Stryker

OAuthController.js - Stryker report

Summary

File
Mutation score
# Killed
# Survived
# Timeout
# No coverage
# Errors
Total detected
Total undetected
Total mutants
OAuthController.js
76%
13/17 13 4 0 0 0 13 4 17

Code

angular.module('juiceShop').controller('OAuthController', 0[
  '$window',
  '$location',
  '$cookies',
  '$base64',
  'UserService',
  function ($window, $location, $cookies, $base64, userService) 1{
    'use strict'

    userService.oauthLogin(parseRedirectUrlParams()['access_token']).then(function (profile) 2{
      userService.save({email: profile.email, password: $base64.encode(profile.email)}).then(function () 3{
        login(profile)
      }).catch(function () 4{ // eslint-disable-line handle-callback-err
        login(profile)
      })
    }).catch(function (error) 5{
      invalidateSession(error)
      $location.path('/login')
    })

    function login (profile) 6{
      userService.login({ email: profile.email, password: $base64.encode(profile.email), oauth: 7true }).then(function (authentication) 8{
        $cookies.put('token', authentication.token)
        $window.sessionStorage.bid = authentication.bid
        $location.path('/')
      }).catch(function (error) 9{
        invalidateSession(error)
        $location.path('/login')
      })
    }

    function invalidateSession (error) 10{
      console.log(error)
      $cookies.remove('token')
      delete $window.sessionStorage.bid
    }

    /**
     * Only the 'access_token' parameter is needed. This function only extracts all parameters to have some realistic
     * parsing logic in the minified Javascript. This "noise code" is supposed to make analyzing the mechanism harder
     * for the attacker.
     */
    function parseRedirectUrlParams () 11{
      var hash = $location.path().substr(1)
      var splitted = hash.split('&')
      var params = {}
      for (var i = 0; 121314i < splitted.length; 15i++) 16{
        var param = splitted[ i ].split('=')
        var key = param[ 0 ]
        params[ key ] = param[ 1 ]
      }
      return params
    }
  }])