feat(auth): harden authentication with argon2 passwords and rotating hashed refresh tokens
This commit is contained in:
@@ -19,7 +19,7 @@ import { accountDesignTokens } from './sharedstyles.js';
|
||||
import * as views from './views/index.js';
|
||||
import * as accountstate from '../../states/accountstate.js';
|
||||
|
||||
import { commitinfo } from '../../../dist_ts/00_commitinfo_data.js';
|
||||
import { commitinfo } from '../../../ts/00_commitinfo_data.js';
|
||||
|
||||
|
||||
declare global {
|
||||
|
||||
@@ -17,7 +17,7 @@ import { accountDesignTokens } from './sharedstyles.js';
|
||||
import { CreateOrgModal } from './create-org-modal.js';
|
||||
import { OrgSelectModal } from './org-select-modal.js';
|
||||
|
||||
import { commitinfo } from '../../../dist_ts/00_commitinfo_data.js';
|
||||
import { commitinfo } from '../../../ts/00_commitinfo_data.js';
|
||||
|
||||
declare global {
|
||||
interface HTMLElementTagNameMap {
|
||||
|
||||
@@ -11,7 +11,7 @@ import {
|
||||
query,
|
||||
} from '@design.estate/dees-element';
|
||||
|
||||
import { commitinfo } from '../../dist_ts/00_commitinfo_data.js';
|
||||
import { commitinfo } from '../../ts/00_commitinfo_data.js';
|
||||
import { IdpState } from '../states/idp.state.js';
|
||||
|
||||
declare global {
|
||||
|
||||
@@ -207,21 +207,14 @@ export class IdpRegistrationPrompt extends DeesElement {
|
||||
}
|
||||
|
||||
public async handleRefreshToken(refreshTokenArg: string, delayDispatchMillisArg = 0) {
|
||||
// a refreshToken binds directly to a session.
|
||||
// the refresh token is used on a continuous basis to get fresh and short-lived jwts
|
||||
const idpState = await IdpState.getSingletonInstance();
|
||||
const refreshJwt = idpState.idpClient.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_RefreshJwt>(
|
||||
'refreshJwt'
|
||||
);
|
||||
const responseJwt = await refreshJwt.fire({
|
||||
refreshToken: refreshTokenArg,
|
||||
});
|
||||
const jwt = await idpState.idpClient.refreshJwt(refreshTokenArg);
|
||||
|
||||
if (responseJwt.jwt) {
|
||||
if (jwt) {
|
||||
this.domtools.convenience.smartdelay.delayFor(delayDispatchMillisArg).then(() => {
|
||||
this.dispatchJwt(responseJwt.jwt);
|
||||
this.dispatchJwt(jwt);
|
||||
});
|
||||
return responseJwt.jwt;
|
||||
return jwt;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -488,15 +488,15 @@ export class IdpRegistrationStepper extends DeesElement {
|
||||
username: this.storedData.email,
|
||||
password: eventArg.detail.data.password,
|
||||
});
|
||||
this.storedData.refreshToken = loginResponse.refreshToken;
|
||||
|
||||
deesForm.setStatus('pending', 'Obtaining JWT...');
|
||||
const jwtResponse = await idpState.idpClient.requests.obtainJwt.fire({
|
||||
refreshToken: this.storedData.refreshToken,
|
||||
});
|
||||
const jwt = await idpState.idpClient.refreshJwt(loginResponse.refreshToken);
|
||||
|
||||
if (!jwt) {
|
||||
deesForm.setStatus('error', 'Failed to establish a login session.');
|
||||
return;
|
||||
}
|
||||
|
||||
deesForm.setStatus('success', 'Ok! Lets Go!');
|
||||
await idpState.idpClient.setJwt(jwtResponse.jwt);
|
||||
idpState.domtools.router.pushUrl('/account');
|
||||
}, { signal });
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user