solid-server 5.6.9-beta

package/lib/requests/delete-account-confirm-request.js

@@ -0,0 +1,170 @@
+'use strict'
+
+const AuthRequest = require('./auth-request')
+const debug = require('./../debug').accounts
+const fs = require('fs-extra')
+
+class DeleteAccountConfirmRequest extends AuthRequest {
+  /**
+   * @constructor
+   * @param options {Object}
+   * @param options.accountManager {AccountManager}
+   * @param options.userStore {UserStore}
+   * @param options.response {ServerResponse} express response object
+   * @param [options.token] {string} One-time reset password token (from email)
+   */
+  constructor (options) {
+    super(options)
+
+    this.token = options.token
+    this.validToken = false
+  }
+
+  /**
+   * Factory method, returns an initialized instance of DeleteAccountConfirmRequest
+   * from an incoming http request.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   *
+   * @return {DeleteAccountConfirmRequest}
+   */
+  static fromParams (req, res) {
+    const locals = req.app.locals
+    const accountManager = locals.accountManager
+    const userStore = locals.oidc.users
+
+    const token = this.parseParameter(req, 'token')
+
+    const options = {
+      accountManager,
+      userStore,
+      token,
+      response: res
+    }
+
+    return new DeleteAccountConfirmRequest(options)
+  }
+
+  /**
+   * Handles a Change Password GET request on behalf of a middleware handler.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   *
+   * @return {Promise}
+   */
+  static async get (req, res) {
+    const request = DeleteAccountConfirmRequest.fromParams(req, res)
+
+    try {
+      await request.validateToken()
+      return request.renderForm()
+    } catch (error) {
+      return request.error(error)
+    }
+  }
+
+  /**
+   * Handles a Change Password POST request on behalf of a middleware handler.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   *
+   * @return {Promise}
+   */
+  static post (req, res) {
+    const request = DeleteAccountConfirmRequest.fromParams(req, res)
+
+    return DeleteAccountConfirmRequest.handlePost(request)
+  }
+
+  /**
+   * Performs the 'Change Password' operation, after the user submits the
+   * password change form. Validates the parameters (the one-time token,
+   * the new password), changes the password, and renders the success view.
+   *
+   * @param request {DeleteAccountConfirmRequest}
+   *
+   * @return {Promise}
+   */
+  static async handlePost (request) {
+    try {
+      const tokenContents = await request.validateToken()
+      await request.deleteAccount(tokenContents)
+      return request.renderSuccess()
+    } catch (error) {
+      return request.error(error)
+    }
+  }
+
+  /**
+   * Validates the one-time Password Reset token that was emailed to the user.
+   * If the token service has a valid token saved for the given key, it returns
+   * the token object value (which contains the user's WebID URI, etc).
+   * If no token is saved, returns `false`.
+   *
+   * @return {Promise<Object|false>}
+   */
+  async validateToken () {
+    try {
+      if (!this.token) {
+        return false
+      }
+      const validToken = await this.accountManager.validateDeleteToken(this.token)
+      if (validToken) {
+        this.validToken = true
+      }
+      return validToken
+    } catch (error) {
+      this.token = null
+      throw error
+    }
+  }
+
+  /**
+   * Removes the user's account and all their data from the store.
+   *
+   * @param tokenContents {Object}
+   *
+   * @return {Promise}
+   */
+  async deleteAccount (tokenContents) {
+    const user = this.accountManager.userAccountFrom(tokenContents)
+    const accountDir = this.accountManager.accountDirFor(user.username)
+
+    debug('Preparing removal of account for user:', user)
+
+    await this.userStore.deleteUser(user)
+    await fs.remove(accountDir)
+    debug('Removed user' + user.username)
+  }
+
+  /**
+   * Renders the 'change password' form.
+   *
+   * @param [error] {Error} Optional error to display
+   */
+  renderForm (error) {
+    const params = {
+      validToken: this.validToken,
+      token: this.token
+    }
+
+    if (error) {
+      params.error = error.message
+      this.response.status(error.statusCode)
+    }
+
+    this.response.render('account/delete-confirm', params)
+  }
+
+  /**
+   * Displays the 'password has been changed' success view.
+   */
+  renderSuccess () {
+    this.response.render('account/account-deleted')
+  }
+}
+
+module.exports = DeleteAccountConfirmRequest

package/lib/requests/delete-account-request.js

@@ -0,0 +1,144 @@
+'use strict'
+
+const AuthRequest = require('./auth-request')
+const debug = require('./../debug').accounts
+
+// class DeleteAccountRequest  {
+class DeleteAccountRequest extends AuthRequest {
+  constructor (options) {
+    super(options)
+
+    this.username = options.username
+  }
+
+  /**
+   * Calls the appropriate form to display to the user.
+   * Serves as an error handler for this request workflow.
+   *
+   * @param error {Error}
+   */
+  error (error) {
+    error.statusCode = error.statusCode || 400
+
+    this.renderForm(error)
+  }
+
+  /**
+   * Returns a user account instance for the submitted username.
+   *
+   * @throws {Error} Rejects if user account does not exist for the username
+   *
+   * @returns {Promise<UserAccount>}
+   */
+  async loadUser () {
+    const username = this.username
+
+    return this.accountManager.accountExists(username)
+      .then(exists => {
+        if (!exists) {
+          throw new Error('Account not found for that username')
+        }
+
+        const userData = { username }
+
+        return this.accountManager.userAccountFrom(userData)
+      })
+  }
+
+  /**
+   * Renders the Delete form
+   */
+  renderForm (error) {
+    this.response.render('account/delete', {
+      error,
+      multiuser: this.accountManager.multiuser
+    })
+  }
+
+  /**
+   * Displays the 'your reset link has been sent' success message view
+   */
+  renderSuccess () {
+    this.response.render('account/delete-link-sent')
+  }
+
+  /**
+   * Loads the account recovery email for a given user and sends out a
+   * password request email.
+   *
+   * @param userAccount {UserAccount}
+   *
+   * @return {Promise}
+   */
+  async sendDeleteLink (userAccount) {
+    const accountManager = this.accountManager
+
+    const recoveryEmail = await accountManager.loadAccountRecoveryEmail(userAccount)
+    userAccount.email = recoveryEmail
+
+    debug('Preparing delete account email to:', recoveryEmail)
+
+    return accountManager.sendDeleteAccountEmail(userAccount)
+  }
+
+  /**
+   * Validates the request parameters, and throws an error if any
+   * validation fails.
+   *
+   * @throws {Error}
+   */
+  validate () {
+    if (this.accountManager.multiuser && !this.username) {
+      throw new Error('Username required')
+    }
+  }
+
+  static async post (req, res) {
+    const request = DeleteAccountRequest.fromParams(req, res)
+
+    debug(`User '${request.username}' requested to be sent a delete account email`)
+
+    return DeleteAccountRequest.handlePost(request)
+  }
+
+  /**
+   * Performs a 'send me a password reset email' request operation, after the
+   * user has entered an email into the reset form.
+   *
+   * @param request {DeleteAccountRequest}
+   *
+   * @return {Promise}
+   */
+  static async handlePost (request) {
+    try {
+      request.validate()
+      const userAccount = await request.loadUser()
+      await request.sendDeleteLink(userAccount)
+      return request.renderSuccess()
+    } catch (error) {
+      return request.error(error)
+    }
+  }
+
+  static get (req, res) {
+    const request = DeleteAccountRequest.fromParams(req, res)
+
+    request.renderForm()
+  }
+
+  static fromParams (req, res) {
+    const locals = req.app.locals
+    const accountManager = locals.accountManager
+    const username = this.parseParameter(req, 'username')
+
+    const options = {
+      accountManager,
+      response: res,
+      username
+    }
+
+    return new DeleteAccountRequest(options)
+  }
+}
+
+module.exports = DeleteAccountRequest

package/lib/requests/login-request.js

@@ -0,0 +1,205 @@
+'use strict'
+/* eslint-disable no-mixed-operators */
+
+const debug = require('./../debug').authentication
+
+const AuthRequest = require('./auth-request')
+const { PasswordAuthenticator, TlsAuthenticator } = require('../models/authenticator')
+
+const PASSWORD_AUTH = 'password'
+const TLS_AUTH = 'tls'
+
+/**
+ * Models a local Login request
+ */
+class LoginRequest extends AuthRequest {
+  /**
+   * @constructor
+   * @param options {Object}
+   *
+   * @param [options.response] {ServerResponse} middleware `res` object
+   * @param [options.session] {Session} req.session
+   * @param [options.userStore] {UserStore}
+   * @param [options.accountManager] {AccountManager}
+   * @param [options.returnToUrl] {string}
+   * @param [options.authQueryParams] {Object} Key/value hashmap of parsed query
+   *   parameters that will be passed through to the /authorize endpoint.
+   * @param [options.authenticator] {Authenticator} Auth strategy by which to
+   *   log in
+   */
+  constructor (options) {
+    super(options)
+
+    this.authenticator = options.authenticator
+    this.authMethod = options.authMethod
+  }
+
+  /**
+   * Factory method, returns an initialized instance of LoginRequest
+   * from an incoming http request.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   * @param authMethod {string}
+   *
+   * @return {LoginRequest}
+   */
+  static fromParams (req, res, authMethod) {
+    const options = AuthRequest.requestOptions(req, res)
+    options.authMethod = authMethod
+
+    switch (authMethod) {
+      case PASSWORD_AUTH:
+        options.authenticator = PasswordAuthenticator.fromParams(req, options)
+        break
+
+      case TLS_AUTH:
+        options.authenticator = TlsAuthenticator.fromParams(req, options)
+        break
+
+      default:
+        options.authenticator = null
+        break
+    }
+
+    return new LoginRequest(options)
+  }
+
+  /**
+   * Handles a Login GET request on behalf of a middleware handler, displays
+   * the Login page.
+   * Usage:
+   *
+   *   ```
+   *   app.get('/login', LoginRequest.get)
+   *   ```
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   */
+  static get (req, res) {
+    const request = LoginRequest.fromParams(req, res)
+
+    request.renderForm(null, req)
+  }
+
+  /**
+   * Handles a Login via Username+Password.
+   * Errors encountered are displayed on the Login form.
+   * Usage:
+   *
+   *   ```
+   *   app.post('/login/password', LoginRequest.loginPassword)
+   *   ```
+   *
+   * @param req
+   * @param res
+   *
+   * @return {Promise}
+   */
+  static loginPassword (req, res) {
+    debug('Logging in via username + password')
+
+    const request = LoginRequest.fromParams(req, res, PASSWORD_AUTH)
+
+    return LoginRequest.login(request)
+  }
+
+  /**
+   * Handles a Login via WebID-TLS.
+   * Errors encountered are displayed on the Login form.
+   * Usage:
+   *
+   *   ```
+   *   app.post('/login/tls', LoginRequest.loginTls)
+   *   ```
+   *
+   * @param req
+   * @param res
+   *
+   * @return {Promise}
+   */
+  static loginTls (req, res) {
+    debug('Logging in via WebID-TLS certificate')
+
+    const request = LoginRequest.fromParams(req, res, TLS_AUTH)
+
+    return LoginRequest.login(request)
+  }
+
+  /**
+   * Performs the login operation -- loads and validates the
+   * appropriate user, inits the session with credentials, and redirects the
+   * user to continue their auth flow.
+   *
+   * @param request {LoginRequest}
+   *
+   * @return {Promise}
+   */
+  static login (request) {
+    return request.authenticator.findValidUser()
+
+      .then(validUser => {
+        request.initUserSession(validUser)
+
+        request.redirectPostLogin(validUser)
+      })
+
+      .catch(error => request.error(error))
+  }
+
+  /**
+   * Returns a URL to redirect the user to after login.
+   * Either uses the provided `redirect_uri` auth query param, or simply
+   * returns the user profile URI if none was provided.
+   *
+   * @param validUser {UserAccount}
+   *
+   * @return {string}
+   */
+  postLoginUrl (validUser) {
+    // Login request is part of an app's auth flow
+    if (/token|code/.test(this.authQueryParams.response_type)) {
+      return this.sharingUrl()
+    // Login request is a user going to /login in browser
+    } else if (validUser) {
+      return this.authQueryParams.redirect_uri || validUser.accountUri
+    }
+  }
+
+  /**
+   * Redirects the Login request to continue on the OIDC auth workflow.
+   */
+  redirectPostLogin (validUser) {
+    const uri = this.postLoginUrl(validUser)
+    debug('Login successful, redirecting to ', uri)
+    this.response.redirect(uri)
+  }
+
+  /**
+   * Renders the login form
+   */
+  renderForm (error, req) {
+    const queryString = req && req.url && req.url.replace(/[^?]+\?/, '') || ''
+    const params = Object.assign({}, this.authQueryParams,
+      {
+        registerUrl: this.registerUrl(),
+        returnToUrl: this.returnToUrl,
+        enablePassword: this.localAuth.password,
+        enableTls: this.localAuth.tls,
+        tlsUrl: `/login/tls?${encodeURIComponent(queryString)}`
+      })
+
+    if (error) {
+      params.error = error.message
+      this.response.status(error.statusCode)
+    }
+    this.response.render('auth/login', params)
+  }
+}
+
+module.exports = {
+  LoginRequest,
+  PASSWORD_AUTH,
+  TLS_AUTH
+}

package/lib/requests/password-change-request.js

@@ -0,0 +1,201 @@
+'use strict'
+
+const AuthRequest = require('./auth-request')
+const debug = require('./../debug').accounts
+
+class PasswordChangeRequest extends AuthRequest {
+  /**
+   * @constructor
+   * @param options {Object}
+   * @param options.accountManager {AccountManager}
+   * @param options.userStore {UserStore}
+   * @param options.response {ServerResponse} express response object
+   * @param [options.token] {string} One-time reset password token (from email)
+   * @param [options.returnToUrl] {string}
+   * @param [options.newPassword] {string} New password to save
+   */
+  constructor (options) {
+    super(options)
+
+    this.token = options.token
+    this.returnToUrl = options.returnToUrl
+
+    this.validToken = false
+
+    this.newPassword = options.newPassword
+  }
+
+  /**
+   * Factory method, returns an initialized instance of PasswordChangeRequest
+   * from an incoming http request.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   *
+   * @return {PasswordChangeRequest}
+   */
+  static fromParams (req, res) {
+    const locals = req.app.locals
+    const accountManager = locals.accountManager
+    const userStore = locals.oidc.users
+
+    const returnToUrl = this.parseParameter(req, 'returnToUrl')
+    const token = this.parseParameter(req, 'token')
+    const oldPassword = this.parseParameter(req, 'password')
+    const newPassword = this.parseParameter(req, 'newPassword')
+
+    const options = {
+      accountManager,
+      userStore,
+      returnToUrl,
+      token,
+      oldPassword,
+      newPassword,
+      response: res
+    }
+
+    return new PasswordChangeRequest(options)
+  }
+
+  /**
+   * Handles a Change Password GET request on behalf of a middleware handler.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   *
+   * @return {Promise}
+   */
+  static get (req, res) {
+    const request = PasswordChangeRequest.fromParams(req, res)
+
+    return Promise.resolve()
+      .then(() => request.validateToken())
+      .then(() => request.renderForm())
+      .catch(error => request.error(error))
+  }
+
+  /**
+   * Handles a Change Password POST request on behalf of a middleware handler.
+   *
+   * @param req {IncomingRequest}
+   * @param res {ServerResponse}
+   *
+   * @return {Promise}
+   */
+  static post (req, res) {
+    const request = PasswordChangeRequest.fromParams(req, res)
+
+    return PasswordChangeRequest.handlePost(request)
+  }
+
+  /**
+   * Performs the 'Change Password' operation, after the user submits the
+   * password change form. Validates the parameters (the one-time token,
+   * the new password), changes the password, and renders the success view.
+   *
+   * @param request {PasswordChangeRequest}
+   *
+   * @return {Promise}
+   */
+  static handlePost (request) {
+    return Promise.resolve()
+      .then(() => request.validatePost())
+      .then(() => request.validateToken())
+      .then(tokenContents => request.changePassword(tokenContents))
+      .then(() => request.renderSuccess())
+      .catch(error => request.error(error))
+  }
+
+  /**
+   * Validates the 'Change Password' parameters, and throws an error if any
+   * validation fails.
+   *
+   * @throws {Error}
+   */
+  validatePost () {
+    if (!this.newPassword) {
+      throw new Error('Please enter a new password')
+    }
+  }
+
+  /**
+   * Validates the one-time Password Reset token that was emailed to the user.
+   * If the token service has a valid token saved for the given key, it returns
+   * the token object value (which contains the user's WebID URI, etc).
+   * If no token is saved, returns `false`.
+   *
+   * @return {Promise<Object|false>}
+   */
+  validateToken () {
+    return Promise.resolve()
+      .then(() => {
+        if (!this.token) { return false }
+
+        return this.accountManager.validateResetToken(this.token)
+      })
+      .then(validToken => {
+        if (validToken) {
+          this.validToken = true
+        }
+
+        return validToken
+      })
+      .catch(error => {
+        this.token = null
+        throw error
+      })
+  }
+
+  /**
+   * Changes the password that's saved in the user store.
+   * If the user has no user store entry, it creates one.
+   *
+   * @param tokenContents {Object}
+   * @param tokenContents.webId {string}
+   *
+   * @return {Promise}
+   */
+  changePassword (tokenContents) {
+    const user = this.accountManager.userAccountFrom(tokenContents)
+
+    debug('Changing password for user:', user.webId)
+
+    return this.userStore.findUser(user.id)
+      .then(userStoreEntry => {
+        if (userStoreEntry) {
+          return this.userStore.updatePassword(user, this.newPassword)
+        } else {
+          return this.userStore.createUser(user, this.newPassword)
+        }
+      })
+  }
+
+  /**
+   * Renders the 'change password' form.
+   *
+   * @param [error] {Error} Optional error to display
+   */
+  renderForm (error) {
+    const params = {
+      validToken: this.validToken,
+      returnToUrl: this.returnToUrl,
+      token: this.token
+    }
+
+    if (error) {
+      params.error = error.message
+      this.response.status(error.statusCode)
+    }
+
+    this.response.render('auth/change-password', params)
+  }
+
+  /**
+   * Displays the 'password has been changed' success view.
+   */
+  renderSuccess () {
+    this.response.render('auth/password-changed', { returnToUrl: this.returnToUrl })
+  }
+}
+
+module.exports = PasswordChangeRequest