laminelam commented on code in PR #1791: URL: https://github.com/apache/solr/pull/1791#discussion_r1298538572
########## solr/webapp/web/js/angular/services.js: ########## @@ -286,8 +286,74 @@ solrAdminServices.factory('System', }) }]) .factory('AuthenticationService', - ['base64', function (base64) { - var service = {}; + ['base64', '$resource', function (base64, $resource) { + var service = {}; + + service.getOAuthTokens = function (url, data) { + var serializedData = serialize(data); + var resource = $resource(url, {}, { + getToken: { + method: 'POST', + timeout: 10000, + headers: { + 'Content-Type': 'application/x-www-form-urlencoded', + 'X-Requested-With': undefined // Set this header to undefined to prevent preflight requests + }, + transformResponse: function (data) { + return angular.fromJson(data); + } + } + }); + return resource.getToken({}, serializedData).$promise; + }; + + var codeChallengeMethod = "S256"; + service.getCodeChallengeMethod = function getCodeChallengeMethod() { + return codeChallengeMethod; + } + + service.generateCodeVerifier = function generateCodeVerifier() { + var codeVerifier = ''; + var possibleChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~'; + for (var i = 0; i < 96; i++) { + codeVerifier += possibleChars.charAt(Math.floor(Math.random() * possibleChars.length)); + } + return codeVerifier; + } + + service.generateCodeChallengeFromVerifier = async function generateCodeChallengeFromVerifier(v) { + var hashed = await sha256(v); + var base64encoded = base64urlencode(hashed); + return base64encoded; + } + + function sha256(str) { + const encoder = new TextEncoder(); + return window.crypto.subtle.digest("SHA-256", encoder.encode(str)); Review Comment: That's a good catch. I only tested on localhost and https hosts. I think you're right, this would't work on http. Why do you suggest? Keep it as it is and require https for this plugin, or change the code to support http? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org