From ea897d463d058b9f16d90b5c7b8e419ca3b3da07 Mon Sep 17 00:00:00 2001 From: Hel Nershing Thapa Date: Mon, 28 Feb 2022 20:38:14 +0545 Subject: [PATCH 1/6] replaces endpoints to implement OAuth2.0 --- index.html | 244 +++++++------- index.js | 622 ++++++++++++++++++++---------------- osmauth.js | 846 +++++++++++++++++++++++++++---------------------- osmauth.min.js | 2 +- package.json | 2 +- 5 files changed, 944 insertions(+), 772 deletions(-) diff --git a/index.html b/index.html index eaad834..38cb83c 100644 --- a/index.html +++ b/index.html @@ -1,119 +1,149 @@ - - osm-auth - - - - - - - -
-

-

- Changesets: -
-

osm-auth is a minimal - example of authenticating and interacting with the - openstreetmap - API.

- - + - + }; + + function update() { + console.log("update chiryo"); + if (auth.authenticated()) { + console.log("yes done") + document.getElementById("authenticate").className = "done"; + document.getElementById("logout").className = ""; + showDetails(); + } else { + console.log("no done") + document.getElementById("authenticate").className = ""; + document.getElementById("logout").className = "done"; + hideDetails(); + } + } + + update(); + + diff --git a/index.js b/index.js index 4ca9e52..accbb5a 100644 --- a/index.js +++ b/index.js @@ -1,304 +1,374 @@ -'use strict'; - -var ohauth = require('ohauth'); -var resolveUrl = require('resolve-url'); -var store = require('store'); +"use strict"; +var ohauth = require("ohauth"); +var resolveUrl = require("resolve-url"); +var store = require("store"); // # xtend var hasOwnProperty = Object.prototype.hasOwnProperty; function xtend() { - var target = {}; - for (var i = 0; i < arguments.length; i++) { - var source = arguments[i]; - for (var key in source) { - if (hasOwnProperty.call(source, key)) { - target[key] = source[key]; - } - } + var target = {}; + for (var i = 0; i < arguments.length; i++) { + var source = arguments[i]; + for (var key in source) { + if (hasOwnProperty.call(source, key)) { + target[key] = source[key]; + } } - return target; + } + return target; } - // # osm-auth // // This code is only compatible with IE10+ because the [XDomainRequest](http://bit.ly/LfO7xo) // object, IE<10's idea of [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing), // does not support custom headers, which this uses everywhere. -module.exports = function(o) { - - var oauth = {}; - - // authenticated users will also have a request token secret, but it's - // not used in transactions with the server - oauth.authenticated = function() { - return !!(token('oauth_token') && token('oauth_token_secret')); - }; - - oauth.logout = function() { - token('oauth_token', ''); - token('oauth_token_secret', ''); - token('oauth_request_token_secret', ''); - return oauth; - }; - - // TODO: detect lack of click event - oauth.authenticate = function(callback) { - if (oauth.authenticated()) return callback(); - - oauth.logout(); - - // ## Getting a request token - var params = timenonce(getAuth(o)), - url = o.url + '/oauth/request_token'; - - params.oauth_signature = ohauth.signature( - o.oauth_secret, '', - ohauth.baseString('POST', url, params)); - - if (!o.singlepage) { - // Create a 600x550 popup window in the center of the screen - var w = 600, h = 550, - settings = [ - ['width', w], ['height', h], - ['left', screen.width / 2 - w / 2], - ['top', screen.height / 2 - h / 2]].map(function(x) { - return x.join('='); - }).join(','), - popup = window.open('about:blank', 'oauth_window', settings); - - oauth.popupWindow = popup; - - if (!popup) { - var error = new Error('Popup was blocked'); - error.status = 'popup-blocked'; - throw error; - } - } - - // Request a request token. When this is complete, the popup - // window is redirected to OSM's authorization page. - ohauth.xhr('POST', url, params, null, {}, reqTokenDone); - o.loading(); - - function reqTokenDone(err, xhr) { - o.done(); - if (err) return callback(err); - var resp = ohauth.stringQs(xhr.response); - token('oauth_request_token_secret', resp.oauth_token_secret); - var authorize_url = o.url + '/oauth/authorize?' + ohauth.qsString({ - oauth_token: resp.oauth_token, - oauth_callback: resolveUrl(o.landing) - }); - - if (o.singlepage) { - location.href = authorize_url; - } else { - popup.location = authorize_url; - } - } - - // Called by a function in a landing page, in the popup window. The - // window closes itself. - window.authComplete = function(token) { - var oauth_token = ohauth.stringQs(token.split('?')[1]); - get_access_token(oauth_token.oauth_token); - delete window.authComplete; - }; - - // ## Getting an request token - // - // At this point we have an `oauth_token`, brought in from a function - // call on a landing page popup. - function get_access_token(oauth_token) { - var url = o.url + '/oauth/access_token', - params = timenonce(getAuth(o)), - request_token_secret = token('oauth_request_token_secret'); - params.oauth_token = oauth_token; - params.oauth_signature = ohauth.signature( - o.oauth_secret, - request_token_secret, - ohauth.baseString('POST', url, params)); - - // ## Getting an access token - // - // The final token required for authentication. At this point - // we have a `request token secret` - ohauth.xhr('POST', url, params, null, {}, accessTokenDone); - o.loading(); - } - - function accessTokenDone(err, xhr) { - o.done(); - if (err) return callback(err); - var access_token = ohauth.stringQs(xhr.response); - token('oauth_token', access_token.oauth_token); - token('oauth_token_secret', access_token.oauth_token_secret); - callback(null, oauth); - } - }; - - oauth.bringPopupWindowToFront = function() { - var brougtPopupToFront = false; - try { - // This may cause a cross-origin error: - // `DOMException: Blocked a frame with origin "..." from accessing a cross-origin frame.` - if (oauth.popupWindow && !oauth.popupWindow.closed) { - oauth.popupWindow.focus(); - brougtPopupToFront = true; - } - } catch (err) { - // Bringing popup window to front failed (probably because of the cross-origin error mentioned above) - } - return brougtPopupToFront; - }; +module.exports = function (o) { + var oauth = {}; + + // authenticated users will also have a request token secret, but it's + // not used in transactions with the server + oauth.authenticated = function () { + return !!token("oauth_token"); + }; + + oauth.logout = function () { + token("oauth_token", ""); + token("oauth_token_secret", ""); + token("oauth_request_token_secret", ""); + return oauth; + }; + + // TODO: detect lack of click event + oauth.authenticate = function (callback) { + if (oauth.authenticated()) return callback(); + + oauth.logout(); + + // ## Getting a request token + var params = timenonce(getAuth(o)), + url = + o.url + + "/oauth2/authorize?" + + ohauth.qsString({ + client_id: token("client_id"), + redirect_uri: "http://127.0.0.1:8080/land.html", + response_type: "code", + scope: ["read_prefs write_api"], + }); + + // params.oauth_signature = ohauth.signature( + // o.oauth_secret, + // "", + // ohauth.baseString("POST", url, params) + // ); + + if (!o.singlepage) { + // Create a 600x550 popup window in the center of the screen + var w = 600, + h = 550, + settings = [ + ["width", w], + ["height", h], + ["left", screen.width / 2 - w / 2], + ["top", screen.height / 2 - h / 2], + ] + .map(function (x) { + return x.join("="); + }) + .join(","), + popup = window.open("about:blank", "oauth_window", settings); + oauth.popupWindow = popup; + popup.location = url; + + if (!popup) { + var error = new Error("Popup was blocked"); + error.status = "popup-blocked"; + throw error; + } + } - oauth.bootstrapToken = function(oauth_token, callback) { - // ## Getting an request token - // At this point we have an `oauth_token`, brought in from a function - // call on a landing page popup. - function get_access_token(oauth_token) { - var url = o.url + '/oauth/access_token', - params = timenonce(getAuth(o)), - request_token_secret = token('oauth_request_token_secret'); - params.oauth_token = oauth_token; - params.oauth_signature = ohauth.signature( - o.oauth_secret, - request_token_secret, - ohauth.baseString('POST', url, params)); - - // ## Getting an access token - // The final token required for authentication. At this point - // we have a `request token secret` - ohauth.xhr('POST', url, params, null, {}, accessTokenDone); - o.loading(); - } - - function accessTokenDone(err, xhr) { - o.done(); - if (err) return callback(err); - var access_token = ohauth.stringQs(xhr.response); - token('oauth_token', access_token.oauth_token); - token('oauth_token_secret', access_token.oauth_token_secret); - callback(null, oauth); - } - - get_access_token(oauth_token); + // Request a request token. When this is complete, the popup + // window is redirected to OSM's authorization page. + // ohauth.xhr( + // "GET", + // url, + // params, + // null, + // { + // // header: { + // // "Content-Type": "application/x-www-form-urlencoded", + // // "X-Requested-With": "XMLHttpRequest", + // // "Access-Control-Allow-Origin": "*", + // // }, + // }, + // reqTokenDone + // ); + // o.loading(); + + // function reqTokenDone(err, xhr) { + // console.log("done ma chiryoooo", err, xhr); + // o.done(); + // if (err) return callback(err); + // var resp = ohauth.stringQs(xhr.response); + // console.log("resp", resp); + // token("oauth_code", resp.oauth_token_secret); + // var authorize_url = + // o.url + + // "/oauth/authorize?" + + // ohauth.qsString({ + // oauth_token: resp.oauth_token, + // oauth_callback: resolveUrl(o.landing), + // }); + + // console.log("yaha pugisakyo??"); + // if (o.singlepage) { + // location.href = authorize_url; + // } else { + // popup.location = authorize_url; + // } + // } + + // Called by a function in a landing page, in the popup window. The + // window closes itself. + window.authComplete = function (token) { + var oauth_token = ohauth.stringQs(token.split("?")[1]); + get_access_token(oauth_token.code); + delete window.authComplete; }; - // # xhr + // ## Getting an request token // - // A single XMLHttpRequest wrapper that does authenticated calls if the - // user has logged in. - oauth.xhr = function(options, callback) { - if (!oauth.authenticated()) { - if (o.auto) { - return oauth.authenticate(run); - } else { - callback('not authenticated', null); - return; - } - } else { - return run(); - } - - function run() { - var params = timenonce(getAuth(o)), - oauth_token_secret = token('oauth_token_secret'), - url = (options.prefix !== false) ? o.url + options.path : options.path, - url_parts = url.replace(/#.*$/, '').split('?', 2), - base_url = url_parts[0], - query = (url_parts.length === 2) ? url_parts[1] : ''; - - // https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1 - if ((!options.options || !options.options.header || - options.options.header['Content-Type'] === 'application/x-www-form-urlencoded') && - options.content) { - params = xtend(params, ohauth.stringQs(options.content)); - } - - params.oauth_token = token('oauth_token'); - params.oauth_signature = ohauth.signature( - o.oauth_secret, - oauth_token_secret, - ohauth.baseString(options.method, base_url, xtend(params, ohauth.stringQs(query))) - ); - - return ohauth.xhr(options.method, url, params, options.content, options.options, done); - } - - function done(err, xhr) { - if (err) return callback(err); - else if (xhr.responseXML) return callback(err, xhr.responseXML); - else return callback(err, xhr.response); - } - }; - - // pre-authorize this object, if we can just get a token and token_secret - // from the start - oauth.preauth = function(c) { - if (!c) return; - if (c.oauth_token) token('oauth_token', c.oauth_token); - if (c.oauth_token_secret) token('oauth_token_secret', c.oauth_token_secret); - return oauth; - }; - - oauth.options = function(_) { - if (!arguments.length) return o; - - o = _; - o.url = o.url || 'https://www.openstreetmap.org'; - o.landing = o.landing || 'land.html'; - o.singlepage = o.singlepage || false; - - // Optional loading and loading-done functions for nice UI feedback. - // by default, no-ops - o.loading = o.loading || function() {}; - o.done = o.done || function() {}; + // At this point we have an `oauth_token`, brought in from a function + // call on a landing page popup. + function get_access_token(oauth_token) { + var url = + o.url + + "/oauth2/token?" + + ohauth.qsString({ + client_id: token("client_id"), + grant_type: "authorization_code", + code: oauth_token, + redirect_uri: "http://127.0.0.1:8080/land.html", + client_secret: "qWbVpHL_s--akm1mDKdwclk7xU91-vtBOAGuTZE4La4", + }), + params = timenonce(getAuth(o)), + request_token_secret = token("oauth_request_token_secret"); + params.oauth_token = oauth_token; + params.oauth_signature = ohauth.signature( + o.oauth_secret, + request_token_secret, + ohauth.baseString("POST", url, params) + ); + + // ## Getting an access token + + // fetch(url, { + // method: "POST", + // headers: new Headers({ + // "content-type": "application/x-www-form-urlencoded", + // }), + // }) + // .then((res) => res.json()) + // .then((res) => accessTokenDone(res)) + // .catch((err) => console.error(err)); + // + // The final token required for authentication. At this point + // we have a `request token secret` + ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + o.loading(); + } - return oauth.preauth(o); - }; + // EDIT THIS OK - // 'stamp' an authentication object from `getAuth()` - // with a [nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) - // and timestamp - function timenonce(o) { - o.oauth_timestamp = ohauth.timestamp(); - o.oauth_nonce = ohauth.nonce(); - return o; + function accessTokenDone(err, xhr) { + o.done(); + if (err) return callback(err); + var access_token = JSON.parse(xhr.response); + console.log("FINAL", JSON.parse(xhr.response)); + token("oauth_token", access_token.access_token); + token("oauth_token_secret", access_token.oauth_token_secret); + callback(null, oauth); + } + }; + + oauth.bringPopupWindowToFront = function () { + var brougtPopupToFront = false; + try { + // This may cause a cross-origin error: + // `DOMException: Blocked a frame with origin "..." from accessing a cross-origin frame.` + if (oauth.popupWindow && !oauth.popupWindow.closed) { + oauth.popupWindow.focus(); + brougtPopupToFront = true; + } + } catch (err) { + // Bringing popup window to front failed (probably because of the cross-origin error mentioned above) + } + return brougtPopupToFront; + }; + + oauth.bootstrapToken = function (oauth_token, callback) { + // ## Getting an request token + // At this point we have an `oauth_token`, brought in from a function + // call on a landing page popup. + function get_access_token(oauth_token) { + var url = o.url + "/oauth/access_token", + params = timenonce(getAuth(o)), + request_token_secret = token("oauth_request_token_secret"); + params.oauth_token = oauth_token; + params.oauth_signature = ohauth.signature( + o.oauth_secret, + request_token_secret, + ohauth.baseString("POST", url, params) + ); + + // ## Getting an access token + // The final token required for authentication. At this point + // we have a `request token secret` + ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + o.loading(); } - // get/set tokens. These are prefixed with the base URL so that `osm-auth` - // can be used with multiple APIs and the keys in `localStorage` - // will not clash - var token; + function accessTokenDone(err, xhr) { + o.done(); + if (err) return callback(err); + var access_token = ohauth.stringQs(xhr.response); + console.log("final_access_token", access_token); + token("oauth_token", access_token.oauth_token); + token("oauth_token_secret", access_token.oauth_token_secret); + callback(null, oauth); + } - if (store.enabled) { - token = function (x, y) { - if (arguments.length === 1) return store.get(o.url + x); - else if (arguments.length === 2) return store.set(o.url + x, y); - }; + get_access_token(oauth_token); + }; + + // # xhr + // + // A single XMLHttpRequest wrapper that does authenticated calls if the + // user has logged in. + oauth.xhr = function (options, callback) { + if (!oauth.authenticated()) { + if (o.auto) { + return oauth.authenticate(run); + } else { + callback("not authenticated", null); + return; + } } else { - var storage = {}; - token = function (x, y) { - if (arguments.length === 1) return storage[o.url + x]; - else if (arguments.length === 2) return storage[o.url + x] = y; - }; + return run(); } - // Get an authentication object. If you just add and remove properties - // from a single object, you'll need to use `delete` to make sure that - // it doesn't contain undesired properties for authentication - function getAuth(o) { - return { - oauth_consumer_key: o.oauth_consumer_key, - oauth_signature_method: 'HMAC-SHA1' - }; + function run() { + var params = timenonce(getAuth(o)), + oauth_token_secret = token("oauth_token_secret"), + url = options.prefix !== false ? o.url + options.path : options.path, + url_parts = url.replace(/#.*$/, "").split("?", 2), + base_url = url_parts[0], + query = url_parts.length === 2 ? url_parts[1] : ""; + + // https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1 + if ( + (!options.options || + !options.options.header || + options.options.header["Content-Type"] === + "application/x-www-form-urlencoded") && + options.content + ) { + params = xtend(params, ohauth.stringQs(options.content)); + } + + params.oauth_token = token("oauth_token"); + params.oauth_signature = ohauth.signature( + o.oauth_secret, + oauth_token_secret, + ohauth.baseString( + options.method, + base_url, + xtend(params, ohauth.stringQs(query)) + ) + ); + + return ohauth.xhr( + options.method, + url, + params, + options.content, + options.options, + done + ); } - // potentially pre-authorize - oauth.options(o); - + function done(err, xhr) { + if (err) return callback(err); + else if (xhr.responseXML) return callback(err, xhr.responseXML); + else return callback(err, xhr.response); + } + }; + + // pre-authorize this object, if we can just get a token and token_secret + // from the start + oauth.preauth = function (c) { + if (!c) return; + if (c.client_id) token("client_id", c.client_id); + if (c.oauth_token_secret) token("oauth_token_secret", c.oauth_token_secret); return oauth; -}; \ No newline at end of file + }; + + oauth.options = function (_) { + if (!arguments.length) return o; + + o = _; + o.url = o.url || "https://www.openstreetmap.org"; + o.landing = o.landing || "land.html"; + o.singlepage = o.singlepage || false; + + // Optional loading and loading-done functions for nice UI feedback. + // by default, no-ops + o.loading = o.loading || function () {}; + o.done = o.done || function () {}; + return oauth.preauth(o); + }; + + // 'stamp' an authentication object from `getAuth()` + // with a [nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) + // and timestamp + function timenonce(o) { + o.oauth_timestamp = ohauth.timestamp(); + o.oauth_nonce = ohauth.nonce(); + return o; + } + + // get/set tokens. These are prefixed with the base URL so that `osm-auth` + // can be used with multiple APIs and the keys in `localStorage` + // will not clash + var token; + + if (store.enabled) { + token = function (x, y) { + if (arguments.length === 1) return store.get(o.url + x); + else if (arguments.length === 2) return store.set(o.url + x, y); + }; + } else { + var storage = {}; + token = function (x, y) { + if (arguments.length === 1) return storage[o.url + x]; + else if (arguments.length === 2) return (storage[o.url + x] = y); + }; + } + + // Get an authentication object. If you just add and remove properties + // from a single object, you'll need to use `delete` to make sure that + // it doesn't contain undesired properties for authentication + function getAuth(o) { + return { + oauth_consumer_key: o.oauth_consumer_key, + oauth_signature_method: "HMAC-SHA1", + }; + } + + // potentially pre-authorize + oauth.options(o); + + return oauth; +}; diff --git a/osmauth.js b/osmauth.js index 2da9397..cc22ce3 100644 --- a/osmauth.js +++ b/osmauth.js @@ -1,9 +1,8 @@ (function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.osmAuth = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i 0) { + extra_params = ohauth.stringQs(extra_params); + } - o = _; - o.url = o.url || 'https://www.openstreetmap.org'; - o.landing = o.landing || 'land.html'; - o.singlepage = o.singlepage || false; + var uri_parts = uri.split('?', 2), + base_uri = uri_parts[0]; - // Optional loading and loading-done functions for nice UI feedback. - // by default, no-ops - o.loading = o.loading || function() {}; - o.done = o.done || function() {}; + var query_params = uri_parts.length === 2 ? + ohauth.stringQs(uri_parts[1]) : {}; - return oauth.preauth(o); - }; + var oauth_params = { + oauth_consumer_key: consumer_key, + oauth_signature_method: signature_method, + oauth_version: version, + oauth_timestamp: ohauth.timestamp(), + oauth_nonce: ohauth.nonce() + }; - // 'stamp' an authentication object from `getAuth()` - // with a [nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) - // and timestamp - function timenonce(o) { - o.oauth_timestamp = ohauth.timestamp(); - o.oauth_nonce = ohauth.nonce(); - return o; - } + if (token) oauth_params.oauth_token = token; - // get/set tokens. These are prefixed with the base URL so that `osm-auth` - // can be used with multiple APIs and the keys in `localStorage` - // will not clash - var token; + var all_params = xtend({}, oauth_params, query_params, extra_params), + base_str = ohauth.baseString(method, base_uri, all_params); - if (store.enabled) { - token = function (x, y) { - if (arguments.length === 1) return store.get(o.url + x); - else if (arguments.length === 2) return store.set(o.url + x, y); - }; - } else { - var storage = {}; - token = function (x, y) { - if (arguments.length === 1) return storage[o.url + x]; - else if (arguments.length === 2) return storage[o.url + x] = y; - }; - } + oauth_params.oauth_signature = ohauth.signature(consumer_secret, token_secret, base_str); - // Get an authentication object. If you just add and remove properties - // from a single object, you'll need to use `delete` to make sure that - // it doesn't contain undesired properties for authentication - function getAuth(o) { - return { - oauth_consumer_key: o.oauth_consumer_key, - oauth_signature_method: 'HMAC-SHA1' - }; - } + return 'OAuth ' + ohauth.authHeader(oauth_params); + }; +}; - // potentially pre-authorize - oauth.options(o); +module.exports = ohauth; - return oauth; -}; -},{"ohauth":3,"resolve-url":4,"store":5}],2:[function(require,module,exports){ +},{"jshashes":2}],2:[function(require,module,exports){ (function (global){(function (){ /** * jshashes - https://github.com/h2non/jshashes @@ -2073,166 +1929,382 @@ module.exports = function(o) { }).call(this)}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {}) },{}],3:[function(require,module,exports){ -'use strict'; - -var hashes = require('jshashes'), - sha1 = new hashes.SHA1(); +"use strict"; +var ohauth = require("ohauth"); +var resolveUrl = require("resolve-url"); +var store = require("store"); // # xtend var hasOwnProperty = Object.prototype.hasOwnProperty; function xtend() { - var target = {}; - for (var i = 0; i < arguments.length; i++) { - var source = arguments[i]; - for (var key in source) { - if (hasOwnProperty.call(source, key)) { - target[key] = source[key]; - } - } + var target = {}; + for (var i = 0; i < arguments.length; i++) { + var source = arguments[i]; + for (var key in source) { + if (hasOwnProperty.call(source, key)) { + target[key] = source[key]; + } } - return target; + } + return target; } +// # osm-auth +// +// This code is only compatible with IE10+ because the [XDomainRequest](http://bit.ly/LfO7xo) +// object, IE<10's idea of [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing), +// does not support custom headers, which this uses everywhere. +module.exports = function (o) { + var oauth = {}; -var ohauth = {}; + // authenticated users will also have a request token secret, but it's + // not used in transactions with the server + oauth.authenticated = function () { + return !!token("oauth_token"); + }; -ohauth.qsString = function(obj) { - return Object.keys(obj).sort().map(function(key) { - return ohauth.percentEncode(key) + '=' + - ohauth.percentEncode(obj[key]); - }).join('&'); -}; + oauth.logout = function () { + token("oauth_token", ""); + token("oauth_token_secret", ""); + token("oauth_request_token_secret", ""); + return oauth; + }; -ohauth.stringQs = function(str) { - return str.split('&').filter(function (pair) { - return pair !== ''; - }).reduce(function(obj, pair){ - var parts = pair.split('='); - obj[decodeURIComponent(parts[0])] = (null === parts[1]) ? - '' : decodeURIComponent(parts[1]); - return obj; - }, {}); -}; + // TODO: detect lack of click event + oauth.authenticate = function (callback) { + if (oauth.authenticated()) return callback(); + + oauth.logout(); + + // ## Getting a request token + var params = timenonce(getAuth(o)), + url = + o.url + + "/oauth2/authorize?" + + ohauth.qsString({ + client_id: token("client_id"), + redirect_uri: "http://127.0.0.1:8080/land.html", + response_type: "code", + scope: ["read_prefs write_api"], + }); + + // params.oauth_signature = ohauth.signature( + // o.oauth_secret, + // "", + // ohauth.baseString("POST", url, params) + // ); + + if (!o.singlepage) { + // Create a 600x550 popup window in the center of the screen + var w = 600, + h = 550, + settings = [ + ["width", w], + ["height", h], + ["left", screen.width / 2 - w / 2], + ["top", screen.height / 2 - h / 2], + ] + .map(function (x) { + return x.join("="); + }) + .join(","), + popup = window.open("about:blank", "oauth_window", settings); + oauth.popupWindow = popup; + popup.location = url; + + if (!popup) { + var error = new Error("Popup was blocked"); + error.status = "popup-blocked"; + throw error; + } + } -ohauth.rawxhr = function(method, url, data, headers, callback) { - var xhr = new XMLHttpRequest(), - twoHundred = /^20\d$/; - xhr.onreadystatechange = function() { - if (4 === xhr.readyState && 0 !== xhr.status) { - if (twoHundred.test(xhr.status)) callback(null, xhr); - else return callback(xhr, null); - } + // Request a request token. When this is complete, the popup + // window is redirected to OSM's authorization page. + // ohauth.xhr( + // "GET", + // url, + // params, + // null, + // { + // // header: { + // // "Content-Type": "application/x-www-form-urlencoded", + // // "X-Requested-With": "XMLHttpRequest", + // // "Access-Control-Allow-Origin": "*", + // // }, + // }, + // reqTokenDone + // ); + // o.loading(); + + // function reqTokenDone(err, xhr) { + // console.log("done ma chiryoooo", err, xhr); + // o.done(); + // if (err) return callback(err); + // var resp = ohauth.stringQs(xhr.response); + // console.log("resp", resp); + // token("oauth_code", resp.oauth_token_secret); + // var authorize_url = + // o.url + + // "/oauth/authorize?" + + // ohauth.qsString({ + // oauth_token: resp.oauth_token, + // oauth_callback: resolveUrl(o.landing), + // }); + + // console.log("yaha pugisakyo??"); + // if (o.singlepage) { + // location.href = authorize_url; + // } else { + // popup.location = authorize_url; + // } + // } + + // Called by a function in a landing page, in the popup window. The + // window closes itself. + window.authComplete = function (token) { + var oauth_token = ohauth.stringQs(token.split("?")[1]); + get_access_token(oauth_token.code); + delete window.authComplete; }; - xhr.onerror = function(e) { return callback(e, null); }; - xhr.open(method, url, true); - for (var h in headers) xhr.setRequestHeader(h, headers[h]); - xhr.send(data); - return xhr; -}; -ohauth.xhr = function(method, url, auth, data, options, callback) { - var headers = (options && options.header) || { - 'Content-Type': 'application/x-www-form-urlencoded' - }; - headers.Authorization = 'OAuth ' + ohauth.authHeader(auth); - return ohauth.rawxhr(method, url, data, headers, callback); -}; + // ## Getting an request token + // + // At this point we have an `oauth_token`, brought in from a function + // call on a landing page popup. + function get_access_token(oauth_token) { + var url = + o.url + + "/oauth2/token?" + + ohauth.qsString({ + client_id: token("client_id"), + grant_type: "authorization_code", + code: oauth_token, + redirect_uri: "http://127.0.0.1:8080/land.html", + client_secret: "qWbVpHL_s--akm1mDKdwclk7xU91-vtBOAGuTZE4La4", + }), + params = timenonce(getAuth(o)), + request_token_secret = token("oauth_request_token_secret"); + params.oauth_token = oauth_token; + params.oauth_signature = ohauth.signature( + o.oauth_secret, + request_token_secret, + ohauth.baseString("POST", url, params) + ); + + // ## Getting an access token + + // fetch(url, { + // method: "POST", + // headers: new Headers({ + // "content-type": "application/x-www-form-urlencoded", + // }), + // }) + // .then((res) => res.json()) + // .then((res) => accessTokenDone(res)) + // .catch((err) => console.error(err)); + // + // The final token required for authentication. At this point + // we have a `request token secret` + ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + o.loading(); + } -ohauth.nonce = function() { - for (var o = ''; o.length < 6;) { - o += '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz'[Math.floor(Math.random() * 61)]; + // EDIT THIS OK + + function accessTokenDone(err, xhr) { + o.done(); + if (err) return callback(err); + var access_token = JSON.parse(xhr.response); + console.log("FINAL", JSON.parse(xhr.response)); + token("oauth_token", access_token.access_token); + token("oauth_token_secret", access_token.oauth_token_secret); + callback(null, oauth); } - return o; -}; + }; -ohauth.authHeader = function(obj) { - return Object.keys(obj).sort().map(function(key) { - return encodeURIComponent(key) + '="' + encodeURIComponent(obj[key]) + '"'; - }).join(', '); -}; + oauth.bringPopupWindowToFront = function () { + var brougtPopupToFront = false; + try { + // This may cause a cross-origin error: + // `DOMException: Blocked a frame with origin "..." from accessing a cross-origin frame.` + if (oauth.popupWindow && !oauth.popupWindow.closed) { + oauth.popupWindow.focus(); + brougtPopupToFront = true; + } + } catch (err) { + // Bringing popup window to front failed (probably because of the cross-origin error mentioned above) + } + return brougtPopupToFront; + }; -ohauth.timestamp = function() { return ~~((+new Date()) / 1000); }; + oauth.bootstrapToken = function (oauth_token, callback) { + // ## Getting an request token + // At this point we have an `oauth_token`, brought in from a function + // call on a landing page popup. + function get_access_token(oauth_token) { + var url = o.url + "/oauth/access_token", + params = timenonce(getAuth(o)), + request_token_secret = token("oauth_request_token_secret"); + params.oauth_token = oauth_token; + params.oauth_signature = ohauth.signature( + o.oauth_secret, + request_token_secret, + ohauth.baseString("POST", url, params) + ); + + // ## Getting an access token + // The final token required for authentication. At this point + // we have a `request token secret` + ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + o.loading(); + } -ohauth.percentEncode = function(s) { - return encodeURIComponent(s) - .replace(/\!/g, '%21').replace(/\'/g, '%27') - .replace(/\*/g, '%2A').replace(/\(/g, '%28').replace(/\)/g, '%29'); -}; + function accessTokenDone(err, xhr) { + o.done(); + if (err) return callback(err); + var access_token = ohauth.stringQs(xhr.response); + console.log("final_access_token", access_token); + token("oauth_token", access_token.oauth_token); + token("oauth_token_secret", access_token.oauth_token_secret); + callback(null, oauth); + } -ohauth.baseString = function(method, url, params) { - if (params.oauth_signature) delete params.oauth_signature; - return [ - method, - ohauth.percentEncode(url), - ohauth.percentEncode(ohauth.qsString(params))].join('&'); -}; + get_access_token(oauth_token); + }; -ohauth.signature = function(oauth_secret, token_secret, baseString) { - return sha1.b64_hmac( - ohauth.percentEncode(oauth_secret) + '&' + - ohauth.percentEncode(token_secret), - baseString); -}; + // # xhr + // + // A single XMLHttpRequest wrapper that does authenticated calls if the + // user has logged in. + oauth.xhr = function (options, callback) { + if (!oauth.authenticated()) { + if (o.auto) { + return oauth.authenticate(run); + } else { + callback("not authenticated", null); + return; + } + } else { + return run(); + } -/** - * Takes an options object for configuration (consumer_key, - * consumer_secret, version, signature_method, token, token_secret) - * and returns a function that generates the Authorization header - * for given data. - * - * The returned function takes these parameters: - * - method: GET/POST/... - * - uri: full URI with protocol, port, path and query string - * - extra_params: any extra parameters (that are passed in the POST data), - * can be an object or a from-urlencoded string. - * - * Returned function returns full OAuth header with "OAuth" string in it. - */ + function run() { + var params = timenonce(getAuth(o)), + oauth_token_secret = token("oauth_token_secret"), + url = options.prefix !== false ? o.url + options.path : options.path, + url_parts = url.replace(/#.*$/, "").split("?", 2), + base_url = url_parts[0], + query = url_parts.length === 2 ? url_parts[1] : ""; + + // https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1 + if ( + (!options.options || + !options.options.header || + options.options.header["Content-Type"] === + "application/x-www-form-urlencoded") && + options.content + ) { + params = xtend(params, ohauth.stringQs(options.content)); + } -ohauth.headerGenerator = function(options) { - options = options || {}; - var consumer_key = options.consumer_key || '', - consumer_secret = options.consumer_secret || '', - signature_method = options.signature_method || 'HMAC-SHA1', - version = options.version || '1.0', - token = options.token || '', - token_secret = options.token_secret || ''; + params.oauth_token = token("oauth_token"); + params.oauth_signature = ohauth.signature( + o.oauth_secret, + oauth_token_secret, + ohauth.baseString( + options.method, + base_url, + xtend(params, ohauth.stringQs(query)) + ) + ); + + return ohauth.xhr( + options.method, + url, + params, + options.content, + options.options, + done + ); + } - return function(method, uri, extra_params) { - method = method.toUpperCase(); - if (typeof extra_params === 'string' && extra_params.length > 0) { - extra_params = ohauth.stringQs(extra_params); - } + function done(err, xhr) { + if (err) return callback(err); + else if (xhr.responseXML) return callback(err, xhr.responseXML); + else return callback(err, xhr.response); + } + }; - var uri_parts = uri.split('?', 2), - base_uri = uri_parts[0]; + // pre-authorize this object, if we can just get a token and token_secret + // from the start + oauth.preauth = function (c) { + if (!c) return; + if (c.client_id) token("client_id", c.client_id); + if (c.oauth_token_secret) token("oauth_token_secret", c.oauth_token_secret); + return oauth; + }; - var query_params = uri_parts.length === 2 ? - ohauth.stringQs(uri_parts[1]) : {}; + oauth.options = function (_) { + if (!arguments.length) return o; - var oauth_params = { - oauth_consumer_key: consumer_key, - oauth_signature_method: signature_method, - oauth_version: version, - oauth_timestamp: ohauth.timestamp(), - oauth_nonce: ohauth.nonce() - }; + o = _; + o.url = o.url || "https://www.openstreetmap.org"; + o.landing = o.landing || "land.html"; + o.singlepage = o.singlepage || false; - if (token) oauth_params.oauth_token = token; + // Optional loading and loading-done functions for nice UI feedback. + // by default, no-ops + o.loading = o.loading || function () {}; + o.done = o.done || function () {}; + return oauth.preauth(o); + }; - var all_params = xtend({}, oauth_params, query_params, extra_params), - base_str = ohauth.baseString(method, base_uri, all_params); + // 'stamp' an authentication object from `getAuth()` + // with a [nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) + // and timestamp + function timenonce(o) { + o.oauth_timestamp = ohauth.timestamp(); + o.oauth_nonce = ohauth.nonce(); + return o; + } - oauth_params.oauth_signature = ohauth.signature(consumer_secret, token_secret, base_str); + // get/set tokens. These are prefixed with the base URL so that `osm-auth` + // can be used with multiple APIs and the keys in `localStorage` + // will not clash + var token; - return 'OAuth ' + ohauth.authHeader(oauth_params); + if (store.enabled) { + token = function (x, y) { + if (arguments.length === 1) return store.get(o.url + x); + else if (arguments.length === 2) return store.set(o.url + x, y); }; -}; + } else { + var storage = {}; + token = function (x, y) { + if (arguments.length === 1) return storage[o.url + x]; + else if (arguments.length === 2) return (storage[o.url + x] = y); + }; + } -module.exports = ohauth; + // Get an authentication object. If you just add and remove properties + // from a single object, you'll need to use `delete` to make sure that + // it doesn't contain undesired properties for authentication + function getAuth(o) { + return { + oauth_consumer_key: o.oauth_consumer_key, + oauth_signature_method: "HMAC-SHA1", + }; + } + + // potentially pre-authorize + oauth.options(o); + + return oauth; +}; -},{"jshashes":2}],4:[function(require,module,exports){ +},{"ohauth":1,"resolve-url":4,"store":5}],4:[function(require,module,exports){ // Copyright 2014 Simon Lydell // X11 (“MIT”) Licensed. (See LICENSE.) @@ -3535,5 +3607,5 @@ function clearAll() { return sessionStorage().clear() } -},{"../src/util":9}]},{},[1])(1) +},{"../src/util":9}]},{},[3])(3) }); diff --git a/osmauth.min.js b/osmauth.min.js index a00c7c6..0c8f205 100644 --- a/osmauth.min.js +++ b/osmauth.min.js @@ -1 +1 @@ -!function(f){"object"==typeof exports&&"undefined"!=typeof module?module.exports=f():"function"==typeof define&&define.amd?define([],f):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).osmAuth=f()}(function(){var define,module,exports;return function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var p="function"==typeof require&&require;if(!f&&p)return p(i,!0);if(u)return u(i,!0);throw(p=new Error("Cannot find module '"+i+"'")).code="MODULE_NOT_FOUND",p}p=n[i]={exports:{}},e[i][0].call(p.exports,function(r){return o(e[i][1][r]||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i>>6&31,128|63&x):x<=65535?output+=String.fromCharCode(224|x>>>12&15,128|x>>>6&63,128|63&x):x<=2097151&&(output+=String.fromCharCode(240|x>>>18&7,128|x>>>12&63,128|x>>>6&63,128|63&x));return output}function safe_add(x,y){var lsw=(65535&x)+(65535&y);return(x>>16)+(y>>16)+(lsw>>16)<<16|65535&lsw}function bit_rol(num,cnt){return num<>>32-cnt}function rstr2hex(input,hexcase){for(var x,hex_tab=hexcase?"0123456789ABCDEF":"0123456789abcdef",output="",i=0,l=input.length;i>>4&15)+hex_tab.charAt(15&x);return output}function binb2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>24-i%32&255);return output}function binl2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>i%32&255);return output}function rstr2binl(input){for(var l=8*input.length,output=Array(input.length>>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<<24-i%32;return output}function rstr2any(input,encoding){for(var q,x,quotient,output,full_length,divisor=encoding.length,remainders=Array(),dividend=Array(Math.ceil(input.length/2)),ld=dividend.length,i=0;i8*input.length?output+=b64pad:output+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(triplet>>>6*(3-j)&63);return output}Hashes={VERSION:"1.0.6",Base64:function(){var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",pad="=",utf8=!0;this.encode=function(input){var i,j,triplet,output="",len=input.length;for(pad=pad||"=",input=utf8?utf8Encode(input):input,i=0;i>>6*(3-j)&63);return output},this.decode=function(input){var i,o1,o2,h3,h4,o3,ac,dec="",arr=[];if(!input)return input;for(i=ac=0,input=input.replace(new RegExp("\\"+pad,"gi"),"");o1=(o3=tab.indexOf(input.charAt(i+=1))<<18|tab.indexOf(input.charAt(i+=1))<<12|(h3=tab.indexOf(input.charAt(i+=1)))<<6|(h4=tab.indexOf(input.charAt(i+=1))))>>16&255,o2=o3>>8&255,o3=255&o3,arr[ac+=1]=64===h3?String.fromCharCode(o1):64===h4?String.fromCharCode(o1,o2):String.fromCharCode(o1,o2,o3),i>>8^"0x"+table.substr(9*y,8);return(-1^crc)>>>0},MD5:function(options){var hexcase=!(!options||"boolean"!=typeof options.uppercase)&&options.uppercase,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,hash){var bkey,ipad,opad,i;for(key=utf8?utf8Encode(key):key,hash=utf8?utf8Encode(hash):hash,16<(bkey=rstr2binl(key)).length&&(bkey=binl(bkey,8*key.length)),ipad=Array(16),opad=Array(16),i=0;i<16;i+=1)ipad[i]=909522486^bkey[i],opad[i]=1549556828^bkey[i];return hash=binl(ipad.concat(rstr2binl(hash)),512+8*hash.length),binl2rstr(binl(opad.concat(hash),640))}function binl(x,len){var i,olda,oldb,oldc,oldd,a=1732584193,b=-271733879,c=-1732584194,d=271733878;for(x[len>>5]|=128<>>9<<4)]=len,i=0;i>5]|=128<<24-len%32,x[15+(len+64>>9<<4)]=len,i=0;i>>n|X<<32-n}function binb(m,l){var a,b,c,d,e,f,g,h,i,j,T1,T2,HASH=[1779033703,-1150833019,1013904242,-1521486534,1359893119,-1694144372,528734635,1541459225],W=new Array(64);for(m[l>>5]|=128<<24-l%32,m[15+(l+64>>9<<4)]=l,i=0;i>>10,W[j-7]),function(x){return sha256_S(x,7)^sha256_S(x,18)^x>>>3}(W[j-15])),W[j-16]),T1=safe_add(safe_add(safe_add(safe_add(h,function(x){return sha256_S(x,6)^sha256_S(x,11)^sha256_S(x,25)}(e)),function(x,y,z){return x&y^~x&z}(e,f,g)),sha256_K[j]),W[j]),T2=safe_add(function(x){return sha256_S(x,2)^sha256_S(x,13)^sha256_S(x,22)}(a),function(x,y,z){return x&y^x&z^y&z}(a,b,c)),h=g,g=f,f=e,e=safe_add(d,T1),d=c,c=b,b=a,a=safe_add(T1,T2);HASH[0]=safe_add(a,HASH[0]),HASH[1]=safe_add(b,HASH[1]),HASH[2]=safe_add(c,HASH[2]),HASH[3]=safe_add(d,HASH[3]),HASH[4]=safe_add(e,HASH[4]),HASH[5]=safe_add(f,HASH[5]),HASH[6]=safe_add(g,HASH[6]),HASH[7]=safe_add(h,HASH[7])}return HASH}this.hex=function(s){return rstr2hex(rstr(s,utf8))},this.b64=function(s){return rstr2b64(rstr(s,utf8),b64pad)},this.any=function(s,e){return rstr2any(rstr(s,utf8),e)},this.raw=function(s){return rstr(s,utf8)},this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this},sha256_K=[1116352408,1899447441,-1245643825,-373957723,961987163,1508970993,-1841331548,-1424204075,-670586216,310598401,607225278,1426881987,1925078388,-2132889090,-1680079193,-1046744716,-459576895,-272742522,264347078,604807628,770255983,1249150122,1555081692,1996064986,-1740746414,-1473132947,-1341970488,-1084653625,-958395405,-710438585,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,-2117940946,-1838011259,-1564481375,-1474664885,-1035236496,-949202525,-778901479,-694614492,-200395387,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,-2067236844,-1933114872,-1866530822,-1538233109,-1090935817,-965641998]},SHA512:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var sha512_k,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binb2rstr(binb(rstr2binb(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,hash){key=utf8?utf8Encode(key):key,hash=utf8?utf8Encode(hash):hash;var i=0,bkey=rstr2binb(key),ipad=Array(32),opad=Array(32);for(32>5]|=128<<24-(31&len),x[31+(len+128>>10<<5)]=len,l=x.length,i=0;i>>16)+(b.l>>>16)+(s0.l>>>16)+(w3.l>>>16)+(w0>>>16),w2=(65535&s1.h)+(65535&b.h)+(65535&s0.h)+(65535&w3.h)+(w1>>>16),w3=(s1.h>>>16)+(b.h>>>16)+(s0.h>>>16)+(w3.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|w3<<16}(W[j],W[j-7],W[j-16]);for(j=0;j<80;j+=1)Ch.l=e.l&f.l^~e.l&g.l,Ch.h=e.h&f.h^~e.h&g.h,int64rrot(r1,e,14),int64rrot(r2,e,18),int64revrrot(r3,e,9),s1.l=r1.l^r2.l^r3.l,s1.h=r1.h^r2.h^r3.h,int64rrot(r1,a,28),int64revrrot(r2,a,2),int64revrrot(r3,a,7),s0.l=r1.l^r2.l^r3.l,s0.h=r1.h^r2.h^r3.h,Maj.l=a.l&b.l^a.l&c.l^b.l&c.l,Maj.h=a.h&b.h^a.h&c.h^b.h&c.h,function(dst,d,w3){var w0=(65535&h.l)+(65535&s1.l)+(65535&Ch.l)+(65535&d.l)+(65535&w3.l),w1=(h.l>>>16)+(s1.l>>>16)+(Ch.l>>>16)+(d.l>>>16)+(w3.l>>>16)+(w0>>>16),w2=(65535&h.h)+(65535&s1.h)+(65535&Ch.h)+(65535&d.h)+(65535&w3.h)+(w1>>>16),w3=(h.h>>>16)+(s1.h>>>16)+(Ch.h>>>16)+(d.h>>>16)+(w3.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|w3<<16}(T1,sha512_k[j],W[j]),int64add(T2,s0,Maj),int64copy(h,g),int64copy(g,f),int64copy(f,e),int64add(e,d,T1),int64copy(d,c),int64copy(c,b),int64copy(b,a),int64add(a,T1,T2);int64add(H[0],H[0],a),int64add(H[1],H[1],b),int64add(H[2],H[2],c),int64add(H[3],H[3],d),int64add(H[4],H[4],e),int64add(H[5],H[5],f),int64add(H[6],H[6],g),int64add(H[7],H[7],h)}for(i=0;i<8;i+=1)hash[2*i]=H[i].h,hash[2*i+1]=H[i].l;return hash}function int64(h,l){this.h=h,this.l=l}function int64copy(dst,src){dst.h=src.h,dst.l=src.l}function int64rrot(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift|x.l<<32-shift}function int64revrrot(dst,x,shift){dst.l=x.h>>>shift|x.l<<32-shift,dst.h=x.l>>>shift|x.h<<32-shift}function int64shr(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift}function int64add(dst,x,w3){var w0=(65535&x.l)+(65535&w3.l),w1=(x.l>>>16)+(w3.l>>>16)+(w0>>>16),w2=(65535&x.h)+(65535&w3.h)+(w1>>>16),w3=(x.h>>>16)+(w3.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|w3<<16}this.hex=function(s){return rstr2hex(rstr(s))},this.b64=function(s){return rstr2b64(rstr(s),b64pad)},this.any=function(s,e){return rstr2any(rstr(s),e)},this.raw=rstr,this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this}},RMD160:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var b64pad=options&&"string"==typeof options.pad?options.pa:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8,rmd160_r1=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],rmd160_r2=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],rmd160_s1=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],rmd160_s2=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,hash){key=utf8?utf8Encode(key):key,hash=utf8?utf8Encode(hash):hash;var i,bkey=rstr2binl(key),ipad=Array(16),opad=Array(16);for(16>5]>>>i%32&255);return output}function binl(x,len){var T,j,i,l,A1,B1,C1,D1,E1,A2,B2,C2,D2,E2,h0=1732584193,h1=4023233417,h2=2562383102,h3=271733878,h4=3285377520;for(x[len>>5]|=128<>>9<<4)]=len,l=x.length,i=0;idocument.w=window<\/script>'),storageContainer.close(),storageOwner=storageContainer.w.frames[0].document,storageEl=storageOwner.createElement("div")}catch(e){storageEl=doc.createElement("div"),storageOwner=doc.body}return function(storeFunction){var args=[].slice.call(arguments,0);args.unshift(storageEl),storageOwner.appendChild(storageEl),storageEl.addBehavior("#default#userData"),storageEl.load(storageName),storeFunction.apply(this,args),storageOwner.removeChild(storageEl)}}(),disable=(Global.navigator?Global.navigator.userAgent:"").match(/ (MSIE 8|MSIE 9|MSIE 10)\./);var forbiddenCharsRegex=new RegExp("[!\"#$%&'()*+,/\\\\:;<=>?@[\\]^`{|}~]","g");function fixKey(key){return key.replace(/^\d/,"___$&").replace(forbiddenCharsRegex,"___")}},{"../src/util":9}],16:[function(require,module,exports){var Global=require("../src/util").Global;function sessionStorage(){return Global.sessionStorage}function read(key){return sessionStorage().getItem(key)}module.exports={name:"sessionStorage",read:read,write:function(key,data){return sessionStorage().setItem(key,data)},each:function(fn){for(var i=sessionStorage().length-1;0<=i;i--){var key=sessionStorage().key(i);fn(read(key),key)}},remove:function(key){return sessionStorage().removeItem(key)},clearAll:function(){return sessionStorage().clear()}}},{"../src/util":9}]},{},[1])(1)}); +!function(f){"object"==typeof exports&&"undefined"!=typeof module?module.exports=f():"function"==typeof define&&define.amd?define([],f):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).osmAuth=f()}(function(){var define,module,exports;return function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);throw(f=new Error("Cannot find module '"+i+"'")).code="MODULE_NOT_FOUND",f}c=n[i]={exports:{}},e[i][0].call(c.exports,function(r){return o(e[i][1][r]||r)},c,c.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i>>6&31,128|63&x):x<=65535?output+=String.fromCharCode(224|x>>>12&15,128|x>>>6&63,128|63&x):x<=2097151&&(output+=String.fromCharCode(240|x>>>18&7,128|x>>>12&63,128|x>>>6&63,128|63&x));return output}function safe_add(x,y){var lsw=(65535&x)+(65535&y);return(x>>16)+(y>>16)+(lsw>>16)<<16|65535&lsw}function bit_rol(num,cnt){return num<>>32-cnt}function rstr2hex(input,hexcase){for(var x,hex_tab=hexcase?"0123456789ABCDEF":"0123456789abcdef",output="",i=0,l=input.length;i>>4&15)+hex_tab.charAt(15&x);return output}function binb2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>24-i%32&255);return output}function binl2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>i%32&255);return output}function rstr2binl(input){for(var l=8*input.length,output=Array(input.length>>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<<24-i%32;return output}function rstr2any(input,encoding){for(var q,x,quotient,output,full_length,divisor=encoding.length,remainders=Array(),dividend=Array(Math.ceil(input.length/2)),ld=dividend.length,i=0;i8*input.length?output+=b64pad:output+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(triplet>>>6*(3-j)&63);return output}window=this,freeExports=!(Hashes={VERSION:"1.0.6",Base64:function(){var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",pad="=",utf8=!0;this.encode=function(input){var i,j,triplet,output="",len=input.length;for(pad=pad||"=",input=utf8?utf8Encode(input):input,i=0;i>>6*(3-j)&63);return output},this.decode=function(input){var i,o1,o2,h3,h4,bits,ac,dec="",arr=[];if(!input)return input;for(i=ac=0,input=input.replace(new RegExp("\\"+pad,"gi"),"");o1=(bits=tab.indexOf(input.charAt(i+=1))<<18|tab.indexOf(input.charAt(i+=1))<<12|(h3=tab.indexOf(input.charAt(i+=1)))<<6|(h4=tab.indexOf(input.charAt(i+=1))))>>16&255,o2=bits>>8&255,bits=255&bits,arr[ac+=1]=64===h3?String.fromCharCode(o1):64===h4?String.fromCharCode(o1,o2):String.fromCharCode(o1,o2,bits),i>>8^"0x"+table.substr(9*y,8);return(-1^crc)>>>0},MD5:function(options){var hexcase=!(!options||"boolean"!=typeof options.uppercase)&&options.uppercase,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){var bkey,ipad,opad,i;for(key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data,16<(bkey=rstr2binl(key)).length&&(bkey=binl(bkey,8*key.length)),ipad=Array(16),opad=Array(16),i=0;i<16;i+=1)ipad[i]=909522486^bkey[i],opad[i]=1549556828^bkey[i];return key=binl(ipad.concat(rstr2binl(data)),512+8*data.length),binl2rstr(binl(opad.concat(key),640))}function binl(x,len){var i,olda,oldb,oldc,oldd,a=1732584193,b=-271733879,c=-1732584194,d=271733878;for(x[len>>5]|=128<>>9<<4)]=len,i=0;i>5]|=128<<24-len%32,x[15+(len+64>>9<<4)]=len,i=0;i>>n|X<<32-n}function binb(m,l){var a,b,c,d,e,f,g,h,i,j,T2,x,HASH=[1779033703,-1150833019,1013904242,-1521486534,1359893119,-1694144372,528734635,1541459225],W=new Array(64);for(m[l>>5]|=128<<24-l%32,m[15+(l+64>>9<<4)]=l,i=0;i>>10,W[j-7]),function(x){return sha256_S(x,7)^sha256_S(x,18)^x>>>3}(W[j-15])),W[j-16]),x=safe_add(safe_add(safe_add(safe_add(h,function(x){return sha256_S(x,6)^sha256_S(x,11)^sha256_S(x,25)}(e)),function(x,y,z){return x&y^~x&z}(e,f,g)),sha256_K[j]),W[j]),T2=safe_add(function(x){return sha256_S(x,2)^sha256_S(x,13)^sha256_S(x,22)}(a),function(x,y,z){return x&y^x&z^y&z}(a,b,c)),h=g,g=f,f=e,e=safe_add(d,x),d=c,c=b,b=a,a=safe_add(x,T2);HASH[0]=safe_add(a,HASH[0]),HASH[1]=safe_add(b,HASH[1]),HASH[2]=safe_add(c,HASH[2]),HASH[3]=safe_add(d,HASH[3]),HASH[4]=safe_add(e,HASH[4]),HASH[5]=safe_add(f,HASH[5]),HASH[6]=safe_add(g,HASH[6]),HASH[7]=safe_add(h,HASH[7])}return HASH}this.hex=function(s){return rstr2hex(rstr(s,utf8))},this.b64=function(s){return rstr2b64(rstr(s,utf8),b64pad)},this.any=function(s,e){return rstr2any(rstr(s,utf8),e)},this.raw=function(s){return rstr(s,utf8)},this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this},sha256_K=[1116352408,1899447441,-1245643825,-373957723,961987163,1508970993,-1841331548,-1424204075,-670586216,310598401,607225278,1426881987,1925078388,-2132889090,-1680079193,-1046744716,-459576895,-272742522,264347078,604807628,770255983,1249150122,1555081692,1996064986,-1740746414,-1473132947,-1341970488,-1084653625,-958395405,-710438585,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,-2117940946,-1838011259,-1564481375,-1474664885,-1035236496,-949202525,-778901479,-694614492,-200395387,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,-2067236844,-1933114872,-1866530822,-1538233109,-1090935817,-965641998]},SHA512:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var sha512_k,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binb2rstr(binb(rstr2binb(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data;var i=0,bkey=rstr2binb(key),ipad=Array(32),opad=Array(32);for(32>5]|=128<<24-(31&len),x[31+(len+128>>10<<5)]=len,l=x.length,i=0;i>>16)+(b.l>>>16)+(c.l>>>16)+(d.l>>>16)+(w0>>>16),w2=(65535&a.h)+(65535&b.h)+(65535&c.h)+(65535&d.h)+(w1>>>16),a=(a.h>>>16)+(b.h>>>16)+(c.h>>>16)+(d.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|a<<16}(W[j],s1,W[j-7],s0,W[j-16]);for(j=0;j<80;j+=1)Ch.l=e.l&f.l^~e.l&g.l,Ch.h=e.h&f.h^~e.h&g.h,int64rrot(r1,e,14),int64rrot(r2,e,18),int64revrrot(r3,e,9),s1.l=r1.l^r2.l^r3.l,s1.h=r1.h^r2.h^r3.h,int64rrot(r1,a,28),int64revrrot(r2,a,2),int64revrrot(r3,a,7),s0.l=r1.l^r2.l^r3.l,s0.h=r1.h^r2.h^r3.h,Maj.l=a.l&b.l^a.l&c.l^b.l&c.l,Maj.h=a.h&b.h^a.h&c.h^b.h&c.h,function(dst,a,b,c,d,e){var w0=(65535&a.l)+(65535&b.l)+(65535&c.l)+(65535&d.l)+(65535&e.l),w1=(a.l>>>16)+(b.l>>>16)+(c.l>>>16)+(d.l>>>16)+(e.l>>>16)+(w0>>>16),w2=(65535&a.h)+(65535&b.h)+(65535&c.h)+(65535&d.h)+(65535&e.h)+(w1>>>16),a=(a.h>>>16)+(b.h>>>16)+(c.h>>>16)+(d.h>>>16)+(e.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|a<<16}(T1,h,s1,Ch,sha512_k[j],W[j]),int64add(T2,s0,Maj),int64copy(h,g),int64copy(g,f),int64copy(f,e),int64add(e,d,T1),int64copy(d,c),int64copy(c,b),int64copy(b,a),int64add(a,T1,T2);int64add(H[0],H[0],a),int64add(H[1],H[1],b),int64add(H[2],H[2],c),int64add(H[3],H[3],d),int64add(H[4],H[4],e),int64add(H[5],H[5],f),int64add(H[6],H[6],g),int64add(H[7],H[7],h)}for(i=0;i<8;i+=1)hash[2*i]=H[i].h,hash[2*i+1]=H[i].l;return hash}function int64(h,l){this.h=h,this.l=l}function int64copy(dst,src){dst.h=src.h,dst.l=src.l}function int64rrot(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift|x.l<<32-shift}function int64revrrot(dst,x,shift){dst.l=x.h>>>shift|x.l<<32-shift,dst.h=x.l>>>shift|x.h<<32-shift}function int64shr(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift}function int64add(dst,x,y){var w0=(65535&x.l)+(65535&y.l),w1=(x.l>>>16)+(y.l>>>16)+(w0>>>16),w2=(65535&x.h)+(65535&y.h)+(w1>>>16),x=(x.h>>>16)+(y.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|x<<16}this.hex=function(s){return rstr2hex(rstr(s))},this.b64=function(s){return rstr2b64(rstr(s),b64pad)},this.any=function(s,e){return rstr2any(rstr(s),e)},this.raw=rstr,this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this}},RMD160:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var b64pad=options&&"string"==typeof options.pad?options.pa:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8,rmd160_r1=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],rmd160_r2=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],rmd160_s1=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],rmd160_s2=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data;var i,bkey=rstr2binl(key),ipad=Array(16),opad=Array(16);for(16>5]>>>i%32&255);return output}function binl(x,len){var T,j,i,l,A1,B1,C1,D1,E1,A2,B2,C2,D2,E2,h0=1732584193,h1=4023233417,h2=2562383102,h3=271733878,h4=3285377520;for(x[len>>5]|=128<>>9<<4)]=len,l=x.length,i=0;idocument.w=window<\/script>'),storageContainer.close(),storageOwner=storageContainer.w.frames[0].document,storageEl=storageOwner.createElement("div")}catch(e){storageEl=doc.createElement("div"),storageOwner=doc.body}return function(storeFunction){var args=[].slice.call(arguments,0);args.unshift(storageEl),storageOwner.appendChild(storageEl),storageEl.addBehavior("#default#userData"),storageEl.load(storageName),storeFunction.apply(this,args),storageOwner.removeChild(storageEl)}}(),disable=(require.navigator?require.navigator.userAgent:"").match(/ (MSIE 8|MSIE 9|MSIE 10)\./);var forbiddenCharsRegex=new RegExp("[!\"#$%&'()*+,/\\\\:;<=>?@[\\]^`{|}~]","g");function fixKey(key){return key.replace(/^\d/,"___$&").replace(forbiddenCharsRegex,"___")}},{"../src/util":9}],16:[function(require,module,exports){var Global=require("../src/util").Global;function sessionStorage(){return Global.sessionStorage}function read(key){return sessionStorage().getItem(key)}module.exports={name:"sessionStorage",read:read,write:function(key,data){return sessionStorage().setItem(key,data)},each:function(fn){for(var i=sessionStorage().length-1;0<=i;i--){var key=sessionStorage().key(i);fn(read(key),key)}},remove:function(key){return sessionStorage().removeItem(key)},clearAll:function(){return sessionStorage().clear()}}},{"../src/util":9}]},{},[3])(3)}); diff --git a/package.json b/package.json index ea713e5..3133d35 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "main": "index.js", "types": "index.d.ts", "dependencies": { - "ohauth": "~1.0.1", + "ohauth": "file:../ohauth", "resolve-url": "~0.2.1", "store": "~2.0.12" }, From 2387b5e7048df37fb006d14fbf4870b39335f87a Mon Sep 17 00:00:00 2001 From: Hel Nershing Thapa Date: Mon, 7 Mar 2022 14:40:11 +0545 Subject: [PATCH 2/6] store set/get updated --- index.html | 11 ++++++----- index.js | 15 +++++++-------- osmauth.js | 17 ++++++++--------- osmauth.min.js | 2 +- 4 files changed, 22 insertions(+), 23 deletions(-) diff --git a/index.html b/index.html index 38cb83c..6e133c5 100644 --- a/index.html +++ b/index.html @@ -58,8 +58,9 @@

- - + + + \ No newline at end of file diff --git a/index.js b/index.js index 0ca83e5..623f86e 100644 --- a/index.js +++ b/index.js @@ -1,24 +1,8 @@ "use strict"; var ohauth = require("ohauth"); -var resolveUrl = require("resolve-url"); var store = require("store"); -// # xtend -var hasOwnProperty = Object.prototype.hasOwnProperty; -function xtend() { - var target = {}; - for (var i = 0; i < arguments.length; i++) { - var source = arguments[i]; - for (var key in source) { - if (hasOwnProperty.call(source, key)) { - target[key] = source[key]; - } - } - } - return target; -} - // # osm-auth // // This code is only compatible with IE10+ because the [XDomainRequest](http://bit.ly/LfO7xo) @@ -27,16 +11,12 @@ function xtend() { module.exports = function (o) { var oauth = {}; - // authenticated users will also have a request token secret, but it's - // not used in transactions with the server oauth.authenticated = function () { - return !!token("oauth_token"); + return !!token("access_token"); }; oauth.logout = function () { - token("oauth_token", ""); - token("oauth_token_secret", ""); - token("oauth_request_token_secret", ""); + token("access_token", ""); return oauth; }; @@ -46,23 +26,17 @@ module.exports = function (o) { oauth.logout(); - // ## Getting a request token - var params = timenonce(getAuth(o)), - url = - o.url + - "/oauth2/authorize?" + - ohauth.qsString({ - client_id: o.client_id, - redirect_uri: o.redirect_uri, - response_type: "code", - scope: ["read_prefs write_api"], - }); - - // params.oauth_signature = ohauth.signature( - // o.oauth_secret, - // "", - // ohauth.baseString("POST", url, params) - // ); + // ## Request authorization to access resources from the user + // and receive authorization code + var url = + o.url + + "/oauth2/authorize?" + + ohauth.qsString({ + client_id: o.client_id, + redirect_uri: o.redirect_uri, + response_type: "code", + scope: o.scope, + }); if (!o.singlepage) { // Create a 600x550 popup window in the center of the screen @@ -89,105 +63,41 @@ module.exports = function (o) { } } - // Request a request token. When this is complete, the popup - // window is redirected to OSM's authorization page. - // ohauth.xhr( - // "GET", - // url, - // params, - // null, - // { - // // header: { - // // "Content-Type": "application/x-www-form-urlencoded", - // // "X-Requested-With": "XMLHttpRequest", - // // "Access-Control-Allow-Origin": "*", - // // }, - // }, - // reqTokenDone - // ); - // o.loading(); - - // function reqTokenDone(err, xhr) { - // console.log("done ma chiryoooo", err, xhr); - // o.done(); - // if (err) return callback(err); - // var resp = ohauth.stringQs(xhr.response); - // console.log("resp", resp); - // token("oauth_code", resp.oauth_token_secret); - // var authorize_url = - // o.url + - // "/oauth/authorize?" + - // ohauth.qsString({ - // oauth_token: resp.oauth_token, - // oauth_callback: resolveUrl(o.landing), - // }); - - // console.log("yaha pugisakyo??"); - // if (o.singlepage) { - // location.href = authorize_url; - // } else { - // popup.location = authorize_url; - // } - // } - // Called by a function in a landing page, in the popup window. The // window closes itself. - window.authComplete = function (token) { - var oauth_token = ohauth.stringQs(token.split("?")[1]); - get_access_token(oauth_token.code); + window.authComplete = function (url) { + var params = ohauth.stringQs(url.split("?")[1]); + get_access_token(params.code); delete window.authComplete; }; - // ## Getting an request token - // - // At this point we have an `oauth_token`, brought in from a function - // call on a landing page popup. - function get_access_token(oauth_token) { + // ## Getting an access token + // The client requests an access token by authenticating with the + // authorization server and presenting the `auth_code`, brought + // in from a function call on a landing page popup. + function get_access_token(auth_code) { var url = - o.url + - "/oauth2/token?" + - ohauth.qsString({ - client_id: o.client_id, - grant_type: "authorization_code", - code: oauth_token, - redirect_uri: o.redirect_uri, - client_secret: o.client_secret, - }), - params = timenonce(getAuth(o)), - request_token_secret = token("oauth_request_token_secret"); - params.oauth_token = oauth_token; - params.oauth_signature = ohauth.signature( - o.oauth_secret, - request_token_secret, - ohauth.baseString("POST", url, params) - ); - - // ## Getting an access token + o.url + + "/oauth2/token?" + + ohauth.qsString({ + client_id: o.client_id, + grant_type: "authorization_code", + code: auth_code, + redirect_uri: o.redirect_uri, + client_secret: o.client_secret, + }); - // fetch(url, { - // method: "POST", - // headers: new Headers({ - // "content-type": "application/x-www-form-urlencoded", - // }), - // }) - // .then((res) => res.json()) - // .then((res) => accessTokenDone(res)) - // .catch((err) => console.error(err)); - // - // The final token required for authentication. At this point - // we have a `request token secret` - ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + // The authorization server authenticates the client and validates + // the authorization grant, and if valid, issues an access token. + ohauth.xhr("POST", url, null, null, {}, accessTokenDone); o.loading(); } - // EDIT THIS OK - function accessTokenDone(err, xhr) { o.done(); if (err) return callback(err); var access_token = JSON.parse(xhr.response); - console.log("FINAL", JSON.parse(xhr.response)); - token("oauth_token", access_token.access_token); + token("access_token", access_token.access_token); callback(null, oauth); } }; @@ -207,39 +117,37 @@ module.exports = function (o) { return brougtPopupToFront; }; - oauth.bootstrapToken = function (oauth_token, callback) { - // ## Getting an request token - // At this point we have an `oauth_token`, brought in from a function - // call on a landing page popup. - function get_access_token(oauth_token) { - var url = o.url + "/oauth/access_token", - params = timenonce(getAuth(o)), - request_token_secret = token("oauth_request_token_secret"); - params.oauth_token = oauth_token; - params.oauth_signature = ohauth.signature( - o.oauth_secret, - request_token_secret, - ohauth.baseString("POST", url, params) - ); + oauth.bootstrapToken = function (auth_code, callback) { + // ## Getting an access token + // The client requests an access token by authenticating with the + // authorization server and presenting the authorization_code + function get_access_token(auth_code) { + var url = + o.url + + "/oauth2/token?" + + ohauth.qsString({ + client_id: o.client_id, + grant_type: "authorization_code", + code: auth_code, + redirect_uri: o.redirect_uri, + client_secret: o.client_secret, + }); - // ## Getting an access token - // The final token required for authentication. At this point - // we have a `request token secret` - ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + // The authorization server authenticates the client and validates + // the authorization grant, and if valid, issues an access token. + ohauth.xhr("POST", url, null, null, {}, accessTokenDone); o.loading(); } function accessTokenDone(err, xhr) { o.done(); if (err) return callback(err); - var access_token = ohauth.stringQs(xhr.response); - console.log("final_access_token", access_token); - token("oauth_token", access_token.oauth_token); - token("oauth_token_secret", access_token.oauth_token_secret); + var access_token = JSON.parse(xhr.response); + token("access_token", access_token.access_token); callback(null, oauth); } - get_access_token(oauth_token); + get_access_token(auth_code); }; // # xhr @@ -259,39 +167,11 @@ module.exports = function (o) { } function run() { - var params = timenonce(getAuth(o)), - oauth_token_secret = token("oauth_token_secret"), - url = options.prefix !== false ? o.url + options.path : options.path, - url_parts = url.replace(/#.*$/, "").split("?", 2), - base_url = url_parts[0], - query = url_parts.length === 2 ? url_parts[1] : ""; - - // https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1 - if ( - (!options.options || - !options.options.header || - options.options.header["Content-Type"] === - "application/x-www-form-urlencoded") && - options.content - ) { - params = xtend(params, ohauth.stringQs(options.content)); - } - - params.oauth_token = token("oauth_token"); - params.oauth_signature = ohauth.signature( - o.oauth_secret, - oauth_token_secret, - ohauth.baseString( - options.method, - base_url, - xtend(params, ohauth.stringQs(query)) - ) - ); - + var url = options.prefix !== false ? o.url + options.path : options.path; return ohauth.xhr( options.method, url, - params, + token("access_token"), options.content, options.options, done @@ -305,12 +185,10 @@ module.exports = function (o) { } }; - // pre-authorize this object, if we can just get a token and token_secret - // from the start + // pre-authorize this object, if we can just get an access token from the start oauth.preauth = function (c) { - console.log("preauth", c); if (!c) return; - if (c.oauth_token) token("oauth_token", c.oauth_token) + if (c.access_token) token("access_token", c.access_token); return oauth; }; @@ -329,15 +207,6 @@ module.exports = function (o) { return oauth.preauth(o); }; - // 'stamp' an authentication object from `getAuth()` - // with a [nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) - // and timestamp - function timenonce(o) { - o.oauth_timestamp = ohauth.timestamp(); - o.oauth_nonce = ohauth.nonce(); - return o; - } - // get/set tokens. These are prefixed with the base URL so that `osm-auth` // can be used with multiple APIs and the keys in `localStorage` // will not clash @@ -356,16 +225,6 @@ module.exports = function (o) { }; } - // Get an authentication object. If you just add and remove properties - // from a single object, you'll need to use `delete` to make sure that - // it doesn't contain undesired properties for authentication - function getAuth(o) { - return { - oauth_consumer_key: o.oauth_consumer_key, - oauth_signature_method: "HMAC-SHA1", - }; - } - // potentially pre-authorize oauth.options(o); diff --git a/osmauth.js b/osmauth.js index 2dfe131..3d91bae 100644 --- a/osmauth.js +++ b/osmauth.js @@ -57,12 +57,11 @@ ohauth.rawxhr = function(method, url, data, headers, callback) { return xhr; }; -ohauth.xhr = function(method, url, auth, data, options, callback) { - console.log("auth", auth) +ohauth.xhr = function(method, url, access_token, data, options, callback) { var headers = (options && options.header) || { 'Content-Type': 'application/x-www-form-urlencoded' }; - headers.Authorization = 'Bearer ' + auth.oauth_token; + headers.Authorization = 'Bearer ' + access_token; return ohauth.rawxhr(method, url, data, headers, callback); }; @@ -1932,24 +1931,8 @@ module.exports = ohauth; "use strict"; var ohauth = require("ohauth"); -var resolveUrl = require("resolve-url"); var store = require("store"); -// # xtend -var hasOwnProperty = Object.prototype.hasOwnProperty; -function xtend() { - var target = {}; - for (var i = 0; i < arguments.length; i++) { - var source = arguments[i]; - for (var key in source) { - if (hasOwnProperty.call(source, key)) { - target[key] = source[key]; - } - } - } - return target; -} - // # osm-auth // // This code is only compatible with IE10+ because the [XDomainRequest](http://bit.ly/LfO7xo) @@ -1958,16 +1941,12 @@ function xtend() { module.exports = function (o) { var oauth = {}; - // authenticated users will also have a request token secret, but it's - // not used in transactions with the server oauth.authenticated = function () { - return !!token("oauth_token"); + return !!token("access_token"); }; oauth.logout = function () { - token("oauth_token", ""); - token("oauth_token_secret", ""); - token("oauth_request_token_secret", ""); + token("access_token", ""); return oauth; }; @@ -1977,23 +1956,17 @@ module.exports = function (o) { oauth.logout(); - // ## Getting a request token - var params = timenonce(getAuth(o)), - url = - o.url + - "/oauth2/authorize?" + - ohauth.qsString({ - client_id: o.client_id, - redirect_uri: o.redirect_uri, - response_type: "code", - scope: ["read_prefs write_api"], - }); - - // params.oauth_signature = ohauth.signature( - // o.oauth_secret, - // "", - // ohauth.baseString("POST", url, params) - // ); + // ## Request authorization to access resources from the user + // and receive authorization code + var url = + o.url + + "/oauth2/authorize?" + + ohauth.qsString({ + client_id: o.client_id, + redirect_uri: o.redirect_uri, + response_type: "code", + scope: o.scope, + }); if (!o.singlepage) { // Create a 600x550 popup window in the center of the screen @@ -2020,105 +1993,41 @@ module.exports = function (o) { } } - // Request a request token. When this is complete, the popup - // window is redirected to OSM's authorization page. - // ohauth.xhr( - // "GET", - // url, - // params, - // null, - // { - // // header: { - // // "Content-Type": "application/x-www-form-urlencoded", - // // "X-Requested-With": "XMLHttpRequest", - // // "Access-Control-Allow-Origin": "*", - // // }, - // }, - // reqTokenDone - // ); - // o.loading(); - - // function reqTokenDone(err, xhr) { - // console.log("done ma chiryoooo", err, xhr); - // o.done(); - // if (err) return callback(err); - // var resp = ohauth.stringQs(xhr.response); - // console.log("resp", resp); - // token("oauth_code", resp.oauth_token_secret); - // var authorize_url = - // o.url + - // "/oauth/authorize?" + - // ohauth.qsString({ - // oauth_token: resp.oauth_token, - // oauth_callback: resolveUrl(o.landing), - // }); - - // console.log("yaha pugisakyo??"); - // if (o.singlepage) { - // location.href = authorize_url; - // } else { - // popup.location = authorize_url; - // } - // } - // Called by a function in a landing page, in the popup window. The // window closes itself. - window.authComplete = function (token) { - var oauth_token = ohauth.stringQs(token.split("?")[1]); - get_access_token(oauth_token.code); + window.authComplete = function (url) { + var params = ohauth.stringQs(url.split("?")[1]); + get_access_token(params.code); delete window.authComplete; }; - // ## Getting an request token - // - // At this point we have an `oauth_token`, brought in from a function - // call on a landing page popup. - function get_access_token(oauth_token) { + // ## Getting an access token + // The client requests an access token by authenticating with the + // authorization server and presenting the `auth_code`, brought + // in from a function call on a landing page popup. + function get_access_token(auth_code) { var url = - o.url + - "/oauth2/token?" + - ohauth.qsString({ - client_id: o.client_id, - grant_type: "authorization_code", - code: oauth_token, - redirect_uri: o.redirect_uri, - client_secret: o.client_secret, - }), - params = timenonce(getAuth(o)), - request_token_secret = token("oauth_request_token_secret"); - params.oauth_token = oauth_token; - params.oauth_signature = ohauth.signature( - o.oauth_secret, - request_token_secret, - ohauth.baseString("POST", url, params) - ); + o.url + + "/oauth2/token?" + + ohauth.qsString({ + client_id: o.client_id, + grant_type: "authorization_code", + code: auth_code, + redirect_uri: o.redirect_uri, + client_secret: o.client_secret, + }); - // ## Getting an access token - - // fetch(url, { - // method: "POST", - // headers: new Headers({ - // "content-type": "application/x-www-form-urlencoded", - // }), - // }) - // .then((res) => res.json()) - // .then((res) => accessTokenDone(res)) - // .catch((err) => console.error(err)); - // - // The final token required for authentication. At this point - // we have a `request token secret` - ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + // The authorization server authenticates the client and validates + // the authorization grant, and if valid, issues an access token. + ohauth.xhr("POST", url, null, null, {}, accessTokenDone); o.loading(); } - // EDIT THIS OK - function accessTokenDone(err, xhr) { o.done(); if (err) return callback(err); var access_token = JSON.parse(xhr.response); - console.log("FINAL", JSON.parse(xhr.response)); - token("oauth_token", access_token.access_token); + token("access_token", access_token.access_token); callback(null, oauth); } }; @@ -2138,39 +2047,37 @@ module.exports = function (o) { return brougtPopupToFront; }; - oauth.bootstrapToken = function (oauth_token, callback) { - // ## Getting an request token - // At this point we have an `oauth_token`, brought in from a function - // call on a landing page popup. - function get_access_token(oauth_token) { - var url = o.url + "/oauth/access_token", - params = timenonce(getAuth(o)), - request_token_secret = token("oauth_request_token_secret"); - params.oauth_token = oauth_token; - params.oauth_signature = ohauth.signature( - o.oauth_secret, - request_token_secret, - ohauth.baseString("POST", url, params) - ); + oauth.bootstrapToken = function (auth_code, callback) { + // ## Getting an access token + // The client requests an access token by authenticating with the + // authorization server and presenting the authorization_code + function get_access_token(auth_code) { + var url = + o.url + + "/oauth2/token?" + + ohauth.qsString({ + client_id: o.client_id, + grant_type: "authorization_code", + code: auth_code, + redirect_uri: o.redirect_uri, + client_secret: o.client_secret, + }); - // ## Getting an access token - // The final token required for authentication. At this point - // we have a `request token secret` - ohauth.xhr("POST", url, params, null, {}, accessTokenDone); + // The authorization server authenticates the client and validates + // the authorization grant, and if valid, issues an access token. + ohauth.xhr("POST", url, null, null, {}, accessTokenDone); o.loading(); } function accessTokenDone(err, xhr) { o.done(); if (err) return callback(err); - var access_token = ohauth.stringQs(xhr.response); - console.log("final_access_token", access_token); - token("oauth_token", access_token.oauth_token); - token("oauth_token_secret", access_token.oauth_token_secret); + var access_token = JSON.parse(xhr.response); + token("access_token", access_token.access_token); callback(null, oauth); } - get_access_token(oauth_token); + get_access_token(auth_code); }; // # xhr @@ -2190,39 +2097,11 @@ module.exports = function (o) { } function run() { - var params = timenonce(getAuth(o)), - oauth_token_secret = token("oauth_token_secret"), - url = options.prefix !== false ? o.url + options.path : options.path, - url_parts = url.replace(/#.*$/, "").split("?", 2), - base_url = url_parts[0], - query = url_parts.length === 2 ? url_parts[1] : ""; - - // https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1 - if ( - (!options.options || - !options.options.header || - options.options.header["Content-Type"] === - "application/x-www-form-urlencoded") && - options.content - ) { - params = xtend(params, ohauth.stringQs(options.content)); - } - - params.oauth_token = token("oauth_token"); - params.oauth_signature = ohauth.signature( - o.oauth_secret, - oauth_token_secret, - ohauth.baseString( - options.method, - base_url, - xtend(params, ohauth.stringQs(query)) - ) - ); - + var url = options.prefix !== false ? o.url + options.path : options.path; return ohauth.xhr( options.method, url, - params, + token("access_token"), options.content, options.options, done @@ -2236,12 +2115,10 @@ module.exports = function (o) { } }; - // pre-authorize this object, if we can just get a token and token_secret - // from the start + // pre-authorize this object, if we can just get an access token from the start oauth.preauth = function (c) { - console.log("preauth", c); if (!c) return; - if (c.oauth_token) token("oauth_token", c.oauth_token) + if (c.access_token) token("access_token", c.access_token); return oauth; }; @@ -2260,15 +2137,6 @@ module.exports = function (o) { return oauth.preauth(o); }; - // 'stamp' an authentication object from `getAuth()` - // with a [nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) - // and timestamp - function timenonce(o) { - o.oauth_timestamp = ohauth.timestamp(); - o.oauth_nonce = ohauth.nonce(); - return o; - } - // get/set tokens. These are prefixed with the base URL so that `osm-auth` // can be used with multiple APIs and the keys in `localStorage` // will not clash @@ -2287,72 +2155,13 @@ module.exports = function (o) { }; } - // Get an authentication object. If you just add and remove properties - // from a single object, you'll need to use `delete` to make sure that - // it doesn't contain undesired properties for authentication - function getAuth(o) { - return { - oauth_consumer_key: o.oauth_consumer_key, - oauth_signature_method: "HMAC-SHA1", - }; - } - // potentially pre-authorize oauth.options(o); return oauth; }; -},{"ohauth":1,"resolve-url":4,"store":5}],4:[function(require,module,exports){ -// Copyright 2014 Simon Lydell -// X11 (“MIT”) Licensed. (See LICENSE.) - -void (function(root, factory) { - if (typeof define === "function" && define.amd) { - define(factory) - } else if (typeof exports === "object") { - module.exports = factory() - } else { - root.resolveUrl = factory() - } -}(this, function() { - - function resolveUrl(/* ...urls */) { - var numUrls = arguments.length - - if (numUrls === 0) { - throw new Error("resolveUrl requires at least one argument; got none.") - } - - var base = document.createElement("base") - base.href = arguments[0] - - if (numUrls === 1) { - return base.href - } - - var head = document.getElementsByTagName("head")[0] - head.insertBefore(base, head.firstChild) - - var a = document.createElement("a") - var resolved - - for (var index = 1; index < numUrls; index++) { - a.href = arguments[index] - resolved = a.href - base.href = resolved - } - - head.removeChild(base) - - return resolved - } - - return resolveUrl - -})); - -},{}],5:[function(require,module,exports){ +},{"ohauth":1,"store":4}],4:[function(require,module,exports){ var engine = require('../src/store-engine') var storages = require('../storages/all') @@ -2360,7 +2169,7 @@ var plugins = [require('../plugins/json2')] module.exports = engine.createStore(storages, plugins) -},{"../plugins/json2":6,"../src/store-engine":8,"../storages/all":10}],6:[function(require,module,exports){ +},{"../plugins/json2":5,"../src/store-engine":7,"../storages/all":9}],5:[function(require,module,exports){ module.exports = json2Plugin function json2Plugin() { @@ -2368,7 +2177,7 @@ function json2Plugin() { return {} } -},{"./lib/json2":7}],7:[function(require,module,exports){ +},{"./lib/json2":6}],6:[function(require,module,exports){ /* eslint-disable */ // json2.js @@ -2877,7 +2686,7 @@ if (typeof JSON !== "object") { }; } }()); -},{}],8:[function(require,module,exports){ +},{}],7:[function(require,module,exports){ var util = require('./util') var slice = util.slice var pluck = util.pluck @@ -3116,7 +2925,7 @@ function createStore(storages, plugins, namespace) { return store } -},{"./util":9}],9:[function(require,module,exports){ +},{"./util":8}],8:[function(require,module,exports){ (function (global){(function (){ var assign = make_assign() var create = make_create() @@ -3238,7 +3047,7 @@ function isObject(val) { } }).call(this)}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {}) -},{}],10:[function(require,module,exports){ +},{}],9:[function(require,module,exports){ module.exports = [ // Listed in order of usage preference require('./localStorage'), @@ -3249,7 +3058,7 @@ module.exports = [ require('./memoryStorage') ] -},{"./cookieStorage":11,"./localStorage":12,"./memoryStorage":13,"./oldFF-globalStorage":14,"./oldIE-userDataStorage":15,"./sessionStorage":16}],11:[function(require,module,exports){ +},{"./cookieStorage":10,"./localStorage":11,"./memoryStorage":12,"./oldFF-globalStorage":13,"./oldIE-userDataStorage":14,"./sessionStorage":15}],10:[function(require,module,exports){ // cookieStorage is useful Safari private browser mode, where localStorage // doesn't work but cookies do. This implementation is adopted from // https://developer.mozilla.org/en-US/docs/Web/API/Storage/LocalStorage @@ -3312,7 +3121,7 @@ function _has(key) { return (new RegExp("(?:^|;\\s*)" + escape(key).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=")).test(doc.cookie) } -},{"../src/util":9}],12:[function(require,module,exports){ +},{"../src/util":8}],11:[function(require,module,exports){ var util = require('../src/util') var Global = util.Global @@ -3352,7 +3161,7 @@ function clearAll() { return localStorage().clear() } -},{"../src/util":9}],13:[function(require,module,exports){ +},{"../src/util":8}],12:[function(require,module,exports){ // memoryStorage is a useful last fallback to ensure that the store // is functions (meaning store.get(), store.set(), etc will all function). // However, stored values will not persist when the browser navigates to @@ -3393,7 +3202,7 @@ function clearAll(key) { memoryStorage = {} } -},{}],14:[function(require,module,exports){ +},{}],13:[function(require,module,exports){ // oldFF-globalStorage provides storage for Firefox // versions 6 and 7, where no localStorage, etc // is available. @@ -3437,7 +3246,7 @@ function clearAll() { }) } -},{"../src/util":9}],15:[function(require,module,exports){ +},{"../src/util":8}],14:[function(require,module,exports){ // oldIE-userDataStorage provides storage for Internet Explorer // versions 6 and 7, where no localStorage, sessionStorage, etc // is available. @@ -3566,7 +3375,7 @@ function _makeIEStorageElFunction() { } } -},{"../src/util":9}],16:[function(require,module,exports){ +},{"../src/util":8}],15:[function(require,module,exports){ var util = require('../src/util') var Global = util.Global @@ -3606,5 +3415,5 @@ function clearAll() { return sessionStorage().clear() } -},{"../src/util":9}]},{},[3])(3) +},{"../src/util":8}]},{},[3])(3) }); diff --git a/osmauth.min.js b/osmauth.min.js index bf0ab84..0e36936 100644 --- a/osmauth.min.js +++ b/osmauth.min.js @@ -1 +1 @@ -!function(f){"object"==typeof exports&&"undefined"!=typeof module?module.exports=f():"function"==typeof define&&define.amd?define([],f):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).osmAuth=f()}(function(){var define,module,exports;return function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);throw(f=new Error("Cannot find module '"+i+"'")).code="MODULE_NOT_FOUND",f}c=n[i]={exports:{}},e[i][0].call(c.exports,function(r){return o(e[i][1][r]||r)},c,c.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i>>6&31,128|63&x):x<=65535?output+=String.fromCharCode(224|x>>>12&15,128|x>>>6&63,128|63&x):x<=2097151&&(output+=String.fromCharCode(240|x>>>18&7,128|x>>>12&63,128|x>>>6&63,128|63&x));return output}function safe_add(x,y){var lsw=(65535&x)+(65535&y);return(x>>16)+(y>>16)+(lsw>>16)<<16|65535&lsw}function bit_rol(num,cnt){return num<>>32-cnt}function rstr2hex(input,hexcase){for(var x,hex_tab=hexcase?"0123456789ABCDEF":"0123456789abcdef",output="",i=0,l=input.length;i>>4&15)+hex_tab.charAt(15&x);return output}function binb2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>24-i%32&255);return output}function binl2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>i%32&255);return output}function rstr2binl(input){for(var l=8*input.length,output=Array(input.length>>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<<24-i%32;return output}function rstr2any(input,encoding){for(var q,x,quotient,output,full_length,divisor=encoding.length,remainders=Array(),dividend=Array(Math.ceil(input.length/2)),ld=dividend.length,i=0;i8*input.length?output+=b64pad:output+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(triplet>>>6*(3-j)&63);return output}window=this,freeExports=!(Hashes={VERSION:"1.0.6",Base64:function(){var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",pad="=",utf8=!0;this.encode=function(input){var i,j,triplet,output="",len=input.length;for(pad=pad||"=",input=utf8?utf8Encode(input):input,i=0;i>>6*(3-j)&63);return output},this.decode=function(input){var i,o1,o2,h3,h4,bits,ac,dec="",arr=[];if(!input)return input;for(i=ac=0,input=input.replace(new RegExp("\\"+pad,"gi"),"");o1=(bits=tab.indexOf(input.charAt(i+=1))<<18|tab.indexOf(input.charAt(i+=1))<<12|(h3=tab.indexOf(input.charAt(i+=1)))<<6|(h4=tab.indexOf(input.charAt(i+=1))))>>16&255,o2=bits>>8&255,bits=255&bits,arr[ac+=1]=64===h3?String.fromCharCode(o1):64===h4?String.fromCharCode(o1,o2):String.fromCharCode(o1,o2,bits),i>>8^"0x"+table.substr(9*y,8);return(-1^crc)>>>0},MD5:function(options){var hexcase=!(!options||"boolean"!=typeof options.uppercase)&&options.uppercase,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){var bkey,ipad,opad,i;for(key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data,16<(bkey=rstr2binl(key)).length&&(bkey=binl(bkey,8*key.length)),ipad=Array(16),opad=Array(16),i=0;i<16;i+=1)ipad[i]=909522486^bkey[i],opad[i]=1549556828^bkey[i];return key=binl(ipad.concat(rstr2binl(data)),512+8*data.length),binl2rstr(binl(opad.concat(key),640))}function binl(x,len){var i,olda,oldb,oldc,oldd,a=1732584193,b=-271733879,c=-1732584194,d=271733878;for(x[len>>5]|=128<>>9<<4)]=len,i=0;i>5]|=128<<24-len%32,x[15+(len+64>>9<<4)]=len,i=0;i>>n|X<<32-n}function binb(m,l){var a,b,c,d,e,f,g,h,i,j,T2,x,HASH=[1779033703,-1150833019,1013904242,-1521486534,1359893119,-1694144372,528734635,1541459225],W=new Array(64);for(m[l>>5]|=128<<24-l%32,m[15+(l+64>>9<<4)]=l,i=0;i>>10,W[j-7]),function(x){return sha256_S(x,7)^sha256_S(x,18)^x>>>3}(W[j-15])),W[j-16]),x=safe_add(safe_add(safe_add(safe_add(h,function(x){return sha256_S(x,6)^sha256_S(x,11)^sha256_S(x,25)}(e)),function(x,y,z){return x&y^~x&z}(e,f,g)),sha256_K[j]),W[j]),T2=safe_add(function(x){return sha256_S(x,2)^sha256_S(x,13)^sha256_S(x,22)}(a),function(x,y,z){return x&y^x&z^y&z}(a,b,c)),h=g,g=f,f=e,e=safe_add(d,x),d=c,c=b,b=a,a=safe_add(x,T2);HASH[0]=safe_add(a,HASH[0]),HASH[1]=safe_add(b,HASH[1]),HASH[2]=safe_add(c,HASH[2]),HASH[3]=safe_add(d,HASH[3]),HASH[4]=safe_add(e,HASH[4]),HASH[5]=safe_add(f,HASH[5]),HASH[6]=safe_add(g,HASH[6]),HASH[7]=safe_add(h,HASH[7])}return HASH}this.hex=function(s){return rstr2hex(rstr(s,utf8))},this.b64=function(s){return rstr2b64(rstr(s,utf8),b64pad)},this.any=function(s,e){return rstr2any(rstr(s,utf8),e)},this.raw=function(s){return rstr(s,utf8)},this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this},sha256_K=[1116352408,1899447441,-1245643825,-373957723,961987163,1508970993,-1841331548,-1424204075,-670586216,310598401,607225278,1426881987,1925078388,-2132889090,-1680079193,-1046744716,-459576895,-272742522,264347078,604807628,770255983,1249150122,1555081692,1996064986,-1740746414,-1473132947,-1341970488,-1084653625,-958395405,-710438585,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,-2117940946,-1838011259,-1564481375,-1474664885,-1035236496,-949202525,-778901479,-694614492,-200395387,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,-2067236844,-1933114872,-1866530822,-1538233109,-1090935817,-965641998]},SHA512:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var sha512_k,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binb2rstr(binb(rstr2binb(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data;var i=0,bkey=rstr2binb(key),ipad=Array(32),opad=Array(32);for(32>5]|=128<<24-(31&len),x[31+(len+128>>10<<5)]=len,l=x.length,i=0;i>>16)+(b.l>>>16)+(c.l>>>16)+(d.l>>>16)+(w0>>>16),w2=(65535&a.h)+(65535&b.h)+(65535&c.h)+(65535&d.h)+(w1>>>16),a=(a.h>>>16)+(b.h>>>16)+(c.h>>>16)+(d.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|a<<16}(W[j],s1,W[j-7],s0,W[j-16]);for(j=0;j<80;j+=1)Ch.l=e.l&f.l^~e.l&g.l,Ch.h=e.h&f.h^~e.h&g.h,int64rrot(r1,e,14),int64rrot(r2,e,18),int64revrrot(r3,e,9),s1.l=r1.l^r2.l^r3.l,s1.h=r1.h^r2.h^r3.h,int64rrot(r1,a,28),int64revrrot(r2,a,2),int64revrrot(r3,a,7),s0.l=r1.l^r2.l^r3.l,s0.h=r1.h^r2.h^r3.h,Maj.l=a.l&b.l^a.l&c.l^b.l&c.l,Maj.h=a.h&b.h^a.h&c.h^b.h&c.h,function(dst,a,b,c,d,e){var w0=(65535&a.l)+(65535&b.l)+(65535&c.l)+(65535&d.l)+(65535&e.l),w1=(a.l>>>16)+(b.l>>>16)+(c.l>>>16)+(d.l>>>16)+(e.l>>>16)+(w0>>>16),w2=(65535&a.h)+(65535&b.h)+(65535&c.h)+(65535&d.h)+(65535&e.h)+(w1>>>16),a=(a.h>>>16)+(b.h>>>16)+(c.h>>>16)+(d.h>>>16)+(e.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|a<<16}(T1,h,s1,Ch,sha512_k[j],W[j]),int64add(T2,s0,Maj),int64copy(h,g),int64copy(g,f),int64copy(f,e),int64add(e,d,T1),int64copy(d,c),int64copy(c,b),int64copy(b,a),int64add(a,T1,T2);int64add(H[0],H[0],a),int64add(H[1],H[1],b),int64add(H[2],H[2],c),int64add(H[3],H[3],d),int64add(H[4],H[4],e),int64add(H[5],H[5],f),int64add(H[6],H[6],g),int64add(H[7],H[7],h)}for(i=0;i<8;i+=1)hash[2*i]=H[i].h,hash[2*i+1]=H[i].l;return hash}function int64(h,l){this.h=h,this.l=l}function int64copy(dst,src){dst.h=src.h,dst.l=src.l}function int64rrot(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift|x.l<<32-shift}function int64revrrot(dst,x,shift){dst.l=x.h>>>shift|x.l<<32-shift,dst.h=x.l>>>shift|x.h<<32-shift}function int64shr(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift}function int64add(dst,x,y){var w0=(65535&x.l)+(65535&y.l),w1=(x.l>>>16)+(y.l>>>16)+(w0>>>16),w2=(65535&x.h)+(65535&y.h)+(w1>>>16),x=(x.h>>>16)+(y.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|x<<16}this.hex=function(s){return rstr2hex(rstr(s))},this.b64=function(s){return rstr2b64(rstr(s),b64pad)},this.any=function(s,e){return rstr2any(rstr(s),e)},this.raw=rstr,this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this}},RMD160:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var b64pad=options&&"string"==typeof options.pad?options.pa:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8,rmd160_r1=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],rmd160_r2=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],rmd160_s1=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],rmd160_s2=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data;var i,bkey=rstr2binl(key),ipad=Array(16),opad=Array(16);for(16>5]>>>i%32&255);return output}function binl(x,len){var T,j,i,l,A1,B1,C1,D1,E1,A2,B2,C2,D2,E2,h0=1732584193,h1=4023233417,h2=2562383102,h3=271733878,h4=3285377520;for(x[len>>5]|=128<>>9<<4)]=len,l=x.length,i=0;idocument.w=window<\/script>'),storageContainer.close(),storageOwner=storageContainer.w.frames[0].document,storageEl=storageOwner.createElement("div")}catch(e){storageEl=doc.createElement("div"),storageOwner=doc.body}return function(storeFunction){var args=[].slice.call(arguments,0);args.unshift(storageEl),storageOwner.appendChild(storageEl),storageEl.addBehavior("#default#userData"),storageEl.load(storageName),storeFunction.apply(this,args),storageOwner.removeChild(storageEl)}}(),disable=(require.navigator?require.navigator.userAgent:"").match(/ (MSIE 8|MSIE 9|MSIE 10)\./);var forbiddenCharsRegex=new RegExp("[!\"#$%&'()*+,/\\\\:;<=>?@[\\]^`{|}~]","g");function fixKey(key){return key.replace(/^\d/,"___$&").replace(forbiddenCharsRegex,"___")}},{"../src/util":9}],16:[function(require,module,exports){var Global=require("../src/util").Global;function sessionStorage(){return Global.sessionStorage}function read(key){return sessionStorage().getItem(key)}module.exports={name:"sessionStorage",read:read,write:function(key,data){return sessionStorage().setItem(key,data)},each:function(fn){for(var i=sessionStorage().length-1;0<=i;i--){var key=sessionStorage().key(i);fn(read(key),key)}},remove:function(key){return sessionStorage().removeItem(key)},clearAll:function(){return sessionStorage().clear()}}},{"../src/util":9}]},{},[3])(3)}); +!function(f){"object"==typeof exports&&"undefined"!=typeof module?module.exports=f():"function"==typeof define&&define.amd?define([],f):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).osmAuth=f()}(function(){var define,module,exports;return function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);throw(f=new Error("Cannot find module '"+i+"'")).code="MODULE_NOT_FOUND",f}c=n[i]={exports:{}},e[i][0].call(c.exports,function(r){return o(e[i][1][r]||r)},c,c.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i>>6&31,128|63&x):x<=65535?output+=String.fromCharCode(224|x>>>12&15,128|x>>>6&63,128|63&x):x<=2097151&&(output+=String.fromCharCode(240|x>>>18&7,128|x>>>12&63,128|x>>>6&63,128|63&x));return output}function safe_add(x,y){var lsw=(65535&x)+(65535&y);return(x>>16)+(y>>16)+(lsw>>16)<<16|65535&lsw}function bit_rol(num,cnt){return num<>>32-cnt}function rstr2hex(input,hexcase){for(var x,hex_tab=hexcase?"0123456789ABCDEF":"0123456789abcdef",output="",i=0,l=input.length;i>>4&15)+hex_tab.charAt(15&x);return output}function binb2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>24-i%32&255);return output}function binl2rstr(input){for(var l=32*input.length,output="",i=0;i>5]>>>i%32&255);return output}function rstr2binl(input){for(var l=8*input.length,output=Array(input.length>>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<>2),lo=output.length,i=0;i>5]|=(255&input.charCodeAt(i/8))<<24-i%32;return output}function rstr2any(input,encoding){for(var q,x,quotient,output,full_length,divisor=encoding.length,remainders=Array(),dividend=Array(Math.ceil(input.length/2)),ld=dividend.length,i=0;i8*input.length?output+=b64pad:output+="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(triplet>>>6*(3-j)&63);return output}window=this,freeExports=!(Hashes={VERSION:"1.0.6",Base64:function(){var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",pad="=",utf8=!0;this.encode=function(input){var i,j,triplet,output="",len=input.length;for(pad=pad||"=",input=utf8?utf8Encode(input):input,i=0;i>>6*(3-j)&63);return output},this.decode=function(input){var i,o1,o2,h3,h4,bits,ac,dec="",arr=[];if(!input)return input;for(i=ac=0,input=input.replace(new RegExp("\\"+pad,"gi"),"");o1=(bits=tab.indexOf(input.charAt(i+=1))<<18|tab.indexOf(input.charAt(i+=1))<<12|(h3=tab.indexOf(input.charAt(i+=1)))<<6|(h4=tab.indexOf(input.charAt(i+=1))))>>16&255,o2=bits>>8&255,bits=255&bits,arr[ac+=1]=64===h3?String.fromCharCode(o1):64===h4?String.fromCharCode(o1,o2):String.fromCharCode(o1,o2,bits),i>>8^"0x"+table.substr(9*y,8);return(-1^crc)>>>0},MD5:function(options){var hexcase=!(!options||"boolean"!=typeof options.uppercase)&&options.uppercase,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){var bkey,ipad,opad,i;for(key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data,16<(bkey=rstr2binl(key)).length&&(bkey=binl(bkey,8*key.length)),ipad=Array(16),opad=Array(16),i=0;i<16;i+=1)ipad[i]=909522486^bkey[i],opad[i]=1549556828^bkey[i];return key=binl(ipad.concat(rstr2binl(data)),512+8*data.length),binl2rstr(binl(opad.concat(key),640))}function binl(x,len){var i,olda,oldb,oldc,oldd,a=1732584193,b=-271733879,c=-1732584194,d=271733878;for(x[len>>5]|=128<>>9<<4)]=len,i=0;i>5]|=128<<24-len%32,x[15+(len+64>>9<<4)]=len,i=0;i>>n|X<<32-n}function binb(m,l){var a,b,c,d,e,f,g,h,i,j,T2,x,HASH=[1779033703,-1150833019,1013904242,-1521486534,1359893119,-1694144372,528734635,1541459225],W=new Array(64);for(m[l>>5]|=128<<24-l%32,m[15+(l+64>>9<<4)]=l,i=0;i>>10,W[j-7]),function(x){return sha256_S(x,7)^sha256_S(x,18)^x>>>3}(W[j-15])),W[j-16]),x=safe_add(safe_add(safe_add(safe_add(h,function(x){return sha256_S(x,6)^sha256_S(x,11)^sha256_S(x,25)}(e)),function(x,y,z){return x&y^~x&z}(e,f,g)),sha256_K[j]),W[j]),T2=safe_add(function(x){return sha256_S(x,2)^sha256_S(x,13)^sha256_S(x,22)}(a),function(x,y,z){return x&y^x&z^y&z}(a,b,c)),h=g,g=f,f=e,e=safe_add(d,x),d=c,c=b,b=a,a=safe_add(x,T2);HASH[0]=safe_add(a,HASH[0]),HASH[1]=safe_add(b,HASH[1]),HASH[2]=safe_add(c,HASH[2]),HASH[3]=safe_add(d,HASH[3]),HASH[4]=safe_add(e,HASH[4]),HASH[5]=safe_add(f,HASH[5]),HASH[6]=safe_add(g,HASH[6]),HASH[7]=safe_add(h,HASH[7])}return HASH}this.hex=function(s){return rstr2hex(rstr(s,utf8))},this.b64=function(s){return rstr2b64(rstr(s,utf8),b64pad)},this.any=function(s,e){return rstr2any(rstr(s,utf8),e)},this.raw=function(s){return rstr(s,utf8)},this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this},sha256_K=[1116352408,1899447441,-1245643825,-373957723,961987163,1508970993,-1841331548,-1424204075,-670586216,310598401,607225278,1426881987,1925078388,-2132889090,-1680079193,-1046744716,-459576895,-272742522,264347078,604807628,770255983,1249150122,1555081692,1996064986,-1740746414,-1473132947,-1341970488,-1084653625,-958395405,-710438585,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,-2117940946,-1838011259,-1564481375,-1474664885,-1035236496,-949202525,-778901479,-694614492,-200395387,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,-2067236844,-1933114872,-1866530822,-1538233109,-1090935817,-965641998]},SHA512:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var sha512_k,b64pad=options&&"string"==typeof options.pad?options.pad:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8;function rstr(s){return binb2rstr(binb(rstr2binb(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data;var i=0,bkey=rstr2binb(key),ipad=Array(32),opad=Array(32);for(32>5]|=128<<24-(31&len),x[31+(len+128>>10<<5)]=len,l=x.length,i=0;i>>16)+(b.l>>>16)+(c.l>>>16)+(d.l>>>16)+(w0>>>16),w2=(65535&a.h)+(65535&b.h)+(65535&c.h)+(65535&d.h)+(w1>>>16),a=(a.h>>>16)+(b.h>>>16)+(c.h>>>16)+(d.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|a<<16}(W[j],s1,W[j-7],s0,W[j-16]);for(j=0;j<80;j+=1)Ch.l=e.l&f.l^~e.l&g.l,Ch.h=e.h&f.h^~e.h&g.h,int64rrot(r1,e,14),int64rrot(r2,e,18),int64revrrot(r3,e,9),s1.l=r1.l^r2.l^r3.l,s1.h=r1.h^r2.h^r3.h,int64rrot(r1,a,28),int64revrrot(r2,a,2),int64revrrot(r3,a,7),s0.l=r1.l^r2.l^r3.l,s0.h=r1.h^r2.h^r3.h,Maj.l=a.l&b.l^a.l&c.l^b.l&c.l,Maj.h=a.h&b.h^a.h&c.h^b.h&c.h,function(dst,a,b,c,d,e){var w0=(65535&a.l)+(65535&b.l)+(65535&c.l)+(65535&d.l)+(65535&e.l),w1=(a.l>>>16)+(b.l>>>16)+(c.l>>>16)+(d.l>>>16)+(e.l>>>16)+(w0>>>16),w2=(65535&a.h)+(65535&b.h)+(65535&c.h)+(65535&d.h)+(65535&e.h)+(w1>>>16),a=(a.h>>>16)+(b.h>>>16)+(c.h>>>16)+(d.h>>>16)+(e.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|a<<16}(T1,h,s1,Ch,sha512_k[j],W[j]),int64add(T2,s0,Maj),int64copy(h,g),int64copy(g,f),int64copy(f,e),int64add(e,d,T1),int64copy(d,c),int64copy(c,b),int64copy(b,a),int64add(a,T1,T2);int64add(H[0],H[0],a),int64add(H[1],H[1],b),int64add(H[2],H[2],c),int64add(H[3],H[3],d),int64add(H[4],H[4],e),int64add(H[5],H[5],f),int64add(H[6],H[6],g),int64add(H[7],H[7],h)}for(i=0;i<8;i+=1)hash[2*i]=H[i].h,hash[2*i+1]=H[i].l;return hash}function int64(h,l){this.h=h,this.l=l}function int64copy(dst,src){dst.h=src.h,dst.l=src.l}function int64rrot(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift|x.l<<32-shift}function int64revrrot(dst,x,shift){dst.l=x.h>>>shift|x.l<<32-shift,dst.h=x.l>>>shift|x.h<<32-shift}function int64shr(dst,x,shift){dst.l=x.l>>>shift|x.h<<32-shift,dst.h=x.h>>>shift}function int64add(dst,x,y){var w0=(65535&x.l)+(65535&y.l),w1=(x.l>>>16)+(y.l>>>16)+(w0>>>16),w2=(65535&x.h)+(65535&y.h)+(w1>>>16),x=(x.h>>>16)+(y.h>>>16)+(w2>>>16);dst.l=65535&w0|w1<<16,dst.h=65535&w2|x<<16}this.hex=function(s){return rstr2hex(rstr(s))},this.b64=function(s){return rstr2b64(rstr(s),b64pad)},this.any=function(s,e){return rstr2any(rstr(s),e)},this.raw=rstr,this.hex_hmac=function(k,d){return rstr2hex(rstr_hmac(k,d))},this.b64_hmac=function(k,d){return rstr2b64(rstr_hmac(k,d),b64pad)},this.any_hmac=function(k,d,e){return rstr2any(rstr_hmac(k,d),e)},this.vm_test=function(){return"900150983cd24fb0d6963f7d28e17f72"===hex("abc").toLowerCase()},this.setUpperCase=function(a){return"boolean"==typeof a&&0,this},this.setPad=function(a){return b64pad=a||b64pad,this},this.setUTF8=function(a){return"boolean"==typeof a&&(utf8=a),this}},RMD160:function(options){options&&"boolean"==typeof options.uppercase&&options.uppercase;var b64pad=options&&"string"==typeof options.pad?options.pa:"=",utf8=!options||"boolean"!=typeof options.utf8||options.utf8,rmd160_r1=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],rmd160_r2=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],rmd160_s1=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],rmd160_s2=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function rstr(s){return binl2rstr(binl(rstr2binl(s=utf8?utf8Encode(s):s),8*s.length))}function rstr_hmac(key,data){key=utf8?utf8Encode(key):key,data=utf8?utf8Encode(data):data;var i,bkey=rstr2binl(key),ipad=Array(16),opad=Array(16);for(16>5]>>>i%32&255);return output}function binl(x,len){var T,j,i,l,A1,B1,C1,D1,E1,A2,B2,C2,D2,E2,h0=1732584193,h1=4023233417,h2=2562383102,h3=271733878,h4=3285377520;for(x[len>>5]|=128<>>9<<4)]=len,l=x.length,i=0;idocument.w=window<\/script>'),storageContainer.close(),storageOwner=storageContainer.w.frames[0].document,storageEl=storageOwner.createElement("div")}catch(e){storageEl=doc.createElement("div"),storageOwner=doc.body}return function(storeFunction){var args=[].slice.call(arguments,0);args.unshift(storageEl),storageOwner.appendChild(storageEl),storageEl.addBehavior("#default#userData"),storageEl.load(storageName),storeFunction.apply(this,args),storageOwner.removeChild(storageEl)}}(),disable=(require.navigator?require.navigator.userAgent:"").match(/ (MSIE 8|MSIE 9|MSIE 10)\./);var forbiddenCharsRegex=new RegExp("[!\"#$%&'()*+,/\\\\:;<=>?@[\\]^`{|}~]","g");function fixKey(key){return key.replace(/^\d/,"___$&").replace(forbiddenCharsRegex,"___")}},{"../src/util":8}],15:[function(require,module,exports){var Global=require("../src/util").Global;function sessionStorage(){return Global.sessionStorage}function read(key){return sessionStorage().getItem(key)}module.exports={name:"sessionStorage",read:read,write:function(key,data){return sessionStorage().setItem(key,data)},each:function(fn){for(var i=sessionStorage().length-1;0<=i;i--){var key=sessionStorage().key(i);fn(read(key),key)}},remove:function(key){return sessionStorage().removeItem(key)},clearAll:function(){return sessionStorage().clear()}}},{"../src/util":8}]},{},[3])(3)}); diff --git a/test/index.test.js b/test/index.test.js index 4c08883..bec61fe 100644 --- a/test/index.test.js +++ b/test/index.test.js @@ -1,49 +1,56 @@ -if (typeof localStorage === 'undefined' || localStorage === null) { - var LocalStorage = require('node-localstorage').LocalStorage; - global.localStorage = new LocalStorage('./scratch'); +if (typeof localStorage === "undefined" || localStorage === null) { + var LocalStorage = require("node-localstorage").LocalStorage; + global.localStorage = new LocalStorage("./scratch"); } -var test = require('tap').test; -var osmAuth = require('../.'); +var test = require("tap").test; +var osmAuth = require("../."); -test('osmauth', function(t) { - - t.test('.options', function(t) { - t.test('gets and sets new options', function(t) { +test("osmauth", function (t) { + t.test(".options", function (t) { + t.test("gets and sets new options", function (t) { localStorage.clear(); var keys = { - oauth_secret: '9WfJnwQxDvvYagx1Ut0tZBsOZ0ZCzAvOje3u1TV0', - oauth_consumer_key: 'WLwXbm6XFMG7WrVnE8enIF6GzyefYIN6oUJSxG65' + url: "https://www.openstreetmap.org", + client_id: "h55M4tEsJDLVSFOUZ5EhbpJubiFdZh5YdRFA7Sn5gsQ", + client_secret: "Ud8j4TWzQaNR6_HDSv_MprKDpS2Ewe1jIMTQNXEOAcs", + redirect_uri: "http://127.0.0.1:8080/land.html", + scope: "read_prefs write_api", }; var auth = osmAuth(keys); t.same(auth.options(), keys); - auth.options({url: 'foo'}); - t.same(auth.options().url, 'foo'); + auth.options({ url: "foo" }); + t.same(auth.options().url, "foo"); t.end(); }); t.end(); }); - t.test('pre authorization', function(t) { - t.test('is not initially authorized', function(t) { + t.test("pre authorization", function (t) { + t.test("is not initially authorized", function (t) { localStorage.clear(); var auth = osmAuth({ - oauth_secret: '9WfJnwQxDvvYagx1Ut0tZBsOZ0ZCzAvOje3u1TV0', - oauth_consumer_key: 'WLwXbm6XFMG7WrVnE8enIF6GzyefYIN6oUJSxG65' + url: "https://www.openstreetmap.org", + client_id: "h55M4tEsJDLVSFOUZ5EhbpJubiFdZh5YdRFA7Sn5gsQ", + client_secret: "Ud8j4TWzQaNR6_HDSv_MprKDpS2Ewe1jIMTQNXEOAcs", + redirect_uri: "http://127.0.0.1:8080/land.html", + scope: "read_prefs write_api", }); t.notOk(auth.authenticated()); t.end(); }); - t.test('can be preauthorized', function(t) { + t.test("can be preauthorized", function (t) { localStorage.clear(); var auth = osmAuth({ - oauth_secret: '9WfJnwQxDvvYagx1Ut0tZBsOZ0ZCzAvOje3u1TV0', - oauth_consumer_key: 'WLwXbm6XFMG7WrVnE8enIF6GzyefYIN6oUJSxG65', - oauth_token: 'foo', - oauth_token_secret: 'foo' + url: "https://www.openstreetmap.org", + client_id: "h55M4tEsJDLVSFOUZ5EhbpJubiFdZh5YdRFA7Sn5gsQ", + client_secret: "Ud8j4TWzQaNR6_HDSv_MprKDpS2Ewe1jIMTQNXEOAcs", + redirect_uri: "http://127.0.0.1:8080/land.html", + scope: "read_prefs write_api", + access_token: "foo", }); t.ok(auth.authenticated()); t.end(); @@ -55,4 +62,4 @@ test('osmauth', function(t) { t.end(); }); -localStorage._deleteLocation(); \ No newline at end of file +localStorage._deleteLocation(); From 9e349235bb3541c0eded565052f3d05e874bcf43 Mon Sep 17 00:00:00 2001 From: Hel Nershing Thapa Date: Mon, 7 Mar 2022 22:10:37 +0545 Subject: [PATCH 4/6] Update README.md to use OAuth2.0 --- README.md | 109 ++++++++++++++++++++++++++--------------------------- index.html | 6 +-- 2 files changed, 56 insertions(+), 59 deletions(-) diff --git a/README.md b/README.md index de3cd16..8fe5022 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,15 @@ [![build](https://github.com/osmlab/osm-auth/workflows/build/badge.svg)](https://github.com/osmlab/osm-auth/actions?query=workflow%3A%22build%22) [![npm version](https://badge.fury.io/js/osm-auth.svg)](https://badge.fury.io/js/osm-auth) - ## osm-auth Easy authentication with [OpenStreetMap](http://www.openstreetmap.org/) -over [OAuth](http://oauth.net/) with +over [OAuth 2.0](https://oauth.net/2/) with [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing). - ### Demo -Try it out now at: http://osmlab.github.io/osm-auth/ +Try it out now at: http://osmlab.github.io/osm-auth/ Or you can run the demo locally by cloning this project, then run: @@ -21,86 +19,88 @@ $ npm run build $ npm start ``` -This will start a local server on port 8080. Then open `http://localhost:8080` in a browser. - +This will start a local server on port 8080. Then open `http://127.0.0.1:8080/` in a browser. ### Using osm-auth in your project ##### Basic: -Copy `osmauth.js`, use the `osmAuth` object. This uses +Copy `osmauth.js`, use the `osmAuth` object. This uses [UMD](https://github.com/umdjs/umd), so it's compatible with [RequireJS](http://requirejs.org/) etc too, if you're into that kind of thing. - ##### With node: ```sh $ npm install osm-auth ``` + ```js -var osmAuth = require('osm-auth'); +var osmAuth = require("osm-auth"); ``` **Requires land.html to be accessible, or a page that does the same thing - calls an auth complete function - to be available.** - ### Getting Keys -Register a new OAuth application on openstreetmap.org: +Register a new OAuth2.0 application on openstreetmap.org: 1. Go to your user page -2. Click 'my settings' -3. Click 'oauth settings' -4. At the bottom, 'Register your application' +2. Click 'My Settings' +3. Click 'OAuth 2 applications' +4. At the bottom, 'Register new application' 5. Fill in the form & submit -6. Copy & Paste the secret & consumer key into the osmAuth config object as below - +6. Copy & Paste the client ID, secret, redirect URI and scope(s) into the osmAuth config object as below ### Example ```js var auth = osmAuth({ - oauth_consumer_key: 'WLwXbm6XFMG7WrVnE8enIF6GzyefYIN6oUJSxG65', - oauth_secret: '9WfJnwQxDvvYagx1Ut0tZBsOZ0ZCzAvOje3u1TV0', - auto: true // show a login form if the user is not authenticated and - // you try to do a call + client_id: "IEt_7zJAqJ5dUW_uTg29jPIba0-xB61k-OKyFVH6mAw", + client_secret: "1Z-TAOcQMFELTVSx0l36fJDb2LrymA8A4JnY243sZw0", + redirect_uri: "http://127.0.0.1:8080/land.html", + scope: "read_prefs write_api", + auto: true, // show a login form if the user is not authenticated and + // you try to do a call }); -document.getElementById('authenticate').onclick = function() { - // Signed method call - since `auto` is true above, this will - // automatically start an authentication process if the user isn't - // authenticated yet. - auth.xhr({ - method: 'GET', - path: '/api/0.6/user/details' - }, function(err, details) { - // details is an XML DOM of user details - }); +document.getElementById("authenticate").onclick = function () { + // Signed method call - since `auto` is true above, this will + // automatically start an authentication process if the user isn't + // authenticated yet. + auth.xhr( + { + method: "GET", + path: "/api/0.6/user/details", + }, + function (err, details) { + // details is an XML DOM of user details + } + ); }; ``` - #### Example with single-page - - ``` var auth = osmAuth({ - oauth_consumer_key: 'WLwXbm6XFMG7WrVnE8enIF6GzyefYIN6oUJSxG65', - oauth_secret: '9WfJnwQxDvvYagx1Ut0tZBsOZ0ZCzAvOje3u1TV0', - auto: true, - singlepage: true, // Load the auth-window in the current window, with a redirect, - landing: window.location.href // Come back to the current page + client_id: "IEt_7zJAqJ5dUW_uTg29jPIba0-xB61k-OKyFVH6mAw", + client_secret: "1Z-TAOcQMFELTVSx0l36fJDb2LrymA8A4JnY243sZw0", + redirect_uri: "http://127.0.0.1:8080/land.html", + scope: "read_prefs write_api", + auto: true, + singlepage: true, // Load the auth-window in the current window, with a redirect, + landing: window.location.href // Come back to the current page }); var urlParams = new URLSearchParams(window.location.search); - if(urlParams.has('oauth_token')){ - // The token passed via the URL has to be passed into 'auth.bootstrapToken'. The callback is triggered when the final roundtrip is done - auth.bootstrapToken(urlParams.get('oauth_token'), + if(urlParams.has('code')){ + // The authorization code passed via the URL has to be passed into 'auth.bootstrapToken'. + // The callback is triggered when the final roundtrip is done + auth.bootstrapToken(urlParams.get('code'), (error) => { if(error !== null){ console.log("Something is wrong: ", error); @@ -109,7 +109,7 @@ document.getElementById('authenticate').onclick = function() { /* Do authenticated stuff here*/ }, this.auth); - }else{ + } else { // Attempt to do something authenticated to trigger authentication @@ -121,27 +121,28 @@ document.getElementById('authenticate').onclick = function() { [CORS-supporting browsers](http://caniuse.com/#feat=cors) - ### API `.osmAuth(options)` -At a minimum, options must contain an OAuth consumer key and secret: +At a minimum, options must contain OAuth client ID, secret, redirect URI and scope(s): ``` { - oauth_secret: ... - oauth_consumer_key: ... + client_id: "IEt_7zJAqJ5dUW_uTg29jPIba0-xB61k-OKyFVH6mAw", + client_secret: "1Z-TAOcQMFELTVSx0l36fJDb2LrymA8A4JnY243sZw0", + redirect_uri: "http://127.0.0.1:8080/land.html", + scope: "read_prefs write_api", } ``` Additional options are: -* `url` for a base url (default: "https://www.openstreetmap.org") -* `landing` for a landing page name (default: "land.html") -* `loading`: a function called when auth-related xhr calls start -* `done`: a function called when auth-related xhr calls end -* `singlepage`: use full-page redirection instead of a popup for mobile +- `url` for a base url (default: "https://www.openstreetmap.org") +- `landing` for a landing page name (default: "land.html") +- `loading`: a function called when auth-related xhr calls start +- `done`: a function called when auth-related xhr calls end +- `singlepage`: use full-page redirection instead of a popup for mobile `.logout()` @@ -158,14 +159,13 @@ authentication popup or if it couldn't be brought to the front (e.g. because of `.xhr(options, callback)` -Signed [XMLHttpRequest](http://en.wikipedia.org/wiki/XMLHttpRequest). +[XMLHttpRequest](http://en.wikipedia.org/wiki/XMLHttpRequest). Main options are `url` and `method`. `.options(options)` Set new options. - ### Based on Uses [ohauth](https://github.com/osmlab/ohauth) and @@ -173,7 +173,6 @@ Uses [ohauth](https://github.com/osmlab/ohauth) and Built for and used by OpenStreetMap's [iD editor](https://github.com/openstreetmap/iD). - ### See Also -* [OAuth in Javascript](http://mapbox.com/osmdev/2013/01/15/oauth-in-javascript/) +- [OAuth in Javascript](http://mapbox.com/osmdev/2013/01/15/oauth-in-javascript/) diff --git a/index.html b/index.html index 56fa259..3574fd4 100644 --- a/index.html +++ b/index.html @@ -64,10 +64,8 @@