Remove duplicate code, move functions of little use to better places.

Author: sebadoom

package-lock.json

@@ -7,7 +7,8 @@
   },
   "dependencies": {
     "express": "^4.16.2",
-    "express-sslify": "^1.2.0"
+    "express-sslify": "^1.2.0",
+    "querystring": "^0.2.0"
   },
   "devDependencies": {
     "@babel/core": "^7.0.0-beta.36",

package.json

@@ -1,5 +1,3 @@
-import { isValidBase64String } from '../utils.js';
-
 import { 
   jws,
   KEYUTIL,
@@ -127,6 +125,36 @@ export function decode(jwt) {
   return result;
 }
 
+export function isValidBase64String(s, urlOnly) {
+  try {
+    const validChars = urlOnly ?
+      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_=' :
+      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_+/=';
+
+    let hasPadding = false;
+    for(let i = 0; i < s.length; ++i) {
+      hasPadding |= s.charAt(i) === '=';
+      if(validChars.indexOf(s.charAt(i)) === -1) {
+        return false;
+      }
+    }
+
+    if(hasPadding) {
+      for(let i = s.indexOf('='); i < s.length; ++i) {
+        if(s.charAt(i) !== '=') {
+          return false;
+        }
+      }
+
+      return s.length % 4 === 0;
+    }
+
+    return true;    
+  } catch (e) {
+    return false;
+  }
+}
+
 export function isToken(jwt, checkTypClaim = false) {
   const decoded = decode(jwt);
 

src/editor/jwt.js

@@ -1,7 +1,6 @@
 import { KEYUTIL } from 'jsrsasign';
 import log from 'loglevel';
 import clipboard from 'clipboard-polyfill';
-import { isToken } from './editor/jwt.js';
 
 export function httpGet(url, cache = true) {
   return new Promise((resolve, reject) => {
@@ -31,36 +30,6 @@ export function httpGet(url, cache = true) {
   });
 }
 
-export function isValidBase64String(s, urlOnly) {
-  try {
-    const validChars = urlOnly ?
-      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_=' :
-      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_+/=';
-
-    let hasPadding = false;
-    for(let i = 0; i < s.length; ++i) {
-      hasPadding |= s.charAt(i) === '=';
-      if(validChars.indexOf(s.charAt(i)) === -1) {
-        return false;
-      }
-    }
-
-    if(hasPadding) {
-      for(let i = s.indexOf('='); i < s.length; ++i) {
-        if(s.charAt(i) !== '=') {
-          return false;
-        }
-      }
-
-      return s.length % 4 === 0;
-    }
-
-    return true;    
-  } catch (e) {
-    return false;
-  }
-};
-
 export function isValidKey(key) {
   // Four tries: no header, header for cert, header for pub key,
   // header for priv key
@@ -118,45 +87,6 @@ export function copyTokenLink(token, publicKeyOptional) {
   return url;
 }
 
-function regexp(body, flag) {
-  return new RegExp("[?&#]" + body + "(?:=([^&#]*)|&|#|$)", flag);
-}
-
-const tokenRegexp = regexp('((?:id_|access_)?token|value)', 'g');
-
-export function getTokensFromLocation() {
-  const { href } = window.location;
-  let name, value;
-  const val = {};
-
-  try {
-    while ([, name, value] = tokenRegexp.exec(href)) {
-      if(isToken(value)) val[name] = value;
-    }
-  } catch (err) {}
-  return val;
-}
-
-// https://stackoverflow.com/questions/901115/how-can-i-get-query-string-values-in-javascript
-export function getParameterByName(name, url) {
-  if(!url) {
-    url = window.location.href;
-  }
-
-  name = name.replace(/[\[\]]/g, "\\$&");
-  
-  const regex = regexp(name);
-  const results = regex.exec(url);
-  if(!results) {
-    return null;
-  }
-  if(!results[1]) {
-    return '';
-  }
-
-  return decodeURIComponent(results[1].replace(/\+/g, " "));
-}
-
 export function isWideScreen() {
   return window.matchMedia('(min-width: 768px)').matches;
 }

src/utils.js

@@ -5,7 +5,6 @@ import { setupTokenEditor, setTokenEditorValue } from '../editor';
 import { setupJwtCounter } from './counter.js';
 import { setupSmoothScrolling } from './smooth-scrolling.js';
 import { setupHighlighting } from './highlighting.js';
-import { getParameterByName, getTokensFromLocation } from '../utils.js';
 import { isChrome, isFirefox } from './utils.js';
 import { setupShareJwtButton } from '../share-button.js';
 import { 
@@ -18,27 +17,29 @@ import {
   shareJwtTextElement
 } from './dom-elements.js';
 
+import queryString from 'querystring';
+
 /* For initialization, look at the end of this file */
 
 function parseLocationQuery() {
-  const publicKey = getParameterByName('publicKey');
-  const { id_token, access_token, value, token } = getTokensFromLocation();
+  const locSearch = queryString.parse(document.location.search.substr(1));
+  const locHash = queryString.parse(document.location.hash.substr(1));
 
-  let scroll = false;
-  if(publicKey) {
-    publicKeyTextArea.value = publicKey;
-    scroll = true;
-  }
+  const token = locSearch.id_token || 
+                locSearch.access_token ||
+                locSearch.value ||
+                locSearch.token;
+  if(token) {
+    setTokenEditorValue(token);
 
-  const val = value || token || id_token || access_token;
-  if(val) {
-    setTokenEditorValue(val);
-    scroll = true;
-  }
+    if(locSearch.publicKey) {
+      publicKeyTextArea.value = locSearch.publicKey;
+    }
 
-  if(scroll) {
     debuggerSection.scrollIntoView(true);
-  }
+  } else if(locHash.token) { // Legacy token passing method (as hash)    
+    setTokenEditorValue(locHash.token);
+  }    
 }
 
 function pickEbookOrExtensionBanner() {

src/website/index.js

@@ -726,7 +726,7 @@ describe('Editor', function() {
     });    
 
     it('Clears the token when the header is edited and there ' +     
-            'is no private key', async function() {
+       'is no private key', async function() {
       await this.page.select('#algorithm-select', 'RS256');
 
       const secretInput = await this.page.$('textarea[name="private-key"]');
@@ -1152,22 +1152,29 @@ describe('Editor', function() {
     );
   });
 
-  describe('parsing tokens from window.location.href', () => {
-    const token = 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.';
+  describe('Parses tokens from window.location.href', () => {
+    const token = defaultTokens.hs384.token;
+    
     ['token', 'value', 'id_token', 'access_token'].forEach((key) => {
+
       [
         `/?${key}=${token}`,
         `/#${key}=${token}`,
         `/?foo=bar&${key}=${token}`,
         `/#foo=bar&${key}=${token}`,
-      ].forEach((structure, i) => {
-        it(`Should parse ${key} from window.location.href [${i}]`, async function () {
-          await this.page.goto(`http://localhost:8000${structure}${key}${i}`);
-          expect(await this.page.evaluate(() => {
-            return window.test.tokenEditor.getValue();
-          })).to.equal(`${token}${key}${i}`);
-        });
-      })
+      ].forEach((searchStr, i) => {
+        this.timeout(20000);
+
+        it(`Should parse ${key} from window.location.href [${i}]`,
+          async function () {
+            await this.page.goto(`http://localhost:8000${searchStr}`);
+            expect(await this.page.evaluate(() => {
+              return window.test.tokenEditor.getValue();
+            })).to.equal(`${token}`);
+          });
+      });
+
     });
+
   });
 });

test/functional/editor.js

@@ -1,11 +1,10 @@
 import * as jwt from '../../../src/editor/jwt.js';
 import tokens from '../../../src/editor/default-tokens.js';
 
-import { utf8tob64u, b64utob64 } from 'jsrsasign';
-
+import { utf8tob64, utf8tob64u, b64utob64 } from 'jsrsasign';
 import log from 'loglevel';
-
 import { should } from 'chai';
+import { randomFillSync } from 'crypto';
 
 should();
 
@@ -200,4 +199,36 @@ describe('JWT', function() {
 
     jwt.verify(token, publicKeyPlainRSA).should.be.true;
   });
+
+  describe('isValidBase64String', function() {
+    // Generate random data of different sizes.
+    const data = [];
+    for(let i = 0; i < 1000; ++i) {
+      let bytes = new Uint8Array(i);
+      randomFillSync(bytes);
+      bytes = String.fromCharCode.apply(null, bytes);
+
+      data.push({
+        b64: utf8tob64(bytes),
+        b64u: utf8tob64u(bytes)
+      });
+    }
+
+    it('detects valid Base64 and Base64URL strings', function() {
+      data.forEach(d => {
+        jwt.isValidBase64String(d.b64, false).should.be.true;
+        jwt.isValidBase64String(d.b64u, false).should.be.true;
+        jwt.isValidBase64String(d.b64u).should.be.true;
+        jwt.isValidBase64String(d.b64u, true).should.be.true;
+      });
+    });
+
+    it('fails on invalid Base64 and Base64 URL strings', function() {
+      data.forEach(d => {
+        if(d.b64.match(/[\+\/]/)) {
+          jwt.isValidBase64String(d.b64, true).should.be.false;
+        }
+      });
+    });
+  });
 });

test/unit/editor/jwt.js

@@ -2,7 +2,7 @@ import chai from 'chai';
 import chaiAsPromised from 'chai-as-promised';
 import xhrMock from 'xhr-mock';
 
-import { httpGet, isValidBase64String } from '../../src/utils.js';
+import { httpGet } from '../../src/utils.js';
 import { utf8tob64, utf8tob64u } from 'jsrsasign';
 
 import { randomFillSync } from 'crypto';
@@ -11,38 +11,6 @@ chai.use(chaiAsPromised);
 chai.should();
 
 describe('Generic utils', function() {
-  describe('isValidBase64String', function() {
-    // Generate random data of different sizes.
-    const data = [];
-    for(let i = 0; i < 1000; ++i) {
-      let bytes = new Uint8Array(i);
-      randomFillSync(bytes);
-      bytes = String.fromCharCode.apply(null, bytes);
-
-      data.push({
-        b64: utf8tob64(bytes),
-        b64u: utf8tob64u(bytes)
-      });
-    }
-
-    it('detects valid Base64 and Base64URL strings', function() {
-      data.forEach(d => {
-        isValidBase64String(d.b64, false).should.be.true;
-        isValidBase64String(d.b64u, false).should.be.true;
-        isValidBase64String(d.b64u).should.be.true;
-        isValidBase64String(d.b64u, true).should.be.true;
-      });
-    });
-
-    it('fails on invalid Base64 and Base64 URL strings', function() {
-      data.forEach(d => {
-        if(d.b64.match(/[\+\/]/)) {
-          isValidBase64String(d.b64, true).should.be.false;
-        }
-      });
-    });
-  });
-
   describe('httpGet', function() {
     const url = '/';
     const reply = 'test';