openid 2.0.12 → 2.0.13

package/package.json

@@ -1,45 +1,47 @@
-{
-  "name": "openid",
-  "description": "OpenID 1.1/2.0 library for Node.js",
-  "keywords": [
-    "openid",
-    "auth",
-    "authentication",
-    "identity",
-    "identifier",
-    "relying",
-    "party",
-    "relying party",
-    "1.1",
-    "2.0",
-    "library"
-  ],
-  "author": {
-    "name": "Håvard Stranden",
-    "email": "havard.stranden@gmail.com"
-  },
-  "version": "2.0.12",
-  "repository": {
-    "type": "git",
-    "url": "http://github.com/havard/node-openid.git"
-  },
-  "bugs": "http://github.com/havard/node-openid/issues",
-  "license": "MIT",
-  "directories": {
-    "lib": "./lib"
-  },
-  "main": "./openid.js",
-  "scripts": {
-    "test": "jest"
-  },
-  "engines": {
-    "node": ">= 0.6.0"
-  },
-  "devDependencies": {
-    "jest": "^29.7.0"
-  },
-  "dependencies": {
-    "axios": "^1.6.0",
-    "qs": "^6.5.2"
-  }
-}
+{
+  "name": "openid",
+  "description": "OpenID 1.1/2.0 library for Node.js",
+  "keywords": [
+    "openid",
+    "auth",
+    "authentication",
+    "identity",
+    "identifier",
+    "relying",
+    "party",
+    "relying party",
+    "1.1",
+    "2.0",
+    "library"
+  ],
+  "author": {
+    "name": "Håvard Stranden",
+    "email": "havard.stranden@gmail.com"
+  },
+  "version": "2.0.13",
+  "repository": {
+    "type": "git",
+    "url": "http://github.com/havard/node-openid.git"
+  },
+  "bugs": "http://github.com/havard/node-openid/issues",
+  "license": "MIT",
+  "directories": {
+    "lib": "./lib"
+  },
+  "main": "./openid.js",
+  "scripts": {
+    "test": "jest"
+  },
+  "engines": {
+    "node": ">= 0.6.0"
+  },
+  "devDependencies": {
+    "axios-cookiejar-support": "^5.0.5",
+    "jest": "^29.7.0",
+    "tough-cookie": "^5.1.2"
+  },
+  "dependencies": {
+    "axios": "^1.6.0",
+    "qs": "^6.5.2"
+  }
+}

package/sample.js

@@ -1,129 +1,118 @@
-/* A simple sample demonstrating OpenID for node.js
- *
- * http://ox.no/software/node-openid
- * http://github.com/havard/node-openid
- *
- * Copyright (C) 2010 by Håvard Stranden
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- */
-
-var openid = require('./openid');
-var url = require('url');
-var querystring = require('querystring');
-
-var extensions = [new openid.UserInterface(), 
-                  new openid.SimpleRegistration(
-                      {
-                        "nickname" : true, 
-                        "email" : true, 
-                        "fullname" : true,
-                        "dob" : true, 
-                        "gender" : true, 
-                        "postcode" : true,
-                        "country" : true, 
-                        "language" : true, 
-                        "timezone" : true
-                      }),
-                  new openid.AttributeExchange(
-                      {
-                        "http://axschema.org/contact/email": "required",
-                        "http://axschema.org/namePerson/friendly": "required",
-                        "http://axschema.org/namePerson": "required"
-                      }),
-                  new openid.PAPE(
-                      {
-                        "max_auth_age": 24 * 60 * 60, // one day
-                        "preferred_auth_policies" : "none" //no auth method preferred.
-                      })];
-
-var relyingParty = new openid.RelyingParty(
-    'http://example.com/verify', // Verification URL (yours)
-    null, // Realm (optional, specifies realm for OpenID authentication)
-    false, // Use stateless verification
-    false, // Strict mode
-    extensions); // List of extensions to enable and include
-
-
-var server = require('http').createServer(
-    function(req, res)
-    {
-        var parsedUrl = url.parse(req.url);
-        if(parsedUrl.pathname == '/authenticate')
-        { 
-          // User supplied identifier
-          var query = querystring.parse(parsedUrl.query);
-          var identifier = query.openid_identifier;
-
-          // Resolve identifier, associate, and build authentication URL
-          relyingParty.authenticate(identifier, false, function(error, authUrl)
-          {
-            if(error)
-            {
-              res.writeHead(200, { 'Content-Type' : 'text/plain; charset=utf-8' });
-              res.end('Authentication failed: ' + error.message);
-            }
-            else if (!authUrl)
-            {
-              res.writeHead(200, { 'Content-Type' : 'text/plain; charset=utf-8' });
-              res.end('Authentication failed');
-            }
-            else
-            {
-              res.writeHead(302, { Location: authUrl });
-              res.end();
-            }
-          });
-        }
-        else if(parsedUrl.pathname == '/verify')
-        {
-          // Verify identity assertion
-          // NOTE: Passing just the URL is also possible
-          relyingParty.verifyAssertion(req, function(error, result)
-          {
-            res.writeHead(200, { 'Content-Type' : 'text/plain; charset=utf-8' });
-
-            if(error)
-            {
-              res.end('Authentication failed: ' + error.message);
-            }
-            else
-            {
-              // Result contains properties:
-              // - authenticated (true/false)
-              // - answers from any extensions (e.g. 
-              //   "http://axschema.org/contact/email" if requested 
-              //   and present at provider)
-              res.end((result.authenticated ? 'Success :)' : 'Failure :(') +
-                '\n\n' + JSON.stringify(result));
-            }
-          });
-        }
-        else
-        {
-            // Deliver an OpenID form on all other URLs
-            res.writeHead(200, { 'Content-Type' : 'text/html; charset=utf-8' });
-            res.end('<!DOCTYPE html><html><body>'
-                + '<form method="get" action="/authenticate">'
-                + '<p>Login using OpenID</p>'
-                + '<input name="openid_identifier" />'
-                + '<input type="submit" value="Login" />'
-                + '</form></body></html>');
-        }
-    });
-server.listen(80);
+/* A simple sample demonstrating OpenID for node.js
+ *
+ * http://ox.no/software/node-openid
+ * http://github.com/havard/node-openid
+ *
+ * Copyright (C) 2010 by Håvard Stranden
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ */
+
+var openid = require('./openid');
+var url = require('url');
+var querystring = require('querystring');
+
+var extensions = [new openid.UserInterface(),
+new openid.SimpleRegistration(
+  {
+    "nickname": true,
+    "email": true,
+    "fullname": true,
+    "dob": true,
+    "gender": true,
+    "postcode": true,
+    "country": true,
+    "language": true,
+    "timezone": true
+  }),
+new openid.AttributeExchange(
+  {
+    "http://axschema.org/contact/email": "required",
+    "http://axschema.org/namePerson/friendly": "required",
+    "http://axschema.org/namePerson": "required"
+  }),
+new openid.PAPE(
+  {
+    "max_auth_age": 24 * 60 * 60, // one day
+    "preferred_auth_policies": "none" //no auth method preferred.
+  })];
+
+var relyingParty = new openid.RelyingParty(
+  'http://example.com/verify', // Verification URL (yours)
+  null, // Realm (optional, specifies realm for OpenID authentication)
+  false, // Use stateless verification
+  false, // Strict mode
+  extensions); // List of extensions to enable and include
+
+
+var server = require('http').createServer(
+  function (req, res) {
+    var parsedUrl = url.parse(req.url);
+    if (parsedUrl.pathname == '/authenticate') {
+      // User supplied identifier
+      var query = querystring.parse(parsedUrl.query);
+      var identifier = query.openid_identifier;
+
+      // Resolve identifier, associate, and build authentication URL
+      relyingParty.authenticate(identifier, false, function (error, authUrl) {
+        if (error) {
+          res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' });
+          res.end('Authentication failed: ' + error.message);
+        }
+        else if (!authUrl) {
+          res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' });
+          res.end('Authentication failed');
+        }
+        else {
+          res.writeHead(302, { Location: authUrl });
+          res.end();
+        }
+      });
+    }
+    else if (parsedUrl.pathname == '/verify') {
+      // Verify identity assertion
+      // NOTE: Passing just the URL is also possible
+      relyingParty.verifyAssertion(req, function (error, result) {
+        res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' });
+
+        if (error) {
+          res.end('Authentication failed: ' + error.message);
+        }
+        else {
+          // Result contains properties:
+          // - authenticated (true/false)
+          // - answers from any extensions (e.g. 
+          //   "http://axschema.org/contact/email" if requested 
+          //   and present at provider)
+          res.end((result.authenticated ? 'Success :)' : 'Failure :(') +
+            '\n\n' + JSON.stringify(result));
+        }
+      });
+    }
+    else {
+      // Deliver an OpenID form on all other URLs
+      res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+      res.end('<!DOCTYPE html><html><body>'
+        + '<form method="get" action="/authenticate">'
+        + '<p>Login using OpenID</p>'
+        + '<input name="openid_identifier" />'
+        + '<input type="submit" value="Login" />'
+        + '</form></body></html>');
+    }
+  });
+server.listen(80);

package/test/cancelled_authentication.test.js

@@ -1,38 +1,37 @@
-/* OpenID for node.js
- *
- * http://ox.no/software/node-openid
- * http://github.com/havard/node-openid
- *
- * Copyright (C) 2010 by Håvard Stranden
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- */
-
-const openid = require('../openid');
-
-test('Cancelled verification does not authenticate', () => {
-    openid.verifyAssertion(
-        'http://host/?openid.mode=cancel' +
-        '&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0',
-        'http://example.com/verify', 
-        (error, result) => {
-            expect(error).toBeTruthy();
-            expect(result).toBeFalsy();
-        });
-  });
-  
+/* OpenID for node.js
+ *
+ * http://ox.no/software/node-openid
+ * http://github.com/havard/node-openid
+ *
+ * Copyright (C) 2010 by Håvard Stranden
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ */
+
+const openid = require('../openid');
+
+test('Cancelled verification does not authenticate', () => {
+    openid.verifyAssertion(
+        'http://host/?openid.mode=cancel' +
+        '&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0',
+        'http://example.com/verify',
+        (error, result) => {
+            expect(error).toBeTruthy();
+            expect(result).toBeFalsy();
+        });
+});

package/test/extensions.test.js

@@ -1,66 +1,65 @@
-/* OpenID for node.js
- *
- * http://ox.no/software/node-openid
- * http://github.com/havard/node-openid
- *
- * Copyright (C) 2010 by Håvard Stranden
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- */
-
-const openid = require('../openid');
-
-test('Attribute Exchange (AX) values are parsed', () => {
-    const ax = new openid.AttributeExchange(),
-        results = {},
-        exampleParams = {
-          'openid.ax.type.email' :  'http://axschema.org/contact/email',
-          'openid.ax.value.email' : 'fred.example@gmail.com',
-          'openid.ax.type.language' : 'http://axschema.org/pref/language',
-          'openid.ax.value.language' : 'english',
-          'openid.ax.type.phones' : 'http://axschema.org/contact/phone/cell',
-          'openid.ax.count.phones' : '2',
-          'openid.ax.value.phones.1' : '+1 (555) 555-5555',
-          'openid.ax.value.phones.2' : '+33 6 55 55 55 55',
-          'openid.ax.value.phones.3' : '+46 5 5555 5555',
-        }
-    ax.fillResult(exampleParams, results);
-  
-    expect(results['email']).toBe('fred.example@gmail.com');
-    expect(results['http://axschema.org/contact/email']).toBe('fred.example@gmail.com');
-    expect(results['language']).toBe('english');
-    expect(results['http://axschema.org/pref/language']).toBe('english');
-    expect(results['phones'].length).toBe(2);
-    expect(results['phones'][0]).toBe('+1 (555) 555-5555');
-    expect(results['phones'][1]).toBe('+33 6 55 55 55 55');
-  });
-  
-  test('PAPE values are parsed', () => {
-    const authDate = new Date().toISOString();
-    const exampleParams = {
-          "openid.pape.auth_time" : authDate,
-          "openid.pape.auth_policies" : 'http://schemas.openid.net/pape/policies/2007/06/multi-factor http://schemas.openid.net/pape/policies/2007/06/phishing-resistant'
-        };
-    const pape = new openid.PAPE(),
-        results = {};
-  
-    pape.fillResult(exampleParams, results);
-    expect(results['auth_time']).toBe(authDate);
-    expect(results['auth_policies']).toBe('multi-factor phishing-resistant');
-  });
-  
+/* OpenID for node.js
+ *
+ * http://ox.no/software/node-openid
+ * http://github.com/havard/node-openid
+ *
+ * Copyright (C) 2010 by Håvard Stranden
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ */
+
+const openid = require('../openid');
+
+test('Attribute Exchange (AX) values are parsed', () => {
+  const ax = new openid.AttributeExchange(),
+    results = {},
+    exampleParams = {
+      'openid.ax.type.email': 'http://axschema.org/contact/email',
+      'openid.ax.value.email': 'fred.example@gmail.com',
+      'openid.ax.type.language': 'http://axschema.org/pref/language',
+      'openid.ax.value.language': 'english',
+      'openid.ax.type.phones': 'http://axschema.org/contact/phone/cell',
+      'openid.ax.count.phones': '2',
+      'openid.ax.value.phones.1': '+1 (555) 555-5555',
+      'openid.ax.value.phones.2': '+33 6 55 55 55 55',
+      'openid.ax.value.phones.3': '+46 5 5555 5555',
+    }
+  ax.fillResult(exampleParams, results);
+
+  expect(results['email']).toBe('fred.example@gmail.com');
+  expect(results['http://axschema.org/contact/email']).toBe('fred.example@gmail.com');
+  expect(results['language']).toBe('english');
+  expect(results['http://axschema.org/pref/language']).toBe('english');
+  expect(results['phones'].length).toBe(2);
+  expect(results['phones'][0]).toBe('+1 (555) 555-5555');
+  expect(results['phones'][1]).toBe('+33 6 55 55 55 55');
+});
+
+test('PAPE values are parsed', () => {
+  const authDate = new Date().toISOString();
+  const exampleParams = {
+    "openid.pape.auth_time": authDate,
+    "openid.pape.auth_policies": 'http://schemas.openid.net/pape/policies/2007/06/multi-factor http://schemas.openid.net/pape/policies/2007/06/phishing-resistant'
+  };
+  const pape = new openid.PAPE(),
+    results = {};
+
+  pape.fillResult(exampleParams, results);
+  expect(results['auth_time']).toBe(authDate);
+  expect(results['auth_policies']).toBe('multi-factor phishing-resistant');
+});