wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

real fix for #1

Browse Source 
check for match on id for github, google and twitter, and match on email for persona
This commit is contained in:
Paul Rodwell
2016-07-07 10:50:14 +01:00
parent 9b2f5604fc
commit 1932a2cdcf
1 changed files with 35 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
server/social.coffee
View File

@ -37,8 +37,6 @@ module.exports = exports = (log, loga, argv) ->
statusDir = argv.status statusDir = argv.status
console.log "statusDir: ", statusDir
idFile = argv.id idFile = argv.id
usingPersona = false usingPersona = false
@ -73,7 +71,6 @@ module.exports = exports = (log, loga, argv) ->
fs.readFile(idFile, (err, data) -> fs.readFile(idFile, (err, data) ->
if err then return cb err if err then return cb err
owner = JSON.parse(data) owner = JSON.parse(data)
console.log 'retrieveOwner owner: ', owner
if _.has(owner, 'persona') if _.has(owner, 'persona')
usingPersona = true usingPersona = true
cb()) cb())
@ -116,10 +113,19 @@ module.exports = exports = (log, loga, argv) ->
else else
try try
idProvider = req.session.passport.user.provider idProvider = req.session.passport.user.provider
switch idProvider
when 'github', 'google', 'twitter'
if _.isEqual(owner[idProvider].id, req.session.passport.user.id) if _.isEqual(owner[idProvider].id, req.session.passport.user.id)
return true return true
else else
return false return false
when 'persona'
if _.isEqual(owner[idProvider].email, req.session.passport.user.email)
return true
else
return false
else
return false
catch error catch error
return false return false
@ -128,10 +134,19 @@ module.exports = exports = (log, loga, argv) ->
try try
if admin if admin
idProvider = req.session.passport.user.provider idProvider = req.session.passport.user.provider
switch idProvider
when 'github', 'google', 'twitter'
if _.isEqual(admin[idProvider].id, req.session.passport.user.id) if _.isEqual(admin[idProvider].id, req.session.passport.user.id)
return true return true
else else
return false return false
when 'persona'
if _.isEqual(admin[idProvider].email, req.session.passport.user.email)
return true
else
return false
else
return false
catch error catch error
return false return false
@ -164,11 +179,11 @@ module.exports = exports = (log, loga, argv) ->
# the OAuth application settings - so we don't specify it. # the OAuth application settings - so we don't specify it.
}, (accessToken, refreshToken, profile, cb) -> }, (accessToken, refreshToken, profile, cb) ->
user = { user = {
provider: 'github', provider: 'github'
id: profile.id id: profile.id
username: profile.username username: profile.username
displayName: profile.displayName displayName: profile.displayName
email: profile.emails[0].value emails: profile.emails
} }
cb(null, user))) cb(null, user)))
@ -211,11 +226,15 @@ module.exports = exports = (log, loga, argv) ->
# Persona Strategy # Persona Strategy
PersonaStrategy = require('persona-pass').Strategy PersonaStrategy = require('persona-pass').Strategy
personaAudience = callbackProtocol + '//' + callbackHost
console.log 'Persona Audience: ', personaAudience
passport.use(new PersonaStrategy({ passport.use(new PersonaStrategy({
audience: callbackProtocol + '//' + callbackHost audience: personaAudience
}, (email, cb) -> }, (email, cb) ->
user = { user = {
persona: { email: email } provider: "persona"
email: email
} }
cb(null, user))) cb(null, user)))
@ -347,7 +366,6 @@ module.exports = exports = (log, loga, argv) ->
res.sendStatus(403) res.sendStatus(403)
else else
user = req.session.passport.user user = req.session.passport.user
console.log "Claim: user = ", user
id = switch user.provider id = switch user.provider
when "twitter" then { when "twitter" then {
name: user.displayName name: user.displayName
@ -361,7 +379,7 @@ module.exports = exports = (log, loga, argv) ->
github: { github: {
id: user.id id: user.id
username: user.username username: user.username
email: user.email email: user.emails
} }
} }
when "google" then { when "google" then {