openid 1.0.0 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.vs/OpenID/v14/.suo +0 -0
- package/.vs/config/applicationhost.config +1030 -0
- package/OpenID.v12.suo +0 -0
- package/README.md +1 -4
- package/openid.js +77 -23
- package/openid.js.orig +1541 -0
- package/package.json +1 -1
- package/sample.js +3 -3
- package/test.js +21 -0
- package/lib/base64.js +0 -161
- package/lib/convert.js +0 -52
package/OpenID.v12.suo
CHANGED
|
Binary file
|
package/README.md
CHANGED
|
@@ -135,7 +135,4 @@ requests go through a proxy server, by using the following environment variables
|
|
|
135
135
|
|
|
136
136
|
## License
|
|
137
137
|
|
|
138
|
-
OpenID for Node.js is licensed under the MIT license. See LICENSE for further details.
|
|
139
|
-
The libary includes bigint functionality released by Tom Wu under the BSD license,
|
|
140
|
-
and Base64 functions released by Nick Galbreath under the MIT license. Please see
|
|
141
|
-
`lib/bigint.js` and `lib/base64.js` for the details of the licenses for these functions.
|
|
138
|
+
OpenID for Node.js is licensed under the MIT license. See LICENSE for further details.
|
package/openid.js
CHANGED
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
* vim: set sw=2 ts=2 et tw=80 :
|
|
27
27
|
*/
|
|
28
28
|
|
|
29
|
-
var
|
|
29
|
+
var Buffer = require('buffer').Buffer,
|
|
30
30
|
crypto = require('crypto'),
|
|
31
31
|
request = require('request'),
|
|
32
32
|
querystring = require('querystring'),
|
|
@@ -40,6 +40,10 @@ var AX_MAX_VALUES_COUNT = 1000;
|
|
|
40
40
|
|
|
41
41
|
var openid = exports;
|
|
42
42
|
|
|
43
|
+
function hasOwnProperty(obj, prop) {
|
|
44
|
+
return Object.prototype.hasOwnProperty.call(obj, prop);
|
|
45
|
+
}
|
|
46
|
+
|
|
43
47
|
openid.RelyingParty = function(returnUrl, realm, stateless, strict, extensions)
|
|
44
48
|
{
|
|
45
49
|
this.returnUrl = returnUrl;
|
|
@@ -60,20 +64,70 @@ openid.RelyingParty.prototype.verifyAssertion = function(requestOrUrl, callback)
|
|
|
60
64
|
openid.verifyAssertion(requestOrUrl, callback, this.stateless, this.extensions, this.strict);
|
|
61
65
|
}
|
|
62
66
|
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
var _btwoc = function(i)
|
|
70
|
+
{
|
|
71
|
+
if(i.charCodeAt(0) > 127)
|
|
72
|
+
{
|
|
73
|
+
return String.fromCharCode(0) + i;
|
|
74
|
+
}
|
|
75
|
+
return i;
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
var _unbtwoc = function(i)
|
|
79
|
+
{
|
|
80
|
+
if(i[0] === String.fromCharCode(0))
|
|
81
|
+
{
|
|
82
|
+
return i.substr(1);
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
return i;
|
|
86
|
+
}
|
|
87
|
+
|
|
63
88
|
var _isDef = function(e)
|
|
64
89
|
{
|
|
65
90
|
var undefined;
|
|
66
91
|
return e !== undefined;
|
|
67
92
|
}
|
|
68
93
|
|
|
69
|
-
|
|
94
|
+
// Find the most up-to-date and usable way to create buffers
|
|
95
|
+
var _buffer = null;
|
|
96
|
+
if (typeof(Buffer.from) === 'function') {
|
|
97
|
+
// Some older Node versions throw an exception when
|
|
98
|
+
// buffers with binary encoding are created using the
|
|
99
|
+
// from function, so if that happens we have to resort
|
|
100
|
+
// to constructor based creation.
|
|
101
|
+
try {
|
|
102
|
+
Buffer.from('openid', 'binary');
|
|
103
|
+
_buffer = Buffer.from;
|
|
104
|
+
}
|
|
105
|
+
catch(_) {
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
if (_buffer === null) {
|
|
109
|
+
// Either the Node version is too old to have a Buffer.from,
|
|
110
|
+
// or the Buffer.from call failed with binary encoding.
|
|
111
|
+
// Either way, use the (deprecated from node v6) constructor.
|
|
112
|
+
_buffer = function(str, enc) { return new Buffer(str, enc); };
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
var _base64encode = function(str) {
|
|
116
|
+
return _buffer(str, 'binary').toString('base64');
|
|
117
|
+
};
|
|
118
|
+
|
|
119
|
+
var _base64decode = function(str) {
|
|
120
|
+
return _buffer(str, 'base64').toString('binary');
|
|
121
|
+
};
|
|
122
|
+
|
|
123
|
+
var _bigIntToBase64 = function(binary)
|
|
70
124
|
{
|
|
71
|
-
return
|
|
125
|
+
return _base64encode(_btwoc(binary));
|
|
72
126
|
}
|
|
73
127
|
|
|
74
|
-
var
|
|
128
|
+
var _bigIntFromBase64 = function(str)
|
|
75
129
|
{
|
|
76
|
-
return
|
|
130
|
+
return _unbtwoc(_base64decode(str));
|
|
77
131
|
}
|
|
78
132
|
|
|
79
133
|
var _xor = function(a, b)
|
|
@@ -149,7 +203,7 @@ var _buildUrl = function(theUrl, params)
|
|
|
149
203
|
{
|
|
150
204
|
for(var key in params)
|
|
151
205
|
{
|
|
152
|
-
if(
|
|
206
|
+
if(hasOwnProperty(params, key))
|
|
153
207
|
{
|
|
154
208
|
theUrl.query[key] = params[key];
|
|
155
209
|
}
|
|
@@ -165,7 +219,7 @@ var _get = function (getUrl, params, callback, redirects) {
|
|
|
165
219
|
url: getUrl,
|
|
166
220
|
maxRedirects: redirects || 5,
|
|
167
221
|
qs: params,
|
|
168
|
-
headers: { 'Accept' : 'application/xrds+xml,text/html,text/plain
|
|
222
|
+
headers: { 'Accept' : 'application/xrds+xml,text/html,text/plain,*/*;q=0.9' }
|
|
169
223
|
};
|
|
170
224
|
request.get(options, function (error, response, body) {
|
|
171
225
|
if (error) {
|
|
@@ -570,9 +624,9 @@ openid.associate = function(provider, callback, strict, algorithm)
|
|
|
570
624
|
if(algorithm.indexOf('no-encryption') === -1)
|
|
571
625
|
{
|
|
572
626
|
dh = _createDiffieHellmanKeyExchange(algorithm);
|
|
573
|
-
params['openid.dh_modulus'] =
|
|
574
|
-
params['openid.dh_gen'] =
|
|
575
|
-
params['openid.dh_consumer_public'] =
|
|
627
|
+
params['openid.dh_modulus'] = _bigIntToBase64(dh.getPrime('binary'));
|
|
628
|
+
params['openid.dh_gen'] = _bigIntToBase64(dh.getGenerator('binary'));
|
|
629
|
+
params['openid.dh_consumer_public'] = _bigIntToBase64(dh.getPublicKey('binary'));
|
|
576
630
|
}
|
|
577
631
|
|
|
578
632
|
_post(provider.endpoint, params, function(data, headers, statusCode)
|
|
@@ -648,13 +702,13 @@ openid.associate = function(provider, callback, strict, algorithm)
|
|
|
648
702
|
}
|
|
649
703
|
else
|
|
650
704
|
{
|
|
651
|
-
var serverPublic =
|
|
652
|
-
var sharedSecret =
|
|
705
|
+
var serverPublic = _bigIntFromBase64(data.dh_server_public);
|
|
706
|
+
var sharedSecret = _btwoc(dh.computeSecret(serverPublic, 'binary', 'binary'));
|
|
653
707
|
var hash = crypto.createHash(hashAlgorithm);
|
|
654
|
-
hash.update(sharedSecret);
|
|
708
|
+
hash.update(_buffer(sharedSecret, 'binary'));
|
|
655
709
|
sharedSecret = hash.digest('binary');
|
|
656
|
-
var encMacKey =
|
|
657
|
-
secret =
|
|
710
|
+
var encMacKey = _base64decode(data.enc_mac_key);
|
|
711
|
+
secret = _base64encode(_xor(encMacKey, sharedSecret));
|
|
658
712
|
}
|
|
659
713
|
|
|
660
714
|
if (!_isDef(data.assoc_handle)) {
|
|
@@ -809,7 +863,7 @@ var _requestAuthentication = function(provider, assoc_handle, returnUrl, realm,
|
|
|
809
863
|
|
|
810
864
|
for (var i in extensions)
|
|
811
865
|
{
|
|
812
|
-
if(!
|
|
866
|
+
if(!hasOwnProperty(extensions, i))
|
|
813
867
|
{
|
|
814
868
|
continue;
|
|
815
869
|
}
|
|
@@ -817,7 +871,7 @@ var _requestAuthentication = function(provider, assoc_handle, returnUrl, realm,
|
|
|
817
871
|
var extension = extensions[i];
|
|
818
872
|
for (var key in extension.requestParams)
|
|
819
873
|
{
|
|
820
|
-
if (!extension.requestParams
|
|
874
|
+
if (!hasOwnProperty(extension.requestParams, key)) { continue; }
|
|
821
875
|
params[key] = extension.requestParams[key];
|
|
822
876
|
}
|
|
823
877
|
}
|
|
@@ -1054,7 +1108,7 @@ var _verifyAssertionAgainstProviders = function(providers, params, stateless, ex
|
|
|
1054
1108
|
{
|
|
1055
1109
|
for(var ext in extensions)
|
|
1056
1110
|
{
|
|
1057
|
-
if (!
|
|
1111
|
+
if (!hasOwnProperty(extensions, ext))
|
|
1058
1112
|
{
|
|
1059
1113
|
continue;
|
|
1060
1114
|
}
|
|
@@ -1122,7 +1176,7 @@ var _checkSignatureUsingAssociation = function(params, callback)
|
|
|
1122
1176
|
message += param + ':' + value + '\n';
|
|
1123
1177
|
}
|
|
1124
1178
|
|
|
1125
|
-
var hmac = crypto.createHmac(association.type,
|
|
1179
|
+
var hmac = crypto.createHmac(association.type, _buffer(association.secret, 'base64'));
|
|
1126
1180
|
hmac.update(message, 'utf8');
|
|
1127
1181
|
var ourSignature = hmac.digest('base64');
|
|
1128
1182
|
|
|
@@ -1145,7 +1199,7 @@ var _checkSignatureUsingProvider = function(params, provider, callback)
|
|
|
1145
1199
|
};
|
|
1146
1200
|
for(var key in params)
|
|
1147
1201
|
{
|
|
1148
|
-
if(
|
|
1202
|
+
if(hasOwnProperty(params, key) && key != 'openid.mode')
|
|
1149
1203
|
{
|
|
1150
1204
|
requestParams[key] = params[key];
|
|
1151
1205
|
}
|
|
@@ -1302,7 +1356,7 @@ openid.AttributeExchange = function AttributeExchange(options)
|
|
|
1302
1356
|
var optional = [];
|
|
1303
1357
|
for (var ns in options)
|
|
1304
1358
|
{
|
|
1305
|
-
if (!
|
|
1359
|
+
if (!hasOwnProperty(options, ns)) { continue; }
|
|
1306
1360
|
if (options[ns] == 'required')
|
|
1307
1361
|
{
|
|
1308
1362
|
required.push(ns);
|
|
@@ -1344,7 +1398,7 @@ openid.AttributeExchange.prototype.fillResult = function(params, result)
|
|
|
1344
1398
|
var values = {};
|
|
1345
1399
|
for (var k in params)
|
|
1346
1400
|
{
|
|
1347
|
-
if (!
|
|
1401
|
+
if (!hasOwnProperty(params, k)) { continue; }
|
|
1348
1402
|
var matches = k.match(regex);
|
|
1349
1403
|
if (!matches)
|
|
1350
1404
|
{
|
|
@@ -1488,7 +1542,7 @@ openid.PAPE.prototype.fillResult = function(params, result)
|
|
|
1488
1542
|
var paramString = 'openid.' + extension + '.';
|
|
1489
1543
|
var thisParam;
|
|
1490
1544
|
for (var p in params) {
|
|
1491
|
-
if (
|
|
1545
|
+
if (hasOwnProperty(params, p)) {
|
|
1492
1546
|
if (p.substr(0, paramString.length) === paramString) {
|
|
1493
1547
|
thisParam = p.substr(paramString.length);
|
|
1494
1548
|
if (thisParam === 'auth_policies') {
|