feat(devices): added fxa-deviceId to the signed certificate

Author: dannycoates

lib/db.js

@@ -453,6 +453,31 @@ module.exports = function (
       )
   }
 
+  DB.prototype.sessionWithDevice = function (id) {
+    log.trace({ op: 'DB.sessionWithDevice', id: id })
+    return this.pool.get('/sessionToken/' + id.toString('hex') + '/device')
+    .then(
+      function (body) {
+        var data = bufferize(body, {
+          ignore: [
+            'uaBrowser',
+            'uaBrowserVersion',
+            'uaOS',
+            'uaOSVersion',
+            'uaDeviceType'
+          ]
+        })
+        return SessionToken.fromHex(data.tokenData, data)
+      },
+      function (err) {
+        if (isNotFoundError(err)) {
+          err = error.invalidToken()
+        }
+        throw err
+      }
+    )
+  }
+
   // UPDATE
 
   DB.prototype.updatePasswordForgotToken = function (token) {

lib/routes/sign.js

@@ -12,7 +12,7 @@ module.exports = function (log, isA, error, signer, db, domain) {
       path: '/certificate/sign',
       config: {
         auth: {
-          strategy: 'sessionToken',
+          strategy: 'sessionTokenWithDevice',
           payload: 'required'
         },
         validate: {
@@ -88,23 +88,36 @@ module.exports = function (log, isA, error, signer, db, domain) {
           }
         }
         var uid = sessionToken.uid.toString('hex')
-        signer.sign(
+        var deviceId = sessionToken.deviceId ?
+          sessionToken.deviceId.toString('hex') : null
+
+        return signer.sign(
           {
             email: uid + '@' + domain,
             publicKey: publicKey,
             domain: domain,
             duration: duration,
             generation: sessionToken.verifierSetAt,
             lastAuthAt: sessionToken.lastAuthAt(),
-            verifiedEmail: sessionToken.email
+            verifiedEmail: sessionToken.email,
+            deviceId: deviceId
           }
-        ).then(function(certResult) {
-          log.activityEvent('account.signed', request, {
-            uid: uid,
-            account_created_at: sessionToken.accountCreatedAt
-          })
-          reply(certResult)
-        }, reply)
+        )
+        .then(
+          function(certResult) {
+            log.activityEvent(
+              'account.signed',
+              request,
+              {
+                uid: uid,
+                account_created_at: sessionToken.accountCreatedAt,
+                device_id: deviceId
+              }
+            )
+            reply(certResult)
+          },
+          reply
+        )
       }
     }
   ]

lib/server.js

@@ -106,6 +106,14 @@ function create(log, error, config, routes, db) {
   server.connection(connectionOptions)
 
   server.register(require('hapi-auth-hawk'), function (err) {
+    server.auth.strategy(
+      'sessionTokenWithDevice',
+      'hawk',
+      {
+        getCredentialsFunc: makeCredentialFn(db.sessionWithDevice.bind(db)),
+        hawk: hawkOptions
+      }
+    )
     server.auth.strategy(
       'sessionToken',
       'hawk',

lib/signer.js

@@ -21,7 +21,8 @@ module.exports = function (secretKeyFile, domain) {
           exp: now + data.duration,
           'fxa-generation': data.generation,
           'fxa-lastAuthAt': data.lastAuthAt,
-          'fxa-verifiedEmail': data.verifiedEmail
+          'fxa-verifiedEmail': data.verifiedEmail,
+          'fxa-deviceId': data.deviceId
         }
       )
       .then(

lib/tokens/session_token.js

@@ -14,7 +14,8 @@ module.exports = function (log, inherits, Token) {
 
   function SessionToken(keys, details) {
     Token.call(this, keys, details)
-    this.forceUpdate(details)
+    this.setUserAgentInfo(details)
+    this.setDeviceInfo(details)
     this.email = details.email || null
     this.emailCode = details.emailCode || null
     this.emailVerified = !!details.emailVerified
@@ -60,7 +61,7 @@ module.exports = function (log, inherits, Token) {
       return false
     }
 
-    this.forceUpdate(freshData)
+    this.setUserAgentInfo(freshData)
 
     return true
   }
@@ -83,7 +84,7 @@ module.exports = function (log, inherits, Token) {
     return result
   }
 
-  SessionToken.prototype.forceUpdate = function (data) {
+  SessionToken.prototype.setUserAgentInfo = function (data) {
     this.uaBrowser = data.uaBrowser
     this.uaBrowserVersion = data.uaBrowserVersion
     this.uaOS = data.uaOS
@@ -92,6 +93,15 @@ module.exports = function (log, inherits, Token) {
     this.lastAccessTime = data.lastAccessTime
   }
 
+  SessionToken.prototype.setDeviceInfo = function (data) {
+    this.deviceId = data.deviceId
+    this.deviceName = data.deviceName
+    this.deviceType = data.deviceType
+    this.deviceCreatedAt = data.deviceCreatedAt
+    this.callbackURL = data.callbackURL
+    this.callbackPublicKey = data.callbackPublicKey
+  }
+
   return SessionToken
 }
 

npm-shrinkwrap.json

@@ -26,7 +26,7 @@ test(
         t.equal(typeof token.lastAuthAt, 'function', 'lastAuthAt method is defined')
         t.equal(typeof token.update, 'function', 'update method is defined')
         t.equal(typeof token.isFresh, 'function', 'isFresh method is defined')
-        t.equal(typeof token.forceUpdate, 'function', 'forceUpdate method is defined')
+        t.equal(typeof token.setUserAgentInfo, 'function', 'setUserAgentInfo method is defined')
       })
   }
 )
@@ -81,11 +81,11 @@ test(
 )
 
 test(
-  'SessionToken.forceUpdate',
+  'SessionToken.setUserAgentInfo',
   function (t) {
     return SessionToken.create(ACCOUNT)
       .then(function (token) {
-        token.forceUpdate({
+        token.setUserAgentInfo({
           data: 'foo',
           tokenId: 'foo',
           authKey: 'foo',
@@ -217,7 +217,7 @@ test(
       sinon.stub(SessionToken.prototype, 'isFresh', function () {
         return true
       })
-      sinon.spy(SessionToken.prototype, 'forceUpdate')
+      sinon.spy(SessionToken.prototype, 'setUserAgentInfo')
 
       t.equal(
         token.update(
@@ -240,11 +240,11 @@ test(
       t.ok(isFreshData.lastAccessTime > Date.now() - 10000, 'lastAccessTime was greater than 10 seconds ago')
       t.ok(isFreshData.lastAccessTime < Date.now(), 'lastAccessTime was less then Date.now()')
 
-      t.equal(SessionToken.prototype.forceUpdate.callCount, 0, 'forceUpdate was not called')
+      t.equal(SessionToken.prototype.setUserAgentInfo.callCount, 0, 'setUserAgentInfo was not called')
     })
     .finally(function () {
       SessionToken.prototype.isFresh.restore()
-      SessionToken.prototype.forceUpdate.restore()
+      SessionToken.prototype.setUserAgentInfo.restore()
     })
   }
 )
@@ -257,7 +257,7 @@ test(
         sinon.stub(SessionToken.prototype, 'isFresh', function () {
           return false
         })
-        sinon.spy(SessionToken.prototype, 'forceUpdate')
+        sinon.spy(SessionToken.prototype, 'setUserAgentInfo')
 
         t.equal(
           token.update(
@@ -266,19 +266,18 @@ test(
         )
 
         t.equal(SessionToken.prototype.isFresh.callCount, 1, 'isFresh was called once')
-        var isFreshArgs = SessionToken.prototype.forceUpdate.args[0]
+        var isFreshArgs = SessionToken.prototype.setUserAgentInfo.args[0]
         t.equal(isFreshArgs.length, 1, 'isFresh was passed one argument')
 
-        t.equal(SessionToken.prototype.forceUpdate.callCount, 1, 'forceUpdate called once')
-        t.equal(SessionToken.prototype.forceUpdate.thisValues[0], token, 'forceUpdate context was token')
-        var forceUpdateArgs = SessionToken.prototype.forceUpdate.args[0]
-        t.equal(forceUpdateArgs.length, 1, 'forceUpdate was passed one argument')
-        t.deepEqual(forceUpdateArgs[0], isFreshArgs[0], 'forceUpdate was passed correct argument')
+        t.equal(SessionToken.prototype.setUserAgentInfo.callCount, 1, 'setUserAgentInfo called once')
+        t.equal(SessionToken.prototype.setUserAgentInfo.thisValues[0], token, 'setUserAgentInfo context was token')
+        var setUserAgentInfoArgs = SessionToken.prototype.setUserAgentInfo.args[0]
+        t.equal(setUserAgentInfoArgs.length, 1, 'setUserAgentInfo was passed one argument')
+        t.deepEqual(setUserAgentInfoArgs[0], isFreshArgs[0], 'setUserAgentInfo was passed correct argument')
       })
       .finally(function () {
         SessionToken.prototype.isFresh.restore()
-        SessionToken.prototype.forceUpdate.restore()
+        SessionToken.prototype.setUserAgentInfo.restore()
       })
   }
 )
-