var getUser = module.exports.getUser = function(tenant, userId, signature, expires, callback) { var validator = new Validator(); validator.check(userId, {'code': 400, 'msg': 'Missing user id parameter'}).notEmpty(userId); validator.check(signature, {'code': 400, 'msg': 'Missing signature parameter'}).notEmpty(signature); validator.check(expires, {'code': 400, 'msg': 'Missing expires parameter'}).notEmpty(expires); validator.check(expires, {'code': 400, 'msg': 'Invalid expires parameter'}).isNumeric(); validator.check(expires, {'code': 400, 'msg': 'Invalid expires parameter'}).min(Date.now()); if (validator.hasErrors()) { return callback(validator.getFirstError()); } var data = {'userId': userId}; var isValid = Signature.verifyExpiringSignature(data, expires, signature); if (!isValid) { return callback({'code': 401, 'msg': 'Invalid or missing signature parameters'}); } // Ensure shibboleth is enabled on this tenant getShibbolethEnabledTenant(tenant.alias, function(err) { if (err) { return callback(err); } // Get the user object PrincipalsDAO.getPrincipal(userId, function(err, user) { if (err) { return callback(err); } else if (user.deleted) { return callback({'code': 401, 'msg': util.format('Target user has been deleted: %s', userId)}); } return callback(null, user); }); }); };
var validateInitiateParameters = module.exports.validateInitiateParameters = function(tenantAlias, signature, expires, callback) { var validator = new Validator(); validator.check(tenantAlias, {'code': 400, 'msg': 'Missing tenant alias parameter'}).notEmpty(tenantAlias); validator.check(signature, {'code': 400, 'msg': 'Missing signature parameter'}).notEmpty(signature); validator.check(expires, {'code': 400, 'msg': 'Missing expires parameter'}).notEmpty(expires); validator.check(expires, {'code': 400, 'msg': 'Invalid expires parameter'}).isNumeric(); validator.check(expires, {'code': 400, 'msg': 'Invalid expires parameter'}).min(Date.now()); if (validator.hasErrors()) { return callback(validator.getFirstError()); } var data = {'tenantAlias': tenantAlias}; var isValid = Signature.verifyExpiringSignature(data, expires, signature); if (!isValid) { return callback({'code': 401, 'msg': 'Invalid or missing signature parameters'}); } return getShibbolethEnabledTenant(tenantAlias, callback); };