wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

removing old persona code

Browse Source
This commit is contained in:
Paul Rodwell
2023-04-18 09:55:41 +01:00
parent f6dcb5425e
commit a0ef92ec8e
3 changed files with 1 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
client/security.coffee
View File

@ -15,9 +15,6 @@
settings = {} settings = {}
# Mozilla Persona service closes on
personaEnd = new Date('2016-11-30')
claim_wiki = () -> claim_wiki = () ->
# we want to initiate a claim on a wiki # we want to initiate a claim on a wiki
# #
@ -82,53 +79,6 @@ update_footer = (ownerName, isAuthenticated) ->
$('footer > #security > #claim').click (e) -> $('footer > #security > #claim').click (e) ->
e.preventDefault() e.preventDefault()
claim_wiki() claim_wiki()
else
# only offer to add alternative id if using persona - at least initially.
if settings.usingPersona
$('footer > #security').append "<a href='#' id='addAltAuth' class='foot-item' title='Add Alternative Credentials'><i class='fa fa-user-plus fa-lg fa-fw'></i></a>"
$('footer > #security > #addAltAuth').click (e) ->
e.preventDefault
document.cookie = "wikiName=#{window.location.host}" + ";domain=.#{settings.cookieDomain}; path=/; max-age=300; sameSite=Strict;"
w = WinChan.open({
url: settings.dialogAddAltURL
relay_url: settings.relayURL
window_features: "menubar=0, location=0, resizable=0, scrollbars=1, status=0, dialog=1, width=700, height=375"
params: {}
}, (err, r) ->
if err
console.log err
else
# add call to add alternative to owner here
console.log 'send request to add owner identity'
myInit = {
method: 'GET'
cache: 'no-cache'
mode: 'same-origin'
credentials: 'include'
}
fetch '/auth/addAltAuth', myInit
.then (response) ->
if response.ok
console.log 'Alternative Identity added', response
settings.usingPersona = false
if settings.wikiHost
dialogHost = settings.wikiHost
else
dialogHost = window.location.hostname
settings.cookieDomain = dialogHost
if settings.useHttps
dialogProtocol = 'https:'
else
dialogProtocol = window.location.protocol
if window.location.port
dialogHost = dialogHost + ':' + window.location.port
settings.dialogURL = dialogProtocol + '//' + dialogHost + '/auth/loginDialog'
update_footer ownerName, isAuthenticated
else
console.log 'Attempt to claim site failed', response
)
else else
if !isClaimed if !isClaimed
signonTitle = 'Claim this Wiki' signonTitle = 'Claim this Wiki'
@ -220,10 +170,7 @@ setup = (user) ->
dialogProtocol = window.location.protocol dialogProtocol = window.location.protocol
if window.location.port if window.location.port
dialogHost = dialogHost + ':' + window.location.port dialogHost = dialogHost + ':' + window.location.port
if settings.usingPersona settings.dialogURL = dialogProtocol + '//' + dialogHost + '/auth/loginDialog'
settings.dialogURL = dialogProtocol + '//' + dialogHost + '/auth/personaLogin'
else
settings.dialogURL = dialogProtocol + '//' + dialogHost + '/auth/loginDialog'
settings.relayURL = dialogProtocol + '//' + dialogHost + '/auth/relay.html' settings.relayURL = dialogProtocol + '//' + dialogHost + '/auth/relay.html'
settings.dialogAddAltURL = dialogProtocol + '//' + dialogHost + '/auth/addAuthDialog' settings.dialogAddAltURL = dialogProtocol + '//' + dialogHost + '/auth/addAuthDialog'

1
package.json
View File

@ -13,7 +13,6 @@
"passport-github2": "^0.1.12", "passport-github2": "^0.1.12",
"passport-google-oauth20": "^2.0.0", "passport-google-oauth20": "^2.0.0",
"passport-oauth2": "^1.6.1", "passport-oauth2": "^1.6.1",
"persona-pass": "^0.2.1",
"qs": "^6.7.0", "qs": "^6.7.0",
"whatwg-fetch": "^3.2.0" "whatwg-fetch": "^3.2.0"
}, },

196
server/social.coffee
View File

@ -38,7 +38,6 @@ module.exports = exports = (log, loga, argv) ->
statusDir = argv.status statusDir = argv.status
idFile = argv.id idFile = argv.id
usingPersona = false
if argv.security_useHttps if argv.security_useHttps
useHttps = true useHttps = true
@ -56,26 +55,6 @@ module.exports = exports = (log, loga, argv) ->
ids = [] ids = []
# Mozilla Persona service closes on
personaEnd = new Date('2016-11-30')
watchForOwnerChange = ->
# we watch for owner changes, so we can update the information held here
fs.watch(idFile, (eventType, filename) ->
# re-read the owner file
fs.readFile(idFile, (err, data) ->
if err
console.log 'Error reading ', idFile, err
return
owner = JSON.parse(data)
usingPersona = false
if _.isEmpty(_.intersection(_.keys(owner), ids))
if _.has(owner, 'persona')
usingPersona = true
ownerName = owner.name
)
)
#### Public stuff #### #### Public stuff ####
# Attempt to figure out if the wiki is claimed or not, # Attempt to figure out if the wiki is claimed or not,
@ -87,11 +66,6 @@ module.exports = exports = (log, loga, argv) ->
fs.readFile(idFile, (err, data) -> fs.readFile(idFile, (err, data) ->
if err then return cb err if err then return cb err
owner = JSON.parse(data) owner = JSON.parse(data)
# we only enable persona if it is the only owner information.
if _.isEmpty(_.intersection(_.keys(owner), ids))
if _.has(owner, 'persona')
usingPersona = true
watchForOwnerChange()
cb()) cb())
else else
owner = '' owner = ''
@ -112,7 +86,6 @@ module.exports = exports = (log, loga, argv) ->
console.log "Claiming wiki #{wikiName} for #{id}" console.log "Claiming wiki #{wikiName} for #{id}"
owner = id owner = id
ownerName = owner.name ownerName = owner.name
watchForOwnerChange()
cb()) cb())
else else
cb('Already Claimed') cb('Already Claimed')
@ -140,11 +113,6 @@ module.exports = exports = (log, loga, argv) ->
return true return true
else else
return false return false
when 'persona'
if _.isEqual(owner[idProvider].email, req.session.passport.user[idProvider].email)
return true
else
return false
else else
return false return false
catch error catch error
@ -170,11 +138,6 @@ module.exports = exports = (log, loga, argv) ->
return true return true
else else
return false return false
when "persona"
if _.isEqual(admin[idProvider], req.session.passport.user[idProvider].email)
return true
else
return false
else else
return false return false
@ -323,24 +286,6 @@ module.exports = exports = (log, loga, argv) ->
} }
cb(null, user))) cb(null, user)))
# Persona Strategy
PersonaStrategy = require('persona-pass').Strategy
personaAudience = callbackProtocol + '//' + callbackHost
personaStrategyName = callbackHost + 'Persona'
passport.use(personaStrategyName, new PersonaStrategy({
audience: personaAudience
}, (email, cb) ->
user = {
persona: {
email: email
}
}
cb(null, user)))
app.use(passport.initialize()) app.use(passport.initialize())
app.use(passport.session()) app.use(passport.session())
@ -367,16 +312,11 @@ module.exports = exports = (log, loga, argv) ->
app.get('/auth/google/callback', app.get('/auth/google/callback',
passport.authenticate(googleStrategyName, { prompt: 'select_account', successRedirect: '/auth/loginDone', failureRedirect: '/auth/loginDialog'})) passport.authenticate(googleStrategyName, { prompt: 'select_account', successRedirect: '/auth/loginDone', failureRedirect: '/auth/loginDialog'}))
# Persona
app.post('/auth/browserid',
passport.authenticate(personaStrategyName, { successRedirect: '/auth/loginDone', failureRedirect: '/auth/loginDialog'}))
app.get '/auth/client-settings.json', (req, res) -> app.get '/auth/client-settings.json', (req, res) ->
# the client needs some information to configure itself # the client needs some information to configure itself
settings = { settings = {
useHttps: useHttps useHttps: useHttps
usingPersona: usingPersona
} }
if wikiHost if wikiHost
settings.wikiHost = wikiHost settings.wikiHost = wikiHost
@ -417,47 +357,6 @@ module.exports = exports = (log, loga, argv) ->
} }
res.render(path.join(__dirname, '..', 'views', 'securityDialog.html'), info) res.render(path.join(__dirname, '..', 'views', 'securityDialog.html'), info)
app.get '/auth/personaLogin', (req, res) ->
cookies = req.cookies
schemeButtons = []
if Date.now() < personaEnd
schemeButtons.push({
button: "<a href='#' id='browserid' class='scheme-button persona-button'><span>Persona</span></a>
<script>
$('#browserid').click(function(){
navigator.id.get(function(assertion) {
if (assertion) {
$('input').val(assertion);
$('form').submit();
} else {
location.reload();
}
});
});
</script>"})
info = {
wikiName: cookies['wikiName']
wikiHostName: if wikiHost
"part of " + req.hostname + " wiki farm"
else
"a federated wiki site"
title: "Federated Wiki: Site Owner Sign-on"
loginText: "Sign in to"
message: "Mozilla Persona closes on 30th November 2016. Wiki owners should add an alternative identity as soon as they are able."
schemes: schemeButtons
}
else
info = {
wikiName: cookies['wikiName']
wikiHostName: if wikiHost
"part of " + req.hostname + " wiki farm"
else
"a federated wiki site"
title: "Federated Wiki: Site Owner Sign-on"
message: "Mozilla Persona has now closed. Wiki owners will need to contact the Wiki Farm owner to re-claim their wiki."
}
res.render(path.join(__dirname, '..', 'views', 'personaDialog.html'), info)
app.get '/auth/loginDone', (req, res) -> app.get '/auth/loginDone', (req, res) ->
cookies = req.cookies cookies = req.cookies
@ -569,94 +468,12 @@ module.exports = exports = (log, loga, argv) ->
console.log 'rejecting - not authorized', req.path console.log 'rejecting - not authorized', req.path
res.sendStatus(403) res.sendStatus(403)
app.get '/auth/addAltAuth', authorized, (req, res) ->
# add alternative authorentication scheme - only makes sense if user owns this site
res.status(202).end()
user = req.session.passport.user
idProviders = _.keys(user)
userIds = {}
idProviders.forEach (idProvider) ->
id = switch idProvider
when "oauth2" then {
name: user.oauth2.displayName
oauth2: {
id: user.oauth2.id
username: user.oauth2.username
}
}
when "twitter" then {
name: user.twitter.displayName
twitter: {
id: user.twitter.id
username: user.twitter.username
}
}
when "github" then {
name: user.github.displayName
github: {
id: user.github.id
username: user.github.username
email: user.github.emails
}
}
when "google" then {
name: user.google.displayName
google: {
id: user.google.id
emails: user.google.emails
}
}
# only needed until persona closes
when "persona" then {
name: user.persona.email
.substr(0, user.persona.email.indexOf('@'))
.split('.')
.join(' ')
.toLowerCase()
.replace(/(^| )(\w)/g, (x) ->
return x.toUpperCase())
persona: {
email: user.persona.email
}
}
userIds = _.merge(userIds, id)
wikiDir = path.resolve(argv.data, '..')
statusDir = argv.status.split(path.sep).slice(-1)[0]
idFileName = path.parse(idFile).base
pattern = '*/' + statusDir + '/' + idFileName
glob(pattern, {cwd: wikiDir}, (err, files) ->
_.forEach files, (file) ->
# are we the owner?
fs.readFile(path.join(wikiDir, file), 'utf8', (err, data) ->
if err
console.log 'Error reading ', file, err
return
siteOwner = JSON.parse(data)
if _.intersectionWith(_.entries(siteOwner), _.entries(user), _.isEqual).length > 0
updateOwner = _.merge(user, siteOwner)
fs.writeFile(path.join(wikiDir, file), JSON.stringify(userIds), (err) ->
if err
console.log 'Error writing ', file, err
# if the write works the change will be picked up by fs.watch() in watchForOwnerChange
# so there is nothing more to do here.
)
)
)
app.get '/auth/claim-wiki', (req, res) -> app.get '/auth/claim-wiki', (req, res) ->
if owner if owner
console.log 'Claim Request Ignored: Wiki already has owner - ', wikiName console.log 'Claim Request Ignored: Wiki already has owner - ', wikiName
res.sendStatus(403) res.sendStatus(403)
else else
user = req.session.passport.user user = req.session.passport.user
# there can be more than one id provider - initially only if we logged in with persona
idProviders = _.keys(user) idProviders = _.keys(user)
id = {} id = {}
@ -691,19 +508,6 @@ module.exports = exports = (log, loga, argv) ->
emails: user.google.emails emails: user.google.emails
} }
} }
# only needed until persona closes
when "persona" then {
name: user.persona.email
.substr(0, user.persona.email.indexOf('@'))
.split('.')
.join(' ')
.toLowerCase()
.replace(/(^| )(\w)/g, (x) ->
return x.toUpperCase())
persona: {
email: user.persona.email
}
}
if _.isEmpty(id) if _.isEmpty(id)
console.log 'Unable to claim wiki', req.hostname, ' no valid id provided' console.log 'Unable to claim wiki', req.hostname, ' no valid id provided'