-
Notifications
You must be signed in to change notification settings - Fork 447
/
Copy pathopenid.js
113 lines (107 loc) · 3.88 KB
/
openid.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
var everyModule = require('./everymodule')
, oid = require('openid')
, url = require('url')
, extractHostname = require('../utils').extractHostname;
var openid = module.exports =
everyModule.submodule('openid')
.configurable({
simpleRegistration: 'e.g., {"nickname" : true}'
, attributeExchange: 'eg {"http://axschema.org/contact/email": "required"}'
, myHostname: 'e.g., http://localhost:3000 . Notice no trailing slash'
, alwaysDetectHostname: 'does not cache myHostname once. Instead, re-detect it on every request. Good for multiple subdomain architectures'
, redirectPath : 'The path to redirect To'
, openidURLField : 'The post field to use for open id'
})
.definit( function () {
this.relyingParty = new oid.RelyingParty(this.myHostname() + this.callbackPath(), null, false, false, [
new oid.UserInterface()
, new oid.SimpleRegistration(this.simpleRegistration())
, new oid.AttributeExchange(this.attributeExchange())
]);
})
.get('entryPath',
'the link a user follows, whereupon you kick off the OpenId auth process - e.g., "/auth/openid"')
.step('sendToAuthenticationUri')
.description('sends the user to the providers openid authUrl')
.accepts('req res next')
.promises(null)
.get('callbackPath',
'the callback path that the 3rd party Openid provider redirects to after an authorization result - e.g., "/auth/openid/callback"')
.step('verifyAttributes')
.description('verifies the return attributes')
.accepts('req res next')
.promises('userAttributes')
.step('getSession')
.accepts('req')
.promises('session')
.step('findOrCreateUser')
.accepts('session userAttributes')
.promises('user')
.step('addToSession')
.accepts('session user')
.promises(null)
.step('sendResponse')
.accepts('res')
.promises(null)
.sendToAuthenticationUri(function(req,res) {
// Automatic hostname detection + assignment
if (!this._myHostname || this._alwaysDetectHostname) {
this.myHostname(extractHostname(req));
}
var self = this;
var p = this.Promise();
this.relyingParty.authenticate(req.query[this.openidURLField()], false, function(err,authenticationUrl){
if(err) return p.fail(err);
self.redirect(res, authenticationUrl);
});
p.fulfill();
return p;
})
.getSession( function(req) {
return req.session;
})
.verifyAttributes(function(req,res) {
var p = this.Promise();
this.relyingParty.verifyAssertion(req, function (err,userAttributes) {
if(err) return p.fail(err);
p.fulfill(userAttributes)
});
return p;
})
.addToSession( function (sess, user) {
var _auth = sess.auth || (sess.auth = {})
, mod = _auth[this.name] || (_auth[this.name] = {});
_auth.loggedIn = true;
_auth.userId = user[this._userPkey];
mod.user = user;
})
.sendResponse( function (res) {
var redirectTo = this.redirectPath();
if (!redirectTo)
throw new Error('You must configure a redirectPath');
this.redirect(res, redirectTo);
})
.redirectPath('/')
.entryPath('/auth/openid')
.callbackPath('/auth/openid/callback')
.simpleRegistration({
"nickname" : true
, "email" : true
, "fullname" : true
, "dob" : true
, "gender" : true
, "postcode" : true
, "country" : true
, "language" : true
, "timezone" : true
})
.attributeExchange({
"http://axschema.org/contact/email" : "required"
, "http://axschema.org/namePerson/friendly" : "required"
, "http://axschema.org/namePerson" : "required"
, "http://axschema.org/namePerson/first" : "required"
, "http://axschema.org/contact/country/home": "required"
, "http://axschema.org/media/image/default" : "required"
, "http://axschema.org/x/media/signature" : "required"
})
.openidURLField('openid_identifier');