAAU,IAAI,OAAO,GAAG,EAC9B,IAAI,aAAa,QAAQ,OAAQ,IAAI,EACrC,IAAI,cAAc,QAAQ,QAAS,IAAI,EACvC,OAAO,OACT,CAEA,OAAO,IAAI,OAAO,IAAK,WAAY,IAAI,CACzC,CACF,CACF,CA1NwB","names":["isPlainObject","instance","merge","epochTime","jwk","tokenHash"],"ignoreList":[],"sources":["/home/etherpad/node_modules/.pnpm/oidc-provider@8.4.6/node_modules/oidc-provider/lib/models/id_token.js"],"sourcesContent":[null]}}