mansar.io

MuneebAnsari · Apr 15, 2024 · 29e7519 · 29e7519
1 parent 1639c61
commit 29e7519
Showing 1 changed file with 99 additions and 24 deletions.
diff --git a/verifyemail/index.html b/verifyemail/index.html
@@ -86,9 +86,9 @@
       return urlParams.get("session_token");
     }
 
-    function goToContinueUri() {
+    async function goToContinueUri() {
       const receivedToken = getSessionToken();
-      const updatedSessionToken = updatedToken(receivedToken);
+      const updatedSessionToken = await updatedToken(receivedToken);
 
       const continueUri = `https://login.mansar.io/continue?state=${getState()}&session_token=${updatedSessionToken}`;
       let iframe = document.createElement("iframe");
@@ -107,32 +107,107 @@
         "com.etr407.ciam.androidharness://login.mansar.io/custom";
     }
 
-    function updatedToken(receivedToken) {
-      console.log("receivedToken", receivedToken);
-      function decodeJwt(token) {
-        const payload = token.split(".")[1];
-        return JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
-      }
+    async function importKey(data) {
+      var key = await crypto.subtle.importKey(
+        "raw",
+        new TextEncoder().encode(data),
+        {
+          name: "HMAC",
+          hash: { name: "SHA-512" },
+        },
+        false,
+        ["sign", "verify"]
+      );
+      return key;
+    }
 
-      function signJwt(payload, secret) {
-        const header = { alg: "HS256", typ: "JWT" };
-        const headerEncoded = btoa(JSON.stringify(header)).replace(/=/g, "");
-        const payloadEncoded = btoa(JSON.stringify(payload)).replace(/=/g, "");
-        console.log(payloadEncoded);
-        // const signature = btoa(headerEncoded + "." + payloadEncoded);
-        return headerEncoded + "." + payloadEncoded + "." + secret;
+    function decodeJwt(token) {
+      const payload = token.split(".")[1];
+      return JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
+    }
+    async function updatedToken(receivedToken) {
+      function base64urlEncode(str) {
+        return btoa(str)
+          .replace(/\+/g, "-")
+          .replace(/\//g, "_")
+          .replace(/=/g, "");
       }
 
       let decodedPayload = decodeJwt(receivedToken);
-      console.log(decodedPayload);
-      decodedPayload = { status: "abc", ...decodedPayload };
-      console.log(decodedPayload);
-      const secret =
-        "acec655005ad1288027db5d9cf1d232795b11894d8750aaa11e5b11102fa38f9";
-      const updatedToken = signJwt(decodedPayload, secret);
-
-      console.log("Updated Tokenn:", updatedToken);
-      return updatedToken;
+      console.log("decodedPayload", decodedPayload);
+      const updatedPayload = { status: "abc", ...decodedPayload };
+
+      const updatedPayloadString = JSON.stringify(updatedPayload);
+
+      const sharedSecret = await importKey(
+        "acec655005ad1288027db5d9cf1d232795b11894d8750aaa11e5b11102fa38f9"
+      );
+      const signature = await crypto.subtle.sign(
+        { name: "HMAC", hash: "SHA-256" },
+        sharedSecret,
+        new TextEncoder().encode(updatedPayloadString)
+      );
+
+      const headerBase64url = base64urlEncode(
+        JSON.stringify({
+          alg: "HS256",
+          typ: "JWT",
+        })
+      );
+
+      const payloadBase64url = base64urlEncode(updatedPayloadString);
+      const signatureBase64url = base64urlEncode(
+        String.fromCharCode.apply(null, new Uint8Array(signature))
+      );
+      const jwt = `${headerBase64url}.${payloadBase64url}.${signatureBase64url}`;
+      console.log("Result", jwt);
+      return jwt;
     }
+
+    // function updatedToken(receivedToken) {
+    //   console.log("receivedToken", receivedToken);
+    //   function decodeJwt(token) {
+    //     var base64Url = token.split(".")[1];
+    //     var base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
+    //     var jsonPayload = decodeURIComponent(
+    //       window
+    //         .atob(base64)
+    //         .split("")
+    //         .map(function (c) {
+    //           return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
+    //         })
+    //         .join("")
+    //     );
+
+    //     return JSON.parse(jsonPayload);
+    //   }
+    //   // function decodeJwt(token) {
+    //   //   const payload = token.split(".")[1];
+    //   //   return JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
+    //   // }
+
+    //   function signJwt(payload, secret) {
+    //     const header = { alg: "HS256", typ: "JWT" };
+    //     console.log("HEADER", CryptoJS.enc.Base64.stringify(header));
+    //     const headerEncoded = btoa(JSON.stringify(header)).replace(/=/g, "");
+    //     const payloadEncoded = btoa(JSON.stringify(payload)).replace(/=/g, "");
+    //     console.log(payloadEncoded);
+    //     // const signature = btoa(headerEncoded + "." + payloadEncoded);
+    //     const unsignedToken = headerEncoded + "." + payloadEncoded;
+    //     // const jwt = unsignedToken + "." +
+    //     return headerEncoded + "." + payloadEncoded + "." + secret;
+    //   }
+
+    //   let decodedPayload = decodeJwt(receivedToken);
+    //   console.log(decodedPayload);
+    //   decodedPayload = { status: "abc", ...decodedPayload };
+    //   console.log(decodedPayload);
+    //   const secret =
+    //     "acec655005ad1288027db5d9cf1d232795b11894d8750aaa11e5b11102fa38f9";
+    //   const updatedToken = signJwt(decodedPayload, secret);
+
+    //   console.log("Updated Tokenn:", updatedToken);
+    //   return updatedToken;
+    // }
   </script>
 </html>