chore: made oauth server methods async

Now is async: - renderEndOfLoginResponse - _renderOauthResults - _endOfLoginResponse _endOfRedirectResponseTemplate and _endOfPopupResponseTemplate are now async functions that return the same result as before
2026-05-02 03:01:46 -04:00 · 2022-12-28 14:42:55 -03:00
parent 91dad1ab50
commit fda4c17d5c
1 changed files with 14 additions and 13 deletions
--- a/packages/oauth/oauth_server.js
+++ b/packages/oauth/oauth_server.js
@@ -251,7 +251,7 @@ const isSafe = value => {
 };

 // Internal: used by the oauth1 and oauth2 packages
-OAuth._renderOauthResults = (res, query, credentialSecret) => {
+OAuth._renderOauthResults = async (res, query, credentialSecret) => {
  // For tests, we support the `only_credential_secret_for_test`
  // parameter, which just returns the credential secret without any
  // surrounding HTML. (The test needs to be able to easily grab the
@@ -282,21 +282,23 @@ OAuth._renderOauthResults = (res, query, credentialSecret) => {
      }
    }

-    OAuth._endOfLoginResponse(res, details);
+    await OAuth._endOfLoginResponse(res, details);
  }
 };

-const getAsset = async (name) => {
-  return await new Promise((resolve, reject) => Assets.getText(
+const getAsset = (name) => {
+  return new Promise((resolve, reject) => Assets.getText(
    `${name}.html`,
    (err, data) => err ? reject(err) : resolve(data)))
 }
 // This "template" (not a real Spacebars template, just an HTML file
 // with some ##PLACEHOLDER##s) communicates the credential secret back
 // to the main window and then closes the popup.
-OAuth._endOfPopupResponseTemplate = getAsset('end_of_popup_response')
+OAuth._endOfPopupResponseTemplate =
+  async () => await getAsset('end_of_popup_response')

-OAuth._endOfRedirectResponseTemplate = getAsset('end_of_redirect_response')
+OAuth._endOfRedirectResponseTemplate =
+  async () => await getAsset('end_of_redirect_response')

 // Renders the end of login response template into some HTML and JavaScript
 // that closes the popup or redirects at the end of the OAuth flow.
@@ -309,7 +311,7 @@ OAuth._endOfRedirectResponseTemplate = getAsset('end_of_redirect_response')
 //   - redirectUrl
 //   - isCordova (boolean)
 //
-const renderEndOfLoginResponse = options => {
+const renderEndOfLoginResponse = async options => {
  // It would be nice to use Blaze here, but it's a little tricky
  // because our mustaches would be inside a <script> tag, and Blaze
  // would treat the <script> tag contents as text (e.g. encode '&' as
@@ -341,13 +343,12 @@ const renderEndOfLoginResponse = options => {

  let template;
  if (options.loginStyle === 'popup') {
-    template = OAuth._endOfPopupResponseTemplate;
+    template = await OAuth._endOfPopupResponseTemplate();
  } else if (options.loginStyle === 'redirect') {
-    template = OAuth._endOfRedirectResponseTemplate;
+    template = await OAuth._endOfRedirectResponseTemplate();
  } else {
    throw new Error(`invalid loginStyle: ${options.loginStyle}`);
  }
-
  const result = template.replace(/##CONFIG##/, JSON.stringify(config))
    .replace(
      /##ROOT_URL_PATH_PREFIX##/, __meteor_runtime_config__.ROOT_URL_PATH_PREFIX
@@ -387,7 +388,7 @@ const renderEndOfLoginResponse = options => {
 //        so shouldn't be trusted for security decisions or included in
 //        the response without sanitizing it first. Only one of `error`
 //        or `credentials` should be set.
-OAuth._endOfLoginResponse = (res, details) => {
+OAuth._endOfLoginResponse = async (res, details) => {
  res.writeHead(200, {'Content-Type': 'text/html'});

  let redirectUrl;
@@ -409,7 +410,7 @@ OAuth._endOfLoginResponse = (res, details) => {
    Log.warn("Error in OAuth Server: " +
             (details.error instanceof Error ?
              details.error.message : details.error));
-    res.end(renderEndOfLoginResponse({
+    res.end(await renderEndOfLoginResponse({
      loginStyle: details.loginStyle,
      setCredentialToken: false,
      redirectUrl,
@@ -421,7 +422,7 @@ OAuth._endOfLoginResponse = (res, details) => {
  // If we have a credentialSecret, report it back to the parent
  // window, with the corresponding credentialToken. The parent window
  // uses the credentialToken and credentialSecret to log in over DDP.
-  res.end(renderEndOfLoginResponse({
+  res.end(await renderEndOfLoginResponse({
    loginStyle: details.loginStyle,
    setCredentialToken: true,
    credentialToken: details.credentials.token,