#341 add in basic proxy agent

rebased and improved readability

Author: hsimah

lib/metadata.js

@@ -26,7 +26,7 @@
 const request = require('request');
 const async = require('async');
 const aadutils = require('./aadutils');
-
+const HttpsProxyAgent = require('https-proxy-agent');
 const Log = require('./logging').getLogger;
 
 const log = new Log('AzureAD: Metadata Parser');
@@ -46,6 +46,10 @@ function Metadata(url, authtype, options) {
   this.metadata = null;
   this.authtype = authtype;
   this.loggingNoPII = options.loggingNoPII;
+  if (options.proxy) {
+    // if user has specified proxy settings instantiate agent
+    this.httpsProxyAgent = new HttpsProxyAgent(options.proxy);
+  }
 }
 
 Object.defineProperty(Metadata, 'url', {
@@ -66,6 +70,12 @@ Object.defineProperty(Metadata, 'metadata', {
   },
 });
 
+Object.defineProperty(Metadata, 'httpsProxyAgent', {
+  get: function getHttpsProxyAgent() {
+    return this.httpsProxyAgent;
+  }
+});
+
 Metadata.prototype.updateOidcMetadata = function updateOidcMetadata(doc, next) {
   log.info('Request to update the Open ID Connect Metadata');
 
@@ -93,7 +103,8 @@ Metadata.prototype.updateOidcMetadata = function updateOidcMetadata(doc, next) {
   }
 
   // fetch the signing keys
-  request.get(jwksUri, { json: true }, (err, response, body) => {
+
+  request.get({ uri: jwksUri, agent: self.httpsProxyAgent, json: true }, (err, response, body) => {
     if (err) {
       return next(err);
     }
@@ -151,7 +162,7 @@ Metadata.prototype.generateOidcPEM = function generateOidcPEM(kid) {
     // generate PEM from `modulus` and `exponent`
     pubKey = aadutils.rsaPublicKeyPem(key.n, key.e);
     foundKey = true;
-    
+
     return pubKey;
   });
 
@@ -161,14 +172,14 @@ Metadata.prototype.generateOidcPEM = function generateOidcPEM(kid) {
     else
       throw new Error(`a key with kid %s cannot be found`, kid);
   }
-    
+
   if (!pubKey) {
     if (self.loggingNoPII)
       throw new Error('generating public key pem failed');
     else
       throw new Error(`generating public key pem failed for kid: %s`, kid);
   }
-    
+
   return pubKey;
 };
 
@@ -178,7 +189,7 @@ Metadata.prototype.fetch = function fetch(callback) {
   async.waterfall([
     // fetch the Federation metadata for the AAD tenant
     (next) => {
-      request.get(self.url, (err, response, body) => {
+      request.get({ uri: self.url, agent: self.httpsProxyAgent }, (err, response, body) => {
         if (err) {
           return next(err);
         }

lib/oidcstrategy.js

@@ -49,6 +49,7 @@ const InternalOpenIDError = require('./errors/internalopeniderror');
 const Log = require('./logging').getLogger;
 const Metadata = require('./metadata').Metadata;
 const OAuth2 = require('oauth').OAuth2;
+const HttpsProxyAgent = require('https-proxy-agent');
 const SessionContentHandler = require('./sessionContentHandler').SessionContentHandler;
 const CookieContentHandler = require('./cookieContentHandler').CookieContentHandler;
 const Validator = require('./validator').Validator;
@@ -476,7 +477,7 @@ function Strategy(options, verify) {
   /****************************************************************************************
    * Take care of scope
    ***************************************************************************************/
-   // make scope an array
+  // make scope an array
   if (!options.scope)
     options.scope = [];
   if (!Array.isArray(options.scope))
@@ -601,9 +602,9 @@ Strategy.prototype.authenticate = function authenticateStrategy(req, options) {
   var response = options && options.response || req.res;
 
   // 'params': items we get from the request or metadata, such as id_token, code, policy, metadata, cacheKey, etc
-  var params = { 'tenantIdOrName': tenantIdOrName, 'extraAuthReqQueryParams': extraAuthReqQueryParams, 'extraTokenReqQueryParams': extraTokenReqQueryParams };
+  var params = { 'proxy': self._options.proxy, 'tenantIdOrName': tenantIdOrName, 'extraAuthReqQueryParams': extraAuthReqQueryParams, 'extraTokenReqQueryParams': extraTokenReqQueryParams };
   // 'oauthConfig': items needed for oauth flow (like redirection, code redemption), such as token_endpoint, userinfo_endpoint, etc
-  var oauthConfig = { 'resource': resource, 'customState': customState, 'domain_hint': domain_hint, 'login_hint': login_hint, 'prompt': prompt, 'response': response };
+  var oauthConfig = { 'proxy': self._options.proxy, 'resource': resource, 'customState': customState, 'domain_hint': domain_hint, 'login_hint': login_hint, 'prompt': prompt, 'response': response };
   // 'optionsToValidate': items we need to validate id_token against, such as issuer, audience, etc
   var optionsToValidate = {};
 
@@ -672,7 +673,7 @@ Strategy.prototype.authenticate = function authenticateStrategy(req, options) {
  * @param {Object} req
  * @param {Object} next
  */
-Strategy.prototype.collectInfoFromReq = function(params, req, next, response) {
+Strategy.prototype.collectInfoFromReq = function (params, req, next, response) {
   const self = this;
 
   // the things we will put into 'params':
@@ -858,7 +859,7 @@ Strategy.prototype.setOptions = function setOptions(params, oauthConfig, options
       }
 
       // for B2C, verify the endpoints in oauthConfig has the correct policy
-      if (self._options.isB2C){
+      if (self._options.isB2C) {
         var policyChecker = (endpoint, policy) => {
           var u = {};
           try {
@@ -956,7 +957,7 @@ Strategy.prototype._idTokenHandler = function idTokenHandler(params, optionsToVa
     var decrypted_token;
 
     return jwe.decrypt(id_token, optionsToValidate.jweKeyStore, log, (err, decrypted_token) => {
-      if(err)
+      if (err)
         return next(err);
 
       params.id_token = decrypted_token;
@@ -1415,7 +1416,12 @@ Strategy.prototype._flowInitializationHandler = function flowInitializationHandl
   params[aadutils.getLibraryProductParameterName()] = aadutils.getLibraryProduct();
   params[aadutils.getLibraryVersionParameterName()] = aadutils.getLibraryVersion();
 
-  const location = aadutils.concatUrl(oauthConfig.authorization_endpoint, querystring.stringify(params));
+  // Implement support for standard OpenID Connect params (display, prompt, etc.)
+  const separator = self._options.isB2C ? '&' : '?';
+  const location = [
+    oauthConfig.authorization_endpoint,
+    querystring.stringify(params)
+  ].join(separator);
 
   return self.redirect(location);
 };
@@ -1462,7 +1468,7 @@ Strategy.prototype._getAccessTokenBySecretOrAssertion = function getAccessTokenB
           return next(err);
         else
           post_params['client_assertion'] = assertion;
-    });
+      });
 
     if (self._options.loggingNoPII)
       log.info('In _getAccessTokenBySecretOrAssertion: we created a client assertion');
@@ -1480,7 +1486,7 @@ Strategy.prototype._getAccessTokenBySecretOrAssertion = function getAccessTokenB
       var results;
       try {
         results = JSON.parse(data);
-      } catch(e) {
+      } catch (e) {
         results = querystring.parse(data);
       }
       callback(null, results);
@@ -1493,7 +1499,7 @@ Strategy.prototype._getAccessTokenBySecretOrAssertion = function getAccessTokenB
  *
  * @params {String} message
  */
-Strategy.prototype.failWithLog = function(message) {
+Strategy.prototype.failWithLog = function (message) {
   this.log.info(`authentication failed due to: ${message}`);
   return this.fail(message);
 };
@@ -1503,7 +1509,7 @@ Strategy.prototype.failWithLog = function(message) {
  *
  * @params {Object} oauthConfig
  */
-var createOauth2Instance = function(oauthConfig) {
+var createOauth2Instance = function (oauthConfig) {
   let libraryVersion = aadutils.getLibraryVersion();
   let libraryVersionParameterName = aadutils.getLibraryVersionParameterName();
   let libraryProduct = aadutils.getLibraryProduct();
@@ -1515,10 +1521,18 @@ var createOauth2Instance = function(oauthConfig) {
     '', // baseURL (empty string because we use absolute urls for authorize and token paths)
     oauthConfig.authorization_endpoint, // authorizePath
     oauthConfig.token_endpoint, // accessTokenPath
-    {libraryProductParameterName : libraryProduct,
-     libraryVersionParameterName : libraryVersion} // customHeaders
+    {
+      libraryProductParameterName: libraryProduct,
+      libraryVersionParameterName: libraryVersion
+    } // customHeaders
   );
 
+  if (oauthConfig.proxy) {
+    // if user has specified proxy settings instantiate agent
+    oauth2.setAgent(new HttpsProxyAgent(oauthConfig.proxy));
+  }
+
+
   return oauth2;
 };
 

package.json

@@ -36,10 +36,11 @@
     "base64url": "^3.0.0",
     "bunyan": "^1.8.0",
     "cache-manager": "2.10.2",
+    "https-proxy-agent": "^2.2.2",
     "jws": "^3.1.3",
     "jwk-to-pem": "^1.2.6",
     "lodash": "^4.11.2",
-    "oauth": "0.9.14",
+    "oauth": "0.9.15",
     "passport": "^0.3.2",
     "request": "^2.72.0",
     "valid-url": "^1.0.6"