app.post('/authenticate', function(req, res) {
// Resolve identifier, associate, build authentication URL
var relyingParty = new openid.RelyingParty(
'http://' + req.headers['host'] + '/verify', // Verification URL (yours)
null, // Realm (optional, specifies realm for OpenID authentication)
false, // Use stateless verification
false, // Strict mode
[]); // List of extensions to enable and include
relyingParty.authenticate(
req.body.openid_identifier, // user supplied identifier
false, // attempt immediate authentication first?
function(error, authUrl)
{
if(error)
{
res.send('Authentication failed: ' + error);
}
else if (!authUrl)
{
res.send('Authentication failed');
}
else
{
res.redirect(authUrl);
}
}
);
});
verify: function (req, res) {
var openid = require('openid'),
party = new openid.RelyingParty(
sails.config.steam.realm+'/verify',
sails.config.steam.realm,
true,
false,
[]
);
party.verifyAssertion(req, function (error, result)
{
if (! error && result.authenticated) {
req.session.authenticated = true;
req.session.user = new Account(new SteamAccount(
result.claimedIdentifier.match(/\d+/)[0],
new SteamAPI(sails.config.steam.key)
));
req.session.user.getSteamAccount().init(function () {
res.redirect('/profile');
});
} else {
res.json({dude: "whaddyawan"});
}
});
}
exports.authenticate = function(hostname, url, res, query) {
var exts= [];
var attr = new openid.AttributeExchange({
"http://axschema.org/contact/country/home": "required",
"http://axschema.org/namePerson/first": "required",
"http://axschema.org/pref/language": "required",
"http://axschema.org/namePerson/last": "required",
"http://axschema.org/contact/email": "required",
"http://axschema.org/namePerson/friendly": "required",
"http://axschema.org/namePerson": "required",
"http://axschema.org/media/image/default": "required",
"http://axschema.org/person/gender/": "required"
});
exts.push(attr);
rely = new openid.RelyingParty('https://'+hostname+':'+
session.configuration.port.farm_webServerPort+'/main.html?cmd=verify&id='+query.id,
null,
false,
false,
exts);
rely.authenticate(url, false, function(error, authUrl) {
if(error){
log.error(error);
} else if (!authUrl) {
log.error('authentication failed as url to redirect after authentication is missing');
} else {
res.writeHeader(200, 'application/x-javascript');
res.write(JSON.stringify({type:"prop", payload: {status:'authenticate-google', url: authUrl}}));
res.end();
}
});
}
function authenticate(hostname, url) {
var exts= [];
var attr = new openid.AttributeExchange({
"http://axschema.org/contact/country/home": "required",
"http://axschema.org/namePerson/first": "required",
"http://axschema.org/pref/language": "required",
"http://axschema.org/namePerson/last": "required",
"http://axschema.org/contact/email": "required",
"http://axschema.org/namePerson/friendly": "required",
"http://axschema.org/namePerson": "required",
"http://axschema.org/media/image/default": "required",
"http://axschema.org/person/gender/": "required"
});
exts.push(attr);
rely = new openid.RelyingParty('https://'+hostname+':'+session.configuration.webServerPort+'/main.html?id=verify',
null,
false,
false,
exts);
rely.authenticate(url, false, function(error, authUrl) {
if(error){
log.error(error);
} else if (!authUrl) {
log.error('authentication failed as url to redirect after authentication is missing');
} else {
result({cmd:'auth-url', payload: authUrl});
}
});
}
function getGoogleAuthUrl() {
var deferred = Q.defer();
var relyingParty = new openid.RelyingParty(
api.configData.google.redirectUrl, // callback url
null, // realm (optional)
false, // stateless
false, // strict mode
extensions); // List of extensions to enable and include
relyingParty.authenticate(GOOGLE_ENDPOINT, false, deferred.makeNodeResolver());
return deferred.promise;
}
exports.testAuthenticationWithGoogleUsingRelyingPartyObject = function(test)
{
var rp = new openid.RelyingParty(
'http://example.com/verify',
null,
false,
false,
null);
rp.authenticate('http://www.google.com/accounts/o8/id', false, function(url)
{
assert.ok(url.indexOf('checkid_setup') !== -1);
test.done();
});
}
exports.testVerificationUrlUsingRelyingParty = function(test)
{
var rp = new openid.RelyingParty(
'http://example.com/verify',
null,
false,
false,
null);
rp.verifyAssertion('http://fu', function(result)
{
assert.ok(!result.authenticated);
test.done();
});
}
exports.auth = function(req, res) {
var parsedUrl = url.parse(req.url, true);
var auth_key = parsedUrl.query.auth_key;
if (!auth_key) {
res.writeHead(200);
res.end("Missing auth_key");
}
// Resolve identifier, associate, and build authentication URL
relyingParty.authenticate(STEAM_OPENID_URL, false, function(error, authUrl) {
if (error || !authUrl) {
res.writeHead(200);
res.end("Uh oh, something went wrong.");
}
else {
// Auth key allows
var parsedAuthUrl = url.parse(authUrl);
var modified_query_string = querystring.parse(parsedAuthUrl.query);
modified_query_string['openid.return_to'] += '?rye_key=' + auth_key;
var redirect_location = url.parse(authUrl);
redirect_location.search = querystring.stringify(modified_query_string);
redirect_location = url.format(redirect_location);
res.writeHead(302, {Location: redirect_location});
res.end();
}
});
};
authenticate: function(req, res) {
var identifier = req.query.openid_identifier,
firstname = req.query.firstname,
lastname = req.query.lastname,
login = req.query.login,
email = req.query.email;
//console.log("this is the identifier: "+ identifier);
//Resolve identifier, associate, and build authentication URL
relyingParty.authenticate(identifier, false, function(error, authUrl) {
if (error) {
res.writeHead(200);
res.end('Authentication failed: ' + error.message);
console.log('authentication failed: ' + error.message + ' ' + identifier);
} else if (!authUrl) {
res.writeHead(200);
res.end('Authentication failed');
console.log('authentication failed');
} else {
req.session.login = login;
res.writeHead(302, {
Location: authUrl
});
res.end();
}
});
},
Constr.fn.verify = function (req, success, fail, pocket, res) {
var cookieData, openIdData,
that = this;
try { cookieData = JSON.parse(req.cookies[this.cookieName]) } catch (e) {};
if ( !cookieData ) return fail('openid verify endpoint got request without cookie');
res.clearCookie(this.cookieName, {
path : this.cookiePath
});
pocket.tenantid = cookieData.tenantid;
pocket.successRedirect = cookieData.successRedirect; // TODO remove
relyingParty.verifyAssertion(req, function(error, result) {
if ( error ) return fail(error.message);
that.log.debug(result);
pocket.userid = result.claimedIdentifier || cookieData.userid;
that.log.info('identifyed through OpenId: ', pocket);
success();
});
};
exports.verify = function(req, res) {
var parsedUrl = url.parse(req.url, true);
relyingParty.verifyAssertion(req, function(error, result) {
res.writeHead(200);
if (error) {
res.end("Something went terribly wrong");
return;
}
var auth_key = parsedUrl.query.rye_key;
if (!auth_key) {
res.end('Uh oh');
}
var user_id_regex = new RegExp('.*/openid/id/(.*)');
var matches = user_id_regex.exec(result.claimedIdentifier);
if (matches.length == 2 && result.authenticated) {
var steam_id = matches[1];
var good_stuff = {
steam_id: steam_id,
auth_key: auth_key
};
event_bus.emit('steam_openid.verify', good_stuff);
res.end(JSON.stringify(good_stuff));
}
else {
res.end("Something went terribly wrong");
}
});
};
exports.authenticate = function(res, query) {
// User supplied identifier
var identifier = query.openid_identifier;
// console.log(".");
// console.log('.authenticate: identifier is ' + identifier);
// Resolve identifier, associate, and build authentication URL
relyingParty.authenticate(identifier, false, function(error, authUrl) {
// console.log('authUrl ' + authUrl);
if (error) {
console.log('authenticate 1 error: ' + error);
res.writeHead(200);
res.end('Authentication failed: ' + error);
} else if (!authUrl) {
console.log('authenticate 2 error: no authUrl');
res.writeHead(200);
res.end('Authentication failed');
} else {
// MDS Can I send url here, not contents at url?
// console.log(".authenticate: authUrl = " + authUrl);
// MDS attempting to change it all around
res.writeHead(200, {'Content-Type': 'text/plain'});
res.write(authUrl);
// orig code below
// res.writeHead(302, {
// Location : authUrl
// });
res.end();
}
});
};
app.get('/authenticate', function(req, res) {
console.log("Authenticate called");
console.log(req.query);
// User supplied identifier
var query = querystring.parse(req.query);
console.log("Parsed Query: " + query);
var identifier = req.query.openid_identifier;
console.log("identifier: " + identifier);
// Resolve identifier, associate, and build authentication URL
relyingParty.authenticate(identifier, false, function(error, authUrl) {
if (error) {
res.writeHead(200);
res.end('Authentication failed: ' + error.message);
} else if (!authUrl) {
res.writeHead(200);
res.end('Authentication failed');
} else {
res.writeHead(302, {
Location : authUrl
});
res.end();
}
});
});
return new Promise((resolve, reject) => {
this.relyingParty.authenticate(this.identifier, false, (error, authUrl) => {
if (error) {
reject(error);
} else {
resolve(authUrl);
}
});
});
return new Promise((resolve, reject) => {
this.relyingParty.verifyAssertion(url, (error, result) => {
if (error) {
reject(error);
} else {
resolve(result);
}
});
});
function(req, res) {
'use strict';
var parsedUrl = url.parse(req.url);
console.log(parsedUrl);
if (parsedUrl.pathname == '/authenticate') {
// User supplied identifier
var query = querystring.parse(parsedUrl.query);
var identifier = query.openid_identifier;
// Resolve identifier, associate, and build authentication URL
relyingParty.authenticate(identifier, false, function(error,
authUrl) {
if (error) {
res.writeHead(200);
res.end('Authentication failed: ' + error.message);
} else if (!authUrl) {
res.writeHead(200);
res.end('Authentication failed');
} else {
res.writeHead(302, {
Location: authUrl
});
res.end();
}
});
} else if (parsedUrl.pathname == '/verify') {
// Verify identity assertion
// NOTE: Passing just the URL is also possible
relyingParty.verifyAssertion(req, function(error, result) {
res.writeHead(200);
res.end(!error && result.authenticated ? 'Success :)' : 'Failure :(');
});
} else {
// Deliver an OpenID form on all other URLs
res.writeHead(200);
res.end('<!DOCTYPE html><html><body>' +
'<form method="get" action="/authenticate">' +
'<p>Login using OpenID</p>' +
'<input name="openid_identifier" />' +
'<input type="submit" value="Login" />' +
'</form></body></html>');
}
});
handler: function (req, reply) {
var identifier = req.query.identifier
rp.authenticate(
identifier,
false,
function (err, authUrl) {
reply.redirect(authUrl)
}
)
}
http.get('/authenticate', function(req, res){
relyingParty.authenticate(req.query.openid_identifier, false, function(error, authUrl) {
if (error) {
res.redirect('/?error='+encodeURIComponent('Authentication failed: '+error));
} else if (!authUrl) {
res.redirect('/?error=Authentication%20failed');
} else {
res.redirect(authUrl);
}
});
});
login: function (req, res) {
var openid = require('openid'),
party = new openid.RelyingParty(
sails.config.steam.realm+'/verify',
sails.config.steam.realm,
true,
false,
[]
);
party.authenticate('http://steamcommunity.com/openid', false, function (error, authUrl)
{
if (error) {
res.redirect('/auth-failed');
sails.log.error(error.message);
} else if (! authUrl) {
res.redirect('/server-too-dumb');
sails.log.error('Failed to generate authentication URL');
} else {
res.redirect(authUrl);
}
});
},
exports.verify = function(req, res) {
// Verify identity assertion
// console.log(".verify: req.url = " + req.url);
relyingParty.verifyAssertion(req, function(error, result) {
if (error) {
// console.log(".verify: req.url = " + req.url);
res.writeHead(200);
res.end('MDS Authentication failed: ' + error);
} else {
// Result contains properties:
// - authenticated (true/false)
// - answers from any extensions (e.g.
// "http://axschema.org/contact/email" if requested
// and present at provider)
if (result.authenticated) {
// MDS
//console.log(".");
//console.log(".authenticated: JSON.stringify(result) : " + JSON.stringify(result));
// register from desktop will never be called
var userid = useridDb.register(result.claimedIdentifier, req.session.id, result.email);
var location;
if (userid) {
req.session.data.user = userid;
connectionDb.set(userid, req.session.id);
location = url + '/loginresult.html?email=' + result.email;
}
else { // TODO: how can this ever fail if always userid?
location = url + '/loginresult.html';
}
// MDS
res.writeHead(302, {
Location : location
});
res.end();
} else {
console.log('Authentication failed:' + JSON.stringify(result));
res.writeHead(200);
res.end('Authentication Failure :(\n\n');
}
}
});
};
app.get('/authenticate', function(req, res) {
relyingParty.authenticate(openIdXrds, false, function(error, authUrl) {
if (error) {
// handle error, e.g.:
res.writeHead(200, { 'Content-Type' : 'text/plain; charset=utf-8' });
res.end('Authentication failed: ' + error.message);
} else if (!authUrl) {
// handle missing auth url, e.g.:
res.writeHead(200, { 'Content-Type' : 'text/plain; charset=utf-8' });
res.end('Authentication failed');
} else {
// handle success, e.g.:
res.writeHead(302, { Location: authUrl });
res.end();
}
});
});
handler: function (req, reply) {
if (!req.url.search) {
reply(
'<?xml version="1.0" encoding="UTF-8"?>\n'
+ '<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"><XRD>'
+ '<Service xmlns="xri://$xrd*($v*2.0)">'
+ '<Type>http://specs.openid.net/auth/2.0/return_to</Type>'
+ '<URI>' + config.server.publicUrl + '/verify</URI>'
+ '</Service></XRD></xrds:XRDS>'
).type('application/xrds+xml')
return
}
rp.verifyAssertion(
url.format(req.url),
function (err, result) {
log.debug({ op: 'verify', err: err, result: result })
if (result.authenticated) {
Pool.request(
{
method: 'POST',
url: config.peers.auth + '/v1/account/sso?keys=true',
headers: {
'Content-Type': 'application/json'
}
},
JSON.stringify({
ssoId: result.claimedIdentifier,
provider: 'p11'
}),
function (err, res, body) {
var data = JSON.parse(body)
reply.redirect(config.peers.content +
'/openid?uid=' + data.uid +
'&session=' + data.sessionToken +
'&key=' + data.keyFetchToken +
'&authAt=' + data.authAt +
'&service=sync&context=fx_desktop_v2&partner=p11') // TODO
}
)
}
else {
reply(boom.unauthorized(err && err.message))
}
}
)
}
verify: function(req, res) {
// Verify identity assertion
// NOTE: Passing just the URL is also possible
relyingParty.verifyAssertion(req, function(error, result) {
//sres.writeHead(200);
//console.log(result.authenticated);
var return_to = req.query.return_to ? req.query.return_to : '/portal';
if(!error && result.authenticated){
if(req.xhr){
res.json({authenticated: true});
}else{
res.redirect(return_to);
}
}else{
res.redirect('/portal');
}
});
},
router.get('/steam/authenticate', function (req, res) {
var identifier = config.steam.provider;
relyingParty.authenticate(identifier, false, function (error, authUrl) {
if (error) {
res.writeHead(200);
res.end('Authentication failed: ' + error.message);
}
else if (!authUrl) {
res.writeHead(200);
res.end('Authentication failed');
}
else {
res.status(200).send({ 'url' : authUrl });
}
});
});
app.server.get('/verify', function(req, res) {
relying_party.verifyAssertion(req, function(error, result) {
if(error || !result.authenticated) {
res.writeHead(302, { Location: login_url + '?error=' + escape("Error verifying:" + error) });
res.end();
return;
}
app.accounts.tryLogin(result.claimedIdentifier, function(err, session_id) {
if(err) {
res.writeHead(302, { Location: login_url + '?error=' + escape("Error getting account:" + err) });
res.end();
return;
} else {
res.writeHead(302, { Location: lobby_url + session_id });
res.end();
}
});
});
});
app.server.get('/authenticate', function(req, res) {
var parsed_url = url.parse(req.url, true)
, identifier = parsed_url.query["identifier"];
if(!identifier) {
res.writeHead(302, { Location: app_url + '?error=Missing%20identifier' });
res.end();
return;
}
//Check for temporary login
if(identifier === "temporary") {
app.accounts.temporaryLogin(req.ip, function(err, session_id) {
if(err) {
res.writeHead(302, { Location: app_url + '?error=' + querystring.escape("Error creating temporary login:"******"Temporary account created: ", session_id, "IP Address: ", req.ip);
res.cookie('session_id', session_id, {signed: true});
res.writeHead(302, { Location: app_url });
res.end();
return;
}
});
return;
}
relying_party.authenticate(identifier, false, function(error, auth_url) {
if (error || !auth_url) {
app.log("Error authenticating: ", error);
res.writeHead(302, { Location: app_url + '?error=' + querystring.escape("Error authenticating:" + error) });
res.end();
return;
} else {
res.writeHead(302, { Location: auth_url });
res.end();
return;
}
});
});
http.get('/verify', function(req, res){
relyingParty.verifyAssertion(req.url, function(error, result) {
if ((!error && result.authenticated)) {
var p, q = 1, id = encodeURIComponent(result.claimedIdentifier);
for (p in players) {
if (players[p].id == id) { q = 0; }
}
if (q) {
res.contentType('text/html');
var nickname;
if (result.fullname) {
nickname = result.fullname;
} else if (result.nickname) {
nickname = result.nickname;
} else if (result.firstname && result.lastname) {
nickname = result.firstname+' '+result.lastname;
} else if (result.email) {
nickname = result.email.split('@',1)[0];
} else {
nickname = result.claimedIdentifier;
}
var key = Math.floor(Math.random()*10000000000000000);
var s = 'openid';
if (result.claimedIdentifier.substr(0,21) == 'https://me.yahoo.com/') { s = 'yahoo'; }
else if (result.claimedIdentifier.substr(0,27) == 'https://live.anyopenid.com/') { s = 'live'; }
else if (result.claimedIdentifier.substr(0,31) == 'https://facebook.anyopenid.com/') { s = 'facebook'; }
else if (result.claimedIdentifier.substr(0,32) == 'https://www.google.com/accounts/') { s = 'google'; }
players.push({'id':id,'nickname':nickname,'service':s,'key':key});
console.log(result);
console.log(players);
savePlayer({'playerid':id,'playername':nickname,'login':true},function(err){
if (err) { res.redirect('/?error='+encodeURIComponent('Database Error: '+err)); }
else { res.redirect('/game?id='+id+'&key='+key); }
});
} else { res.redirect('/?error=Already%20playing'); }
} else {
if (error) { res.redirect('/?error='+encodeURIComponent(error)); }
else { res.redirect('/?error=Not%20authenticated'); }
}
});
});
app.get('/login/verify', function (req, res) {
relyingParty.verifyAssertion(req, function (err, result) {
if (err) {
delete req.session.ok;
res.send("verification error", 401); /* TODO */
} else {
if (result.authenticated) {
req.session.ok = true;
req.session.claimedIdentifier = result.claimedIdentifier;
req.session.user = {
'id': result.claimedIdentifier,
'name': result.fullname || result.nickname || [
result.firstname, result.lastname].filter(
function (x) {
return x !== undefined;
}).join(" ") || "Anonymous",
'email': result.email || "*****@*****.**",
'emailHash': crypto.createHash('md5').update(
result.email || "").digest("hex")
};
app.chat.user(result.claimedIdentifier, function (err, users) {
if ((err) || (users.length < 1)) {
app.chat.register(req.session.user, function (err, r) {
if (err) {
/* TODO */
}
req.session.user._id = r._id;
res.redirect(302, '/');
});
} else {
req.session.user = users[0].value;
res.redirect(302, '/');
}
});
} else {
delete req.session.ok;
res.send("authentication error", 401); /* TODO */
}
}
});
});
app.get('/login', function (req, res) {
if ((req.session.provider) && (req.session.ok)) {
res.redirect("/login?provider=" + req.session.provider);
}
if (req.query.provider === undefined) {
bind.toFile(__dirname + '/templates/login.html', {},
function (data) { res.send(data); });
} else {
var provider = {
'google': "https://www.google.com/accounts/o8/id",
'launchpad': "https://login.launchpad.net/",
'myopenid': "https://www.myopenid.com/",
'stackexchange': "https://openid.stackexchange.com",
'ubuntu': "https://login.ubuntu.com/",
'yahoo': "https://me.yahoo.com/",
'aol': "https://openid.aol.com/",
'verisign': "https://pip.verisignlabs.com/",
'claimid': "https://claimid.com/me",
}[req.query.provider];
if (provider === undefined) {
delete req.session.ok;
res.send("invalid provider", 401); /* TODO */
} else {
req.session.provider = req.query.provider;
relyingParty.authenticate(
provider, false, function (err, url) {
if (err) {
delete req.session.ok;
res.send("authentication error: " + err.message, 401); /* TODO */
} else if (!url) {
delete req.session.ok;
res.send("authentication error", 401); /* TODO */
} else {
res.redirect(302, url + "&povider=" + provider);
}
}
);
}
}
});
app.server.get('/authenticate', function(req, res) {
var parsed_url = url.parse(req.url, true)
, identifier = parsed_url.query["identifier"];
if(!identifier) {
res.writeHead(302, { Location: login_url + '?error=Missing%20identifier' });
res.end();
return;
}
//Check for temporary login
if(identifier === "temporary") {
app.accounts.temporaryLogin(function(err, session_id) {
if(err) {
res.writeHead(302, { Location: login_url + '?error=' + tools.escape_query("Error creating temporary login:"******"Error authenticating:" + error) });
res.end();
return;
} else {
res.writeHead(302, { Location: auth_url });
res.end();
return;
}
});
});