From 563f862846230792dd9d3e1cbf748abdc8a25be4 Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Tue, 26 Jan 2021 10:19:12 +0100
Subject: [PATCH] auth: Encode secret in base64url

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 src/auth/auth.service.ts | 11 +++++------
 tsconfig.json            |  3 +--
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index 9500cef57..b4d0e794f 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -70,9 +70,9 @@ export class AuthService {
     // base64url is quite easy buildable from base64
     return text
       .toString('base64')
-      .replaceAll(/\+/g, '-')
-      .replaceAll(/\//g, '_')
-      .replaceAll(/=+$/g, '');
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/, '');
   }
 
   async createTokenForUser(
@@ -88,10 +88,9 @@ export class AuthService {
         `User '${user.userName}' has already 200 tokens and can't have anymore`,
       );
     }
-    const secret = await this.randomString(64);
+    const secret = this.BufferToBase64Url(await this.randomString(64));
     const keyId = this.BufferToBase64Url(await this.randomString(8));
-    const accessTokenString = await this.hashPassword(secret.toString());
-    const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
+    const accessToken = await this.hashPassword(secret);
     let token;
     // Tokens can only be valid for a maximum of 2 years
     const maximumTokenValidity =
diff --git a/tsconfig.json b/tsconfig.json
index e129127e1..bf10a2398 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -10,7 +10,6 @@
     "sourceMap": true,
     "outDir": "./dist",
     "baseUrl": "./",
-    "incremental": true,
-    "lib": ["esnext"]
+    "incremental": true
   }
 }