solid-server 5.8.6 → 5.8.8-22f4cfec

package/lib/models/user-account.js

@@ -1,113 +0,0 @@
-'use strict'
-/* eslint-disable node/no-deprecated-api */
-
-const url = require('url')
-
-/**
- * Represents a Solid user account (created as a result of Signup, etc).
- */
-class UserAccount {
-  /**
-   * @constructor
-   * @param [options={}] {Object}
-   * @param [options.username] {string}
-   * @param [options.webId] {string}
-   * @param [options.name] {string}
-   * @param [options.email] {string}
-   * @param [options.externalWebId] {string}
-   * @param [options.localAccountId] {string}
-   */
-  constructor (options = {}) {
-    this.username = options.username
-    this.webId = options.webId
-    this.name = options.name
-    this.email = options.email
-    this.externalWebId = options.externalWebId
-    this.localAccountId = options.localAccountId
-    this.idp = options.idp
-  }
-
-  /**
-   * Factory method, returns an instance of `UserAccount`.
-   *
-   * @param [options={}] {Object} See `contructor()` docstring.
-   *
-   * @return {UserAccount}
-   */
-  static from (options = {}) {
-    return new UserAccount(options)
-  }
-
-  /**
-   * Returns the display name for the account.
-   *
-   * @return {string}
-   */
-  get displayName () {
-    return this.name || this.username || this.email || 'Solid account'
-  }
-
-  /**
-   * Returns the id key for the user account (for use with the user store, for
-   * example), consisting of the WebID URI minus the protocol and slashes.
-   * Usage:
-   *
-   *   ```
-   *   userAccount.webId = 'https://alice.example.com/profile/card#me'
-   *   userAccount.id  // -> 'alice.example.com/profile/card#me'
-   *   ```
-   *
-   * @return {string}
-   */
-  get id () {
-    if (!this.webId) { return null }
-
-    const parsed = url.parse(this.webId)
-    let id = parsed.host + parsed.pathname
-    if (parsed.hash) {
-      id += parsed.hash
-    }
-    return id
-  }
-
-  get accountUri () {
-    if (!this.webId) { return null }
-
-    const parsed = url.parse(this.webId)
-
-    return parsed.protocol + '//' + parsed.host
-  }
-
-  /**
-   * Returns the Uri to the account's Pod
-   *
-   * @return {string}
-   */
-  get podUri () {
-    const webIdUrl = url.parse(this.webId)
-    const podUrl = `${webIdUrl.protocol}//${webIdUrl.host}`
-    return url.format(podUrl)
-  }
-
-  /**
-   * Returns the URI of the WebID Profile for this account.
-   * Usage:
-   *
-   *   ```
-   *   // userAccount.webId === 'https://alice.example.com/profile/card#me'
-   *
-   *   userAccount.profileUri  // -> 'https://alice.example.com/profile/card'
-   *   ```
-   *
-   * @return {string|null}
-   */
-  get profileUri () {
-    if (!this.webId) { return null }
-
-    const parsed = url.parse(this.webId)
-    // Note that the hash fragment gets dropped
-    return parsed.protocol + '//' + parsed.host + parsed.pathname
-  }
-}
-
-module.exports = UserAccount

package/lib/models/webid-tls-certificate.js

@@ -1,184 +0,0 @@
-'use strict'
-/* eslint-disable node/no-deprecated-api */
-
-const webidTls = require('../webid')('tls')
-const forge = require('node-forge')
-const utils = require('../utils')
-
-/**
- * Models a WebID-TLS crypto certificate, as generated at signup from a browser's
- * `<keygen>` element.
- *
- * @class WebIdTlsCertificate
- */
-class WebIdTlsCertificate {
-  /**
-   * @param [options={}] {Object}
-   * @param [options.spkac] {Buffer<string>}
-   * @param [options.date] {Date}
-   * @param [options.webId] {string}
-   * @param [options.commonName] {string} Certificate name
-   * @param [options.issuerName] {string}
-   */
-  constructor (options = {}) {
-    this.spkac = options.spkac
-    this.date = options.date || new Date()
-    this.webId = options.webId
-    this.commonName = options.commonName
-    this.issuer = { commonName: options.issuerName }
-
-    this.certificate = null // gets initialized in `generateCertificate()`
-  }
-
-  /**
-   * Factory method, used to construct a certificate instance from a browser-
-   * based signup.
-   *
-   * @param spkac {string} Signed Public Key and Challenge from a browser's
-   *   `<keygen>` element.
-   * @param userAccount {UserAccount}
-   * @param host {SolidHost}
-   *
-   * @throws {TypeError} If no `spkac` param provided (http 400)
-   *
-   * @return {WebIdTlsCertificate}
-   */
-  static fromSpkacPost (spkac, userAccount, host) {
-    if (!spkac) {
-      const error = new TypeError('Missing spkac parameter')
-      error.status = 400
-      throw error
-    }
-
-    const date = new Date()
-    const commonName = `${userAccount.displayName} [on ${host.serverUri}, created ${date}]`
-
-    const options = {
-      spkac: WebIdTlsCertificate.prepPublicKey(spkac),
-      webId: userAccount.webId,
-      date,
-      commonName,
-      issuerName: host.serverUri
-    }
-
-    return new WebIdTlsCertificate(options)
-  }
-
-  /**
-   * Formats a `<keygen>`-generated public key and converts it into a Buffer,
-   * to use in TLS certificate generation.
-   *
-   * @param spkac {string} Signed Public Key and Challenge from a browser's
-   *   `<keygen>` element.
-   *
-   * @return {Buffer<string>|null} UTF-8 string buffer of the public key, if one
-   *   was passed in.
-   */
-  static prepPublicKey (spkac) {
-    if (!spkac) { return null }
-
-    spkac = utils.stripLineEndings(spkac)
-    spkac = new Buffer(spkac, 'utf-8')
-    return spkac
-  }
-
-  /**
-   * Generates an X509Certificate from the passed-in `spkac` value.
-   *
-   * @throws {Error} See `webid` module's `generate()` function.
-   *
-   * @return {Promise<WebIdTlsCertificate>} Resolves to self (chainable), with
-   *   the `.certificate` property initialized.
-   */
-  generateCertificate () {
-    const certOptions = {
-      spkac: this.spkac,
-      agent: this.webId,
-      commonName: this.commonName,
-      issuer: this.issuer
-    }
-
-    return new Promise((resolve, reject) => {
-      webidTls.generate(certOptions, (err, certificate) => {
-        if (err) {
-          reject(err)
-        } else {
-          this.certificate = certificate
-          resolve(this)
-        }
-      })
-    })
-  }
-
-  /**
-   * Returns the URI (with hash fragment) for this certificate's public key,
-   * to be used as a subject of RDF triples in a user's WebID Profile.
-   *
-   * @throws {TypeError} HTTP 400 error if no `webId` has been set.
-   *
-   * @return {string}
-   */
-  get keyUri () {
-    if (!this.webId) {
-      const error = new TypeError('Cannot construct key URI, WebID is missing')
-      error.status = 400
-      throw error
-    }
-
-    const profileUri = this.webId.split('#')[0]
-    return profileUri + '#key-' + this.date.getTime()
-  }
-
-  /**
-   * Returns the public key exponent (for adding to a user's WebID Profile)
-   *
-   * @throws {TypeError} HTTP 400 error if no certificate has been generated.
-   *
-   * @return {string}
-   */
-  get exponent () {
-    if (!this.certificate) {
-      const error = new TypeError('Cannot return exponent, certificate has not been generated')
-      error.status = 400
-      throw error
-    }
-
-    return this.certificate.publicKey.e.toString()
-  }
-
-  /**
-   * Returns the public key modulus (for adding to a user's WebID Profile)
-   *
-   * @throws {TypeError} HTTP 400 error if no certificate has been generated.
-   *
-   * @return {string}
-   */
-  get modulus () {
-    if (!this.certificate) {
-      const error = new TypeError('Cannot return modulus, certificate has not been generated')
-      error.status = 400
-      throw error
-    }
-
-    return this.certificate.publicKey.n.toString(16).toUpperCase()
-  }
-
-  /**
-   * Converts the generated cert to DER format and returns it.
-   *
-   * @return {X509Certificate|null} In DER format
-   */
-  toDER () {
-    if (!this.certificate) {
-      return null
-    }
-
-    const certificateAsn = forge.pki.certificateToAsn1(this.certificate)
-    // Convert to DER
-    const certificateDer = forge.asn1.toDer(certificateAsn).getBytes()
-    // new Buffer(der, 'binary')
-    return certificateDer
-  }
-}
-
-module.exports = WebIdTlsCertificate

package/lib/requests/add-cert-request.js

@@ -1,138 +0,0 @@
-'use strict'
-
-const WebIdTlsCertificate = require('../models/webid-tls-certificate')
-const debug = require('./../debug').accounts
-
-/**
- * Represents an 'add new certificate to account' request
- * (a POST to `/api/accounts/cert` endpoint).
- *
- * Note: The account has to exist, and the user must be already logged in,
- * for this to succeed.
- */
-class AddCertificateRequest {
-  /**
-   * @param [options={}] {Object}
-   * @param [options.accountManager] {AccountManager}
-   * @param [options.userAccount] {UserAccount}
-   * @param [options.certificate] {WebIdTlsCertificate}
-   * @param [options.response] {HttpResponse}
-   */
-  constructor (options) {
-    this.accountManager = options.accountManager
-    this.userAccount = options.userAccount
-    this.certificate = options.certificate
-    this.response = options.response
-  }
-
-  /**
-   * Handles the HTTP request (from an Express route handler).
-   *
-   * @param req
-   * @param res
-   * @param accountManager {AccountManager}
-   *
-   * @throws {TypeError}
-   * @throws {Error} HTTP 401 if the user is not logged in (`req.session.userId`
-   *   does not match the intended account to which the cert is being added).
-   *
-   * @return {Promise}
-   */
-  static handle (req, res, accountManager) {
-    let request
-    try {
-      request = AddCertificateRequest.fromParams(req, res, accountManager)
-    } catch (error) {
-      return Promise.reject(error)
-    }
-
-    return AddCertificateRequest.addCertificate(request)
-  }
-
-  /**
-   * Factory method, returns an initialized instance of `AddCertificateRequest`.
-   *
-   * @param req
-   * @param res
-   * @param accountManager {AccountManager}
-   *
-   * @throws {TypeError} If required parameters missing
-   * @throws {Error} HTTP 401 if the user is not logged in (`req.session.userId`
-   *   does not match the intended account to which the cert is being added).
-   *
-   * @return {AddCertificateRequest}
-   */
-  static fromParams (req, res, accountManager) {
-    const userAccount = accountManager.userAccountFrom(req.body)
-    const certificate = WebIdTlsCertificate.fromSpkacPost(
-      req.body.spkac,
-      userAccount,
-      accountManager.host)
-
-    debug(`Adding a new certificate for ${userAccount.webId}`)
-
-    if (req.session.userId !== userAccount.webId) {
-      debug(`Cannot add new certificate: signed in user is "${req.session.userId}"`)
-      const error = new Error("You are not logged in, so you can't create a certificate")
-      error.status = 401
-      throw error
-    }
-
-    const options = {
-      accountManager,
-      userAccount,
-      certificate,
-      response: res
-    }
-
-    return new AddCertificateRequest(options)
-  }
-
-  /**
-   * Generates a new certificate for a given user account, and adds it to that
-   * account's WebID Profile graph.
-   *
-   * @param request {AddCertificateRequest}
-   *
-   * @throws {Error} HTTP 400 if there were errors during certificate generation
-   *
-   * @returns {Promise}
-   */
-  static addCertificate (request) {
-    const { certificate, userAccount, accountManager } = request
-
-    return certificate.generateCertificate()
-      .catch(err => {
-        err.status = 400
-        err.message = 'Error generating a certificate: ' + err.message
-        throw err
-      })
-      .then(() => {
-        return accountManager.addCertKeyToProfile(certificate, userAccount)
-      })
-      .catch(err => {
-        err.status = 400
-        err.message = 'Error adding certificate to profile: ' + err.message
-        throw err
-      })
-      .then(() => {
-        request.sendResponse(certificate)
-      })
-  }
-
-  /**
-   * Sends the generated certificate in the response object.
-   *
-   * @param certificate {WebIdTlsCertificate}
-   */
-  sendResponse (certificate) {
-    const { response, userAccount } = this
-    response.set('User', userAccount.webId)
-    response.status(200)
-
-    response.set('Content-Type', 'application/x-x509-user-cert')
-    response.send(certificate.toDER())
-  }
-}
-
-module.exports = AddCertificateRequest

package/lib/requests/auth-request.js

@@ -1,234 +0,0 @@
-'use strict'
-/* eslint-disable node/no-deprecated-api */
-
-const url = require('url')
-const debug = require('./../debug').authentication
-
-const IDToken = require('@solid/oidc-op/src/IDToken')
-
-/**
- * Hidden form fields from the login page that must be passed through to the
- * Authentication request.
- *
- * @type {Array<string>}
- */
-const AUTH_QUERY_PARAMS = ['response_type', 'display', 'scope',
-  'client_id', 'redirect_uri', 'state', 'nonce', 'request']
-
-/**
- * Base authentication request (used for login and password reset workflows).
- */
-class AuthRequest {
-  /**
-   * @constructor
-   * @param [options.response] {ServerResponse} middleware `res` object
-   * @param [options.session] {Session} req.session
-   * @param [options.userStore] {UserStore}
-   * @param [options.accountManager] {AccountManager}
-   * @param [options.returnToUrl] {string}
-   * @param [options.authQueryParams] {Object} Key/value hashmap of parsed query
-   *   parameters that will be passed through to the /authorize endpoint.
-   * @param [options.enforceToc] {boolean} Whether or not to enforce the service provider's T&C
-   * @param [options.tocUri] {string} URI to the service provider's T&C
-   */
-  constructor (options) {
-    this.response = options.response
-    this.session = options.session || {}
-    this.userStore = options.userStore
-    this.accountManager = options.accountManager
-    this.returnToUrl = options.returnToUrl
-    this.authQueryParams = options.authQueryParams || {}
-    this.localAuth = options.localAuth
-    this.enforceToc = options.enforceToc
-    this.tocUri = options.tocUri
-  }
-
-  /**
-   * Extracts a given parameter from the request - either from a GET query param,
-   * a POST body param, or an express registered `/:param`.
-   * Usage:
-   *
-   *   ```
-   *   AuthRequest.parseParameter(req, 'client_id')
-   *   // -> 'client123'
-   *   ```
-   *
-   * @param req {IncomingRequest}
-   * @param parameter {string} Parameter key
-   *
-   * @return {string|null}
-   */
-  static parseParameter (req, parameter) {
-    const query = req.query || {}
-    const body = req.body || {}
-    const params = req.params || {}
-
-    return query[parameter] || body[parameter] || params[parameter] || null
-  }
-
-  /**
-   * Extracts the options in common to most auth-related requests.
-   *
-   * @param req
-   * @param res
-   *
-   * @return {Object}
-   */
-  static requestOptions (req, res) {
-    let userStore, accountManager, localAuth
-
-    if (req.app && req.app.locals) {
-      const locals = req.app.locals
-
-      if (locals.oidc) {
-        userStore = locals.oidc.users
-      }
-
-      accountManager = locals.accountManager
-
-      localAuth = locals.localAuth
-    }
-
-    const authQueryParams = AuthRequest.extractAuthParams(req)
-    const returnToUrl = AuthRequest.parseParameter(req, 'returnToUrl')
-    const acceptToc = AuthRequest.parseParameter(req, 'acceptToc') === 'true'
-
-    const options = {
-      response: res,
-      session: req.session,
-      userStore,
-      accountManager,
-      returnToUrl,
-      authQueryParams,
-      localAuth,
-      acceptToc
-    }
-
-    return options
-  }
-
-  /**
-   * Initializes query params required by Oauth2/OIDC type work flow from the
-   * request body.
-   * Only authorized params are loaded, all others are discarded.
-   *
-   * @param req {IncomingRequest}
-   *
-   * @return {Object}
-   */
-  static extractAuthParams (req) {
-    let params
-    if (req.method === 'POST') {
-      params = req.body
-    } else {
-      params = req.query
-    }
-
-    if (!params) { return {} }
-
-    const extracted = {}
-
-    const paramKeys = AUTH_QUERY_PARAMS
-    let value
-
-    for (const p of paramKeys) {
-      value = params[p]
-      // value = value === 'undefined' ? undefined : value
-      extracted[p] = value
-    }
-
-    // Special case because solid-auth-client does not include redirect in params
-    if (!extracted.redirect_uri && params.request) {
-      extracted.redirect_uri = IDToken.decode(params.request).payload.redirect_uri
-    }
-
-    return extracted
-  }
-
-  /**
-   * Calls the appropriate form to display to the user.
-   * Serves as an error handler for this request workflow.
-   *
-   * @param error {Error}
-   */
-  error (error, body) {
-    error.statusCode = error.statusCode || 400
-
-    this.renderForm(error, body)
-  }
-
-  /**
-   * Initializes a session (for subsequent authentication/authorization) with
-   * a given user's credentials.
-   *
-   * @param userAccount {UserAccount}
-   */
-  initUserSession (userAccount) {
-    const session = this.session
-
-    debug('Initializing user session with webId: ', userAccount.webId)
-
-    session.userId = userAccount.webId
-    session.subject = {
-      _id: userAccount.webId
-    }
-
-    return userAccount
-  }
-
-  /**
-   * Returns this installation's /authorize url. Used for redirecting post-login
-   * and post-signup.
-   *
-   * @return {string}
-   */
-  authorizeUrl () {
-    const host = this.accountManager.host
-    const authUrl = host.authEndpoint
-
-    authUrl.query = this.authQueryParams
-
-    return url.format(authUrl)
-  }
-
-  /**
-   * Returns this installation's /register url. Used for redirecting post-signup.
-   *
-   * @return {string}
-   */
-  registerUrl () {
-    const host = this.accountManager.host
-    const signupUrl = url.parse(url.resolve(host.serverUri, '/register'))
-
-    signupUrl.query = this.authQueryParams
-
-    return url.format(signupUrl)
-  }
-
-  /**
-   * Returns this installation's /login url.
-   *
-   * @return {string}
-   */
-  loginUrl () {
-    const host = this.accountManager.host
-    const signupUrl = url.parse(url.resolve(host.serverUri, '/login'))
-
-    signupUrl.query = this.authQueryParams
-
-    return url.format(signupUrl)
-  }
-
-  sharingUrl () {
-    const host = this.accountManager.host
-    const sharingUrl = url.parse(url.resolve(host.serverUri, '/sharing'))
-
-    sharingUrl.query = this.authQueryParams
-
-    return url.format(sharingUrl)
-  }
-}
-
-AuthRequest.AUTH_QUERY_PARAMS = AUTH_QUERY_PARAMS
-
-module.exports = AuthRequest