Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
var _checkNonce = function (params) {
if (!_isDef(params['openid.ns'])) {
return true; // OpenID 1.1 has no nonce
}
if (!_isDef(params['openid.response_nonce'])) {
return false;
}
var nonce = params['openid.response_nonce'];
var timestampEnd = nonce.indexOf('Z');
if (timestampEnd == -1) {
return false;
}
// Check for valid timestamp in nonce
var timestamp = new Date(Date.parse(nonce.substring(0, timestampEnd + 1)));
if (Object.prototype.toString.call(timestamp) !== '[object Date]' || isNaN(timestamp)) {
return false;
}
// Remove old nonces from our store (nonces that are more skewed than 5 minutes)
var _checkNonce = function (params) {
if (!_isDef(params['openid.ns'])) {
return true; // OpenID 1.1 has no nonce
}
if (!_isDef(params['openid.response_nonce'])) {
return false;
}
var nonce = params['openid.response_nonce'];
var timestampEnd = nonce.indexOf('Z');
if (timestampEnd == -1) {
return false;
}
// Check for valid timestamp in nonce
var timestamp = new Date(Date.parse(nonce.substring(0, timestampEnd + 1)));
if (Object.prototype.toString.call(timestamp) !== '[object Date]' || isNaN(timestamp)) {
return false;
}
// Remove old nonces from our store (nonces that are more skewed than 5 minutes)
_removeOldNonces();
// Check if nonce is skewed by more than 5 minutes
if (Math.abs(new Date().getTime() - timestamp.getTime()) > 300000) {
} else {
const sls = await window.remote.session.defaultSession.cookies.get({
name: 'steamLoginSecure',
domain: 'store.steampowered.com'
})
const sid = await window.remote.session.defaultSession.cookies.get({
name: 'sessionid',
})
const cookie = sls[0].value
const cookieSess = sid[0].value
authWindow.removeAllListeners('closed');
setImmediate(function () {
authWindow.close();
});
resolve({
response_nonce: query['openid.response_nonce'],
assoc_handle: query['openid.assoc_handle'],
identity: query['openid.identity'],
steam_id: query['openid.identity'].match(/\/id\/(.*$)/)[1],
sig: query['openid.sig'],
cookie,
cookieSess,
});
}
}
relyingParty.verifyAssertion(request, function(error, result) {
var isGood = !error && result.authenticated ? '<h1>Success!</h1>' : '<h1>Failed</h1>';
res.writeHead(200, {
'Content-Type': 'text/html'
});
res.write(isGood);
res.write('<p>' + query['openid.assoc_handle'] + '</p>');
res.write('<p>' + query['openid.claimed_id'] + '</p>');
res.write('<p>' + query['openid.identity'] + '</p>');
res.write('<p>' + query['openid.mode'] + '</p>');
res.write('<p>' + query['openid.ns'] + '</p>');
res.write('<p>' + query['openid.op_endpoint'] + '</p>');
res.write('<p>' + query['openid.response_nonce'] + '</p>');
res.write('<p>' + query['openid.return_to'] + '</p>');
res.write('<p>' + query['openid.sig'] + '</p>');
res.write('<p>' + query['openid.signed'] + '</p>');
res.end('bye');
});
});