openid - npm Package Compare versions

Comparing version 0.2.0 to 0.3.0

lib/convert.js

@@ -29,3 +29,3 @@ /* Conversion functions used in OpenID for node.js
 
-var base64 = require('base64').base64;
+var base64 = require('./base64').base64;
 
@@ -32,0 +32,0 @@ function chars_from_hex(inputstr) {

openid.js

@@ -29,7 +29,4 @@ /* OpenID for node.js
 
-require.paths.unshift(__dirname + '/lib');
-require.paths.unshift(__dirname);
-
-var bigint = require('bigint'),
-    convert = require('convert'),
+var bigint = require('./lib/bigint'),
+    convert = require('./lib/convert'),
     crypto = require('crypto'),
@@ -40,3 +37,3 @@ http = require('http'),
     url = require('url'),
-    xrds = require('xrds');
+    xrds = require('./lib/xrds');
 
@@ -68,3 +65,3 @@ var _associations = {};
 
-function _isDef(e)
+var _isDef = function(e)
 {
@@ -75,3 +72,3 @@ var undefined;
 
-function _toBase64(bigint)
+var _toBase64 = function(bigint)
 {
@@ -81,3 +78,3 @@ return convert.base64.encode(convert.btwoc(convert.chars_from_hex(bigint.toString(16))));
 
-function _base64ToPlain(str)
+var _base64ToPlain = function(str)
 {
@@ -87,3 +84,3 @@ return convert.unbtwoc(convert.base64.decode(str));
 
-function _fromBase64(str)
+var _fromBase64 = function(str)
 {
@@ -93,3 +90,3 @@ return new bigint.BigInteger(convert.hex_from_chars(convert.unbtwoc(convert.base64.decode(str))), 16);
 
-function _xor(a, b)
+var _xor = function(a, b)
 {
@@ -110,3 +107,3 @@ if(a.length != b.length)
 
-openid.saveAssociation = function(type, handle, secret, expiry_time)
+openid.saveAssociation = function(provider, type, handle, secret, expiry_time, callback)
 {
@@ -116,13 +113,16 @@ setTimeout(function() {
   }, expiry_time);
-  _associations[handle] = {type : type, secret: secret};
+  _associations[handle] = {provider: provider, type : type, secret: secret};
+  callback(null); // Custom implementations may report error as first argument
 }
 
-openid.loadAssociation = function(handle)
+openid.loadAssociation = function(handle, callback)
 {
   if(_isDef(_associations[handle]))
   {
-    return _associations[handle];
+    callback(null, _associations[handle]);
   }
-
-  return null;
+  else
+  {
+    callback(null, null);
+  }
 }
@@ -156,3 +156,3 @@
 
-function _buildUrl(theUrl, params)
+var _buildUrl = function(theUrl, params)
 {
@@ -182,3 +182,3 @@ theUrl = url.parse(theUrl, true);
 
-function _get(getUrl, params, callback, redirects)
+var _get = function(getUrl, params, callback, redirects)
 {
@@ -234,3 +234,3 @@ redirects = redirects || 5;
 
-function _post(postUrl, data, callback, redirects)
+var _post = function(postUrl, data, callback, redirects)
 {
@@ -288,3 +288,3 @@ redirects = redirects || 5;
 
-function _encodePostData(data)
+var _encodePostData = function(data)
 {
@@ -295,3 +295,3 @@ var encoded = querystring.stringify(data);
 
-function _decodePostData(data)
+var _decodePostData = function(data)
 {
@@ -315,3 +315,3 @@ var lines = data.split('\n');
 
-function _normalizeIdentifier(identifier)
+var _normalizeIdentifier = function(identifier)
 {
@@ -338,3 +338,3 @@ identifier = identifier.replace(/^\s+|\s+$/g, '');
 
-function _parseXrds(xrdsUrl, xrdsData)
+var _parseXrds = function(xrdsUrl, xrdsData)
 {
@@ -382,3 +382,3 @@ var services = xrds.parse(xrdsData);
 
-function _matchMetaTag(html)
+var _matchMetaTag = function(html)
 {
@@ -400,3 +400,3 @@ var metaTagMatches = /<meta\s+.*?http-equiv="x-xrds-location"\s+(.*?)>/ig.exec(html);
 
-function _matchLinkTag(html, rel)
+var _matchLinkTag = function(html, rel)
 {
@@ -419,3 +419,3 @@ var providerLinkMatches = new RegExp('<link\\s+.*?rel=["\'][^"\']*?' + rel + '[^"\']*?["\'].*?>', 'ig').exec(html);
 
-function _parseHtml (htmlUrl, html, callback, hops)
+var _parseHtml = function(htmlUrl, html, callback, hops)
 {
@@ -459,3 +459,3 @@ var metaUrl = _matchMetaTag(html);
 
-function _resolveXri(xriUrl, callback, hops)
+var _resolveXri = function(xriUrl, callback, hops)
 {
@@ -510,3 +510,3 @@ if(!hops)
 
-function _resolveHtml(identifier, callback, hops, data)
+var _resolveHtml = function(identifier, callback, hops, data)
 {
@@ -584,3 +584,3 @@ if(!hops)
 
-function _generateDiffieHellmanParameters(algorithm)
+var _generateDiffieHellmanParameters = function(algorithm)
 {
@@ -646,7 +646,7 @@ var defaultParams = {};
         {
-          callback('Channel is insecure and no encryption method is supported by provider', null);
+          return callback('Channel is insecure and no encryption method is supported by provider', null);
         }
         else
         {
-          openid.associate(provider, callback, strict, 'no-encryption-256');
+          return openid.associate(provider, callback, strict, 'no-encryption-256');
         }
@@ -658,7 +658,19 @@ }
         {
-          callback('Channel is insecure and no encryption method is supported by provider', null);
+          return callback('Channel is insecure and no encryption method is supported by provider', null);
         }
+        /*else if(provider.version.indexOf('2.0') === -1)
+        {
+          // 2011-07-22: This is an OpenID 1.1 provider which means
+          // HMAC-SHA1 has already been attempted with a blank session
+          // type as per the OpenID 1.1 specification.
+          // (See http://openid.net/specs/openid-authentication-1_1.html#mode_associate)
+          // However, providers like wordpress.com don't follow the 
+          // standard and reject these requests, but accept OpenID 2.0
+          // style requests without a session type, so we have to give
+          // those a shot as well.
+          callback('Provider is OpenID 1.1 and does not support OpenID 1.1 association.');
+        }*/
         else
         {
-          openid.associate(provider, callback, strict, 'no-encryption');
+          return openid.associate(provider, callback, strict, 'no-encryption');
         }
@@ -668,10 +680,7 @@ }
       {
-        openid.associate(provider, callback, strict, 'DH-SHA1');
+        return openid.associate(provider, callback, strict, 'DH-SHA1');
       }
-      else
-      {
-        callback(null, data);
-      }
     }
-    else if (data.error)
+
+    if (data.error)
     {
@@ -702,6 +711,11 @@ callback(data.error, data);
 
-      openid.saveAssociation(hashAlgorithm,
-        data.assoc_handle, secret, data.expires_in * 1);
-
-      callback(null, data);
+      openid.saveAssociation(provider, hashAlgorithm,
+        data.assoc_handle, secret, data.expires_in * 1, function(error)
+        {
+          if(error)
+          {
+            return callback(error);
+          }
+          callback(null, data);
+        });
     }
@@ -711,3 +725,3 @@ });
 
-function _generateAssociationRequestParameters(version, algorithm)
+var _generateAssociationRequestParameters = function(version, algorithm)
 {
@@ -829,3 +843,3 @@ var params = {
 
-function _requestAuthentication(provider, assoc_handle, returnUrl, realm, immediate, extensions, callback)
+var _requestAuthentication = function(provider, assoc_handle, returnUrl, realm, immediate, extensions, callback)
 {
@@ -946,3 +960,3 @@ var params = {
 
-function _getAssertionError(params)
+var _getAssertionError = function(params)
 {
@@ -965,3 +979,3 @@ if(!_isDef(params))
 
-function _checkValidHandle(params)
+var _checkValidHandle = function(params)
 {
@@ -971,3 +985,3 @@ return !_isDef(params['openid.invalidate_handle']);
 
-function _verifyDiscoveredInformation(params, callback)
+var _verifyDiscoveredInformation = function(params, callback)
 {
@@ -1020,3 +1034,3 @@ var claimedIdentifier = params['openid.claimed_id'];
 
-function _verifyAssertionAgainstProvider(provider, params, callback)
+var _verifyAssertionAgainstProvider = function(provider, params, callback)
 {
@@ -1039,3 +1053,3 @@ if(provider.endpoint != params['openid.op_endpoint'])
 
-function _checkSignature(params, callback, stateless)
+var _checkSignature = function(params, callback, stateless)
 {
@@ -1058,38 +1072,48 @@ if(!_isDef(params['openid.signed']) ||
 
-function _checkSignatureUsingAssociation(params, callback)
+var _checkSignatureUsingAssociation = function(params, callback)
 {
-  var association = openid.loadAssociation(params['openid.assoc_handle']);
-  if(!association)
+  openid.loadAssociation(params['openid.assoc_handle'], function(error, association)
   {
-    return callback('Invalid association handle', { authenticated: false });
-  }
-
-  var message = '';
-  var signedParams = params['openid.signed'].split(',');
-  for(var i = 0; i < signedParams.length; i++)
-  {
-    var param = signedParams[i];
-    var value = params['openid.' + param];
-    if(!_isDef(value))
+    if(error)
     {
-      return callback('At least one parameter referred in signature is not present in response', { authenticated: false });
+      return callback('Error loading association', { authenticated: false });
     }
-    message += param + ':' + value + '\n';
-  }
+    if(!association)
+    {
+      return callback('Invalid association handle', { authenticated: false });
+    }
+    if(association.provider.version.indexOf('2.0') !== -1 && association.provider.endpoint !== params['openid.op_endpoint'])
+    {
+      return callback('Association handle does not match provided endpoint', {authenticated: false});
+    }
+    
+    var message = '';
+    var signedParams = params['openid.signed'].split(',');
+    for(var i = 0; i < signedParams.length; i++)
+    {
+      var param = signedParams[i];
+      var value = params['openid.' + param];
+      if(!_isDef(value))
+      {
+        return callback('At least one parameter referred in signature is not present in response', { authenticated: false });
+      }
+      message += param + ':' + value + '\n';
+    }
 
-  var hmac = crypto.createHmac(association.type, _base64ToPlain(association.secret));
-  hmac.update(message);
-  var ourSignature = hmac.digest('base64');
+    var hmac = crypto.createHmac(association.type, _base64ToPlain(association.secret));
+    hmac.update(message);
+    var ourSignature = hmac.digest('base64');
 
-  if(ourSignature == params['openid.sig'])
-  {
-    callback(null, { authenticated: true, claimedIdentifier: params['openid.claimed_id'] });
-  }
-  else
-  {
-    callback('Invalid signature', { authenticated: false });
-  }
+    if(ourSignature == params['openid.sig'])
+    {
+      callback(null, { authenticated: true, claimedIdentifier: params['openid.claimed_id'] });
+    }
+    else
+    {
+      callback('Invalid signature', { authenticated: false });
+    }
+  });
 }
 
-function _checkSignatureUsingProvider(params, callback)
+var _checkSignatureUsingProvider = function(params, callback)
 {
@@ -1135,3 +1159,3 @@ var requestParams =
 
-function _getExtensionAlias(params, ns) 
+var _getExtensionAlias = function(params, ns) 
 {
@@ -1138,0 +1162,0 @@ for (var k in params)

package.json

@@ -8,3 +8,3 @@ { "name": "openid",
     "web": "http://ox.no" },
-  "version": "0.2.0",
+  "version": "0.3.0",
   "repository": {
@@ -11,0 +11,0 @@ "type": "git",

README.md

@@ -103,4 +103,4 @@ # OpenID for node.js
 
- - `saveAssociation(type, handle, secret, expiry_time)` is called when a new association is established during authentication
- - `loadAssociation(handle)` is used to retrieve the association identified by `handle` when verification happens
+ - `saveAssociation(provider, type, handle, secret, expiry_time, callback)` is called when a new association is established during authentication. The callback should be called with any error as its first argument (or `null` if no error occured).
+ - `loadAssociation(handle, callback)` is used to retrieve the association identified by `handle` when verification happens. The callback should be called with any error as its first argument (and `null` as the second argument), or an object with the keys `provider`, `type`, `secret` if the association was loaded successfully.
 
@@ -107,0 +107,0 @@ The `openid` module includes default implementations for these functions using a simple object to store the associations in-memory.

sample.js

@@ -26,5 +26,3 @@ /* A simple sample demonstrating OpenID for node.js
 
-require.paths.unshift(__dirname);
-
-var openid = require('openid');
+var openid = require('./openid');
 var url = require('url');
@@ -31,0 +29,0 @@ var querystring = require('querystring');

test/openid_fast_tests.js

@@ -25,6 +25,4 @@ /* OpenID for node.js
  */
-require.paths.unshift(__dirname + '/../');
-
 var assert = require('assert');
-var openid = require('openid');
+var openid = require('../openid');
 
@@ -31,0 +29,0 @@ exports.testVerificationUrl = function(test)

test/openid_integration_tests.js

@@ -25,6 +25,5 @@ /* OpenID for node.js
  */
-require.paths.unshift(__dirname + '/../');
 
 var assert = require('assert');
-var openid = require('openid');
+var openid = require('../openid');
 
@@ -189,1 +188,14 @@ exports.testResolveFailed = function(test)
 }
+
+exports.testSetupAuthenticationWithMyOpenId = function(test)
+{
+    var called = 0;
+    openid.authenticate('https://swatinem.de', 
+    'http://example.com/verify', null, false, false, function(error, url)
+    {
+      assert.ok(called == 0, "callback executed twice");
+      called++;
+      assert.ok(url.indexOf('checkid_setup') !== -1);
+      test.done();
+    });
+}

test/xrds_tests.js

@@ -26,6 +26,4 @@ /* OpenID for node.js
 
-require.paths.unshift(__dirname + '/../lib/');
-
 var assert = require('assert');
-var xrds = require('xrds');
+var xrds = require('../lib/xrds');
 
@@ -32,0 +30,0 @@ exports.testXrdsSampleParse = function(test)

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

108500

increased by1.92%

Lines of code

3148

increased by1.09%

No dependency changes