Comparing version 0.2.0 to 0.3.0
@@ -29,3 +29,3 @@ /* Conversion functions used in OpenID for node.js | ||
var base64 = require('base64').base64; | ||
var base64 = require('./base64').base64; | ||
@@ -32,0 +32,0 @@ function chars_from_hex(inputstr) { |
184
openid.js
@@ -29,7 +29,4 @@ /* OpenID for node.js | ||
require.paths.unshift(__dirname + '/lib'); | ||
require.paths.unshift(__dirname); | ||
var bigint = require('bigint'), | ||
convert = require('convert'), | ||
var bigint = require('./lib/bigint'), | ||
convert = require('./lib/convert'), | ||
crypto = require('crypto'), | ||
@@ -40,3 +37,3 @@ http = require('http'), | ||
url = require('url'), | ||
xrds = require('xrds'); | ||
xrds = require('./lib/xrds'); | ||
@@ -68,3 +65,3 @@ var _associations = {}; | ||
function _isDef(e) | ||
var _isDef = function(e) | ||
{ | ||
@@ -75,3 +72,3 @@ var undefined; | ||
function _toBase64(bigint) | ||
var _toBase64 = function(bigint) | ||
{ | ||
@@ -81,3 +78,3 @@ return convert.base64.encode(convert.btwoc(convert.chars_from_hex(bigint.toString(16)))); | ||
function _base64ToPlain(str) | ||
var _base64ToPlain = function(str) | ||
{ | ||
@@ -87,3 +84,3 @@ return convert.unbtwoc(convert.base64.decode(str)); | ||
function _fromBase64(str) | ||
var _fromBase64 = function(str) | ||
{ | ||
@@ -93,3 +90,3 @@ return new bigint.BigInteger(convert.hex_from_chars(convert.unbtwoc(convert.base64.decode(str))), 16); | ||
function _xor(a, b) | ||
var _xor = function(a, b) | ||
{ | ||
@@ -110,3 +107,3 @@ if(a.length != b.length) | ||
openid.saveAssociation = function(type, handle, secret, expiry_time) | ||
openid.saveAssociation = function(provider, type, handle, secret, expiry_time, callback) | ||
{ | ||
@@ -116,13 +113,16 @@ setTimeout(function() { | ||
}, expiry_time); | ||
_associations[handle] = {type : type, secret: secret}; | ||
_associations[handle] = {provider: provider, type : type, secret: secret}; | ||
callback(null); // Custom implementations may report error as first argument | ||
} | ||
openid.loadAssociation = function(handle) | ||
openid.loadAssociation = function(handle, callback) | ||
{ | ||
if(_isDef(_associations[handle])) | ||
{ | ||
return _associations[handle]; | ||
callback(null, _associations[handle]); | ||
} | ||
return null; | ||
else | ||
{ | ||
callback(null, null); | ||
} | ||
} | ||
@@ -156,3 +156,3 @@ | ||
function _buildUrl(theUrl, params) | ||
var _buildUrl = function(theUrl, params) | ||
{ | ||
@@ -182,3 +182,3 @@ theUrl = url.parse(theUrl, true); | ||
function _get(getUrl, params, callback, redirects) | ||
var _get = function(getUrl, params, callback, redirects) | ||
{ | ||
@@ -234,3 +234,3 @@ redirects = redirects || 5; | ||
function _post(postUrl, data, callback, redirects) | ||
var _post = function(postUrl, data, callback, redirects) | ||
{ | ||
@@ -288,3 +288,3 @@ redirects = redirects || 5; | ||
function _encodePostData(data) | ||
var _encodePostData = function(data) | ||
{ | ||
@@ -295,3 +295,3 @@ var encoded = querystring.stringify(data); | ||
function _decodePostData(data) | ||
var _decodePostData = function(data) | ||
{ | ||
@@ -315,3 +315,3 @@ var lines = data.split('\n'); | ||
function _normalizeIdentifier(identifier) | ||
var _normalizeIdentifier = function(identifier) | ||
{ | ||
@@ -338,3 +338,3 @@ identifier = identifier.replace(/^\s+|\s+$/g, ''); | ||
function _parseXrds(xrdsUrl, xrdsData) | ||
var _parseXrds = function(xrdsUrl, xrdsData) | ||
{ | ||
@@ -382,3 +382,3 @@ var services = xrds.parse(xrdsData); | ||
function _matchMetaTag(html) | ||
var _matchMetaTag = function(html) | ||
{ | ||
@@ -400,3 +400,3 @@ var metaTagMatches = /<meta\s+.*?http-equiv="x-xrds-location"\s+(.*?)>/ig.exec(html); | ||
function _matchLinkTag(html, rel) | ||
var _matchLinkTag = function(html, rel) | ||
{ | ||
@@ -419,3 +419,3 @@ var providerLinkMatches = new RegExp('<link\\s+.*?rel=["\'][^"\']*?' + rel + '[^"\']*?["\'].*?>', 'ig').exec(html); | ||
function _parseHtml (htmlUrl, html, callback, hops) | ||
var _parseHtml = function(htmlUrl, html, callback, hops) | ||
{ | ||
@@ -459,3 +459,3 @@ var metaUrl = _matchMetaTag(html); | ||
function _resolveXri(xriUrl, callback, hops) | ||
var _resolveXri = function(xriUrl, callback, hops) | ||
{ | ||
@@ -510,3 +510,3 @@ if(!hops) | ||
function _resolveHtml(identifier, callback, hops, data) | ||
var _resolveHtml = function(identifier, callback, hops, data) | ||
{ | ||
@@ -584,3 +584,3 @@ if(!hops) | ||
function _generateDiffieHellmanParameters(algorithm) | ||
var _generateDiffieHellmanParameters = function(algorithm) | ||
{ | ||
@@ -646,7 +646,7 @@ var defaultParams = {}; | ||
{ | ||
callback('Channel is insecure and no encryption method is supported by provider', null); | ||
return callback('Channel is insecure and no encryption method is supported by provider', null); | ||
} | ||
else | ||
{ | ||
openid.associate(provider, callback, strict, 'no-encryption-256'); | ||
return openid.associate(provider, callback, strict, 'no-encryption-256'); | ||
} | ||
@@ -658,7 +658,19 @@ } | ||
{ | ||
callback('Channel is insecure and no encryption method is supported by provider', null); | ||
return callback('Channel is insecure and no encryption method is supported by provider', null); | ||
} | ||
/*else if(provider.version.indexOf('2.0') === -1) | ||
{ | ||
// 2011-07-22: This is an OpenID 1.1 provider which means | ||
// HMAC-SHA1 has already been attempted with a blank session | ||
// type as per the OpenID 1.1 specification. | ||
// (See http://openid.net/specs/openid-authentication-1_1.html#mode_associate) | ||
// However, providers like wordpress.com don't follow the | ||
// standard and reject these requests, but accept OpenID 2.0 | ||
// style requests without a session type, so we have to give | ||
// those a shot as well. | ||
callback('Provider is OpenID 1.1 and does not support OpenID 1.1 association.'); | ||
}*/ | ||
else | ||
{ | ||
openid.associate(provider, callback, strict, 'no-encryption'); | ||
return openid.associate(provider, callback, strict, 'no-encryption'); | ||
} | ||
@@ -668,10 +680,7 @@ } | ||
{ | ||
openid.associate(provider, callback, strict, 'DH-SHA1'); | ||
return openid.associate(provider, callback, strict, 'DH-SHA1'); | ||
} | ||
else | ||
{ | ||
callback(null, data); | ||
} | ||
} | ||
else if (data.error) | ||
if (data.error) | ||
{ | ||
@@ -702,6 +711,11 @@ callback(data.error, data); | ||
openid.saveAssociation(hashAlgorithm, | ||
data.assoc_handle, secret, data.expires_in * 1); | ||
callback(null, data); | ||
openid.saveAssociation(provider, hashAlgorithm, | ||
data.assoc_handle, secret, data.expires_in * 1, function(error) | ||
{ | ||
if(error) | ||
{ | ||
return callback(error); | ||
} | ||
callback(null, data); | ||
}); | ||
} | ||
@@ -711,3 +725,3 @@ }); | ||
function _generateAssociationRequestParameters(version, algorithm) | ||
var _generateAssociationRequestParameters = function(version, algorithm) | ||
{ | ||
@@ -829,3 +843,3 @@ var params = { | ||
function _requestAuthentication(provider, assoc_handle, returnUrl, realm, immediate, extensions, callback) | ||
var _requestAuthentication = function(provider, assoc_handle, returnUrl, realm, immediate, extensions, callback) | ||
{ | ||
@@ -946,3 +960,3 @@ var params = { | ||
function _getAssertionError(params) | ||
var _getAssertionError = function(params) | ||
{ | ||
@@ -965,3 +979,3 @@ if(!_isDef(params)) | ||
function _checkValidHandle(params) | ||
var _checkValidHandle = function(params) | ||
{ | ||
@@ -971,3 +985,3 @@ return !_isDef(params['openid.invalidate_handle']); | ||
function _verifyDiscoveredInformation(params, callback) | ||
var _verifyDiscoveredInformation = function(params, callback) | ||
{ | ||
@@ -1020,3 +1034,3 @@ var claimedIdentifier = params['openid.claimed_id']; | ||
function _verifyAssertionAgainstProvider(provider, params, callback) | ||
var _verifyAssertionAgainstProvider = function(provider, params, callback) | ||
{ | ||
@@ -1039,3 +1053,3 @@ if(provider.endpoint != params['openid.op_endpoint']) | ||
function _checkSignature(params, callback, stateless) | ||
var _checkSignature = function(params, callback, stateless) | ||
{ | ||
@@ -1058,38 +1072,48 @@ if(!_isDef(params['openid.signed']) || | ||
function _checkSignatureUsingAssociation(params, callback) | ||
var _checkSignatureUsingAssociation = function(params, callback) | ||
{ | ||
var association = openid.loadAssociation(params['openid.assoc_handle']); | ||
if(!association) | ||
openid.loadAssociation(params['openid.assoc_handle'], function(error, association) | ||
{ | ||
return callback('Invalid association handle', { authenticated: false }); | ||
} | ||
var message = ''; | ||
var signedParams = params['openid.signed'].split(','); | ||
for(var i = 0; i < signedParams.length; i++) | ||
{ | ||
var param = signedParams[i]; | ||
var value = params['openid.' + param]; | ||
if(!_isDef(value)) | ||
if(error) | ||
{ | ||
return callback('At least one parameter referred in signature is not present in response', { authenticated: false }); | ||
return callback('Error loading association', { authenticated: false }); | ||
} | ||
message += param + ':' + value + '\n'; | ||
} | ||
if(!association) | ||
{ | ||
return callback('Invalid association handle', { authenticated: false }); | ||
} | ||
if(association.provider.version.indexOf('2.0') !== -1 && association.provider.endpoint !== params['openid.op_endpoint']) | ||
{ | ||
return callback('Association handle does not match provided endpoint', {authenticated: false}); | ||
} | ||
var message = ''; | ||
var signedParams = params['openid.signed'].split(','); | ||
for(var i = 0; i < signedParams.length; i++) | ||
{ | ||
var param = signedParams[i]; | ||
var value = params['openid.' + param]; | ||
if(!_isDef(value)) | ||
{ | ||
return callback('At least one parameter referred in signature is not present in response', { authenticated: false }); | ||
} | ||
message += param + ':' + value + '\n'; | ||
} | ||
var hmac = crypto.createHmac(association.type, _base64ToPlain(association.secret)); | ||
hmac.update(message); | ||
var ourSignature = hmac.digest('base64'); | ||
var hmac = crypto.createHmac(association.type, _base64ToPlain(association.secret)); | ||
hmac.update(message); | ||
var ourSignature = hmac.digest('base64'); | ||
if(ourSignature == params['openid.sig']) | ||
{ | ||
callback(null, { authenticated: true, claimedIdentifier: params['openid.claimed_id'] }); | ||
} | ||
else | ||
{ | ||
callback('Invalid signature', { authenticated: false }); | ||
} | ||
if(ourSignature == params['openid.sig']) | ||
{ | ||
callback(null, { authenticated: true, claimedIdentifier: params['openid.claimed_id'] }); | ||
} | ||
else | ||
{ | ||
callback('Invalid signature', { authenticated: false }); | ||
} | ||
}); | ||
} | ||
function _checkSignatureUsingProvider(params, callback) | ||
var _checkSignatureUsingProvider = function(params, callback) | ||
{ | ||
@@ -1135,3 +1159,3 @@ var requestParams = | ||
function _getExtensionAlias(params, ns) | ||
var _getExtensionAlias = function(params, ns) | ||
{ | ||
@@ -1138,0 +1162,0 @@ for (var k in params) |
@@ -8,3 +8,3 @@ { "name": "openid", | ||
"web": "http://ox.no" }, | ||
"version": "0.2.0", | ||
"version": "0.3.0", | ||
"repository": { | ||
@@ -11,0 +11,0 @@ "type": "git", |
@@ -103,4 +103,4 @@ # OpenID for node.js | ||
- `saveAssociation(type, handle, secret, expiry_time)` is called when a new association is established during authentication | ||
- `loadAssociation(handle)` is used to retrieve the association identified by `handle` when verification happens | ||
- `saveAssociation(provider, type, handle, secret, expiry_time, callback)` is called when a new association is established during authentication. The callback should be called with any error as its first argument (or `null` if no error occured). | ||
- `loadAssociation(handle, callback)` is used to retrieve the association identified by `handle` when verification happens. The callback should be called with any error as its first argument (and `null` as the second argument), or an object with the keys `provider`, `type`, `secret` if the association was loaded successfully. | ||
@@ -107,0 +107,0 @@ The `openid` module includes default implementations for these functions using a simple object to store the associations in-memory. |
@@ -26,5 +26,3 @@ /* A simple sample demonstrating OpenID for node.js | ||
require.paths.unshift(__dirname); | ||
var openid = require('openid'); | ||
var openid = require('./openid'); | ||
var url = require('url'); | ||
@@ -31,0 +29,0 @@ var querystring = require('querystring'); |
@@ -25,6 +25,4 @@ /* OpenID for node.js | ||
*/ | ||
require.paths.unshift(__dirname + '/../'); | ||
var assert = require('assert'); | ||
var openid = require('openid'); | ||
var openid = require('../openid'); | ||
@@ -31,0 +29,0 @@ exports.testVerificationUrl = function(test) |
@@ -25,6 +25,5 @@ /* OpenID for node.js | ||
*/ | ||
require.paths.unshift(__dirname + '/../'); | ||
var assert = require('assert'); | ||
var openid = require('openid'); | ||
var openid = require('../openid'); | ||
@@ -189,1 +188,14 @@ exports.testResolveFailed = function(test) | ||
} | ||
exports.testSetupAuthenticationWithMyOpenId = function(test) | ||
{ | ||
var called = 0; | ||
openid.authenticate('https://swatinem.de', | ||
'http://example.com/verify', null, false, false, function(error, url) | ||
{ | ||
assert.ok(called == 0, "callback executed twice"); | ||
called++; | ||
assert.ok(url.indexOf('checkid_setup') !== -1); | ||
test.done(); | ||
}); | ||
} |
@@ -26,6 +26,4 @@ /* OpenID for node.js | ||
require.paths.unshift(__dirname + '/../lib/'); | ||
var assert = require('assert'); | ||
var xrds = require('xrds'); | ||
var xrds = require('../lib/xrds'); | ||
@@ -32,0 +30,0 @@ exports.testXrdsSampleParse = function(test) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
108500
3148