1. Advisor
  2. taskcluster-lib-scopes
  3. functions
  4. taskcluster-lib-scopes.scopeMatch
View all taskcluster-lib-scopes analysis

How to use the taskcluster-lib-scopes.scopeMatch function in taskcluster-lib-scopes

To help you get started, we’ve selected a few taskcluster-lib-scopes examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github taskcluster / taskcluster / services / auth / src / signaturevalidator.js View on Github external
let now = new Date().getTime();
    if (cert.start > now + 5 * 60 * 1000) {
      throw new Error('ext.certificate.start > now');
    }
    if (cert.expiry < now - 5 * 60 * 1000) {
      throw new Error('ext.certificate.expiry < now');
    }
    // Check max time between start and expiry
    if (cert.expiry - cert.start > 31 * 24 * 60 * 60 * 1000) {
      throw new Error('ext.certificate cannot last longer than 31 days!');
    }

    // Check clientId validity
    if (issuingClientId !== credentialName) {
      let createScope = 'auth:create-client:' + credentialName;
      if (!utils.scopeMatch(issuingScopes, [[createScope]])) {
        throw new Error('ext.certificate issuer `' + issuingClientId +
                        '` doesn\'t have `' + createScope + '` for supplied clientId.');
      }
    } else if ('clientId' in cert) {
      throw new Error('ext.certificate.clientId must only be used with ext.certificate.issuer');
    }

    // Validate certificate scopes are subset of client
    if (!utils.scopeMatch(scopes, [cert.scopes])) {
      throw new Error('ext.certificate issuer `' + issuingClientId +
                      '` doesn\'t satisfy all certificate scopes ' +
                      cert.scopes.join(', ') + '.  The temporary ' +
                      'credentials were not generated correctly.');
    }

    // Generate certificate signature
github taskcluster / taskcluster / services / auth / src / signaturevalidator.js View on Github external
res.scopes = scopes = expandScopes(cert.scopes);
  }

  // Handle scope restriction with authorizedScopes
  if (ext.authorizedScopes) {
    // Validate input format
    if (!(ext.authorizedScopes instanceof Array)) {
      throw new Error('ext.authorizedScopes must be an array');
    }
    if (!ext.authorizedScopes.every(utils.validScope)) {
      throw new Error('ext.authorizedScopes must be an array of valid scopes');
    }

    // Validate authorizedScopes scopes are satisfied by client (or temp) scopes
    if (!utils.scopeMatch(res.scopes, [ext.authorizedScopes])) {
      throw new Error('Supplied credentials do not satisfy authorizedScopes; '
        + `credentials have scopes [${res.scopes}]; `
        + `authorizedScopes are [${[ext.authorizedScopes]}]`);
    }

    // Further limit scopes
    res.scopes = scopes = expandScopes(ext.authorizedScopes);
  }

  return res;
};
github taskcluster / taskcluster / services / login / src / scanner.js View on Github external
if (!user || user.identity !== handler.identityFromClientId(client.clientId)) {
        user = await handler.userFromClientId(client.clientId);

        if (!user) {
          continue;
        }

        userScopes = (await auth.expandScopes({scopes: user.scopes()})).scopes;

        debug('..against user', user.identity);
      }

      // if this client's expandedScopes are not satisfied by the user's expanded
      // scopes, disable the client.
      if (!scopeUtils.scopeMatch(userScopes, [client.expandedScopes])) {
        await auth.disableClient(client.clientId);
      }
    }
  };

taskcluster-lib-scopes

Scope checking utilities for Taskcluster

GitHub
MPL-2.0
Latest version published 5 years ago

Package Health Score

57 / 100
Full package analysis

Popular taskcluster-lib-scopes functions

Similar packages