npm - solid-server - Versions diffs - 5.8.7 → 5.8.8-5fdbfa12 - Mend

solid-server 5.8.7 → 5.8.8-5fdbfa12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (686) hide show

package/lib/requests/delete-account-confirm-request.js DELETED Viewed

@@ -1,170 +0,0 @@
-'use strict'
-const AuthRequest = require('./auth-request')
-const debug = require('./../debug').accounts
-const fs = require('fs-extra')
-class DeleteAccountConfirmRequest extends AuthRequest {
-  /**
-   * @constructor
-   * @param options {Object}
-   * @param options.accountManager {AccountManager}
-   * @param options.userStore {UserStore}
-   * @param options.response {ServerResponse} express response object
-   * @param [options.token] {string} One-time reset password token (from email)
-   */
-  constructor (options) {
-    super(options)
-    this.token = options.token
-    this.validToken = false
-  }
-  /**
-   * Factory method, returns an initialized instance of DeleteAccountConfirmRequest
-   * from an incoming http request.
-   *
-   * @param req {IncomingRequest}
-   * @param res {ServerResponse}
-   *
-   * @return {DeleteAccountConfirmRequest}
-   */
-  static fromParams (req, res) {
-    const locals = req.app.locals
-    const accountManager = locals.accountManager
-    const userStore = locals.oidc.users
-    const token = this.parseParameter(req, 'token')
-    const options = {
-      accountManager,
-      userStore,
-      token,
-      response: res
-    }
-    return new DeleteAccountConfirmRequest(options)
-  }
-  /**
-   * Handles a Change Password GET request on behalf of a middleware handler.
-   *
-   * @param req {IncomingRequest}
-   * @param res {ServerResponse}
-   *
-   * @return {Promise}
-   */
-  static async get (req, res) {
-    const request = DeleteAccountConfirmRequest.fromParams(req, res)
-    try {
-      await request.validateToken()
-      return request.renderForm()
-    } catch (error) {
-      return request.error(error)
-    }
-  }
-  /**
-   * Handles a Change Password POST request on behalf of a middleware handler.
-   *
-   * @param req {IncomingRequest}
-   * @param res {ServerResponse}
-   *
-   * @return {Promise}
-   */
-  static post (req, res) {
-    const request = DeleteAccountConfirmRequest.fromParams(req, res)
-    return DeleteAccountConfirmRequest.handlePost(request)
-  }
-  /**
-   * Performs the 'Change Password' operation, after the user submits the
-   * password change form. Validates the parameters (the one-time token,
-   * the new password), changes the password, and renders the success view.
-   *
-   * @param request {DeleteAccountConfirmRequest}
-   *
-   * @return {Promise}
-   */
-  static async handlePost (request) {
-    try {
-      const tokenContents = await request.validateToken()
-      await request.deleteAccount(tokenContents)
-      return request.renderSuccess()
-    } catch (error) {
-      return request.error(error)
-    }
-  }
-  /**
-   * Validates the one-time Password Reset token that was emailed to the user.
-   * If the token service has a valid token saved for the given key, it returns
-   * the token object value (which contains the user's WebID URI, etc).
-   * If no token is saved, returns `false`.
-   *
-   * @return {Promise<Object|false>}
-   */
-  async validateToken () {
-    try {
-      if (!this.token) {
-        return false
-      }
-      const validToken = await this.accountManager.validateDeleteToken(this.token)
-      if (validToken) {
-        this.validToken = true
-      }
-      return validToken
-    } catch (error) {
-      this.token = null
-      throw error
-    }
-  }
-  /**
-   * Removes the user's account and all their data from the store.
-   *
-   * @param tokenContents {Object}
-   *
-   * @return {Promise}
-   */
-  async deleteAccount (tokenContents) {
-    const user = this.accountManager.userAccountFrom(tokenContents)
-    const accountDir = this.accountManager.accountDirFor(user.username)
-    debug('Preparing removal of account for user:', user)
-    await this.userStore.deleteUser(user)
-    await fs.remove(accountDir)
-    debug('Removed user' + user.username)
-  }
-  /**
-   * Renders the 'change password' form.
-   *
-   * @param [error] {Error} Optional error to display
-   */
-  renderForm (error) {
-    const params = {
-      validToken: this.validToken,
-      token: this.token
-    }
-    if (error) {
-      params.error = error.message
-      this.response.status(error.statusCode)
-    }
-    this.response.render('account/delete-confirm', params)
-  }
-  /**
-   * Displays the 'password has been changed' success view.
-   */
-  renderSuccess () {
-    this.response.render('account/account-deleted')
-  }
-}
-module.exports = DeleteAccountConfirmRequest

package/lib/requests/login-request.js DELETED Viewed

@@ -1,205 +0,0 @@
-'use strict'
-/* eslint-disable no-mixed-operators */
-const debug = require('./../debug').authentication
-const AuthRequest = require('./auth-request')
-const { PasswordAuthenticator, TlsAuthenticator } = require('../models/authenticator')
-const PASSWORD_AUTH = 'password'
-const TLS_AUTH = 'tls'
-/**
- * Models a local Login request
- */
-class LoginRequest extends AuthRequest {
-  /**
-   * @constructor
-   * @param options {Object}
-   *
-   * @param [options.response] {ServerResponse} middleware `res` object
-   * @param [options.session] {Session} req.session
-   * @param [options.userStore] {UserStore}
-   * @param [options.accountManager] {AccountManager}
-   * @param [options.returnToUrl] {string}
-   * @param [options.authQueryParams] {Object} Key/value hashmap of parsed query
-   *   parameters that will be passed through to the /authorize endpoint.
-   * @param [options.authenticator] {Authenticator} Auth strategy by which to
-   *   log in
-   */
-  constructor (options) {
-    super(options)
-    this.authenticator = options.authenticator
-    this.authMethod = options.authMethod
-  }
-  /**
-   * Factory method, returns an initialized instance of LoginRequest
-   * from an incoming http request.
-   *
-   * @param req {IncomingRequest}
-   * @param res {ServerResponse}
-   * @param authMethod {string}
-   *
-   * @return {LoginRequest}
-   */
-  static fromParams (req, res, authMethod) {
-    const options = AuthRequest.requestOptions(req, res)
-    options.authMethod = authMethod
-    switch (authMethod) {
-      case PASSWORD_AUTH:
-        options.authenticator = PasswordAuthenticator.fromParams(req, options)
-        break
-      case TLS_AUTH:
-        options.authenticator = TlsAuthenticator.fromParams(req, options)
-        break
-      default:
-        options.authenticator = null
-        break
-    }
-    return new LoginRequest(options)
-  }
-  /**
-   * Handles a Login GET request on behalf of a middleware handler, displays
-   * the Login page.
-   * Usage:
-   *
-   *   ```
-   *   app.get('/login', LoginRequest.get)
-   *   ```
-   *
-   * @param req {IncomingRequest}
-   * @param res {ServerResponse}
-   */
-  static get (req, res) {
-    const request = LoginRequest.fromParams(req, res)
-    request.renderForm(null, req)
-  }
-  /**
-   * Handles a Login via Username+Password.
-   * Errors encountered are displayed on the Login form.
-   * Usage:
-   *
-   *   ```
-   *   app.post('/login/password', LoginRequest.loginPassword)
-   *   ```
-   *
-   * @param req
-   * @param res
-   *
-   * @return {Promise}
-   */
-  static loginPassword (req, res) {
-    debug('Logging in via username + password')
-    const request = LoginRequest.fromParams(req, res, PASSWORD_AUTH)
-    return LoginRequest.login(request)
-  }
-  /**
-   * Handles a Login via WebID-TLS.
-   * Errors encountered are displayed on the Login form.
-   * Usage:
-   *
-   *   ```
-   *   app.post('/login/tls', LoginRequest.loginTls)
-   *   ```
-   *
-   * @param req
-   * @param res
-   *
-   * @return {Promise}
-   */
-  static loginTls (req, res) {
-    debug('Logging in via WebID-TLS certificate')
-    const request = LoginRequest.fromParams(req, res, TLS_AUTH)
-    return LoginRequest.login(request)
-  }
-  /**
-   * Performs the login operation -- loads and validates the
-   * appropriate user, inits the session with credentials, and redirects the
-   * user to continue their auth flow.
-   *
-   * @param request {LoginRequest}
-   *
-   * @return {Promise}
-   */
-  static login (request) {
-    return request.authenticator.findValidUser()
-      .then(validUser => {
-        request.initUserSession(validUser)
-        request.redirectPostLogin(validUser)
-      })
-      .catch(error => request.error(error))
-  }
-  /**
-   * Returns a URL to redirect the user to after login.
-   * Either uses the provided `redirect_uri` auth query param, or simply
-   * returns the user profile URI if none was provided.
-   *
-   * @param validUser {UserAccount}
-   *
-   * @return {string}
-   */
-  postLoginUrl (validUser) {
-    // Login request is part of an app's auth flow
-    if (/token|code/.test(this.authQueryParams.response_type)) {
-      return this.sharingUrl()
-    // Login request is a user going to /login in browser
-    } else if (validUser) {
-      return this.authQueryParams.redirect_uri || validUser.accountUri
-    }
-  }
-  /**
-   * Redirects the Login request to continue on the OIDC auth workflow.
-   */
-  redirectPostLogin (validUser) {
-    const uri = this.postLoginUrl(validUser)
-    debug('Login successful, redirecting to ', uri)
-    this.response.redirect(uri)
-  }
-  /**
-   * Renders the login form
-   */
-  renderForm (error, req) {
-    const queryString = req && req.url && req.url.replace(/[^?]+\?/, '') || ''
-    const params = Object.assign({}, this.authQueryParams,
-      {
-        registerUrl: this.registerUrl(),
-        returnToUrl: this.returnToUrl,
-        enablePassword: this.localAuth.password,
-        enableTls: this.localAuth.tls,
-        tlsUrl: `/login/tls?${encodeURIComponent(queryString)}`
-      })
-    if (error) {
-      params.error = error.message
-      this.response.status(error.statusCode)
-    }
-    this.response.render('auth/login', params)
-  }
-}
-module.exports = {
-  LoginRequest,
-  PASSWORD_AUTH,
-  TLS_AUTH
-}

package/lib/services/email-service.js DELETED Viewed

@@ -1,162 +0,0 @@
-'use strict'
-const nodemailer = require('nodemailer')
-const path = require('path')
-const debug = require('../debug').email
-/**
- * Models a Nodemailer-based email sending service.
- *
- * @see https://nodemailer.com/about/
- */
-class EmailService {
-  /**
-   * @constructor
-   *
-   * @param templatePath {string} Path to the email templates directory
-   *
-   * @param config {Object} Nodemailer configuration object
-   * @see https://nodemailer.com/smtp/
-   *
-   * Transport SMTP config options:
-   * @param config.host {string} e.g. 'smtp.gmail.com'
-   * @param config.port {string} e.g. '465'
-   * @param config.secure {boolean} Whether to use TLS when connecting to server
-   *
-   * Transport authentication config options:
-   * @param config.auth {Object}
-   * @param config.auth.user {string} Smtp username (e.g. 'alice@gmail.com')
-   * @param config.auth.pass {string} Smtp password
-   *
-   * Optional default Sender / `from:` address:
-   * @param [config.sender] {string} e.g. 'Solid Server <no-reply@databox.me>'
-   */
-  constructor (templatePath, config) {
-    this.mailer = nodemailer.createTransport(config)
-    this.sender = this.initSender(config)
-    this.templatePath = templatePath
-  }
-  /**
-   * Returns the default Sender address based on config.
-   *
-   * Note that if using Gmail for SMTP transport, Gmail ignores the sender
-   * `from:` address and uses the SMTP username instead (`auth.user`).
-   *
-   * @param config {Object}
-   *
-   * The sender is derived from either:
-   * @param [config.sender] {string} e.g. 'Solid Server <no-reply@databox.me>'
-   *
-   * or, if explicit sender is not passed in, uses:
-   * @param [config.host] {string} SMTP host from transport config
-   *
-   * @return {string} Sender `from:` address
-   */
-  initSender (config) {
-    let sender
-    if (config.sender) {
-      sender = config.sender
-    } else {
-      sender = `no-reply@${config.host}`
-    }
-    return sender
-  }
-  /**
-   * Sends an email (passes it through to nodemailer).
-   *
-   * @param email {Object}
-   *
-   * @return {Promise<EmailResponse>}
-   */
-  sendMail (email) {
-    email.from = email.from || this.sender
-    debug('Sending email to ' + email.to)
-    return this.mailer.sendMail(email)
-  }
-  /**
-   * Sends an email using a saved email template.
-   * Usage:
-   *
-   *    ```
-   *    let data = { webid: 'https://example.com/alice#me', ... }
-   *
-   *    emailService.sendWithTemplate('welcome', data)
-   *      .then(response => {
-   *        // email sent using the 'welcome' template
-   *      })
-   *    ```
-   *
-   * @param templateName {string} Name of a template file in the email-templates
-   *   dir, no extension necessary.
-   *
-   * @param data {Object} Key/value hashmap of data for an email template.
-   *
-   * @return {Promise<EmailResponse>}
-   */
-  sendWithTemplate (templateName, data) {
-    return Promise.resolve()
-      .then(() => {
-        const renderedEmail = this.emailFromTemplate(templateName, data)
-        return this.sendMail(renderedEmail)
-      })
-  }
-  /**
-   * Returns an email from a rendered template.
-   *
-   * @param templateName {string}
-   * @param data {Object} Key/value hashmap of data for an email template.
-   *
-   * @return {Object} Rendered email object from template
-   */
-  emailFromTemplate (templateName, data) {
-    const template = this.readTemplate(templateName)
-    return Object.assign({}, template.render(data), data)
-  }
-  /**
-   * Reads (requires) and returns the contents of an email template file, for
-   * a given template name.
-   *
-   * @param templateName {string}
-   *
-   * @throws {Error} If the template could not be found
-   *
-   * @return {Object}
-   */
-  readTemplate (templateName) {
-    const templateFile = this.templatePathFor(templateName)
-    let template
-    try {
-      template = require(templateFile)
-    } catch (error) {
-      throw new Error('Cannot find email template: ' + templateFile)
-    }
-    return template
-  }
-  /**
-   * Returns a template file path for a given template name.
-   *
-   * @param templateName {string}
-   *
-   * @return {string}
-   */
-  templatePathFor (templateName) {
-    return path.join(this.templatePath, templateName)
-  }
-}
-module.exports = EmailService

package/lib/webid/tls/index.js DELETED Viewed

@@ -1,185 +0,0 @@
-exports.verify = verify
-exports.generate = generate
-exports.verifyKey = verifyKey
-const $rdf = require('rdflib')
-const get = require('../lib/get')
-const parse = require('../lib/parse')
-const forge = require('node-forge')
-const url = require('url')
-const crypto = require('crypto')
-const certificate = new crypto.Certificate()
-const pki = forge.pki
-const Graph = $rdf.graph
-const SPARQL_QUERY = 'PREFIX cert: <http://www.w3.org/ns/auth/cert#> SELECT ?webid ?m ?e WHERE { ?webid cert:key ?key . ?key cert:modulus ?m . ?key cert:exponent ?e . }'
-function verify (certificate, callback) {
-  if (!certificate) {
-    return callback(new Error('No certificate given'))
-  }
-  // Collect URIs in certificate
-  const uris = getUris(certificate)
-  // No uris
-  if (uris.length === 0) {
-    return callback(new Error('Empty Subject Alternative Name field in certificate'))
-  }
-  // Get first URI
-  const uri = uris.shift()
-  get(uri, function (err, body, contentType) {
-    if (err) {
-      return callback(err)
-    }
-    // Verify Key
-    verifyKey(certificate, uri, body, contentType, function (err, success) {
-      return callback(err, uri)
-    })
-  })
-}
-function getUris (certificate) {
-  const uris = []
-  if (certificate && certificate.subjectaltname) {
-    certificate
-      .subjectaltname
-      .replace(/URI:([^, ]+)/g, function (match, uri) {
-        return uris.push(uri)
-      })
-  }
-  return uris
-}
-function verifyKey (certificate, uri, profile, contentType, callback) {
-  const graph = new Graph()
-  let found = false
-  if (!certificate.modulus) {
-    return callback(new Error('Missing modulus value in client certificate'))
-  }
-  if (!certificate.exponent) {
-    return callback(new Error('Missing exponent value in client certificate'))
-  }
-  if (!contentType) {
-    return callback(new Error('No value specified for the Content-Type header'))
-  }
-  const mimeType = contentType.replace(/;.*/, '')
-  parse(profile, graph, uri, mimeType, function (err) {
-    if (err) {
-      return callback(err)
-    }
-    const certExponent = parseInt(certificate.exponent, 16).toString()
-    const query = $rdf.SPARQLToQuery(SPARQL_QUERY, undefined, graph)
-    graph.query(
-      query,
-      function (result) {
-        if (found) {
-          return
-        }
-        const modulus = result['?m'].value
-        const exponent = result['?e'].value
-        if (modulus != null &&
-           exponent != null &&
-           (modulus.toLowerCase() === certificate.modulus.toLowerCase()) &&
-           exponent === certExponent) {
-          found = true
-        }
-      },
-      undefined, // testing
-      function () {
-        if (!found) {
-          return callback(new Error('Certificate public key not found in the user\'s profile'))
-        }
-        return callback(null, true)
-      }
-    )
-  })
-}
-function generate (options, callback) {
-  if (!options.agent) {
-    return callback(new Error('No agent uri found'))
-  }
-  if (!options.spkac) {
-    return callback(new Error('No public key found'), null)
-  }
-  if (!certificate.verifySpkac(Buffer.from(options.spkac))) {
-    return callback(new Error('Invalid SPKAC'))
-  }
-  options.duration = options.duration || 10
-  // Generate a new certificate
-  const cert = pki.createCertificate()
-  cert.serialNumber = (Date.now()).toString(16)
-  // Get fields from SPKAC to populate new cert
-  const publicKey = certificate.exportPublicKey(options.spkac).toString()
-  cert.publicKey = pki.publicKeyFromPem(publicKey)
-  // Validity of 10 years
-  cert.validity.notBefore = new Date()
-  cert.validity.notAfter = new Date()
-  cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + options.duration)
-  // `.` is default with the OpenSSL command line tool
-  const commonName = options.commonName || url.URL(options.agent).hostname
-  const attrsSubject = [{
-    name: 'commonName',
-    value: commonName
-  }, {
-    name: 'organizationName',
-    value: options.organizationName || 'WebID'
-  }]
-  const attrsIssuer = [{
-    name: 'commonName',
-    value: commonName
-  }, {
-    name: 'organizationName',
-    value: options.organizationName || 'WebID'
-  }]
-  if (options.issuer) {
-    if (options.issuer.commonName) {
-      attrsIssuer[0].value = options.issuer.commonName
-    }
-    if (options.issuer.organizationName) {
-      attrsIssuer[1].value = options.issuer.organizationName
-    }
-  }
-  // Set same fields for certificate and issuer
-  cert.setSubject(attrsSubject)
-  cert.setIssuer(attrsIssuer)
-  // Set the cert extensions
-  cert.setExtensions([
-    {
-      name: 'basicConstraints',
-      cA: false,
-      critical: true
-    }, {
-      name: 'subjectAltName',
-      altNames: [{
-        type: 6, // URI
-        value: options.agent
-      }]
-    }, {
-      name: 'subjectKeyIdentifier'
-    }
-  ])
-  // Generate a new keypair to sign the certificate
-  // TODO this make is not really "self-signed"
-  const keys = pki.rsa.generateKeyPair(1024)
-  cert.sign(keys.privateKey, forge.md.sha256.create())
-  return callback(null, cert)
-}