From 7aeb77b262289d2f81ec5a7f3ab2d8f054ed6c57 Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Tue, 26 Jan 2021 10:18:52 +0100
Subject: [PATCH 1/2] auth: Fix base64url transformation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The problem was that replace only replaces the first occurrence of a string and not all as is needed for this function.
tsconfig.json needed lib to be set to esnext or the replaceAll function won't be available…

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 src/auth/auth.service.ts | 6 +++---
 tsconfig.json            | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index 3d5751e89..9500cef57 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -70,9 +70,9 @@ export class AuthService {
     // base64url is quite easy buildable from base64
     return text
       .toString('base64')
-      .replace('+', '-')
-      .replace('/', '_')
-      .replace(/=+$/, '');
+      .replaceAll(/\+/g, '-')
+      .replaceAll(/\//g, '_')
+      .replaceAll(/=+$/g, '');
   }
 
   async createTokenForUser(
diff --git a/tsconfig.json b/tsconfig.json
index bf10a2398..e129127e1 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -10,6 +10,7 @@
     "sourceMap": true,
     "outDir": "./dist",
     "baseUrl": "./",
-    "incremental": true
+    "incremental": true,
+    "lib": ["esnext"]
   }
 }

From 563f862846230792dd9d3e1cbf748abdc8a25be4 Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Tue, 26 Jan 2021 10:19:12 +0100
Subject: [PATCH 2/2] auth: Encode secret in base64url

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 src/auth/auth.service.ts | 11 +++++------
 tsconfig.json            |  3 +--
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index 9500cef57..b4d0e794f 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -70,9 +70,9 @@ export class AuthService {
     // base64url is quite easy buildable from base64
     return text
       .toString('base64')
-      .replaceAll(/\+/g, '-')
-      .replaceAll(/\//g, '_')
-      .replaceAll(/=+$/g, '');
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/, '');
   }
 
   async createTokenForUser(
@@ -88,10 +88,9 @@ export class AuthService {
         `User '${user.userName}' has already 200 tokens and can't have anymore`,
       );
     }
-    const secret = await this.randomString(64);
+    const secret = this.BufferToBase64Url(await this.randomString(64));
     const keyId = this.BufferToBase64Url(await this.randomString(8));
-    const accessTokenString = await this.hashPassword(secret.toString());
-    const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
+    const accessToken = await this.hashPassword(secret);
     let token;
     // Tokens can only be valid for a maximum of 2 years
     const maximumTokenValidity =
diff --git a/tsconfig.json b/tsconfig.json
index e129127e1..bf10a2398 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -10,7 +10,6 @@
     "sourceMap": true,
     "outDir": "./dist",
     "baseUrl": "./",
-    "incremental": true,
-    "lib": ["esnext"]
+    "incremental": true
   }
 }