passport-openid
Advanced tools
Comparing version 0.2.3 to 0.3.0
@@ -25,12 +25,19 @@ /** | ||
* Applications must supply a `verify` callback which accepts an `identifier`, | ||
* and optionally a service-specific `profile`, and then calls the `done` | ||
* callback supplying a `user`, which should be set to `false` if the | ||
* credentials are not valid. If an exception occured, `err` should be set. | ||
* an optional service-specific `profile`, an optional set of policy extensions | ||
* and then calls the `done` callback supplying a `user`, which should be set to | ||
* `false` if the credentials are not valid. If an exception occured, `err` | ||
* should be set. | ||
* | ||
* Options: | ||
* - `returnURL` URL to which the OpenID provider will redirect the user after authentication | ||
* - `realm` the part of URL-space for which an OpenID authentication request is valid | ||
* - `profile` enable profile exchange, defaults to _false_ | ||
* - `identifierField` field name where the OpenID identifier is found, defaults to 'openid_identifier' | ||
* - `passReqToCallback` when `true`, `req` is the first argument to the verify callback (default: `false`) | ||
* - `returnURL` URL to which the OpenID provider will redirect the user after authentication | ||
* - `realm` the part of URL-space for which an OpenID authentication request is valid | ||
* - `profile` enable profile exchange, defaults to _false_ | ||
* - `pape` when present, enables the OpenID Provider Authentication Policy Extension | ||
* (http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html) | ||
* - `pape.maxAuthAge` sets the PAPE maximum authentication age in seconds | ||
* - `pape.preferredAuthPolicies` sets the preferred set of PAPE authentication policies for the | ||
* relying party to use for example `multi-factor`, `multi-factor-physical` | ||
* or `phishing-resistant` (either an array or a string) | ||
* - `identifierField` field name where the OpenID identifier is found, defaults to 'openid_identifier' | ||
* - `passReqToCallback` when `true`, `req` is the first argument to the verify callback (default: `false`) | ||
* | ||
@@ -53,3 +60,4 @@ * Examples: | ||
* realm: 'http://localhost:3000/', | ||
* profile: true | ||
* profile: true, | ||
* pape: { maxAuthAge : 600 } | ||
* }, | ||
@@ -75,2 +83,3 @@ * function(identifier, profile, done) { | ||
this._profile = options.profile; | ||
this._pape = options.pape; | ||
this._passReqToCallback = options.passReqToCallback; | ||
@@ -95,2 +104,3 @@ | ||
var ax = new openid.AttributeExchange({ | ||
"http://axschema.org/namePerson" : "required", | ||
"http://axschema.org/namePerson/first": "required", | ||
@@ -102,2 +112,18 @@ "http://axschema.org/namePerson/last": "required", | ||
} | ||
if (options.pape) { | ||
var papeOptions = {}; | ||
if (options.pape.hasOwnProperty("maxAuthAge")) { | ||
papeOptions.max_auth_age = options.pape.maxAuthAge; | ||
} | ||
if (options.pape.preferredAuthPolicies) { | ||
if (typeof options.pape.preferredAuthPolicies === "string") { | ||
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies; | ||
} else if (Array.isArray(options.pape.preferredAuthPolicies)) { | ||
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies.join(" "); | ||
} | ||
} | ||
var pape = new openid.PAPE(papeOptions); | ||
extensions.push(pape); | ||
} | ||
@@ -152,3 +178,4 @@ this._relyingParty = new openid.RelyingParty( | ||
var profile = self._parseProfileExt(result); | ||
var pape = self._parsePAPEExt(result); | ||
function verified(err, user, info) { | ||
@@ -160,5 +187,10 @@ if (err) { return self.error(err); } | ||
var arity = self._verify.length; | ||
if (self._passReqToCallback) { | ||
if (arity == 4 || self._profile) { | ||
if (arity == 5) { | ||
self._verify(req, result.claimedIdentifier, profile, pape, verified); | ||
} else if (arity == 4 || self._profile) { | ||
// self._profile check covers the case where callback uses `arguments` | ||
// and arity == 0 | ||
self._verify(req, result.claimedIdentifier, profile, verified); | ||
@@ -169,3 +201,7 @@ } else { | ||
} else { | ||
if (arity == 3 || self._profile) { | ||
if (arity == 4) { | ||
self._verify(result.claimedIdentifier, profile, pape, verified); | ||
} else if (arity == 3 || self._profile) { | ||
// self._profile check covers the case where callback uses `arguments` | ||
// and arity == 0 | ||
self._verify(result.claimedIdentifier, profile, verified); | ||
@@ -403,3 +439,5 @@ } else { | ||
if (!profile.displayName) { | ||
profile.displayName = params['firstname'] + ' ' + params['lastname']; | ||
if (params['firstname'] && params['lastname']) { | ||
profile.displayName = params['firstname'] + ' ' + params['lastname']; | ||
} | ||
} | ||
@@ -409,7 +447,19 @@ if (!profile.emails) { | ||
} | ||
return profile; | ||
} | ||
Strategy.prototype._parsePAPEExt = function(params) { | ||
var pape = {}; | ||
// parse PAPE parameters | ||
if (params['auth_policies']) { | ||
pape.authPolicies = params['auth_policies'].split(' '); | ||
} | ||
if (params['auth_time']) { | ||
pape.authTime = new Date(params['auth_time']); | ||
} | ||
return pape; | ||
} | ||
/** | ||
@@ -416,0 +466,0 @@ * Expose `Strategy`. |
{ | ||
"name": "passport-openid", | ||
"version": "0.2.3", | ||
"version": "0.3.0", | ||
"description": "OpenID authentication strategy for Passport.", | ||
"author": { "name": "Jared Hanson", "email": "jaredhanson@gmail.com", "url": "http://www.jaredhanson.net/" }, | ||
"keywords": ["passport", "openid", "auth", "authn", "authentication", "identity"], | ||
"repository": { | ||
@@ -13,2 +13,11 @@ "type": "git", | ||
}, | ||
"author": { | ||
"name": "Jared Hanson", | ||
"email": "jaredhanson@gmail.com", | ||
"url": "http://www.jaredhanson.net/" | ||
}, | ||
"licenses": [ { | ||
"type": "MIT", | ||
"url": "http://www.opensource.org/licenses/MIT" | ||
} ], | ||
"main": "./lib/passport-openid", | ||
@@ -18,3 +27,3 @@ "dependencies": { | ||
"passport": "~0.1.3", | ||
"openid": "0.4.x" | ||
"openid": "0.5.x" | ||
}, | ||
@@ -27,8 +36,3 @@ "devDependencies": { | ||
}, | ||
"engines": { "node": ">= 0.6.0" }, | ||
"licenses": [ { | ||
"type": "MIT", | ||
"url": "http://www.opensource.org/licenses/MIT" | ||
} ], | ||
"keywords": ["passport", "openid", "auth", "authn", "authentication", "identity"] | ||
"engines": { "node": ">= 0.6.0" } | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
26877
563
0
111
+ Addedopenid@0.5.13(transitive)
- Removedopenid@0.4.2(transitive)
Updatedopenid@0.5.x