Server : Apache System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 User : pragmatice ( 1003) PHP Version : 8.2.24 Disable Function : NONE Directory :  /tmp/tsx-1023/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

{"code":"(()=>{\nvar __create=Object.create;var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __getProtoOf=Object.getPrototypeOf;var __hasOwnProp=Object.prototype.hasOwnProperty;var __name=(target,value)=>__defProp(target,\"name\",{value,configurable:true});var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __copyProps=(to,from,except,desc)=>{if(from&&typeof from===\"object\"||typeof from===\"function\"){for(let key of __getOwnPropNames(from))if(!__hasOwnProp.call(to,key)&&key!==except)__defProp(to,key,{get:()=>from[key],enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable})}return to};var __toESM=(mod,isNodeMode,target)=>(target=mod!=null?__create(__getProtoOf(mod)):{},__copyProps(isNodeMode||!mod||!mod.__esModule?__defProp(target,\"default\",{value:mod,enumerable:true}):target,mod));var __toCommonJS=mod=>__copyProps(__defProp({},\"__esModule\",{value:true}),mod);var ciba_exports={};__export(ciba_exports,{handler:()=>handler,parameters:()=>parameters});module.exports=__toCommonJS(ciba_exports);var import_upper_first=__toESM(require(\"../../helpers/_/upper_first.js\"));var import_camel_case=__toESM(require(\"../../helpers/_/camel_case.js\"));var errors=__toESM(require(\"../../helpers/errors.js\"));var import_validate_presence=__toESM(require(\"../../helpers/validate_presence.js\"));var import_weak_cache=__toESM(require(\"../../helpers/weak_cache.js\"));var import_filter_claims=__toESM(require(\"../../helpers/filter_claims.js\"));var import_revoke=__toESM(require(\"../../helpers/revoke.js\"));var import_validate_dpop=__toESM(require(\"../../helpers/validate_dpop.js\"));var import_resolve_resource=__toESM(require(\"../../helpers/resolve_resource.js\"));var import_epoch_time=__toESM(require(\"../../helpers/epoch_time.js\"));const{AuthorizationPending,ExpiredToken,InvalidGrant}=errors;const gty=\"ciba\";const handler=__name(async function cibaHandler(ctx,next){(0,import_validate_presence.default)(ctx,\"auth_req_id\");const{issueRefreshToken,conformIdTokenClaims,features:{userinfo,mTLS:{getCertificate},resourceIndicators}}=(0,import_weak_cache.default)(ctx.oidc.provider).configuration();const dPoP=await(0,import_validate_dpop.default)(ctx);const request=await ctx.oidc.provider.BackchannelAuthenticationRequest.find(ctx.oidc.params.auth_req_id,{ignoreExpiration:true});if(!request){throw new InvalidGrant(\"backchannel authentication request not found\")}if(request.clientId!==ctx.oidc.client.clientId){throw new InvalidGrant(\"client mismatch\")}let cert;if(ctx.oidc.client.tlsClientCertificateBoundAccessTokens){cert=getCertificate(ctx);if(!cert){throw new InvalidGrant(\"mutual TLS client certificate not provided\")}}if(!dPoP&&ctx.oidc.client.dpopBoundAccessTokens){throw new InvalidGrant(\"DPoP proof JWT not provided\")}if(request.isExpired){throw new ExpiredToken(\"backchannel authentication request is expired\")}if(!request.grantId&&!request.error){throw new AuthorizationPending}if(request.consumed){await(0,import_revoke.default)(ctx,request.grantId);throw new InvalidGrant(\"backchannel authentication request already consumed\")}await request.consume();if(request.error){const className=(0,import_upper_first.default)((0,import_camel_case.default)(request.error));if(errors[className]){throw new errors[className](request.errorDescription)}throw new errors.CustomOIDCProviderError(request.error,request.errorDescription)}const grant=await ctx.oidc.provider.Grant.find(request.grantId,{ignoreExpiration:true});if(!grant){throw new InvalidGrant(\"grant not found\")}if(grant.isExpired){throw new InvalidGrant(\"grant is expired\")}if(grant.clientId!==ctx.oidc.client.clientId){throw new InvalidGrant(\"client mismatch\")}ctx.oidc.entity(\"BackchannelAuthenticationRequest\",request);ctx.oidc.entity(\"Grant\",grant);const account=await ctx.oidc.provider.Account.findAccount(ctx,request.accountId,request);if(!account){throw new InvalidGrant(\"backchannel authentication request invalid (referenced account not found)\")}if(request.accountId!==grant.accountId){throw new InvalidGrant(\"accountId mismatch\")}ctx.oidc.entity(\"Account\",account);const{AccessToken,IdToken,RefreshToken,ReplayDetection}=ctx.oidc.provider;const at=new AccessToken({accountId:account.accountId,client:ctx.oidc.client,expiresWithSession:request.expiresWithSession,grantId:request.grantId,gty,sessionUid:request.sessionUid,sid:request.sid});if(ctx.oidc.client.tlsClientCertificateBoundAccessTokens){at.setThumbprint(\"x5t\",cert)}if(dPoP){const unique=await ReplayDetection.unique(ctx.oidc.client.clientId,dPoP.jti,(0,import_epoch_time.default)()+300);ctx.assert(unique,new InvalidGrant(\"DPoP proof JWT Replay detected\"));at.setThumbprint(\"jkt\",dPoP.thumbprint)}const resource=await(0,import_resolve_resource.default)(ctx,request,{userinfo,resourceIndicators});if(resource){const resourceServerInfo=await resourceIndicators.getResourceServerInfo(ctx,resource,ctx.oidc.client);at.resourceServer=new ctx.oidc.provider.ResourceServer(resource,resourceServerInfo);at.scope=grant.getResourceScopeFiltered(resource,request.scopes)}else{at.claims=request.claims;at.scope=grant.getOIDCScopeFiltered(request.scopes)}ctx.oidc.entity(\"AccessToken\",at);const accessToken=await at.save();let refreshToken;if(await issueRefreshToken(ctx,ctx.oidc.client,request)){const rt=new RefreshToken({accountId:account.accountId,acr:request.acr,amr:request.amr,authTime:request.authTime,claims:request.claims,client:ctx.oidc.client,expiresWithSession:request.expiresWithSession,grantId:request.grantId,gty,nonce:request.nonce,resource:request.resource,rotations:0,scope:request.scope,sessionUid:request.sessionUid,sid:request.sid});if(ctx.oidc.client.clientAuthMethod===\"none\"){if(at.jkt){rt.jkt=at.jkt}if(at[\"x5t#S256\"]){rt[\"x5t#S256\"]=at[\"x5t#S256\"]}}ctx.oidc.entity(\"RefreshToken\",rt);refreshToken=await rt.save()}let idToken;if(request.scopes.has(\"openid\")){const claims=(0,import_filter_claims.default)(request.claims,\"id_token\",grant);const rejected=grant.getRejectedOIDCClaims();const token=new IdToken({...await account.claims(\"id_token\",request.scope,claims,rejected),...{acr:request.acr,amr:request.amr,auth_time:request.authTime}},{ctx});if(conformIdTokenClaims&&userinfo.enabled&&!at.aud){token.scope=\"openid\"}else{token.scope=grant.getOIDCScopeFiltered(request.scopes)}token.mask=claims;token.rejected=rejected;token.set(\"nonce\",request.nonce);token.set(\"at_hash\",accessToken);token.set(\"urn:openid:params:jwt:claim:rt_hash\",refreshToken);token.set(\"sid\",request.sid);token.set(\"urn:openid:params:jwt:claim:auth_req_id\",ctx.oidc.params.auth_req_id);idToken=await token.issue({use:\"idtoken\"})}ctx.body={access_token:accessToken,expires_in:at.expiration,id_token:idToken,refresh_token:refreshToken,scope:at.scope,token_type:at.tokenType};return next()},\"cibaHandler\");const parameters=new Set([\"auth_req_id\"]);0&&(module.exports={handler,parameters});\n})()\n","warnings":[],"map":{"version":3,"mappings":";i/BAAA,4JAAuB,mDACvB,sBAAsB,kDACtB,WAAwB,4CACxB,6BAAqB,uDACrB,sBAAqB,gDACrB,yBAAyB,mDACzB,kBAAmB,4CACnB,yBAAyB,mDACzB,4BAA4B,sDAC5B,sBAAsB,gDAEtB,KAAM,CACJ,qBACA,aACA,YACF,EAAI,OAEJ,MAAM,IAAM,OAEL,MAAM,QAAU,sBAAe,YAAY,IAAK,KAAM,IAC3D,yBAAAA,SAAS,IAAK,aAAa,EAE3B,KAAM,CACJ,kBACA,qBACA,SAAU,CACR,SACA,KAAM,CAAE,cAAe,EACvB,kBACF,CACF,KAAI,kBAAAC,SAAS,IAAI,KAAK,QAAQ,EAAE,cAAc,EAE9C,MAAM,KAAO,QAAM,qBAAAC,SAAa,GAAG,EAEnC,MAAM,QAAU,MAAM,IAAI,KAAK,SAAS,iCAAiC,KACvE,IAAI,KAAK,OAAO,YAChB,CAAE,iBAAkB,IAAK,CAC3B,EAEA,GAAI,CAAC,QAAS,CACZ,MAAM,IAAI,aAAa,8CAA8C,CACvE,CAEA,GAAI,QAAQ,WAAa,IAAI,KAAK,OAAO,SAAU,CACjD,MAAM,IAAI,aAAa,iBAAiB,CAC1C,CAEA,IAAI,KACJ,GAAI,IAAI,KAAK,OAAO,sCAAuC,CACzD,KAAO,eAAe,GAAG,EACzB,GAAI,CAAC,KAAM,CACT,MAAM,IAAI,aAAa,4CAA4C,CACrE,CACF,CAEA,GAAI,CAAC,MAAQ,IAAI,KAAK,OAAO,sBAAuB,CAClD,MAAM,IAAI,aAAa,6BAA6B,CACtD,CAEA,GAAI,QAAQ,UAAW,CACrB,MAAM,IAAI,aAAa,+CAA+C,CACxE,CAEA,GAAI,CAAC,QAAQ,SAAW,CAAC,QAAQ,MAAO,CACtC,MAAM,IAAI,oBACZ,CAEA,GAAI,QAAQ,SAAU,CACpB,QAAM,cAAAC,SAAO,IAAK,QAAQ,OAAO,EACjC,MAAM,IAAI,aAAa,qDAAqD,CAC9E,CAEA,MAAM,QAAQ,QAAQ,EAEtB,GAAI,QAAQ,MAAO,CACjB,MAAM,aAAY,mBAAAC,YAAW,kBAAAC,SAAU,QAAQ,KAAK,CAAC,EACrD,GAAI,OAAO,SAAS,EAAG,CACrB,MAAM,IAAI,OAAO,SAAS,EAAE,QAAQ,gBAAgB,CACtD,CACA,MAAM,IAAI,OAAO,wBAAwB,QAAQ,MAAO,QAAQ,gBAAgB,CAClF,CAEA,MAAM,MAAQ,MAAM,IAAI,KAAK,SAAS,MAAM,KAAK,QAAQ,QAAS,CAChE,iBAAkB,IACpB,CAAC,EAED,GAAI,CAAC,MAAO,CACV,MAAM,IAAI,aAAa,iBAAiB,CAC1C,CAEA,GAAI,MAAM,UAAW,CACnB,MAAM,IAAI,aAAa,kBAAkB,CAC3C,CAEA,GAAI,MAAM,WAAa,IAAI,KAAK,OAAO,SAAU,CAC/C,MAAM,IAAI,aAAa,iBAAiB,CAC1C,CAEA,IAAI,KAAK,OAAO,mCAAoC,OAAO,EAC3D,IAAI,KAAK,OAAO,QAAS,KAAK,EAE9B,MAAM,QAAU,MAAM,IAAI,KAAK,SAAS,QAAQ,YAAY,IAAK,QAAQ,UAAW,OAAO,EAE3F,GAAI,CAAC,QAAS,CACZ,MAAM,IAAI,aAAa,2EAA2E,CACpG,CAEA,GAAI,QAAQ,YAAc,MAAM,UAAW,CACzC,MAAM,IAAI,aAAa,oBAAoB,CAC7C,CAEA,IAAI,KAAK,OAAO,UAAW,OAAO,EAElC,KAAM,CACJ,YAAa,QAAS,aAAc,eACtC,EAAI,IAAI,KAAK,SAEb,MAAM,GAAK,IAAI,YAAY,CACzB,UAAW,QAAQ,UACnB,OAAQ,IAAI,KAAK,OACjB,mBAAoB,QAAQ,mBAC5B,QAAS,QAAQ,QACjB,IACA,WAAY,QAAQ,WACpB,IAAK,QAAQ,GACf,CAAC,EAED,GAAI,IAAI,KAAK,OAAO,sCAAuC,CACzD,GAAG,cAAc,MAAO,IAAI,CAC9B,CAEA,GAAI,KAAM,CACR,MAAM,OAAS,MAAM,gBAAgB,OACnC,IAAI,KAAK,OAAO,SAChB,KAAK,OACL,kBAAAC,SAAU,EAAI,GAChB,EAEA,IAAI,OAAO,OAAQ,IAAI,aAAa,gCAAgC,CAAC,EAErE,GAAG,cAAc,MAAO,KAAK,UAAU,CACzC,CAEA,MAAM,SAAW,QAAM,wBAAAC,SAAgB,IAAK,QAAS,CAAE,SAAU,kBAAmB,CAAC,EAErF,GAAI,SAAU,CACZ,MAAM,mBAAqB,MAAM,mBAC9B,sBAAsB,IAAK,SAAU,IAAI,KAAK,MAAM,EACvD,GAAG,eAAiB,IAAI,IAAI,KAAK,SAAS,eAAe,SAAU,kBAAkB,EACrF,GAAG,MAAQ,MAAM,yBAAyB,SAAU,QAAQ,MAAM,CACpE,KAAO,CACL,GAAG,OAAS,QAAQ,OACpB,GAAG,MAAQ,MAAM,qBAAqB,QAAQ,MAAM,CACtD,CAEA,IAAI,KAAK,OAAO,cAAe,EAAE,EACjC,MAAM,YAAc,MAAM,GAAG,KAAK,EAElC,IAAI,aACJ,GAAI,MAAM,kBAAkB,IAAK,IAAI,KAAK,OAAQ,OAAO,EAAG,CAC1D,MAAM,GAAK,IAAI,aAAa,CAC1B,UAAW,QAAQ,UACnB,IAAK,QAAQ,IACb,IAAK,QAAQ,IACb,SAAU,QAAQ,SAClB,OAAQ,QAAQ,OAChB,OAAQ,IAAI,KAAK,OACjB,mBAAoB,QAAQ,mBAC5B,QAAS,QAAQ,QACjB,IACA,MAAO,QAAQ,MACf,SAAU,QAAQ,SAClB,UAAW,EACX,MAAO,QAAQ,MACf,WAAY,QAAQ,WACpB,IAAK,QAAQ,GACf,CAAC,EAED,GAAI,IAAI,KAAK,OAAO,mBAAqB,OAAQ,CAC/C,GAAI,GAAG,IAAK,CACV,GAAG,IAAM,GAAG,GACd,CAEA,GAAI,GAAG,UAAU,EAAG,CAClB,GAAG,UAAU,EAAI,GAAG,UAAU,CAChC,CACF,CAEA,IAAI,KAAK,OAAO,eAAgB,EAAE,EAClC,aAAe,MAAM,GAAG,KAAK,CAC/B,CAEA,IAAI,QACJ,GAAI,QAAQ,OAAO,IAAI,QAAQ,EAAG,CAChC,MAAM,UAAS,qBAAAC,SAAa,QAAQ,OAAQ,WAAY,KAAK,EAC7D,MAAM,SAAW,MAAM,sBAAsB,EAC7C,MAAM,MAAQ,IAAI,QAAQ,CACxB,GAAG,MAAM,QAAQ,OAAO,WAAY,QAAQ,MAAO,OAAQ,QAAQ,EACnE,GAAG,CACD,IAAK,QAAQ,IACb,IAAK,QAAQ,IACb,UAAW,QAAQ,QACrB,CACF,EAAG,CAAE,GAAI,CAAC,EAEV,GAAI,sBAAwB,SAAS,SAAW,CAAC,GAAG,IAAK,CACvD,MAAM,MAAQ,QAChB,KAAO,CACL,MAAM,MAAQ,MAAM,qBAAqB,QAAQ,MAAM,CACzD,CAEA,MAAM,KAAO,OACb,MAAM,SAAW,SAEjB,MAAM,IAAI,QAAS,QAAQ,KAAK,EAChC,MAAM,IAAI,UAAW,WAAW,EAChC,MAAM,IAAI,sCAAuC,YAAY,EAC7D,MAAM,IAAI,MAAO,QAAQ,GAAG,EAC5B,MAAM,IAAI,0CAA2C,IAAI,KAAK,OAAO,WAAW,EAEhF,QAAU,MAAM,MAAM,MAAM,CAAE,IAAK,SAAU,CAAC,CAChD,CAEA,IAAI,KAAO,CACT,aAAc,YACd,WAAY,GAAG,WACf,SAAU,QACV,cAAe,aACf,MAAO,GAAG,MACV,WAAY,GAAG,SACjB,EAEA,OAAO,KAAK,CACd,EAtNuB,eAwNhB,MAAM,WAAa,IAAI,IAAI,CAAC,aAAa,CAAC","names":["presence","instance","dpopValidate","revoke","upperFirst","camelCase","epochTime","resolveResource","filterClaims"],"ignoreList":[],"sources":["/home/etherpad/node_modules/.pnpm/oidc-provider@8.4.6/node_modules/oidc-provider/lib/actions/grants/ciba.js"],"sourcesContent":[null]}}