crowdstf/lib/units/auth/openid.js - release.projects.luma_third_party - Git at Google

 var http = require('http')

 var openid = require('openid')
 var express = require('express')
 var urljoin = require('url-join')

 var logger = require('../../util/logger')
 var jwtutil = require('../../util/jwtutil')
 var urlutil = require('../../util/urlutil')

 module.exports = function(options) {
   var extensions = [new openid.SimpleRegistration({
     email: true
   , fullname: true
   })]

   var relyingParty = new openid.RelyingParty(
     urljoin(options.appUrl, '/auth/openid/verify')
   , null  // Realm (optional, specifies realm for OpenID authentication)
   , false // Use stateless verification
   , false // Strict mode
   , extensions)

   var log = logger.createLogger('auth-openid')
   var app = express()

   app.set('strict routing', true)
   app.set('case sensitive routing', true)

   app.get('/', function(req, res) {
     res.redirect('/auth/openid/')
   })

   app.get('/auth/openid/', function(req, res) {
     log.info('openid identifier url: %s', options.openid.identifierUrl)
     relyingParty.authenticate(options.openid.identifierUrl, false, function(err, authUrl) {
       if (err) {
         res.send('Authentication failed')
       }
       else if (!authUrl) {
         res.send('Authentication failed')
       }
       else {
         log.info('redirect to authUrl: %s', options.openid.identifierUrl)
         res.redirect(authUrl)
       }
     })
   })

   app.get('/auth/openid/verify', function(req, res) {
     log.setLocalIdentifier(req.ip)

     relyingParty.verifyAssertion(req, function(err, result) {
       log.info('openid verify assertion')
       if (err || !result.authenticated) {
         res.send('Authentication failed')
         return
       }
       var email = req.query['openid.sreg.email']
       var name = req.query['openid.sreg.fullname']
       log.info('Authenticated "%s:%s"', name, email)
       var token = jwtutil.encode({
         payload: {
           email: email
         , name: name
         }
       , secret: options.secret
       })
       res.redirect(urlutil.addParams(options.appUrl, {jwt: token}))
     })
   })

   http.createServer(app).listen(options.port)
   log.info('Listening on port %d', options.port)
 }
	var http = require('http')

	var openid = require('openid')
	var express = require('express')
	var urljoin = require('url-join')

	var logger = require('../../util/logger')
	var jwtutil = require('../../util/jwtutil')
	var urlutil = require('../../util/urlutil')

	module.exports = function(options) {
	var extensions = [new openid.SimpleRegistration({
	email: true
	, fullname: true
	})]

	var relyingParty = new openid.RelyingParty(
	urljoin(options.appUrl, '/auth/openid/verify')
	, null // Realm (optional, specifies realm for OpenID authentication)
	, false // Use stateless verification
	, false // Strict mode
	, extensions)

	var log = logger.createLogger('auth-openid')
	var app = express()

	app.set('strict routing', true)
	app.set('case sensitive routing', true)

	app.get('/', function(req, res) {
	res.redirect('/auth/openid/')
	})

	app.get('/auth/openid/', function(req, res) {
	log.info('openid identifier url: %s', options.openid.identifierUrl)
	relyingParty.authenticate(options.openid.identifierUrl, false, function(err, authUrl) {
	if (err) {
	res.send('Authentication failed')
	}
	else if (!authUrl) {
	res.send('Authentication failed')
	}
	else {
	log.info('redirect to authUrl: %s', options.openid.identifierUrl)
	res.redirect(authUrl)
	}
	})
	})

	app.get('/auth/openid/verify', function(req, res) {
	log.setLocalIdentifier(req.ip)

	relyingParty.verifyAssertion(req, function(err, result) {
	log.info('openid verify assertion')
	if (err \|\| !result.authenticated) {
	res.send('Authentication failed')
	return
	}
	var email = req.query['openid.sreg.email']
	var name = req.query['openid.sreg.fullname']
	log.info('Authenticated "%s:%s"', name, email)
	var token = jwtutil.encode({
	payload: {
	email: email
	, name: name
	}
	, secret: options.secret
	})
	res.redirect(urlutil.addParams(options.appUrl, {jwt: token}))
	})
	})

	http.createServer(app).listen(options.port)
	log.info('Listening on port %d', options.port)
	}