added squares and triangles themes
66
Gruntfile.js
|
@ -155,6 +155,54 @@ module.exports = function (grunt) {
|
|||
src: '**',
|
||||
dest: `${buildDir}/server/src/public_html/js/`
|
||||
},
|
||||
squares_resources: {
|
||||
expand: true,
|
||||
cwd: 'themes/squares/server/src/resources',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/resources/`
|
||||
},
|
||||
squares_views: {
|
||||
expand: true,
|
||||
cwd: 'themes/squares/server/src/views',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/views/`
|
||||
},
|
||||
squares_images: {
|
||||
expand: true,
|
||||
cwd: 'themes/squares/client/src/img',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/public_html/img/`
|
||||
},
|
||||
squares_thirdparties: {
|
||||
expand: true,
|
||||
cwd: 'themes/squares/client/src/thirdparties',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/public_html/js/`
|
||||
},
|
||||
triangles_resources: {
|
||||
expand: true,
|
||||
cwd: 'themes/triangles/server/src/resources',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/resources/`
|
||||
},
|
||||
triangles_views: {
|
||||
expand: true,
|
||||
cwd: 'themes/triangles/server/src/views',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/views/`
|
||||
},
|
||||
triangles_images: {
|
||||
expand: true,
|
||||
cwd: 'themes/triangles/client/src/img',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/public_html/img/`
|
||||
},
|
||||
triangles_thirdparties: {
|
||||
expand: true,
|
||||
cwd: 'themes/triangles/client/src/thirdparties',
|
||||
src: '**',
|
||||
dest: `${buildDir}/server/src/public_html/js/`
|
||||
},
|
||||
schema: {
|
||||
src: schemaDir,
|
||||
dest: `${buildDir}/${schemaDir}`
|
||||
|
@ -234,6 +282,14 @@ module.exports = function (grunt) {
|
|||
src: ['themes/black/client/src/css/*.css'],
|
||||
dest: `${buildDir}/server/src/public_html/css/authelia.css`
|
||||
},
|
||||
squares_css: {
|
||||
src: ['themes/squares/client/src/css/*.css'],
|
||||
dest: `${buildDir}/server/src/public_html/css/authelia.css`
|
||||
},
|
||||
triangles_css: {
|
||||
src: ['themes/triangles/client/src/css/*.css'],
|
||||
dest: `${buildDir}/server/src/public_html/css/authelia.css`
|
||||
},
|
||||
},
|
||||
cssmin: {
|
||||
target: {
|
||||
|
@ -267,16 +323,22 @@ module.exports = function (grunt) {
|
|||
|
||||
grunt.registerTask('copy-resources-main', ['copy:main_resources', 'copy:main_views', 'copy:main_images', 'copy:main_thirdparties', 'concat:main_css']);
|
||||
|
||||
grunt.registerTask('generate-config-schema', ['run:generate-config-schema', 'copy:schema']);
|
||||
|
||||
grunt.registerTask('copy-resources-matrix', ['copy:matrix_resources', 'copy:matrix_views', 'copy:matrix_images', 'copy:matrix_thirdparties', 'concat:matrix_css']);
|
||||
|
||||
grunt.registerTask('copy-resources-black', ['copy:black_resources', 'copy:black_views', 'copy:black_images', 'copy:black_thirdparties', 'concat:black_css']);
|
||||
|
||||
grunt.registerTask('copy-resources-squares', ['copy:squares_resources', 'copy:squares_views', 'copy:squares_images', 'copy:squares_thirdparties', 'concat:squares_css']);
|
||||
|
||||
grunt.registerTask('copy-resources-triangles', ['copy:triangles_resources', 'copy:triangles_views', 'copy:triangles_images', 'copy:triangles_thirdparties', 'concat:triangles_css']);
|
||||
|
||||
grunt.registerTask('generate-config-schema', ['run:generate-config-schema', 'copy:schema']);
|
||||
|
||||
grunt.registerTask('build-client', ['compile-client', 'browserify']);
|
||||
grunt.registerTask('build-server-main', ['compile-server', 'copy-resources-main', 'generate-config-schema']);
|
||||
grunt.registerTask('build-server-matrix', ['compile-server', 'copy-resources-matrix', 'generate-config-schema']);
|
||||
grunt.registerTask('build-server-black', ['compile-server', 'copy-resources-black', 'generate-config-schema']);
|
||||
grunt.registerTask('build-server-squares', ['compile-server', 'copy-resources-squares', 'generate-config-schema']);
|
||||
grunt.registerTask('build-server-triangles', ['compile-server', 'copy-resources-triangles', 'generate-config-schema']);
|
||||
|
||||
grunt.registerTask('build', ['build-client', 'build-server-'+target]);
|
||||
grunt.registerTask('build-dist', ['clean', 'build', 'run:minify', 'cssmin', 'run:include-minified-script']);
|
||||
|
|
4
themes/squares/client/src/css/.directory
Normal file
|
@ -0,0 +1,4 @@
|
|||
[Dolphin]
|
||||
Timestamp=2018,12,17,20,56,41
|
||||
Version=3
|
||||
ViewMode=1
|
5768
themes/squares/client/src/css/00-bootstrap.min.css
vendored
Normal file
77
themes/squares/client/src/css/01-main.css
Normal file
|
@ -0,0 +1,77 @@
|
|||
body {
|
||||
/*background-image: url("//*img//*LargeTriangles.svg");*/
|
||||
/*background-image: url("//*img//*RandomizedPattern.svg");*/
|
||||
background-image: url("/img/background.svg");
|
||||
/*background-color:#000000;*/
|
||||
}
|
||||
canvas{
|
||||
position:absolute;
|
||||
top:0;
|
||||
left:0;
|
||||
}
|
||||
.authelia-brand {
|
||||
font-weight: bold;
|
||||
font-style: italic;
|
||||
color: #ffffff
|
||||
}
|
||||
.poweredby-block {
|
||||
margin: 0px 30px;
|
||||
margin-top: 10px;
|
||||
padding-top: 15px;
|
||||
border-top: 1px solid rgba(0, 0, 0, 0.15);
|
||||
|
||||
}
|
||||
.poweredby {
|
||||
font-size: 0.7em;
|
||||
color: white;
|
||||
}
|
||||
/* notifications */
|
||||
.notification {
|
||||
padding: 10px;
|
||||
margin: 15px 0px;
|
||||
border-radius: 6px;
|
||||
display: none;
|
||||
position: absolute;
|
||||
}
|
||||
.notification img {
|
||||
width: 24px;
|
||||
margin-right: 10px;
|
||||
}
|
||||
.notification i,
|
||||
.notification span {
|
||||
display:table-cell;
|
||||
vertical-align:middle;
|
||||
}
|
||||
.info {
|
||||
border: 1px solid #9cb1ff;
|
||||
background-color: rgb(192, 220, 255);
|
||||
}
|
||||
.success {
|
||||
border: 1px solid #65ec7c;
|
||||
background-color: rgb(163, 255, 157);
|
||||
}
|
||||
.error {
|
||||
border: 1px solid #ffa3a3;
|
||||
background-color: rgb(255, 175, 175);
|
||||
}
|
||||
.warning {
|
||||
border: 1px solid #ffd743;
|
||||
background-color: rgb(255, 230, 143);
|
||||
}
|
||||
.bottom-right-links {
|
||||
text-align: right;
|
||||
margin-top: 10px;
|
||||
font-size: 0.8em;
|
||||
color: white;
|
||||
}
|
||||
.header {
|
||||
background-color: #000000;
|
||||
color: white;
|
||||
margin: 0px;
|
||||
}
|
||||
.body {
|
||||
padding: 10px;
|
||||
}
|
||||
h1 {
|
||||
font-size: 25px;
|
||||
}
|
136
themes/squares/client/src/css/02-login.css
Normal file
|
@ -0,0 +1,136 @@
|
|||
.form-signin
|
||||
{
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
.form-signin .form-signin-heading, .form-signin .checkbox
|
||||
{
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
|
||||
.form-signin .checkbox
|
||||
{
|
||||
font-weight: normal;
|
||||
}
|
||||
|
||||
.form-signin .form-control
|
||||
{
|
||||
position: relative;
|
||||
font-size: 16px;
|
||||
height: auto;
|
||||
padding: 10px;
|
||||
-webkit-box-sizing: border-box;
|
||||
-moz-box-sizing: border-box;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
.form-signin .form-control:focus
|
||||
{
|
||||
z-index: 2;
|
||||
}
|
||||
.form-signin input[type="text"]
|
||||
{
|
||||
margin-bottom: -1px;
|
||||
border-bottom-left-radius: 0;
|
||||
border-bottom-right-radius: 0;
|
||||
}
|
||||
.form-signin input[type="password"]
|
||||
{
|
||||
/* margin-bottom: 10px; */
|
||||
border-top-left-radius: 0;
|
||||
border-top-right-radius: 0;
|
||||
}
|
||||
.account-wall
|
||||
{
|
||||
border: 1px solid #000;
|
||||
margin-top: 20px;
|
||||
padding-bottom: 20px;
|
||||
background-color: #000000;
|
||||
-moz-box-shadow: 0px 2px 2px rgba(0, 0, 0, 1);
|
||||
-webkit-box-shadow: 0px 2px 2px rgba(0, 0, 0, 1);
|
||||
box-shadow: 0px 2px 2px rgba(0, 0, 0, 1);
|
||||
}
|
||||
.account-wall h1
|
||||
{
|
||||
margin-bottom: 15px;
|
||||
margin-top: 15px;
|
||||
font-weight: 800;
|
||||
display: block;
|
||||
text-align: center;
|
||||
}
|
||||
.account-wall h3
|
||||
{
|
||||
display: block;
|
||||
text-align: center;
|
||||
}
|
||||
.account-wall p
|
||||
{
|
||||
text-align: center;
|
||||
margin: 10px;
|
||||
color: white;
|
||||
}
|
||||
.account-wall .form-inputs
|
||||
{
|
||||
margin-bottom: 10px;
|
||||
border-color: #b20c0c;
|
||||
}
|
||||
.account-wall hr {
|
||||
border-color: #c5c5c5;
|
||||
}
|
||||
|
||||
.header-img
|
||||
{
|
||||
width: 96px;
|
||||
height: 96px;
|
||||
margin: 0 auto 10px;
|
||||
display: block;
|
||||
-moz-border-radius: 50%;
|
||||
-webkit-border-radius: 50%;
|
||||
border-radius: 50%;
|
||||
}
|
||||
|
||||
.link
|
||||
{
|
||||
margin-top: 10px;
|
||||
color: white;
|
||||
}
|
||||
|
||||
.btn-primary.totp
|
||||
{
|
||||
background-color: rgb(102, 135, 162);
|
||||
}
|
||||
|
||||
.btn-primary.u2f
|
||||
{
|
||||
background-color: rgb(83, 149, 204);
|
||||
}
|
||||
|
||||
.u2f-token {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.u2f-token img {
|
||||
width: 70px;
|
||||
}
|
||||
|
||||
.keep-me-logged-in {
|
||||
margin-top: 10px;
|
||||
font-size: 0.8em;
|
||||
color: white;
|
||||
}
|
||||
|
||||
.keep-me-logged-in input[type=checkbox] {
|
||||
transform: scale(0.8);
|
||||
margin: 0;
|
||||
margin-right: 4px;
|
||||
}
|
||||
|
||||
.keep-me-logged-in label {
|
||||
font-weight: 300;
|
||||
}
|
||||
|
||||
.keep-me-logged-in input,
|
||||
.keep-me-logged-in label {
|
||||
display: inline-block;
|
||||
margin-bottom: 0; /* I added this after I posted my reply */
|
||||
vertical-align: middle; /* Fixes any weird issues in Firefox and IE */
|
||||
}
|
12
themes/squares/client/src/css/03-errors.css
Normal file
|
@ -0,0 +1,12 @@
|
|||
|
||||
.error-401 .header-img {
|
||||
border-radius: 0%;
|
||||
}
|
||||
|
||||
.error-403 .header-img {
|
||||
border-radius: 0%;
|
||||
}
|
||||
|
||||
.error-404 .header-img {
|
||||
border-radius: 0%;
|
||||
}
|
4
themes/squares/client/src/css/03-password-reset-form.css
Normal file
|
@ -0,0 +1,4 @@
|
|||
|
||||
.password-reset-form .header-img {
|
||||
border-radius: 0%;
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
|
||||
.password-reset-request .header-img {
|
||||
border-radius: 0%;
|
||||
}
|
22
themes/squares/client/src/css/03-totp-register.css
Normal file
|
@ -0,0 +1,22 @@
|
|||
.totp-register #secret {
|
||||
background-color: white;
|
||||
font-size: 0.9em;
|
||||
font-weight: bold;
|
||||
padding: 5px;
|
||||
border: 1px solid #c7c7c7;
|
||||
word-wrap: break-word;
|
||||
}
|
||||
.totp-register #qrcode img {
|
||||
margin: 10px auto;
|
||||
}
|
||||
.totp-register .need-google-authenticator {
|
||||
text-align: center;
|
||||
margin-top: 20px;
|
||||
}
|
||||
.totp-register .store-badges {
|
||||
margin-top: 5px;
|
||||
}
|
||||
.totp-register .store-badge {
|
||||
width: 110px;
|
||||
height: 30px;
|
||||
}
|
5
themes/squares/client/src/css/03-u2f-register.css
Normal file
|
@ -0,0 +1,5 @@
|
|||
|
||||
.u2f-register img {
|
||||
display: block;
|
||||
margin: 20px auto;
|
||||
}
|
1
themes/squares/client/src/img/LargeTriangles.svg
Normal file
|
@ -0,0 +1 @@
|
|||
<svg xmlns='http://www.w3.org/2000/svg' width='300' height='250' viewBox='0 0 1080 900'><rect fill='#000000' width='1080' height='900'/><g fill-opacity='0.16'><polygon fill='#444' points='90 150 0 300 180 300'/><polygon points='90 150 180 0 0 0'/><polygon fill='#AAA' points='270 150 360 0 180 0'/><polygon fill='#DDD' points='450 150 360 300 540 300'/><polygon fill='#999' points='450 150 540 0 360 0'/><polygon points='630 150 540 300 720 300'/><polygon fill='#DDD' points='630 150 720 0 540 0'/><polygon fill='#444' points='810 150 720 300 900 300'/><polygon fill='#FFF' points='810 150 900 0 720 0'/><polygon fill='#DDD' points='990 150 900 300 1080 300'/><polygon fill='#444' points='990 150 1080 0 900 0'/><polygon fill='#DDD' points='90 450 0 600 180 600'/><polygon points='90 450 180 300 0 300'/><polygon fill='#666' points='270 450 180 600 360 600'/><polygon fill='#AAA' points='270 450 360 300 180 300'/><polygon fill='#DDD' points='450 450 360 600 540 600'/><polygon fill='#999' points='450 450 540 300 360 300'/><polygon fill='#999' points='630 450 540 600 720 600'/><polygon fill='#FFF' points='630 450 720 300 540 300'/><polygon points='810 450 720 600 900 600'/><polygon fill='#DDD' points='810 450 900 300 720 300'/><polygon fill='#AAA' points='990 450 900 600 1080 600'/><polygon fill='#444' points='990 450 1080 300 900 300'/><polygon fill='#222' points='90 750 0 900 180 900'/><polygon points='270 750 180 900 360 900'/><polygon fill='#DDD' points='270 750 360 600 180 600'/><polygon points='450 750 540 600 360 600'/><polygon points='630 750 540 900 720 900'/><polygon fill='#444' points='630 750 720 600 540 600'/><polygon fill='#AAA' points='810 750 720 900 900 900'/><polygon fill='#666' points='810 750 900 600 720 600'/><polygon fill='#999' points='990 750 900 900 1080 900'/><polygon fill='#999' points='180 0 90 150 270 150'/><polygon fill='#444' points='360 0 270 150 450 150'/><polygon fill='#FFF' points='540 0 450 150 630 150'/><polygon points='900 0 810 150 990 150'/><polygon fill='#222' points='0 300 -90 450 90 450'/><polygon fill='#FFF' points='0 300 90 150 -90 150'/><polygon fill='#FFF' points='180 300 90 450 270 450'/><polygon fill='#666' points='180 300 270 150 90 150'/><polygon fill='#222' points='360 300 270 450 450 450'/><polygon fill='#FFF' points='360 300 450 150 270 150'/><polygon fill='#444' points='540 300 450 450 630 450'/><polygon fill='#222' points='540 300 630 150 450 150'/><polygon fill='#AAA' points='720 300 630 450 810 450'/><polygon fill='#666' points='720 300 810 150 630 150'/><polygon fill='#FFF' points='900 300 810 450 990 450'/><polygon fill='#999' points='900 300 990 150 810 150'/><polygon points='0 600 -90 750 90 750'/><polygon fill='#666' points='0 600 90 450 -90 450'/><polygon fill='#AAA' points='180 600 90 750 270 750'/><polygon fill='#444' points='180 600 270 450 90 450'/><polygon fill='#444' points='360 600 270 750 450 750'/><polygon fill='#999' points='360 600 450 450 270 450'/><polygon fill='#666' points='540 600 630 450 450 450'/><polygon fill='#222' points='720 600 630 750 810 750'/><polygon fill='#FFF' points='900 600 810 750 990 750'/><polygon fill='#222' points='900 600 990 450 810 450'/><polygon fill='#DDD' points='0 900 90 750 -90 750'/><polygon fill='#444' points='180 900 270 750 90 750'/><polygon fill='#FFF' points='360 900 450 750 270 750'/><polygon fill='#AAA' points='540 900 630 750 450 750'/><polygon fill='#FFF' points='720 900 810 750 630 750'/><polygon fill='#222' points='900 900 990 750 810 750'/><polygon fill='#222' points='1080 300 990 450 1170 450'/><polygon fill='#FFF' points='1080 300 1170 150 990 150'/><polygon points='1080 600 990 750 1170 750'/><polygon fill='#666' points='1080 600 1170 450 990 450'/><polygon fill='#DDD' points='1080 900 1170 750 990 750'/></g></svg>
|
1
themes/squares/client/src/img/RandomizedPattern.svg
Normal file
|
@ -0,0 +1 @@
|
|||
<svg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='100' height='50' viewBox='0 0 100 50'><rect fill='#000000' width='50' height='25'/><defs><rect stroke='#000000' stroke-width='0.5' width='1' height='1' id='s'/><pattern id='a' width='2' height='2' patternUnits='userSpaceOnUse'><g stroke='#000000' stroke-width='0.5'><rect fill='#050505' width='1' height='1'/><rect fill='#000000' width='1' height='1' x='1' y='1'/><rect fill='#0a0a0a' width='1' height='1' y='1'/><rect fill='#0f0f0f' width='1' height='1' x='1'/></g></pattern><pattern id='b' width='5' height='11' patternUnits='userSpaceOnUse'><g fill='#141414'><use xlink:href='#s' x='2' y='0'/><use xlink:href='#s' x='4' y='1'/><use xlink:href='#s' x='1' y='2'/><use xlink:href='#s' x='2' y='4'/><use xlink:href='#s' x='4' y='6'/><use xlink:href='#s' x='0' y='8'/><use xlink:href='#s' x='3' y='9'/></g></pattern><pattern id='c' width='7' height='7' patternUnits='userSpaceOnUse'><g fill='#1a1a1a'><use xlink:href='#s' x='1' y='1'/><use xlink:href='#s' x='3' y='4'/><use xlink:href='#s' x='5' y='6'/><use xlink:href='#s' x='0' y='3'/></g></pattern><pattern id='d' width='11' height='5' patternUnits='userSpaceOnUse'><g fill='#000000'><use xlink:href='#s' x='1' y='1'/><use xlink:href='#s' x='6' y='3'/><use xlink:href='#s' x='8' y='2'/><use xlink:href='#s' x='3' y='0'/><use xlink:href='#s' x='0' y='3'/></g><g fill='#1f1f1f'><use xlink:href='#s' x='8' y='3'/><use xlink:href='#s' x='4' y='2'/><use xlink:href='#s' x='5' y='4'/><use xlink:href='#s' x='10' y='0'/></g></pattern><pattern id='e' width='47' height='23' patternUnits='userSpaceOnUse'><g fill='#000000'><use xlink:href='#s' x='2' y='5'/><use xlink:href='#s' x='23' y='13'/><use xlink:href='#s' x='4' y='18'/><use xlink:href='#s' x='35' y='9'/></g></pattern><pattern id='f' width='61' height='31' patternUnits='userSpaceOnUse'><g fill='#000000'><use xlink:href='#s' x='16' y='0'/><use xlink:href='#s' x='13' y='22'/><use xlink:href='#s' x='44' y='15'/><use xlink:href='#s' x='12' y='11'/></g></pattern></defs><rect fill='url(#a)' width='100' height='50'/><rect fill='url(#b)' width='100' height='50'/><rect fill='url(#c)' width='100' height='50'/><rect fill='url(#d)' width='100' height='50'/><rect fill='url(#e)' width='100' height='50'/><rect fill='url(#f)' width='100' height='50'/></svg>
|
BIN
themes/squares/client/src/img/background.jpg
Normal file
After Width: | Height: | Size: 587 B |
5
themes/squares/client/src/img/background.svg
Normal file
|
@ -0,0 +1,5 @@
|
|||
<svg xmlns="http://www.w3.org/2000/svg" width="56" height="100">
|
||||
<rect width="56" height="100" fill="#000000"></rect>
|
||||
<path d="M28 66L0 50L0 16L28 0L56 16L56 50L28 66L28 100" fill="none" stroke="#FCFCFC" stroke-width="2"></path>
|
||||
<path d="M28 0L28 34L0 50L0 84L28 100L56 84L56 50L28 34" fill="none" stroke="#FBFBFB" stroke-width="2"></path>
|
||||
</svg>
|
After Width: | Height: | Size: 347 B |
BIN
themes/squares/client/src/img/icon.png
Normal file
After Width: | Height: | Size: 1.4 KiB |
BIN
themes/squares/client/src/img/mail.png
Normal file
After Width: | Height: | Size: 3.5 KiB |
BIN
themes/squares/client/src/img/matrix_circle_128x128.png
Normal file
After Width: | Height: | Size: 35 KiB |
4
themes/squares/client/src/img/notifications/.directory
Normal file
|
@ -0,0 +1,4 @@
|
|||
[Dolphin]
|
||||
Timestamp=2018,12,17,20,57,35
|
||||
Version=3
|
||||
ViewMode=1
|
BIN
themes/squares/client/src/img/notifications/error.png
Normal file
After Width: | Height: | Size: 863 B |
BIN
themes/squares/client/src/img/notifications/info.png
Normal file
After Width: | Height: | Size: 732 B |
BIN
themes/squares/client/src/img/notifications/success.png
Normal file
After Width: | Height: | Size: 931 B |
BIN
themes/squares/client/src/img/notifications/warning.png
Normal file
After Width: | Height: | Size: 580 B |
BIN
themes/squares/client/src/img/padlock.png
Normal file
After Width: | Height: | Size: 3.2 KiB |
BIN
themes/squares/client/src/img/password_white.png
Normal file
After Width: | Height: | Size: 3.8 KiB |
BIN
themes/squares/client/src/img/pendrive.png
Normal file
After Width: | Height: | Size: 6.6 KiB |
BIN
themes/squares/client/src/img/sharingan.png
Normal file
After Width: | Height: | Size: 9.0 KiB |
4
themes/squares/client/src/img/stores/.directory
Normal file
|
@ -0,0 +1,4 @@
|
|||
[Dolphin]
|
||||
Timestamp=2018,12,17,20,57,25
|
||||
Version=3
|
||||
ViewMode=1
|
129
themes/squares/client/src/img/stores/applestore-badge.svg
Normal file
|
@ -0,0 +1,129 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<svg version="1.1" id="US_UK_Download_on_the" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
x="0px" y="0px" width="135px" height="40px" viewBox="0 0 135 40" enable-background="new 0 0 135 40" xml:space="preserve">
|
||||
<g>
|
||||
<path fill="#A6A6A6" d="M130.197,40H4.729C2.122,40,0,37.872,0,35.267V4.726C0,2.12,2.122,0,4.729,0h125.468
|
||||
C132.803,0,135,2.12,135,4.726v30.541C135,37.872,132.803,40,130.197,40L130.197,40z"/>
|
||||
<path d="M134.032,35.268c0,2.116-1.714,3.83-3.834,3.83H4.729c-2.119,0-3.839-1.714-3.839-3.83V4.725
|
||||
c0-2.115,1.72-3.835,3.839-3.835h125.468c2.121,0,3.834,1.72,3.834,3.835L134.032,35.268L134.032,35.268z"/>
|
||||
<g>
|
||||
<g>
|
||||
<path fill="#FFFFFF" d="M30.128,19.784c-0.029-3.223,2.639-4.791,2.761-4.864c-1.511-2.203-3.853-2.504-4.676-2.528
|
||||
c-1.967-0.207-3.875,1.177-4.877,1.177c-1.022,0-2.565-1.157-4.228-1.123c-2.14,0.033-4.142,1.272-5.24,3.196
|
||||
c-2.266,3.923-0.576,9.688,1.595,12.859c1.086,1.553,2.355,3.287,4.016,3.226c1.625-0.067,2.232-1.036,4.193-1.036
|
||||
c1.943,0,2.513,1.036,4.207,0.997c1.744-0.028,2.842-1.56,3.89-3.127c1.255-1.78,1.759-3.533,1.779-3.623
|
||||
C33.507,24.924,30.161,23.647,30.128,19.784z"/>
|
||||
<path fill="#FFFFFF" d="M26.928,10.306c0.874-1.093,1.472-2.58,1.306-4.089c-1.265,0.056-2.847,0.875-3.758,1.944
|
||||
c-0.806,0.942-1.526,2.486-1.34,3.938C24.557,12.205,26.016,11.382,26.928,10.306z"/>
|
||||
</g>
|
||||
</g>
|
||||
<g>
|
||||
<path fill="#FFFFFF" d="M53.645,31.504h-2.271l-1.244-3.909h-4.324l-1.185,3.909h-2.211l4.284-13.308h2.646L53.645,31.504z
|
||||
M49.755,25.955L48.63,22.48c-0.119-0.355-0.342-1.191-0.671-2.507h-0.04c-0.131,0.566-0.342,1.402-0.632,2.507l-1.105,3.475
|
||||
H49.755z"/>
|
||||
<path fill="#FFFFFF" d="M64.662,26.588c0,1.632-0.441,2.922-1.323,3.869c-0.79,0.843-1.771,1.264-2.942,1.264
|
||||
c-1.264,0-2.172-0.454-2.725-1.362h-0.04v5.055h-2.132V25.067c0-1.026-0.027-2.079-0.079-3.159h1.875l0.119,1.521h0.04
|
||||
c0.711-1.146,1.79-1.718,3.238-1.718c1.132,0,2.077,0.447,2.833,1.342C64.284,23.949,64.662,25.127,64.662,26.588z M62.49,26.666
|
||||
c0-0.934-0.21-1.704-0.632-2.31c-0.461-0.632-1.08-0.948-1.856-0.948c-0.526,0-1.004,0.176-1.431,0.523
|
||||
c-0.428,0.35-0.708,0.807-0.839,1.373c-0.066,0.264-0.099,0.48-0.099,0.65v1.6c0,0.698,0.214,1.287,0.642,1.768
|
||||
s0.984,0.721,1.668,0.721c0.803,0,1.428-0.31,1.875-0.928C62.266,28.496,62.49,27.68,62.49,26.666z"/>
|
||||
<path fill="#FFFFFF" d="M75.699,26.588c0,1.632-0.441,2.922-1.324,3.869c-0.789,0.843-1.77,1.264-2.941,1.264
|
||||
c-1.264,0-2.172-0.454-2.724-1.362H68.67v5.055h-2.132V25.067c0-1.026-0.027-2.079-0.079-3.159h1.875l0.119,1.521h0.04
|
||||
c0.71-1.146,1.789-1.718,3.238-1.718c1.131,0,2.076,0.447,2.834,1.342C75.32,23.949,75.699,25.127,75.699,26.588z M73.527,26.666
|
||||
c0-0.934-0.211-1.704-0.633-2.31c-0.461-0.632-1.078-0.948-1.855-0.948c-0.527,0-1.004,0.176-1.432,0.523
|
||||
c-0.428,0.35-0.707,0.807-0.838,1.373c-0.065,0.264-0.099,0.48-0.099,0.65v1.6c0,0.698,0.214,1.287,0.64,1.768
|
||||
c0.428,0.48,0.984,0.721,1.67,0.721c0.803,0,1.428-0.31,1.875-0.928C73.303,28.496,73.527,27.68,73.527,26.666z"/>
|
||||
<path fill="#FFFFFF" d="M88.039,27.772c0,1.132-0.393,2.053-1.182,2.764c-0.867,0.777-2.074,1.165-3.625,1.165
|
||||
c-1.432,0-2.58-0.276-3.449-0.829l0.494-1.777c0.936,0.566,1.963,0.85,3.082,0.85c0.803,0,1.428-0.182,1.877-0.544
|
||||
c0.447-0.362,0.67-0.848,0.67-1.454c0-0.54-0.184-0.995-0.553-1.364c-0.367-0.369-0.98-0.712-1.836-1.029
|
||||
c-2.33-0.869-3.494-2.142-3.494-3.816c0-1.094,0.408-1.991,1.225-2.689c0.814-0.699,1.9-1.048,3.258-1.048
|
||||
c1.211,0,2.217,0.211,3.02,0.632l-0.533,1.738c-0.75-0.408-1.598-0.612-2.547-0.612c-0.75,0-1.336,0.185-1.756,0.553
|
||||
c-0.355,0.329-0.533,0.73-0.533,1.205c0,0.526,0.203,0.961,0.611,1.303c0.355,0.316,1,0.658,1.936,1.027
|
||||
c1.145,0.461,1.986,1,2.527,1.618C87.77,26.081,88.039,26.852,88.039,27.772z"/>
|
||||
<path fill="#FFFFFF" d="M95.088,23.508h-2.35v4.659c0,1.185,0.414,1.777,1.244,1.777c0.381,0,0.697-0.033,0.947-0.099l0.059,1.619
|
||||
c-0.42,0.157-0.973,0.236-1.658,0.236c-0.842,0-1.5-0.257-1.975-0.77c-0.473-0.514-0.711-1.376-0.711-2.587v-4.837h-1.4v-1.6h1.4
|
||||
v-1.757l2.094-0.632v2.389h2.35V23.508z"/>
|
||||
<path fill="#FFFFFF" d="M105.691,26.627c0,1.475-0.422,2.686-1.264,3.633c-0.883,0.975-2.055,1.461-3.516,1.461
|
||||
c-1.408,0-2.529-0.467-3.365-1.401s-1.254-2.113-1.254-3.534c0-1.487,0.43-2.705,1.293-3.652c0.861-0.948,2.023-1.422,3.484-1.422
|
||||
c1.408,0,2.541,0.467,3.396,1.402C105.283,24.021,105.691,25.192,105.691,26.627z M103.479,26.696
|
||||
c0-0.885-0.189-1.644-0.572-2.277c-0.447-0.766-1.086-1.148-1.914-1.148c-0.857,0-1.508,0.383-1.955,1.148
|
||||
c-0.383,0.634-0.572,1.405-0.572,2.317c0,0.885,0.189,1.644,0.572,2.276c0.461,0.766,1.105,1.148,1.936,1.148
|
||||
c0.814,0,1.453-0.39,1.914-1.168C103.281,28.347,103.479,27.58,103.479,26.696z"/>
|
||||
<path fill="#FFFFFF" d="M112.621,23.783c-0.211-0.039-0.436-0.059-0.672-0.059c-0.75,0-1.33,0.283-1.738,0.85
|
||||
c-0.355,0.5-0.533,1.132-0.533,1.895v5.035h-2.131l0.02-6.574c0-1.106-0.027-2.113-0.08-3.021h1.857l0.078,1.836h0.059
|
||||
c0.225-0.631,0.58-1.139,1.066-1.52c0.475-0.343,0.988-0.514,1.541-0.514c0.197,0,0.375,0.014,0.533,0.039V23.783z"/>
|
||||
<path fill="#FFFFFF" d="M122.156,26.252c0,0.382-0.025,0.704-0.078,0.967h-6.396c0.025,0.948,0.334,1.673,0.928,2.173
|
||||
c0.539,0.447,1.236,0.671,2.092,0.671c0.947,0,1.811-0.151,2.588-0.454l0.334,1.48c-0.908,0.396-1.98,0.593-3.217,0.593
|
||||
c-1.488,0-2.656-0.438-3.506-1.313c-0.848-0.875-1.273-2.05-1.273-3.524c0-1.447,0.395-2.652,1.186-3.613
|
||||
c0.828-1.026,1.947-1.539,3.355-1.539c1.383,0,2.43,0.513,3.141,1.539C121.873,24.047,122.156,25.055,122.156,26.252z
|
||||
M120.123,25.699c0.014-0.632-0.125-1.178-0.414-1.639c-0.369-0.593-0.936-0.889-1.699-0.889c-0.697,0-1.264,0.289-1.697,0.869
|
||||
c-0.355,0.461-0.566,1.014-0.631,1.658H120.123z"/>
|
||||
</g>
|
||||
<g>
|
||||
<g>
|
||||
<path fill="#FFFFFF" d="M49.05,10.009c0,1.177-0.353,2.063-1.058,2.658c-0.653,0.549-1.581,0.824-2.783,0.824
|
||||
c-0.596,0-1.106-0.026-1.533-0.078V6.982c0.557-0.09,1.157-0.136,1.805-0.136c1.145,0,2.008,0.249,2.59,0.747
|
||||
C48.723,8.156,49.05,8.961,49.05,10.009z M47.945,10.038c0-0.763-0.202-1.348-0.606-1.756c-0.404-0.407-0.994-0.611-1.771-0.611
|
||||
c-0.33,0-0.611,0.022-0.844,0.068v4.889c0.129,0.02,0.365,0.029,0.708,0.029c0.802,0,1.421-0.223,1.857-0.669
|
||||
S47.945,10.892,47.945,10.038z"/>
|
||||
<path fill="#FFFFFF" d="M54.909,11.037c0,0.725-0.207,1.319-0.621,1.785c-0.434,0.479-1.009,0.718-1.727,0.718
|
||||
c-0.692,0-1.243-0.229-1.654-0.689c-0.41-0.459-0.615-1.038-0.615-1.736c0-0.73,0.211-1.329,0.635-1.794s0.994-0.698,1.712-0.698
|
||||
c0.692,0,1.248,0.229,1.669,0.688C54.708,9.757,54.909,10.333,54.909,11.037z M53.822,11.071c0-0.435-0.094-0.808-0.281-1.119
|
||||
c-0.22-0.376-0.533-0.564-0.94-0.564c-0.421,0-0.741,0.188-0.961,0.564c-0.188,0.311-0.281,0.69-0.281,1.138
|
||||
c0,0.435,0.094,0.808,0.281,1.119c0.227,0.376,0.543,0.564,0.951,0.564c0.4,0,0.714-0.191,0.94-0.574
|
||||
C53.725,11.882,53.822,11.506,53.822,11.071z"/>
|
||||
<path fill="#FFFFFF" d="M62.765,8.719l-1.475,4.714h-0.96l-0.611-2.047c-0.155-0.511-0.281-1.019-0.379-1.523h-0.019
|
||||
c-0.091,0.518-0.217,1.025-0.379,1.523l-0.649,2.047h-0.971l-1.387-4.714h1.077l0.533,2.241c0.129,0.53,0.235,1.035,0.32,1.513
|
||||
h0.019c0.078-0.394,0.207-0.896,0.389-1.503l0.669-2.25h0.854l0.641,2.202c0.155,0.537,0.281,1.054,0.378,1.552h0.029
|
||||
c0.071-0.485,0.178-1.002,0.32-1.552l0.572-2.202H62.765z"/>
|
||||
<path fill="#FFFFFF" d="M68.198,13.433H67.15v-2.7c0-0.832-0.316-1.248-0.95-1.248c-0.311,0-0.562,0.114-0.757,0.343
|
||||
c-0.193,0.229-0.291,0.499-0.291,0.808v2.796h-1.048v-3.366c0-0.414-0.013-0.863-0.038-1.349h0.921l0.049,0.737h0.029
|
||||
c0.122-0.229,0.304-0.418,0.543-0.569c0.284-0.176,0.602-0.265,0.95-0.265c0.44,0,0.806,0.142,1.097,0.427
|
||||
c0.362,0.349,0.543,0.87,0.543,1.562V13.433z"/>
|
||||
<path fill="#FFFFFF" d="M71.088,13.433h-1.047V6.556h1.047V13.433z"/>
|
||||
<path fill="#FFFFFF" d="M77.258,11.037c0,0.725-0.207,1.319-0.621,1.785c-0.434,0.479-1.01,0.718-1.727,0.718
|
||||
c-0.693,0-1.244-0.229-1.654-0.689c-0.41-0.459-0.615-1.038-0.615-1.736c0-0.73,0.211-1.329,0.635-1.794s0.994-0.698,1.711-0.698
|
||||
c0.693,0,1.248,0.229,1.67,0.688C77.057,9.757,77.258,10.333,77.258,11.037z M76.17,11.071c0-0.435-0.094-0.808-0.281-1.119
|
||||
c-0.219-0.376-0.533-0.564-0.939-0.564c-0.422,0-0.742,0.188-0.961,0.564c-0.188,0.311-0.281,0.69-0.281,1.138
|
||||
c0,0.435,0.094,0.808,0.281,1.119c0.227,0.376,0.543,0.564,0.951,0.564c0.4,0,0.713-0.191,0.939-0.574
|
||||
C76.074,11.882,76.17,11.506,76.17,11.071z"/>
|
||||
<path fill="#FFFFFF" d="M82.33,13.433h-0.941l-0.078-0.543h-0.029c-0.322,0.433-0.781,0.65-1.377,0.65
|
||||
c-0.445,0-0.805-0.143-1.076-0.427c-0.246-0.258-0.369-0.579-0.369-0.96c0-0.576,0.24-1.015,0.723-1.319
|
||||
c0.482-0.304,1.16-0.453,2.033-0.446V10.3c0-0.621-0.326-0.931-0.979-0.931c-0.465,0-0.875,0.117-1.229,0.349l-0.213-0.688
|
||||
c0.438-0.271,0.979-0.407,1.617-0.407c1.232,0,1.85,0.65,1.85,1.95v1.736C82.262,12.78,82.285,13.155,82.33,13.433z
|
||||
M81.242,11.813v-0.727c-1.156-0.02-1.734,0.297-1.734,0.95c0,0.246,0.066,0.43,0.201,0.553c0.135,0.123,0.307,0.184,0.512,0.184
|
||||
c0.23,0,0.445-0.073,0.641-0.218c0.197-0.146,0.318-0.331,0.363-0.558C81.236,11.946,81.242,11.884,81.242,11.813z"/>
|
||||
<path fill="#FFFFFF" d="M88.285,13.433h-0.93l-0.049-0.757h-0.029c-0.297,0.576-0.803,0.864-1.514,0.864
|
||||
c-0.568,0-1.041-0.223-1.416-0.669s-0.562-1.025-0.562-1.736c0-0.763,0.203-1.381,0.611-1.853c0.395-0.44,0.879-0.66,1.455-0.66
|
||||
c0.633,0,1.076,0.213,1.328,0.64h0.02V6.556h1.049v5.607C88.248,12.622,88.26,13.045,88.285,13.433z M87.199,11.445v-0.786
|
||||
c0-0.136-0.01-0.246-0.029-0.33c-0.059-0.252-0.186-0.464-0.379-0.635c-0.195-0.171-0.43-0.257-0.701-0.257
|
||||
c-0.391,0-0.697,0.155-0.922,0.466c-0.223,0.311-0.336,0.708-0.336,1.193c0,0.466,0.107,0.844,0.322,1.135
|
||||
c0.227,0.31,0.533,0.465,0.916,0.465c0.344,0,0.619-0.129,0.828-0.388C87.1,12.069,87.199,11.781,87.199,11.445z"/>
|
||||
<path fill="#FFFFFF" d="M97.248,11.037c0,0.725-0.207,1.319-0.621,1.785c-0.434,0.479-1.008,0.718-1.727,0.718
|
||||
c-0.691,0-1.242-0.229-1.654-0.689c-0.41-0.459-0.615-1.038-0.615-1.736c0-0.73,0.211-1.329,0.635-1.794s0.994-0.698,1.713-0.698
|
||||
c0.691,0,1.248,0.229,1.668,0.688C97.047,9.757,97.248,10.333,97.248,11.037z M96.162,11.071c0-0.435-0.094-0.808-0.281-1.119
|
||||
c-0.221-0.376-0.533-0.564-0.941-0.564c-0.42,0-0.74,0.188-0.961,0.564c-0.188,0.311-0.281,0.69-0.281,1.138
|
||||
c0,0.435,0.094,0.808,0.281,1.119c0.227,0.376,0.543,0.564,0.951,0.564c0.4,0,0.715-0.191,0.941-0.574
|
||||
C96.064,11.882,96.162,11.506,96.162,11.071z"/>
|
||||
<path fill="#FFFFFF" d="M102.883,13.433h-1.047v-2.7c0-0.832-0.316-1.248-0.951-1.248c-0.311,0-0.562,0.114-0.756,0.343
|
||||
s-0.291,0.499-0.291,0.808v2.796h-1.049v-3.366c0-0.414-0.012-0.863-0.037-1.349h0.92l0.049,0.737h0.029
|
||||
c0.123-0.229,0.305-0.418,0.543-0.569c0.285-0.176,0.602-0.265,0.951-0.265c0.439,0,0.805,0.142,1.096,0.427
|
||||
c0.363,0.349,0.543,0.87,0.543,1.562V13.433z"/>
|
||||
<path fill="#FFFFFF" d="M109.936,9.504h-1.154v2.29c0,0.582,0.205,0.873,0.611,0.873c0.188,0,0.344-0.016,0.467-0.049
|
||||
l0.027,0.795c-0.207,0.078-0.479,0.117-0.814,0.117c-0.414,0-0.736-0.126-0.969-0.378c-0.234-0.252-0.35-0.676-0.35-1.271V9.504
|
||||
h-0.689V8.719h0.689V7.855l1.027-0.31v1.173h1.154V9.504z"/>
|
||||
<path fill="#FFFFFF" d="M115.484,13.433h-1.049v-2.68c0-0.845-0.316-1.268-0.949-1.268c-0.486,0-0.818,0.245-1,0.735
|
||||
c-0.031,0.103-0.049,0.229-0.049,0.377v2.835h-1.047V6.556h1.047v2.841h0.02c0.33-0.517,0.803-0.775,1.416-0.775
|
||||
c0.434,0,0.793,0.142,1.078,0.427c0.355,0.355,0.533,0.883,0.533,1.581V13.433z"/>
|
||||
<path fill="#FFFFFF" d="M121.207,10.853c0,0.188-0.014,0.346-0.039,0.475h-3.143c0.014,0.466,0.164,0.821,0.455,1.067
|
||||
c0.266,0.22,0.609,0.33,1.029,0.33c0.465,0,0.889-0.074,1.271-0.223l0.164,0.728c-0.447,0.194-0.973,0.291-1.582,0.291
|
||||
c-0.73,0-1.305-0.215-1.721-0.645c-0.418-0.43-0.625-1.007-0.625-1.731c0-0.711,0.193-1.303,0.582-1.775
|
||||
c0.406-0.504,0.955-0.756,1.648-0.756c0.678,0,1.193,0.252,1.541,0.756C121.068,9.77,121.207,10.265,121.207,10.853z
|
||||
M120.207,10.582c0.008-0.311-0.061-0.579-0.203-0.805c-0.182-0.291-0.459-0.437-0.834-0.437c-0.342,0-0.621,0.142-0.834,0.427
|
||||
c-0.174,0.227-0.277,0.498-0.311,0.815H120.207z"/>
|
||||
</g>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 12 KiB |
429
themes/squares/client/src/img/stores/googleplay-badge.svg
Normal file
|
@ -0,0 +1,429 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
id="svg2"
|
||||
version="1.1"
|
||||
inkscape:version="0.91 r13725"
|
||||
xml:space="preserve"
|
||||
width="135.71649"
|
||||
height="40.018951"
|
||||
viewBox="0 0 135.71649 40.018951"
|
||||
sodipodi:docname="google-play-badge.svg"><metadata
|
||||
id="metadata8"><rdf:RDF><cc:Work
|
||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
|
||||
id="defs6"><linearGradient
|
||||
x1="31.7997"
|
||||
y1="183.2903"
|
||||
x2="15.0173"
|
||||
y2="166.5079"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
|
||||
spreadMethod="pad"
|
||||
id="linearGradient50"><stop
|
||||
style="stop-opacity:1;stop-color:#00a0ff"
|
||||
offset="0"
|
||||
id="stop52" /><stop
|
||||
style="stop-opacity:1;stop-color:#00a1ff"
|
||||
offset="0.0066"
|
||||
id="stop54" /><stop
|
||||
style="stop-opacity:1;stop-color:#00beff"
|
||||
offset="0.2601"
|
||||
id="stop56" /><stop
|
||||
style="stop-opacity:1;stop-color:#00d2ff"
|
||||
offset="0.5122"
|
||||
id="stop58" /><stop
|
||||
style="stop-opacity:1;stop-color:#00dfff"
|
||||
offset="0.7604"
|
||||
id="stop60" /><stop
|
||||
style="stop-opacity:1;stop-color:#00e3ff"
|
||||
offset="1"
|
||||
id="stop62" /></linearGradient><linearGradient
|
||||
x1="43.8344"
|
||||
y1="171.9986"
|
||||
x2="19.637501"
|
||||
y2="171.9986"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
|
||||
spreadMethod="pad"
|
||||
id="linearGradient68"><stop
|
||||
style="stop-opacity:1;stop-color:#ffe000"
|
||||
offset="0"
|
||||
id="stop70" /><stop
|
||||
style="stop-opacity:1;stop-color:#ffbd00"
|
||||
offset="0.4087"
|
||||
id="stop72" /><stop
|
||||
style="stop-opacity:1;stop-color:#ffa500"
|
||||
offset="0.7754"
|
||||
id="stop74" /><stop
|
||||
style="stop-opacity:1;stop-color:#ff9c00"
|
||||
offset="1"
|
||||
id="stop76" /></linearGradient><linearGradient
|
||||
x1="34.827"
|
||||
y1="169.7039"
|
||||
x2="12.0687"
|
||||
y2="146.9456"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
|
||||
spreadMethod="pad"
|
||||
id="linearGradient82"><stop
|
||||
style="stop-opacity:1;stop-color:#ff3a44"
|
||||
offset="0"
|
||||
id="stop84" /><stop
|
||||
style="stop-opacity:1;stop-color:#c31162"
|
||||
offset="1"
|
||||
id="stop86" /></linearGradient><linearGradient
|
||||
x1="17.2973"
|
||||
y1="191.82381"
|
||||
x2="27.4599"
|
||||
y2="181.6613"
|
||||
gradientUnits="userSpaceOnUse"
|
||||
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
|
||||
spreadMethod="pad"
|
||||
id="linearGradient92"><stop
|
||||
style="stop-opacity:1;stop-color:#32a071"
|
||||
offset="0"
|
||||
id="stop94" /><stop
|
||||
style="stop-opacity:1;stop-color:#2da771"
|
||||
offset="0.0685"
|
||||
id="stop96" /><stop
|
||||
style="stop-opacity:1;stop-color:#15cf74"
|
||||
offset="0.4762"
|
||||
id="stop98" /><stop
|
||||
style="stop-opacity:1;stop-color:#06e775"
|
||||
offset="0.8009"
|
||||
id="stop100" /><stop
|
||||
style="stop-opacity:1;stop-color:#00f076"
|
||||
offset="1"
|
||||
id="stop102" /></linearGradient><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath110"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path112"
|
||||
inkscape:connector-curvature="0" /></clipPath><mask
|
||||
maskUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="1"
|
||||
height="1"
|
||||
id="mask114"><g
|
||||
id="g116"><g
|
||||
clip-path="url(#clipPath110)"
|
||||
id="g118"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:#000000;fill-opacity:0.2;fill-rule:nonzero;stroke:none"
|
||||
id="path120"
|
||||
inkscape:connector-curvature="0" /></g></g></mask><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath126"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path128"
|
||||
inkscape:connector-curvature="0" /></clipPath><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath130"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path132"
|
||||
inkscape:connector-curvature="0" /></clipPath><pattern
|
||||
patternTransform="matrix(1,0,0,-1,0,48)"
|
||||
patternUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="124"
|
||||
height="48"
|
||||
id="pattern134"><g
|
||||
id="g136" /><g
|
||||
id="g138"><g
|
||||
clip-path="url(#clipPath130)"
|
||||
id="g140"><g
|
||||
id="g142"><path
|
||||
d="M 29.625,20.695 18.012,14.098 C 17.363,13.727 16.781,13.754 16.406,14.09 l -0.058,-0.063 0.058,-0.058 c 0.375,-0.336 0.957,-0.36 1.606,0.011 l 11.687,6.641 -0.074,0.074 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path144" /></g></g></g></pattern><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath158"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path160"
|
||||
inkscape:connector-curvature="0" /></clipPath><mask
|
||||
maskUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="1"
|
||||
height="1"
|
||||
id="mask162"><g
|
||||
id="g164"><g
|
||||
clip-path="url(#clipPath158)"
|
||||
id="g166"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:#000000;fill-opacity:0.12000002;fill-rule:nonzero;stroke:none"
|
||||
id="path168"
|
||||
inkscape:connector-curvature="0" /></g></g></mask><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath174"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path176"
|
||||
inkscape:connector-curvature="0" /></clipPath><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath178"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path180"
|
||||
inkscape:connector-curvature="0" /></clipPath><pattern
|
||||
patternTransform="matrix(1,0,0,-1,0,48)"
|
||||
patternUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="124"
|
||||
height="48"
|
||||
id="pattern182"><g
|
||||
id="g184" /><g
|
||||
id="g186"><g
|
||||
clip-path="url(#clipPath178)"
|
||||
id="g188"><g
|
||||
id="g190"><path
|
||||
d="m 16.348,14.145 c -0.235,0.246 -0.371,0.628 -0.371,1.125 l 0,-0.118 c 0,-0.496 0.136,-0.879 0.371,-1.125 l 0.058,0.063 -0.058,0.055 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path192" /></g></g></g></pattern><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath206"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path208"
|
||||
inkscape:connector-curvature="0" /></clipPath><mask
|
||||
maskUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="1"
|
||||
height="1"
|
||||
id="mask210"><g
|
||||
id="g212"><g
|
||||
clip-path="url(#clipPath206)"
|
||||
id="g214"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:#000000;fill-opacity:0.12000002;fill-rule:nonzero;stroke:none"
|
||||
id="path216"
|
||||
inkscape:connector-curvature="0" /></g></g></mask><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath222"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path224"
|
||||
inkscape:connector-curvature="0" /></clipPath><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath226"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path228"
|
||||
inkscape:connector-curvature="0" /></clipPath><pattern
|
||||
patternTransform="matrix(1,0,0,-1,0,48)"
|
||||
patternUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="124"
|
||||
height="48"
|
||||
id="pattern230"><g
|
||||
id="g232" /><g
|
||||
id="g234"><g
|
||||
clip-path="url(#clipPath226)"
|
||||
id="g236"><g
|
||||
id="g238"><path
|
||||
d="m 33.613,22.961 -3.988,-2.266 0.074,-0.074 3.914,2.223 c 0.559,0.316 0.836,0.734 0.836,1.156 -0.047,-0.379 -0.332,-0.75 -0.836,-1.039 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path240" /></g></g></g></pattern><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath254"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path256"
|
||||
inkscape:connector-curvature="0" /></clipPath><mask
|
||||
maskUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="1"
|
||||
height="1"
|
||||
id="mask258"><g
|
||||
id="g260"><g
|
||||
clip-path="url(#clipPath254)"
|
||||
id="g262"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:#000000;fill-opacity:0.25;fill-rule:nonzero;stroke:none"
|
||||
id="path264"
|
||||
inkscape:connector-curvature="0" /></g></g></mask><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath270"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path272"
|
||||
inkscape:connector-curvature="0" /></clipPath><clipPath
|
||||
clipPathUnits="userSpaceOnUse"
|
||||
id="clipPath274"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
id="path276"
|
||||
inkscape:connector-curvature="0" /></clipPath><pattern
|
||||
patternTransform="matrix(1,0,0,-1,0,48)"
|
||||
patternUnits="userSpaceOnUse"
|
||||
x="0"
|
||||
y="0"
|
||||
width="124"
|
||||
height="48"
|
||||
id="pattern278"><g
|
||||
id="g280" /><g
|
||||
id="g282"><g
|
||||
clip-path="url(#clipPath274)"
|
||||
id="g284"><g
|
||||
id="g286"><path
|
||||
d="m 18.012,33.902 15.601,-8.863 c 0.508,-0.289 0.789,-0.66 0.836,-1.039 0,0.418 -0.277,0.836 -0.836,1.156 L 18.012,34.02 c -1.117,0.632 -2.035,0.105 -2.035,-1.176 l 0,-0.114 c 0,1.278 0.918,1.805 2.035,1.172 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path288" /></g></g></g></pattern></defs><sodipodi:namedview
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1"
|
||||
objecttolerance="10"
|
||||
gridtolerance="10"
|
||||
guidetolerance="10"
|
||||
inkscape:pageopacity="0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:window-width="1366"
|
||||
inkscape:window-height="705"
|
||||
id="namedview4"
|
||||
showgrid="false"
|
||||
inkscape:zoom="7.6276974"
|
||||
inkscape:cx="93.965168"
|
||||
inkscape:cy="29.61582"
|
||||
inkscape:window-x="-8"
|
||||
inkscape:window-y="-8"
|
||||
inkscape:window-maximized="1"
|
||||
inkscape:current-layer="g10" /><g
|
||||
id="g10"
|
||||
inkscape:groupmode="layer"
|
||||
inkscape:label="google-play-badge"
|
||||
transform="matrix(1.25,0,0,-1.25,-9.4247625,49.85025)"><g
|
||||
id="g12"
|
||||
transform="matrix(1.0023923,0,0,0.99072975,-0.29664807,0)"><path
|
||||
d="M 112,8 12,8 C 9.801,8 8,9.801 8,12 l 0,24 c 0,2.199 1.801,4 4,4 l 100,0 c 2.199,0 4,-1.801 4,-4 l 0,-24 c 0,-2.199 -1.801,-4 -4,-4 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path14"
|
||||
inkscape:connector-curvature="0" /><path
|
||||
d="m 112,39.359 c 1.852,0 3.359,-1.507 3.359,-3.359 l 0,-24 c 0,-1.852 -1.507,-3.359 -3.359,-3.359 l -100,0 c -1.852,0 -3.359,1.507 -3.359,3.359 l 0,24 c 0,1.852 1.507,3.359 3.359,3.359 l 100,0 M 112,40 12,40 C 9.801,40 8,38.199 8,36 L 8,12 C 8,9.801 9.801,8 12,8 l 100,0 c 2.199,0 4,1.801 4,4 l 0,24 c 0,2.199 -1.801,4 -4,4 z"
|
||||
style="fill:#a6a6a6;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path16"
|
||||
inkscape:connector-curvature="0" /><g
|
||||
id="g18"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 45.934,16.195 c 0,0.668 -0.2,1.203 -0.594,1.602 -0.453,0.473 -1.043,0.711 -1.766,0.711 -0.691,0 -1.281,-0.242 -1.765,-0.719 -0.485,-0.484 -0.727,-1.078 -0.727,-1.789 0,-0.711 0.242,-1.305 0.727,-1.785 0.484,-0.481 1.074,-0.723 1.765,-0.723 0.344,0 0.672,0.071 0.985,0.203 0.312,0.133 0.566,0.313 0.75,0.535 l -0.418,0.422 c -0.321,-0.379 -0.758,-0.566 -1.317,-0.566 -0.504,0 -0.941,0.176 -1.312,0.531 -0.367,0.356 -0.551,0.817 -0.551,1.383 0,0.566 0.184,1.031 0.551,1.387 0.371,0.351 0.808,0.531 1.312,0.531 0.535,0 0.985,-0.18 1.34,-0.535 0.234,-0.235 0.367,-0.559 0.402,-0.973 l -1.742,0 0,-0.578 2.324,0 c 0.028,0.125 0.036,0.246 0.036,0.363 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path20"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g22"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 49.621,14.191 -2.183,0 0,1.52 1.968,0 0,0.578 -1.968,0 0,1.52 2.183,0 0,0.589 -2.801,0 0,-4.796 2.801,0 0,0.589 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path24"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g26"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 52.223,18.398 -0.618,0 0,-4.207 -1.339,0 0,-0.589 3.297,0 0,0.589 -1.34,0 0,4.207 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path28"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g30"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 55.949,18.398 0,-4.796 0.617,0 0,4.796 -0.617,0 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path32"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g34"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 59.301,18.398 -0.613,0 0,-4.207 -1.344,0 0,-0.589 3.301,0 0,0.589 -1.344,0 0,4.207 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path36"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g38"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 66.887,17.781 c -0.473,0.485 -1.059,0.727 -1.758,0.727 -0.703,0 -1.289,-0.242 -1.762,-0.727 C 62.895,17.297 62.66,16.703 62.66,16 c 0,-0.703 0.235,-1.297 0.707,-1.781 0.473,-0.485 1.059,-0.727 1.762,-0.727 0.695,0 1.281,0.242 1.754,0.731 0.476,0.488 0.711,1.078 0.711,1.777 0,0.703 -0.235,1.297 -0.707,1.781 z m -3.063,-0.402 c 0.356,0.359 0.789,0.539 1.305,0.539 0.512,0 0.949,-0.18 1.301,-0.539 0.355,-0.359 0.535,-0.82 0.535,-1.379 0,-0.559 -0.18,-1.02 -0.535,-1.379 -0.352,-0.359 -0.789,-0.539 -1.301,-0.539 -0.516,0 -0.949,0.18 -1.305,0.539 -0.355,0.359 -0.535,0.82 -0.535,1.379 0,0.559 0.18,1.02 0.535,1.379 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path40"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g42"
|
||||
transform="matrix(1,0,0,-1,0,48)"><path
|
||||
d="m 68.461,18.398 0,-4.796 0.75,0 2.332,3.73 0.027,0 -0.027,-0.922 0,-2.808 0.617,0 0,4.796 -0.644,0 -2.442,-3.914 -0.027,0 0.027,0.926 0,2.988 -0.613,0 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||
id="path44"
|
||||
inkscape:connector-curvature="0" /></g><path
|
||||
d="m 62.508,22.598 c -1.879,0 -3.414,-1.43 -3.414,-3.403 0,-1.957 1.535,-3.402 3.414,-3.402 1.883,0 3.418,1.445 3.418,3.402 0,1.973 -1.535,3.403 -3.418,3.403 z m 0,-5.465 c -1.031,0 -1.918,0.851 -1.918,2.062 0,1.227 0.887,2.063 1.918,2.063 1.031,0 1.922,-0.836 1.922,-2.063 0,-1.211 -0.891,-2.062 -1.922,-2.062 z m -7.449,5.465 c -1.883,0 -3.414,-1.43 -3.414,-3.403 0,-1.957 1.531,-3.402 3.414,-3.402 1.882,0 3.414,1.445 3.414,3.402 0,1.973 -1.532,3.403 -3.414,3.403 z m 0,-5.465 c -1.032,0 -1.922,0.851 -1.922,2.062 0,1.227 0.89,2.063 1.922,2.063 1.031,0 1.918,-0.836 1.918,-2.063 0,-1.211 -0.887,-2.062 -1.918,-2.062 z m -8.864,4.422 0,-1.446 3.453,0 c -0.101,-0.808 -0.371,-1.402 -0.785,-1.816 -0.504,-0.5 -1.289,-1.055 -2.668,-1.055 -2.125,0 -3.789,1.715 -3.789,3.84 0,2.125 1.664,3.84 3.789,3.84 1.149,0 1.985,-0.449 2.602,-1.031 l 1.019,1.019 c -0.863,0.824 -2.011,1.457 -3.621,1.457 -2.914,0 -5.363,-2.371 -5.363,-5.285 0,-2.914 2.449,-5.285 5.363,-5.285 1.575,0 2.758,0.516 3.688,1.484 0.953,0.953 1.25,2.293 1.25,3.375 0,0.336 -0.028,0.645 -0.078,0.903 l -4.86,0 z m 36.246,-1.121 c -0.281,0.761 -1.148,2.164 -2.914,2.164 -1.75,0 -3.207,-1.379 -3.207,-3.403 0,-1.906 1.442,-3.402 3.375,-3.402 1.563,0 2.465,0.953 2.836,1.508 l -1.16,0.773 c -0.387,-0.566 -0.914,-0.941 -1.676,-0.941 -0.757,0 -1.3,0.347 -1.648,1.031 l 4.551,1.883 -0.157,0.387 z m -4.64,-1.133 c -0.039,1.312 1.019,1.984 1.777,1.984 0.594,0 1.098,-0.297 1.266,-0.722 L 77.801,19.301 Z M 74.102,16 l 1.496,0 0,10 -1.496,0 0,-10 z m -2.45,5.84 -0.05,0 c -0.336,0.398 -0.977,0.758 -1.789,0.758 -1.704,0 -3.262,-1.496 -3.262,-3.414 0,-1.907 1.558,-3.391 3.262,-3.391 0.812,0 1.453,0.363 1.789,0.773 l 0.05,0 0,-0.488 c 0,-1.301 -0.695,-2 -1.816,-2 -0.914,0 -1.481,0.66 -1.715,1.215 L 66.82,14.75 c 0.375,-0.902 1.368,-2.012 3.016,-2.012 1.754,0 3.234,1.032 3.234,3.543 l 0,6.11 -1.418,0 0,-0.551 z m -1.711,-4.707 c -1.031,0 -1.894,0.863 -1.894,2.051 0,1.199 0.863,2.074 1.894,2.074 1.016,0 1.817,-0.875 1.817,-2.074 0,-1.188 -0.801,-2.051 -1.817,-2.051 z M 89.445,26 l -3.578,0 0,-10 1.492,0 0,3.789 2.086,0 c 1.657,0 3.282,1.199 3.282,3.106 0,1.906 -1.629,3.105 -3.282,3.105 z m 0.039,-4.82 -2.125,0 0,3.429 2.125,0 c 1.114,0 1.75,-0.925 1.75,-1.714 0,-0.774 -0.636,-1.715 -1.75,-1.715 z m 9.223,1.437 c -1.078,0 -2.199,-0.476 -2.66,-1.531 l 1.324,-0.555 c 0.285,0.555 0.809,0.735 1.363,0.735 0.774,0 1.559,-0.465 1.571,-1.286 l 0,-0.105 c -0.27,0.156 -0.848,0.387 -1.559,0.387 -1.426,0 -2.879,-0.785 -2.879,-2.25 0,-1.34 1.168,-2.203 2.481,-2.203 1.004,0 1.558,0.453 1.906,0.98 l 0.051,0 0,-0.773 1.441,0 0,3.836 c 0,1.773 -1.324,2.765 -3.039,2.765 z m -0.18,-5.48 c -0.488,0 -1.168,0.242 -1.168,0.847 0,0.774 0.848,1.071 1.582,1.071 0.657,0 0.965,-0.145 1.364,-0.336 -0.117,-0.926 -0.914,-1.582 -1.778,-1.582 z m 8.469,5.261 -1.715,-4.335 -0.051,0 -1.773,4.335 -1.609,0 2.664,-6.058 -1.52,-3.371 1.559,0 4.105,9.429 -1.66,0 z M 93.547,16 l 1.496,0 0,10 -1.496,0 0,-10 z"
|
||||
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path46"
|
||||
inkscape:connector-curvature="0" /><g
|
||||
id="g48"><path
|
||||
d="M 16.348,33.969 C 16.113,33.723 15.977,33.34 15.977,32.844 l 0,-17.692 c 0,-0.496 0.136,-0.879 0.371,-1.125 l 0.058,-0.054 9.914,9.91 0,0.234 -9.914,9.91 -0.058,-0.058 z"
|
||||
style="fill:url(#linearGradient50);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path64"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g66"><path
|
||||
d="m 29.621,20.578 -3.301,3.305 0,0.234 3.305,3.305 0.074,-0.043 3.914,-2.227 c 1.117,-0.632 1.117,-1.672 0,-2.308 l -3.914,-2.223 -0.078,-0.043 z"
|
||||
style="fill:url(#linearGradient68);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path78"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g80"><path
|
||||
d="M 29.699,20.621 26.32,24 16.348,14.027 c 0.371,-0.39 0.976,-0.437 1.664,-0.047 l 11.687,6.641"
|
||||
style="fill:url(#linearGradient82);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path88"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g90"><path
|
||||
d="M 29.699,27.379 18.012,34.02 c -0.688,0.386 -1.293,0.339 -1.664,-0.051 L 26.32,24 l 3.379,3.379 z"
|
||||
style="fill:url(#linearGradient92);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path104"
|
||||
inkscape:connector-curvature="0" /></g><g
|
||||
id="g106"><g
|
||||
id="g108" /><g
|
||||
id="g122"
|
||||
mask="url(#mask114)"><g
|
||||
id="g124" /><g
|
||||
id="g146"><g
|
||||
clip-path="url(#clipPath126)"
|
||||
id="g148"><g
|
||||
id="g150"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:url(#pattern134);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path152"
|
||||
inkscape:connector-curvature="0" /></g></g></g></g></g><g
|
||||
id="g154"><g
|
||||
id="g156" /><g
|
||||
id="g170"
|
||||
mask="url(#mask162)"><g
|
||||
id="g172" /><g
|
||||
id="g194"><g
|
||||
clip-path="url(#clipPath174)"
|
||||
id="g196"><g
|
||||
id="g198"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:url(#pattern182);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path200"
|
||||
inkscape:connector-curvature="0" /></g></g></g></g></g><g
|
||||
id="g202"><g
|
||||
id="g204" /><g
|
||||
id="g218"
|
||||
mask="url(#mask210)"><g
|
||||
id="g220" /><g
|
||||
id="g242"><g
|
||||
clip-path="url(#clipPath222)"
|
||||
id="g244"><g
|
||||
id="g246"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:url(#pattern230);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path248"
|
||||
inkscape:connector-curvature="0" /></g></g></g></g></g><g
|
||||
id="g250"><g
|
||||
id="g252" /><g
|
||||
id="g266"
|
||||
mask="url(#mask258)"><g
|
||||
id="g268" /><g
|
||||
id="g290"><g
|
||||
clip-path="url(#clipPath270)"
|
||||
id="g292"><g
|
||||
id="g294"><path
|
||||
d="M 0,0 124,0 124,48 0,48 0,0 Z"
|
||||
style="fill:url(#pattern278);fill-opacity:1;fill-rule:nonzero;stroke:none"
|
||||
id="path296"
|
||||
inkscape:connector-curvature="0" /></g></g></g></g></g></g></g></svg>
|
After Width: | Height: | Size: 22 KiB |
BIN
themes/squares/client/src/img/success.png
Normal file
After Width: | Height: | Size: 3.1 KiB |
BIN
themes/squares/client/src/img/user.png
Normal file
After Width: | Height: | Size: 2.9 KiB |
BIN
themes/squares/client/src/img/warning.png
Normal file
After Width: | Height: | Size: 3.9 KiB |
34
themes/squares/client/src/index.ts
Normal file
|
@ -0,0 +1,34 @@
|
|||
|
||||
import FirstFactorValidator = require("./lib/firstfactor/FirstFactorValidator");
|
||||
|
||||
import FirstFactor from "./lib/firstfactor/index";
|
||||
import SecondFactor from "./lib/secondfactor/index";
|
||||
import TOTPRegister from "./lib/totp-register/totp-register";
|
||||
import U2fRegister from "./lib/u2f-register/u2f-register";
|
||||
import ResetPasswordRequest from "./lib/reset-password/reset-password-request";
|
||||
import ResetPasswordForm from "./lib/reset-password/reset-password-form";
|
||||
import jslogger = require("js-logger");
|
||||
import jQuery = require("jquery");
|
||||
import Endpoints = require("../../shared/api");
|
||||
|
||||
jslogger.useDefaults();
|
||||
jslogger.setLevel(jslogger.INFO);
|
||||
|
||||
(function () {
|
||||
(<any>window).jQuery = jQuery;
|
||||
require("bootstrap");
|
||||
|
||||
jQuery('[data-toggle="tooltip"]').tooltip();
|
||||
if (window.location.pathname == Endpoints.FIRST_FACTOR_GET)
|
||||
FirstFactor(window, jQuery, FirstFactorValidator, jslogger);
|
||||
else if (window.location.pathname == Endpoints.SECOND_FACTOR_GET)
|
||||
SecondFactor(window, jQuery, (global as any).u2f);
|
||||
else if (window.location.pathname == Endpoints.SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET)
|
||||
TOTPRegister(window, jQuery);
|
||||
else if (window.location.pathname == Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET)
|
||||
U2fRegister(window, jQuery, (global as any).u2f);
|
||||
else if (window.location.pathname == Endpoints.RESET_PASSWORD_IDENTITY_FINISH_GET)
|
||||
ResetPasswordForm(window, jQuery);
|
||||
else if (window.location.pathname == Endpoints.RESET_PASSWORD_REQUEST_GET)
|
||||
ResetPasswordRequest(window, jQuery);
|
||||
})();
|
14
themes/squares/client/src/lib/GetPromised.ts
Normal file
|
@ -0,0 +1,14 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
|
||||
export default function ($: JQueryStatic, url: string, data: Object, fn: any,
|
||||
dataType: string): BluebirdPromise<any> {
|
||||
return new BluebirdPromise<any>((resolve, reject) => {
|
||||
$.get(url, {}, undefined, dataType)
|
||||
.done((data: any) => {
|
||||
resolve(data);
|
||||
})
|
||||
.fail((xhr: JQueryXHR, textStatus: string) => {
|
||||
reject(textStatus);
|
||||
});
|
||||
});
|
||||
}
|
14
themes/squares/client/src/lib/INotifier.ts
Normal file
|
@ -0,0 +1,14 @@
|
|||
|
||||
declare type Handler = () => void;
|
||||
|
||||
export interface Handlers {
|
||||
onFadedIn: Handler;
|
||||
onFadedOut: Handler;
|
||||
}
|
||||
|
||||
export interface INotifier {
|
||||
success(msg: string, handlers?: Handlers): void;
|
||||
error(msg: string, handlers?: Handlers): void;
|
||||
warning(msg: string, handlers?: Handlers): void;
|
||||
info(msg: string, handlers?: Handlers): void;
|
||||
}
|
83
themes/squares/client/src/lib/Notifier.ts
Normal file
|
@ -0,0 +1,83 @@
|
|||
|
||||
|
||||
import util = require("util");
|
||||
import { INotifier, Handlers } from "./INotifier";
|
||||
|
||||
class NotificationEvent {
|
||||
private element: JQuery;
|
||||
private message: string;
|
||||
private statusType: string;
|
||||
private timeoutId: any;
|
||||
|
||||
constructor(element: JQuery, msg: string, statusType: string) {
|
||||
this.message = msg;
|
||||
this.statusType = statusType;
|
||||
this.element = element;
|
||||
}
|
||||
|
||||
private clearNotification() {
|
||||
this.element.removeClass(this.statusType);
|
||||
this.element.html("");
|
||||
}
|
||||
|
||||
start(handlers?: Handlers) {
|
||||
const that = this;
|
||||
const FADE_TIME = 500;
|
||||
const html = util.format('<i><img src="/img/notifications/%s.png" alt="status %s"/></i>\
|
||||
<span>%s</span>', this.statusType, this.statusType, this.message);
|
||||
this.element.html(html);
|
||||
this.element.addClass(this.statusType);
|
||||
this.element.fadeIn(FADE_TIME, function () {
|
||||
if (handlers)
|
||||
handlers.onFadedIn();
|
||||
});
|
||||
|
||||
this.timeoutId = setTimeout(function () {
|
||||
that.element.fadeOut(FADE_TIME, function () {
|
||||
that.clearNotification();
|
||||
if (handlers)
|
||||
handlers.onFadedOut();
|
||||
});
|
||||
}, 4000);
|
||||
}
|
||||
|
||||
interrupt() {
|
||||
this.clearNotification();
|
||||
this.element.hide();
|
||||
clearTimeout(this.timeoutId);
|
||||
}
|
||||
}
|
||||
|
||||
export class Notifier implements INotifier {
|
||||
private element: JQuery;
|
||||
private onGoingEvent: NotificationEvent;
|
||||
|
||||
constructor(selector: string, $: JQueryStatic) {
|
||||
this.element = $(selector);
|
||||
this.onGoingEvent = undefined;
|
||||
}
|
||||
|
||||
private displayAndFadeout(msg: string, statusType: string, handlers?: Handlers): void {
|
||||
if (this.onGoingEvent)
|
||||
this.onGoingEvent.interrupt();
|
||||
|
||||
this.onGoingEvent = new NotificationEvent(this.element, msg, statusType);
|
||||
this.onGoingEvent.start(handlers);
|
||||
}
|
||||
|
||||
success(msg: string, handlers?: Handlers) {
|
||||
this.displayAndFadeout(msg, "success", handlers);
|
||||
}
|
||||
|
||||
error(msg: string, handlers?: Handlers) {
|
||||
this.displayAndFadeout(msg, "error", handlers);
|
||||
}
|
||||
|
||||
warning(msg: string, handlers?: Handlers) {
|
||||
this.displayAndFadeout(msg, "warning", handlers);
|
||||
}
|
||||
|
||||
info(msg: string, handlers?: Handlers) {
|
||||
this.displayAndFadeout(msg, "info", handlers);
|
||||
}
|
||||
}
|
12
themes/squares/client/src/lib/QueryParametersRetriever.ts
Normal file
|
@ -0,0 +1,12 @@
|
|||
|
||||
export class QueryParametersRetriever {
|
||||
static get(name: string, url?: string): string {
|
||||
if (!url) url = window.location.href;
|
||||
name = name.replace(/[\[\]]/g, "\\$&");
|
||||
const regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
|
||||
results = regex.exec(url);
|
||||
if (!results) return undefined;
|
||||
if (!results[2]) return "";
|
||||
return decodeURIComponent(results[2].replace(/\+/g, " "));
|
||||
}
|
||||
}
|
10
themes/squares/client/src/lib/SafeRedirect.ts
Normal file
|
@ -0,0 +1,10 @@
|
|||
import { BelongToDomain } from "../../../shared/BelongToDomain";
|
||||
|
||||
export function SafeRedirect(url: string, cb: () => void): void {
|
||||
const domain = window.location.hostname.split(".").slice(-2).join(".");
|
||||
if (url.startsWith("/") || BelongToDomain(url, domain)) {
|
||||
window.location.href = url;
|
||||
return;
|
||||
}
|
||||
cb();
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import Constants = require("../../../../shared/constants");
|
||||
import Util = require("util");
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
|
||||
export function validate(username: string, password: string,
|
||||
keepMeLoggedIn: boolean, redirectUrl: string, $: JQueryStatic)
|
||||
: BluebirdPromise<string> {
|
||||
return new BluebirdPromise<string>(function (resolve, reject) {
|
||||
let url: string;
|
||||
if (redirectUrl != undefined) {
|
||||
const redirectParam = Util.format("%s=%s", Constants.REDIRECT_QUERY_PARAM, redirectUrl);
|
||||
url = Util.format("%s?%s", Endpoints.FIRST_FACTOR_POST, redirectParam);
|
||||
}
|
||||
else {
|
||||
url = Util.format("%s", Endpoints.FIRST_FACTOR_POST);
|
||||
}
|
||||
|
||||
const data: any = {
|
||||
username: username,
|
||||
password: password,
|
||||
};
|
||||
|
||||
if (keepMeLoggedIn) {
|
||||
data.keepMeLoggedIn = "true";
|
||||
}
|
||||
|
||||
$.ajax({
|
||||
method: "POST",
|
||||
url: url,
|
||||
data: data
|
||||
})
|
||||
.done(function (body: any) {
|
||||
if (body && body.error) {
|
||||
reject(new Error(body.error));
|
||||
return;
|
||||
}
|
||||
resolve(body.redirect);
|
||||
})
|
||||
.fail(function (xhr: JQueryXHR, textStatus: string) {
|
||||
reject(new Error(UserMessages.AUTHENTICATION_FAILED));
|
||||
});
|
||||
});
|
||||
}
|
5
themes/squares/client/src/lib/firstfactor/UISelectors.ts
Normal file
|
@ -0,0 +1,5 @@
|
|||
|
||||
export const USERNAME_FIELD_ID = "#username";
|
||||
export const PASSWORD_FIELD_ID = "#password";
|
||||
export const SIGN_IN_BUTTON_ID = "#signin";
|
||||
export const KEEP_ME_LOGGED_IN_ID = "#keep_me_logged_in";
|
49
themes/squares/client/src/lib/firstfactor/index.ts
Normal file
|
@ -0,0 +1,49 @@
|
|||
import FirstFactorValidator = require("./FirstFactorValidator");
|
||||
import JSLogger = require("js-logger");
|
||||
import UISelectors = require("./UISelectors");
|
||||
import { Notifier } from "../Notifier";
|
||||
import { QueryParametersRetriever } from "../QueryParametersRetriever";
|
||||
import Constants = require("../../../../shared/constants");
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
import { SafeRedirect } from "../SafeRedirect";
|
||||
|
||||
export default function (window: Window, $: JQueryStatic,
|
||||
firstFactorValidator: typeof FirstFactorValidator, jslogger: typeof JSLogger) {
|
||||
|
||||
const notifier = new Notifier(".notification", $);
|
||||
|
||||
function onFormSubmitted() {
|
||||
const username: string = $(UISelectors.USERNAME_FIELD_ID).val() as string;
|
||||
const password: string = $(UISelectors.PASSWORD_FIELD_ID).val() as string;
|
||||
const keepMeLoggedIn: boolean = $(UISelectors.KEEP_ME_LOGGED_IN_ID).is(":checked");
|
||||
|
||||
$("form").css("opacity", 0.5);
|
||||
$("input,button").attr("disabled", "true");
|
||||
$(UISelectors.SIGN_IN_BUTTON_ID).text("Please wait...");
|
||||
|
||||
const redirectUrl = QueryParametersRetriever.get(Constants.REDIRECT_QUERY_PARAM);
|
||||
firstFactorValidator.validate(username, password, keepMeLoggedIn, redirectUrl, $)
|
||||
.then(onFirstFactorSuccess, onFirstFactorFailure);
|
||||
return false;
|
||||
}
|
||||
|
||||
function onFirstFactorSuccess(redirectUrl: string) {
|
||||
SafeRedirect(redirectUrl, () => {
|
||||
notifier.error("Cannot redirect to an external domain.");
|
||||
});
|
||||
}
|
||||
|
||||
function onFirstFactorFailure(err: Error) {
|
||||
$("input,button").removeAttr("disabled");
|
||||
$("form").css("opacity", 1);
|
||||
notifier.error(UserMessages.AUTHENTICATION_FAILED);
|
||||
$(UISelectors.PASSWORD_FIELD_ID).select();
|
||||
$(UISelectors.SIGN_IN_BUTTON_ID).text("Sign in");
|
||||
}
|
||||
|
||||
$(window.document).ready(function () {
|
||||
$("form").on("submit", onFormSubmitted);
|
||||
});
|
||||
}
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
export const FORM_SELECTOR = ".form-signin";
|
|
@ -0,0 +1,57 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
|
||||
import Constants = require("./constants");
|
||||
import { Notifier } from "../Notifier";
|
||||
|
||||
export default function (window: Window, $: JQueryStatic) {
|
||||
const notifier = new Notifier(".notification", $);
|
||||
|
||||
function modifyPassword(newPassword: string) {
|
||||
return new BluebirdPromise(function (resolve, reject) {
|
||||
$.post(Endpoints.RESET_PASSWORD_FORM_POST, {
|
||||
password: newPassword,
|
||||
})
|
||||
.done(function (body: any) {
|
||||
if (body && body.error) {
|
||||
reject(new Error(body.error));
|
||||
return;
|
||||
}
|
||||
resolve(body);
|
||||
})
|
||||
.fail(function (xhr, status) {
|
||||
reject(status);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function onFormSubmitted() {
|
||||
const password1 = $("#password1").val() as string;
|
||||
const password2 = $("#password2").val() as string;
|
||||
|
||||
if (!password1 || !password2) {
|
||||
notifier.warning(UserMessages.MISSING_PASSWORD);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (password1 != password2) {
|
||||
notifier.warning(UserMessages.DIFFERENT_PASSWORDS);
|
||||
return false;
|
||||
}
|
||||
|
||||
modifyPassword(password1)
|
||||
.then(function () {
|
||||
window.location.href = Endpoints.FIRST_FACTOR_GET;
|
||||
})
|
||||
.error(function () {
|
||||
notifier.error(UserMessages.RESET_PASSWORD_FAILED);
|
||||
});
|
||||
return false;
|
||||
}
|
||||
|
||||
$(document).ready(function () {
|
||||
$(Constants.FORM_SELECTOR).on("submit", onFormSubmitted);
|
||||
});
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
import Constants = require("./constants");
|
||||
import jslogger = require("js-logger");
|
||||
import { Notifier } from "../Notifier";
|
||||
|
||||
export default function (window: Window, $: JQueryStatic) {
|
||||
const notifier = new Notifier(".notification", $);
|
||||
|
||||
function requestPasswordReset(username: string) {
|
||||
return new BluebirdPromise(function (resolve, reject) {
|
||||
$.get(Endpoints.RESET_PASSWORD_IDENTITY_START_GET, {
|
||||
userid: username,
|
||||
})
|
||||
.done(function (body: any) {
|
||||
if (body && body.error) {
|
||||
reject(new Error(body.error));
|
||||
return;
|
||||
}
|
||||
resolve();
|
||||
})
|
||||
.fail(function (xhr: JQueryXHR, textStatus: string) {
|
||||
reject(new Error(textStatus));
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function onFormSubmitted() {
|
||||
const username = $("#username").val() as string;
|
||||
|
||||
if (!username) {
|
||||
notifier.warning(UserMessages.MISSING_USERNAME);
|
||||
return;
|
||||
}
|
||||
|
||||
requestPasswordReset(username)
|
||||
.then(function () {
|
||||
notifier.success(UserMessages.MAIL_SENT);
|
||||
setTimeout(function () {
|
||||
window.location.replace(Endpoints.FIRST_FACTOR_GET);
|
||||
}, 1000);
|
||||
})
|
||||
.error(function () {
|
||||
notifier.error(UserMessages.MAIL_NOT_SENT);
|
||||
});
|
||||
return false;
|
||||
}
|
||||
|
||||
$(document).ready(function () {
|
||||
$(Constants.FORM_SELECTOR).on("submit", onFormSubmitted);
|
||||
});
|
||||
}
|
||||
|
28
themes/squares/client/src/lib/secondfactor/TOTPValidator.ts
Normal file
|
@ -0,0 +1,28 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import { RedirectionMessage } from "../../../../shared/RedirectionMessage";
|
||||
import { ErrorMessage } from "../../../../shared/ErrorMessage";
|
||||
|
||||
export function validate(token: string, $: JQueryStatic): BluebirdPromise<string> {
|
||||
return new BluebirdPromise<string>(function (resolve, reject) {
|
||||
$.ajax({
|
||||
url: Endpoints.SECOND_FACTOR_TOTP_POST,
|
||||
data: {
|
||||
token: token,
|
||||
},
|
||||
method: "POST",
|
||||
dataType: "json"
|
||||
} as JQueryAjaxSettings)
|
||||
.done(function (body: RedirectionMessage | ErrorMessage) {
|
||||
if (body && "error" in body) {
|
||||
reject(new Error((body as ErrorMessage).error));
|
||||
return;
|
||||
}
|
||||
resolve((body as RedirectionMessage).redirect);
|
||||
})
|
||||
.fail(function (xhr: JQueryXHR, textStatus: string) {
|
||||
reject(new Error(textStatus));
|
||||
});
|
||||
});
|
||||
}
|
42
themes/squares/client/src/lib/secondfactor/U2FValidator.ts
Normal file
|
@ -0,0 +1,42 @@
|
|||
import U2f = require("u2f");
|
||||
import U2fApi from "u2f-api";
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
import { INotifier } from "../INotifier";
|
||||
import { RedirectionMessage } from "../../../../shared/RedirectionMessage";
|
||||
import { ErrorMessage } from "../../../../shared/ErrorMessage";
|
||||
import GetPromised from "../GetPromised";
|
||||
|
||||
function finishU2fAuthentication(responseData: U2fApi.SignResponse,
|
||||
$: JQueryStatic): BluebirdPromise<string> {
|
||||
return new BluebirdPromise<string>(function (resolve, reject) {
|
||||
$.ajax({
|
||||
url: Endpoints.SECOND_FACTOR_U2F_SIGN_POST,
|
||||
data: responseData,
|
||||
method: "POST",
|
||||
dataType: "json"
|
||||
} as JQueryAjaxSettings)
|
||||
.done(function (body: RedirectionMessage | ErrorMessage) {
|
||||
if (body && "error" in body) {
|
||||
reject(new Error((body as ErrorMessage).error));
|
||||
return;
|
||||
}
|
||||
resolve((body as RedirectionMessage).redirect);
|
||||
})
|
||||
.fail(function (xhr: JQueryXHR, textStatus: string) {
|
||||
reject(new Error(textStatus));
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
export function validate($: JQueryStatic): BluebirdPromise<string> {
|
||||
return GetPromised($, Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, {},
|
||||
undefined, "json")
|
||||
.then(function (signRequest: U2f.Request) {
|
||||
return U2fApi.sign(signRequest, 60);
|
||||
})
|
||||
.then(function (signResponse: U2fApi.SignResponse) {
|
||||
return finishU2fAuthentication(signResponse, $);
|
||||
});
|
||||
}
|
3
themes/squares/client/src/lib/secondfactor/constants.ts
Normal file
|
@ -0,0 +1,3 @@
|
|||
|
||||
export const TOTP_FORM_SELECTOR = ".form-signin.totp";
|
||||
export const TOTP_TOKEN_SELECTOR = ".form-signin #token";
|
59
themes/squares/client/src/lib/secondfactor/index.ts
Normal file
|
@ -0,0 +1,59 @@
|
|||
import TOTPValidator = require("./TOTPValidator");
|
||||
import U2FValidator = require("./U2FValidator");
|
||||
import ClientConstants = require("./constants");
|
||||
import { Notifier } from "../Notifier";
|
||||
import { QueryParametersRetriever } from "../QueryParametersRetriever";
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
import SharedConstants = require("../../../../shared/constants");
|
||||
import { SafeRedirect } from "../SafeRedirect";
|
||||
|
||||
export default function (window: Window, $: JQueryStatic) {
|
||||
const notifier = new Notifier(".notification", $);
|
||||
|
||||
function onAuthenticationSuccess(serverRedirectUrl: string) {
|
||||
const queryRedirectUrl = QueryParametersRetriever.get(SharedConstants.REDIRECT_QUERY_PARAM);
|
||||
if (queryRedirectUrl) {
|
||||
SafeRedirect(queryRedirectUrl, () => {
|
||||
notifier.error(UserMessages.CANNOT_REDIRECT_TO_EXTERNAL_DOMAIN);
|
||||
});
|
||||
} else if (serverRedirectUrl) {
|
||||
SafeRedirect(serverRedirectUrl, () => {
|
||||
notifier.error(UserMessages.CANNOT_REDIRECT_TO_EXTERNAL_DOMAIN);
|
||||
});
|
||||
} else {
|
||||
notifier.success(UserMessages.AUTHENTICATION_SUCCEEDED);
|
||||
}
|
||||
}
|
||||
|
||||
function onSecondFactorTotpSuccess(redirectUrl: string) {
|
||||
onAuthenticationSuccess(redirectUrl);
|
||||
}
|
||||
|
||||
function onSecondFactorTotpFailure(err: Error) {
|
||||
notifier.error(UserMessages.AUTHENTICATION_TOTP_FAILED);
|
||||
}
|
||||
|
||||
function onU2fAuthenticationSuccess(redirectUrl: string) {
|
||||
onAuthenticationSuccess(redirectUrl);
|
||||
}
|
||||
|
||||
function onU2fAuthenticationFailure() {
|
||||
// TODO(clems4ever): we should not display this error message until a device
|
||||
// is registered.
|
||||
// notifier.error(UserMessages.AUTHENTICATION_U2F_FAILED);
|
||||
}
|
||||
|
||||
function onTOTPFormSubmitted(): boolean {
|
||||
const token = $(ClientConstants.TOTP_TOKEN_SELECTOR).val() as string;
|
||||
TOTPValidator.validate(token, $)
|
||||
.then(onSecondFactorTotpSuccess)
|
||||
.catch(onSecondFactorTotpFailure);
|
||||
return false;
|
||||
}
|
||||
|
||||
$(window.document).ready(function () {
|
||||
$(ClientConstants.TOTP_FORM_SELECTOR).on("submit", onTOTPFormSubmitted);
|
||||
U2FValidator.validate($)
|
||||
.then(onU2fAuthenticationSuccess, onU2fAuthenticationFailure);
|
||||
});
|
||||
}
|
11
themes/squares/client/src/lib/totp-register/totp-register.ts
Normal file
|
@ -0,0 +1,11 @@
|
|||
|
||||
import jslogger = require("js-logger");
|
||||
import UISelector = require("./ui-selector");
|
||||
|
||||
export default function(window: Window, $: JQueryStatic) {
|
||||
jslogger.debug("Creating QRCode from OTPAuth url");
|
||||
const qrcode = $(UISelector.QRCODE_ID_SELECTOR);
|
||||
const val = qrcode.text();
|
||||
qrcode.empty();
|
||||
new (window as any).QRCode(qrcode.get(0), val);
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
export const QRCODE_ID_SELECTOR = "#qrcode";
|
56
themes/squares/client/src/lib/u2f-register/u2f-register.ts
Normal file
|
@ -0,0 +1,56 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import U2f = require("u2f");
|
||||
import * as U2fApi from "u2f-api";
|
||||
import { Notifier } from "../Notifier";
|
||||
import GetPromised from "../GetPromised";
|
||||
import Endpoints = require("../../../../shared/api");
|
||||
import UserMessages = require("../../../../shared/UserMessages");
|
||||
import { RedirectionMessage } from "../../../../shared/RedirectionMessage";
|
||||
import { ErrorMessage } from "../../../../shared/ErrorMessage";
|
||||
import { SafeRedirect } from "../SafeRedirect";
|
||||
|
||||
export default function (window: Window, $: JQueryStatic) {
|
||||
const notifier = new Notifier(".notification", $);
|
||||
|
||||
function checkRegistration(regResponse: U2fApi.RegisterResponse): BluebirdPromise<string> {
|
||||
return new BluebirdPromise<string>(function (resolve, reject) {
|
||||
$.post(Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, regResponse, undefined, "json")
|
||||
.done((body: RedirectionMessage | ErrorMessage) => {
|
||||
if (body && "error" in body) {
|
||||
reject(new Error((body as ErrorMessage).error));
|
||||
return;
|
||||
}
|
||||
resolve((body as RedirectionMessage).redirect);
|
||||
})
|
||||
.fail((xhr, status) => {
|
||||
reject(new Error("Failed to register device."));
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function requestRegistration(): BluebirdPromise<string> {
|
||||
return GetPromised($, Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, {},
|
||||
undefined, "json")
|
||||
.then((registrationRequest: U2f.Request) => {
|
||||
return U2fApi.register(registrationRequest, [], 60);
|
||||
})
|
||||
.then((res) => checkRegistration(res));
|
||||
}
|
||||
|
||||
function onRegisterFailure(err: Error) {
|
||||
notifier.error(UserMessages.REGISTRATION_U2F_FAILED);
|
||||
}
|
||||
|
||||
$(document).ready(function () {
|
||||
requestRegistration()
|
||||
.then((redirectionUrl: string) => {
|
||||
SafeRedirect(redirectionUrl, () => {
|
||||
notifier.error(UserMessages.CANNOT_REDIRECT_TO_EXTERNAL_DOMAIN);
|
||||
});
|
||||
})
|
||||
.catch((err) => {
|
||||
onRegisterFailure(err);
|
||||
});
|
||||
});
|
||||
}
|
1
themes/squares/client/src/thirdparties/qrcode.min.js
vendored
Normal file
749
themes/squares/client/src/thirdparties/u2f-api.js
Normal file
|
@ -0,0 +1,749 @@
|
|||
//Copyright 2014-2015 Google Inc. All rights reserved.
|
||||
|
||||
//Use of this source code is governed by a BSD-style
|
||||
//license that can be found in the LICENSE file or at
|
||||
//https://developers.google.com/open-source/licenses/bsd
|
||||
|
||||
/**
|
||||
* @fileoverview The U2F api.
|
||||
*/
|
||||
'use strict';
|
||||
|
||||
|
||||
/**
|
||||
* Namespace for the U2F api.
|
||||
* @type {Object}
|
||||
*/
|
||||
var u2f = u2f || {};
|
||||
|
||||
/**
|
||||
* FIDO U2F Javascript API Version
|
||||
* @number
|
||||
*/
|
||||
var js_api_version;
|
||||
|
||||
/**
|
||||
* The U2F extension id
|
||||
* @const {string}
|
||||
*/
|
||||
// The Chrome packaged app extension ID.
|
||||
// Uncomment this if you want to deploy a server instance that uses
|
||||
// the package Chrome app and does not require installing the U2F Chrome extension.
|
||||
u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
|
||||
// The U2F Chrome extension ID.
|
||||
// Uncomment this if you want to deploy a server instance that uses
|
||||
// the U2F Chrome extension to authenticate.
|
||||
// u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
|
||||
|
||||
|
||||
/**
|
||||
* Message types for messsages to/from the extension
|
||||
* @const
|
||||
* @enum {string}
|
||||
*/
|
||||
u2f.MessageTypes = {
|
||||
'U2F_REGISTER_REQUEST': 'u2f_register_request',
|
||||
'U2F_REGISTER_RESPONSE': 'u2f_register_response',
|
||||
'U2F_SIGN_REQUEST': 'u2f_sign_request',
|
||||
'U2F_SIGN_RESPONSE': 'u2f_sign_response',
|
||||
'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
|
||||
'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Response status codes
|
||||
* @const
|
||||
* @enum {number}
|
||||
*/
|
||||
u2f.ErrorCodes = {
|
||||
'OK': 0,
|
||||
'OTHER_ERROR': 1,
|
||||
'BAD_REQUEST': 2,
|
||||
'CONFIGURATION_UNSUPPORTED': 3,
|
||||
'DEVICE_INELIGIBLE': 4,
|
||||
'TIMEOUT': 5
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* A message for registration requests
|
||||
* @typedef {{
|
||||
* type: u2f.MessageTypes,
|
||||
* appId: ?string,
|
||||
* timeoutSeconds: ?number,
|
||||
* requestId: ?number
|
||||
* }}
|
||||
*/
|
||||
u2f.U2fRequest;
|
||||
|
||||
|
||||
/**
|
||||
* A message for registration responses
|
||||
* @typedef {{
|
||||
* type: u2f.MessageTypes,
|
||||
* responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
|
||||
* requestId: ?number
|
||||
* }}
|
||||
*/
|
||||
u2f.U2fResponse;
|
||||
|
||||
|
||||
/**
|
||||
* An error object for responses
|
||||
* @typedef {{
|
||||
* errorCode: u2f.ErrorCodes,
|
||||
* errorMessage: ?string
|
||||
* }}
|
||||
*/
|
||||
u2f.Error;
|
||||
|
||||
/**
|
||||
* Data object for a single sign request.
|
||||
* @typedef {enum {BLUETOOTH_RADIO, BLUETOOTH_LOW_ENERGY, USB, NFC}}
|
||||
*/
|
||||
u2f.Transport;
|
||||
|
||||
|
||||
/**
|
||||
* Data object for a single sign request.
|
||||
* @typedef {Array<u2f.Transport>}
|
||||
*/
|
||||
u2f.Transports;
|
||||
|
||||
/**
|
||||
* Data object for a single sign request.
|
||||
* @typedef {{
|
||||
* version: string,
|
||||
* challenge: string,
|
||||
* keyHandle: string,
|
||||
* appId: string
|
||||
* }}
|
||||
*/
|
||||
u2f.SignRequest;
|
||||
|
||||
|
||||
/**
|
||||
* Data object for a sign response.
|
||||
* @typedef {{
|
||||
* keyHandle: string,
|
||||
* signatureData: string,
|
||||
* clientData: string
|
||||
* }}
|
||||
*/
|
||||
u2f.SignResponse;
|
||||
|
||||
|
||||
/**
|
||||
* Data object for a registration request.
|
||||
* @typedef {{
|
||||
* version: string,
|
||||
* challenge: string
|
||||
* }}
|
||||
*/
|
||||
u2f.RegisterRequest;
|
||||
|
||||
|
||||
/**
|
||||
* Data object for a registration response.
|
||||
* @typedef {{
|
||||
* version: string,
|
||||
* keyHandle: string,
|
||||
* transports: Transports,
|
||||
* appId: string
|
||||
* }}
|
||||
*/
|
||||
u2f.RegisterResponse;
|
||||
|
||||
|
||||
/**
|
||||
* Data object for a registered key.
|
||||
* @typedef {{
|
||||
* version: string,
|
||||
* keyHandle: string,
|
||||
* transports: ?Transports,
|
||||
* appId: ?string
|
||||
* }}
|
||||
*/
|
||||
u2f.RegisteredKey;
|
||||
|
||||
|
||||
/**
|
||||
* Data object for a get API register response.
|
||||
* @typedef {{
|
||||
* js_api_version: number
|
||||
* }}
|
||||
*/
|
||||
u2f.GetJsApiVersionResponse;
|
||||
|
||||
|
||||
//Low level MessagePort API support
|
||||
|
||||
/**
|
||||
* Sets up a MessagePort to the U2F extension using the
|
||||
* available mechanisms.
|
||||
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
|
||||
*/
|
||||
u2f.getMessagePort = function(callback) {
|
||||
if (typeof chrome != 'undefined' && chrome.runtime) {
|
||||
// The actual message here does not matter, but we need to get a reply
|
||||
// for the callback to run. Thus, send an empty signature request
|
||||
// in order to get a failure response.
|
||||
var msg = {
|
||||
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
|
||||
signRequests: []
|
||||
};
|
||||
chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
|
||||
if (!chrome.runtime.lastError) {
|
||||
// We are on a whitelisted origin and can talk directly
|
||||
// with the extension.
|
||||
u2f.getChromeRuntimePort_(callback);
|
||||
} else {
|
||||
// chrome.runtime was available, but we couldn't message
|
||||
// the extension directly, use iframe
|
||||
u2f.getIframePort_(callback);
|
||||
}
|
||||
});
|
||||
} else if (u2f.isAndroidChrome_()) {
|
||||
u2f.getAuthenticatorPort_(callback);
|
||||
} else if (u2f.isIosChrome_()) {
|
||||
u2f.getIosPort_(callback);
|
||||
} else {
|
||||
// chrome.runtime was not available at all, which is normal
|
||||
// when this origin doesn't have access to any extensions.
|
||||
u2f.getIframePort_(callback);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Detect chrome running on android based on the browser's useragent.
|
||||
* @private
|
||||
*/
|
||||
u2f.isAndroidChrome_ = function() {
|
||||
var userAgent = navigator.userAgent;
|
||||
return userAgent.indexOf('Chrome') != -1 &&
|
||||
userAgent.indexOf('Android') != -1;
|
||||
};
|
||||
|
||||
/**
|
||||
* Detect chrome running on iOS based on the browser's platform.
|
||||
* @private
|
||||
*/
|
||||
u2f.isIosChrome_ = function() {
|
||||
return ["iPhone", "iPad", "iPod"].indexOf(navigator.platform) > -1;
|
||||
};
|
||||
|
||||
/**
|
||||
* Connects directly to the extension via chrome.runtime.connect.
|
||||
* @param {function(u2f.WrappedChromeRuntimePort_)} callback
|
||||
* @private
|
||||
*/
|
||||
u2f.getChromeRuntimePort_ = function(callback) {
|
||||
var port = chrome.runtime.connect(u2f.EXTENSION_ID,
|
||||
{'includeTlsChannelId': true});
|
||||
setTimeout(function() {
|
||||
callback(new u2f.WrappedChromeRuntimePort_(port));
|
||||
}, 0);
|
||||
};
|
||||
|
||||
/**
|
||||
* Return a 'port' abstraction to the Authenticator app.
|
||||
* @param {function(u2f.WrappedAuthenticatorPort_)} callback
|
||||
* @private
|
||||
*/
|
||||
u2f.getAuthenticatorPort_ = function(callback) {
|
||||
setTimeout(function() {
|
||||
callback(new u2f.WrappedAuthenticatorPort_());
|
||||
}, 0);
|
||||
};
|
||||
|
||||
/**
|
||||
* Return a 'port' abstraction to the iOS client app.
|
||||
* @param {function(u2f.WrappedIosPort_)} callback
|
||||
* @private
|
||||
*/
|
||||
u2f.getIosPort_ = function(callback) {
|
||||
setTimeout(function() {
|
||||
callback(new u2f.WrappedIosPort_());
|
||||
}, 0);
|
||||
};
|
||||
|
||||
/**
|
||||
* A wrapper for chrome.runtime.Port that is compatible with MessagePort.
|
||||
* @param {Port} port
|
||||
* @constructor
|
||||
* @private
|
||||
*/
|
||||
u2f.WrappedChromeRuntimePort_ = function(port) {
|
||||
this.port_ = port;
|
||||
};
|
||||
|
||||
/**
|
||||
* Format and return a sign request compliant with the JS API version supported by the extension.
|
||||
* @param {Array<u2f.SignRequest>} signRequests
|
||||
* @param {number} timeoutSeconds
|
||||
* @param {number} reqId
|
||||
* @return {Object}
|
||||
*/
|
||||
u2f.formatSignRequest_ =
|
||||
function(appId, challenge, registeredKeys, timeoutSeconds, reqId) {
|
||||
if (js_api_version === undefined || js_api_version < 1.1) {
|
||||
// Adapt request to the 1.0 JS API
|
||||
var signRequests = [];
|
||||
for (var i = 0; i < registeredKeys.length; i++) {
|
||||
signRequests[i] = {
|
||||
version: registeredKeys[i].version,
|
||||
challenge: challenge,
|
||||
keyHandle: registeredKeys[i].keyHandle,
|
||||
appId: appId
|
||||
};
|
||||
}
|
||||
return {
|
||||
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
|
||||
signRequests: signRequests,
|
||||
timeoutSeconds: timeoutSeconds,
|
||||
requestId: reqId
|
||||
};
|
||||
}
|
||||
// JS 1.1 API
|
||||
return {
|
||||
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
|
||||
appId: appId,
|
||||
challenge: challenge,
|
||||
registeredKeys: registeredKeys,
|
||||
timeoutSeconds: timeoutSeconds,
|
||||
requestId: reqId
|
||||
};
|
||||
};
|
||||
|
||||
/**
|
||||
* Format and return a register request compliant with the JS API version supported by the extension..
|
||||
* @param {Array<u2f.SignRequest>} signRequests
|
||||
* @param {Array<u2f.RegisterRequest>} signRequests
|
||||
* @param {number} timeoutSeconds
|
||||
* @param {number} reqId
|
||||
* @return {Object}
|
||||
*/
|
||||
u2f.formatRegisterRequest_ =
|
||||
function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
|
||||
if (js_api_version === undefined || js_api_version < 1.1) {
|
||||
// Adapt request to the 1.0 JS API
|
||||
for (var i = 0; i < registerRequests.length; i++) {
|
||||
registerRequests[i].appId = appId;
|
||||
}
|
||||
var signRequests = [];
|
||||
for (var i = 0; i < registeredKeys.length; i++) {
|
||||
signRequests[i] = {
|
||||
version: registeredKeys[i].version,
|
||||
challenge: registerRequests[0],
|
||||
keyHandle: registeredKeys[i].keyHandle,
|
||||
appId: appId
|
||||
};
|
||||
}
|
||||
return {
|
||||
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
|
||||
signRequests: signRequests,
|
||||
registerRequests: registerRequests,
|
||||
timeoutSeconds: timeoutSeconds,
|
||||
requestId: reqId
|
||||
};
|
||||
}
|
||||
// JS 1.1 API
|
||||
return {
|
||||
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
|
||||
appId: appId,
|
||||
registerRequests: registerRequests,
|
||||
registeredKeys: registeredKeys,
|
||||
timeoutSeconds: timeoutSeconds,
|
||||
requestId: reqId
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Posts a message on the underlying channel.
|
||||
* @param {Object} message
|
||||
*/
|
||||
u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
|
||||
this.port_.postMessage(message);
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Emulates the HTML 5 addEventListener interface. Works only for the
|
||||
* onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
|
||||
* @param {string} eventName
|
||||
* @param {function({data: Object})} handler
|
||||
*/
|
||||
u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
|
||||
function(eventName, handler) {
|
||||
var name = eventName.toLowerCase();
|
||||
if (name == 'message' || name == 'onmessage') {
|
||||
this.port_.onMessage.addListener(function(message) {
|
||||
// Emulate a minimal MessageEvent object
|
||||
handler({'data': message});
|
||||
});
|
||||
} else {
|
||||
console.error('WrappedChromeRuntimePort only supports onMessage');
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Wrap the Authenticator app with a MessagePort interface.
|
||||
* @constructor
|
||||
* @private
|
||||
*/
|
||||
u2f.WrappedAuthenticatorPort_ = function() {
|
||||
this.requestId_ = -1;
|
||||
this.requestObject_ = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Launch the Authenticator intent.
|
||||
* @param {Object} message
|
||||
*/
|
||||
u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
|
||||
var intentUrl =
|
||||
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
|
||||
';S.request=' + encodeURIComponent(JSON.stringify(message)) +
|
||||
';end';
|
||||
document.location = intentUrl;
|
||||
};
|
||||
|
||||
/**
|
||||
* Tells what type of port this is.
|
||||
* @return {String} port type
|
||||
*/
|
||||
u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() {
|
||||
return "WrappedAuthenticatorPort_";
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Emulates the HTML 5 addEventListener interface.
|
||||
* @param {string} eventName
|
||||
* @param {function({data: Object})} handler
|
||||
*/
|
||||
u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) {
|
||||
var name = eventName.toLowerCase();
|
||||
if (name == 'message') {
|
||||
var self = this;
|
||||
/* Register a callback to that executes when
|
||||
* chrome injects the response. */
|
||||
window.addEventListener(
|
||||
'message', self.onRequestUpdate_.bind(self, handler), false);
|
||||
} else {
|
||||
console.error('WrappedAuthenticatorPort only supports message');
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Callback invoked when a response is received from the Authenticator.
|
||||
* @param function({data: Object}) callback
|
||||
* @param {Object} message message Object
|
||||
*/
|
||||
u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
|
||||
function(callback, message) {
|
||||
var messageObject = JSON.parse(message.data);
|
||||
var intentUrl = messageObject['intentURL'];
|
||||
|
||||
var errorCode = messageObject['errorCode'];
|
||||
var responseObject = null;
|
||||
if (messageObject.hasOwnProperty('data')) {
|
||||
responseObject = /** @type {Object} */ (
|
||||
JSON.parse(messageObject['data']));
|
||||
}
|
||||
|
||||
callback({'data': responseObject});
|
||||
};
|
||||
|
||||
/**
|
||||
* Base URL for intents to Authenticator.
|
||||
* @const
|
||||
* @private
|
||||
*/
|
||||
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
|
||||
'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
|
||||
|
||||
/**
|
||||
* Wrap the iOS client app with a MessagePort interface.
|
||||
* @constructor
|
||||
* @private
|
||||
*/
|
||||
u2f.WrappedIosPort_ = function() {};
|
||||
|
||||
/**
|
||||
* Launch the iOS client app request
|
||||
* @param {Object} message
|
||||
*/
|
||||
u2f.WrappedIosPort_.prototype.postMessage = function(message) {
|
||||
var str = JSON.stringify(message);
|
||||
var url = "u2f://auth?" + encodeURI(str);
|
||||
location.replace(url);
|
||||
};
|
||||
|
||||
/**
|
||||
* Tells what type of port this is.
|
||||
* @return {String} port type
|
||||
*/
|
||||
u2f.WrappedIosPort_.prototype.getPortType = function() {
|
||||
return "WrappedIosPort_";
|
||||
};
|
||||
|
||||
/**
|
||||
* Emulates the HTML 5 addEventListener interface.
|
||||
* @param {string} eventName
|
||||
* @param {function({data: Object})} handler
|
||||
*/
|
||||
u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) {
|
||||
var name = eventName.toLowerCase();
|
||||
if (name !== 'message') {
|
||||
console.error('WrappedIosPort only supports message');
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Sets up an embedded trampoline iframe, sourced from the extension.
|
||||
* @param {function(MessagePort)} callback
|
||||
* @private
|
||||
*/
|
||||
u2f.getIframePort_ = function(callback) {
|
||||
// Create the iframe
|
||||
var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
|
||||
var iframe = document.createElement('iframe');
|
||||
iframe.src = iframeOrigin + '/u2f-comms.html';
|
||||
iframe.setAttribute('style', 'display:none');
|
||||
document.body.appendChild(iframe);
|
||||
|
||||
var channel = new MessageChannel();
|
||||
var ready = function(message) {
|
||||
if (message.data == 'ready') {
|
||||
channel.port1.removeEventListener('message', ready);
|
||||
callback(channel.port1);
|
||||
} else {
|
||||
console.error('First event on iframe port was not "ready"');
|
||||
}
|
||||
};
|
||||
channel.port1.addEventListener('message', ready);
|
||||
channel.port1.start();
|
||||
|
||||
iframe.addEventListener('load', function() {
|
||||
// Deliver the port to the iframe and initialize
|
||||
iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
//High-level JS API
|
||||
|
||||
/**
|
||||
* Default extension response timeout in seconds.
|
||||
* @const
|
||||
*/
|
||||
u2f.EXTENSION_TIMEOUT_SEC = 30;
|
||||
|
||||
/**
|
||||
* A singleton instance for a MessagePort to the extension.
|
||||
* @type {MessagePort|u2f.WrappedChromeRuntimePort_}
|
||||
* @private
|
||||
*/
|
||||
u2f.port_ = null;
|
||||
|
||||
/**
|
||||
* Callbacks waiting for a port
|
||||
* @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
|
||||
* @private
|
||||
*/
|
||||
u2f.waitingForPort_ = [];
|
||||
|
||||
/**
|
||||
* A counter for requestIds.
|
||||
* @type {number}
|
||||
* @private
|
||||
*/
|
||||
u2f.reqCounter_ = 0;
|
||||
|
||||
/**
|
||||
* A map from requestIds to client callbacks
|
||||
* @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
|
||||
* |function((u2f.Error|u2f.SignResponse)))>}
|
||||
* @private
|
||||
*/
|
||||
u2f.callbackMap_ = {};
|
||||
|
||||
/**
|
||||
* Creates or retrieves the MessagePort singleton to use.
|
||||
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
|
||||
* @private
|
||||
*/
|
||||
u2f.getPortSingleton_ = function(callback) {
|
||||
if (u2f.port_) {
|
||||
callback(u2f.port_);
|
||||
} else {
|
||||
if (u2f.waitingForPort_.length == 0) {
|
||||
u2f.getMessagePort(function(port) {
|
||||
u2f.port_ = port;
|
||||
u2f.port_.addEventListener('message',
|
||||
/** @type {function(Event)} */ (u2f.responseHandler_));
|
||||
|
||||
// Careful, here be async callbacks. Maybe.
|
||||
while (u2f.waitingForPort_.length)
|
||||
u2f.waitingForPort_.shift()(u2f.port_);
|
||||
});
|
||||
}
|
||||
u2f.waitingForPort_.push(callback);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Handles response messages from the extension.
|
||||
* @param {MessageEvent.<u2f.Response>} message
|
||||
* @private
|
||||
*/
|
||||
u2f.responseHandler_ = function(message) {
|
||||
var response = message.data;
|
||||
var reqId = response['requestId'];
|
||||
if (!reqId || !u2f.callbackMap_[reqId]) {
|
||||
console.error('Unknown or missing requestId in response.');
|
||||
return;
|
||||
}
|
||||
var cb = u2f.callbackMap_[reqId];
|
||||
delete u2f.callbackMap_[reqId];
|
||||
cb(response['responseData']);
|
||||
};
|
||||
|
||||
/**
|
||||
* Dispatches an array of sign requests to available U2F tokens.
|
||||
* If the JS API version supported by the extension is unknown, it first sends a
|
||||
* message to the extension to find out the supported API version and then it sends
|
||||
* the sign request.
|
||||
* @param {string=} appId
|
||||
* @param {string=} challenge
|
||||
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||
* @param {function((u2f.Error|u2f.SignResponse))} callback
|
||||
* @param {number=} opt_timeoutSeconds
|
||||
*/
|
||||
u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
|
||||
if (js_api_version === undefined) {
|
||||
// Send a message to get the extension to JS API version, then send the actual sign request.
|
||||
u2f.getApiVersion(
|
||||
function (response) {
|
||||
js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
|
||||
console.log("Extension JS API Version: ", js_api_version);
|
||||
u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
|
||||
});
|
||||
} else {
|
||||
// We know the JS API version. Send the actual sign request in the supported API version.
|
||||
u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Dispatches an array of sign requests to available U2F tokens.
|
||||
* @param {string=} appId
|
||||
* @param {string=} challenge
|
||||
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||
* @param {function((u2f.Error|u2f.SignResponse))} callback
|
||||
* @param {number=} opt_timeoutSeconds
|
||||
*/
|
||||
u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
|
||||
u2f.getPortSingleton_(function(port) {
|
||||
var reqId = ++u2f.reqCounter_;
|
||||
u2f.callbackMap_[reqId] = callback;
|
||||
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
|
||||
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
|
||||
var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
|
||||
port.postMessage(req);
|
||||
});
|
||||
};
|
||||
|
||||
/**
|
||||
* Dispatches register requests to available U2F tokens. An array of sign
|
||||
* requests identifies already registered tokens.
|
||||
* If the JS API version supported by the extension is unknown, it first sends a
|
||||
* message to the extension to find out the supported API version and then it sends
|
||||
* the register request.
|
||||
* @param {string=} appId
|
||||
* @param {Array<u2f.RegisterRequest>} registerRequests
|
||||
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
|
||||
* @param {number=} opt_timeoutSeconds
|
||||
*/
|
||||
u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
|
||||
if (js_api_version === undefined) {
|
||||
// Send a message to get the extension to JS API version, then send the actual register request.
|
||||
u2f.getApiVersion(
|
||||
function (response) {
|
||||
js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version'];
|
||||
console.log("Extension JS API Version: ", js_api_version);
|
||||
u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
|
||||
callback, opt_timeoutSeconds);
|
||||
});
|
||||
} else {
|
||||
// We know the JS API version. Send the actual register request in the supported API version.
|
||||
u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
|
||||
callback, opt_timeoutSeconds);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Dispatches register requests to available U2F tokens. An array of sign
|
||||
* requests identifies already registered tokens.
|
||||
* @param {string=} appId
|
||||
* @param {Array<u2f.RegisterRequest>} registerRequests
|
||||
* @param {Array<u2f.RegisteredKey>} registeredKeys
|
||||
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
|
||||
* @param {number=} opt_timeoutSeconds
|
||||
*/
|
||||
u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
|
||||
u2f.getPortSingleton_(function(port) {
|
||||
var reqId = ++u2f.reqCounter_;
|
||||
u2f.callbackMap_[reqId] = callback;
|
||||
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
|
||||
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
|
||||
var req = u2f.formatRegisterRequest_(
|
||||
appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
|
||||
port.postMessage(req);
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Dispatches a message to the extension to find out the supported
|
||||
* JS API version.
|
||||
* If the user is on a mobile phone and is thus using Google Authenticator instead
|
||||
* of the Chrome extension, don't send the request and simply return 0.
|
||||
* @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
|
||||
* @param {number=} opt_timeoutSeconds
|
||||
*/
|
||||
u2f.getApiVersion = function(callback, opt_timeoutSeconds) {
|
||||
u2f.getPortSingleton_(function(port) {
|
||||
// If we are using Android Google Authenticator or iOS client app,
|
||||
// do not fire an intent to ask which JS API version to use.
|
||||
if (port.getPortType) {
|
||||
var apiVersion;
|
||||
switch (port.getPortType()) {
|
||||
case 'WrappedIosPort_':
|
||||
case 'WrappedAuthenticatorPort_':
|
||||
apiVersion = 1.1;
|
||||
break;
|
||||
|
||||
default:
|
||||
apiVersion = 0;
|
||||
break;
|
||||
}
|
||||
callback({ 'js_api_version': apiVersion });
|
||||
return;
|
||||
}
|
||||
var reqId = ++u2f.reqCounter_;
|
||||
u2f.callbackMap_[reqId] = callback;
|
||||
var req = {
|
||||
type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
|
||||
timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
|
||||
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
|
||||
requestId: reqId
|
||||
};
|
||||
port.postMessage(req);
|
||||
});
|
||||
};
|
||||
|
71
themes/squares/client/test/Notifier.test.ts
Normal file
|
@ -0,0 +1,71 @@
|
|||
|
||||
import Assert = require("assert");
|
||||
import Sinon = require("sinon");
|
||||
import JQueryMock = require("./mocks/jquery");
|
||||
|
||||
import { Notifier } from "../src/lib/Notifier";
|
||||
|
||||
describe("test notifier", function() {
|
||||
const SELECTOR = "dummy-selector";
|
||||
const MESSAGE = "This is a message";
|
||||
let jqueryMock: { jquery: JQueryMock.JQueryMock, element: JQueryMock.JQueryElementsMock };
|
||||
let clock: any;
|
||||
|
||||
beforeEach(function() {
|
||||
jqueryMock = JQueryMock.JQueryMock();
|
||||
clock = Sinon.useFakeTimers();
|
||||
});
|
||||
|
||||
afterEach(function() {
|
||||
clock.restore();
|
||||
});
|
||||
|
||||
function should_fade_in_and_out_on_notification(notificationType: string): void {
|
||||
const delayReturn = {
|
||||
fadeOut: Sinon.stub()
|
||||
};
|
||||
|
||||
jqueryMock.element.fadeIn.yields();
|
||||
|
||||
function onFadedInCallback() {
|
||||
Assert(jqueryMock.element.fadeIn.calledOnce);
|
||||
Assert(jqueryMock.element.addClass.calledWith(notificationType));
|
||||
Assert(!jqueryMock.element.removeClass.calledWith(notificationType));
|
||||
clock.tick(10 * 1000);
|
||||
}
|
||||
|
||||
function onFadedOutCallback() {
|
||||
Assert(jqueryMock.element.removeClass.calledWith(notificationType));
|
||||
Assert(jqueryMock.element.fadeOut.calledOnce);
|
||||
}
|
||||
|
||||
const notifier = new Notifier(SELECTOR, jqueryMock.jquery as any);
|
||||
|
||||
// Call the method by its name... Bad but allows code reuse.
|
||||
(notifier as any)[notificationType](MESSAGE, {
|
||||
onFadedIn: onFadedInCallback,
|
||||
onFadedOut: onFadedOutCallback
|
||||
});
|
||||
|
||||
clock.tick(510);
|
||||
|
||||
Assert(jqueryMock.element.fadeIn.calledOnce);
|
||||
}
|
||||
|
||||
|
||||
it("should fade in and fade out an error message", function() {
|
||||
should_fade_in_and_out_on_notification("error");
|
||||
});
|
||||
|
||||
it("should fade in and fade out an info message", function() {
|
||||
should_fade_in_and_out_on_notification("info");
|
||||
});
|
||||
|
||||
it("should fade in and fade out an warning message", function() {
|
||||
should_fade_in_and_out_on_notification("warning");
|
||||
});
|
||||
|
||||
it("should fade in and fade out an success message", function() {
|
||||
should_fade_in_and_out_on_notification("success");
|
||||
});
|
||||
});
|
|
@ -0,0 +1,44 @@
|
|||
|
||||
import FirstFactorValidator = require("../../src/lib/firstfactor/FirstFactorValidator");
|
||||
import JQueryMock = require("../mocks/jquery");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Assert = require("assert");
|
||||
|
||||
describe("test FirstFactorValidator", function () {
|
||||
it("should validate first factor successfully", () => {
|
||||
const postPromise = JQueryMock.JQueryDeferredMock();
|
||||
postPromise.done.yields({ redirect: "http://redirect" });
|
||||
postPromise.done.returns(postPromise);
|
||||
|
||||
const jqueryMock = JQueryMock.JQueryMock();
|
||||
jqueryMock.jquery.ajax.returns(postPromise);
|
||||
|
||||
return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any);
|
||||
});
|
||||
|
||||
function should_fail_first_factor_validation(errorMessage: string) {
|
||||
const xhr = {
|
||||
status: 401
|
||||
};
|
||||
const postPromise = JQueryMock.JQueryDeferredMock();
|
||||
postPromise.fail.yields(xhr, errorMessage);
|
||||
postPromise.done.returns(postPromise);
|
||||
|
||||
const jqueryMock = JQueryMock.JQueryMock();
|
||||
jqueryMock.jquery.ajax.returns(postPromise);
|
||||
|
||||
return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any)
|
||||
.then(function () {
|
||||
return BluebirdPromise.reject(new Error("First factor validation successfully finished while it should have not."));
|
||||
}, function (err: Error) {
|
||||
Assert.equal(errorMessage, err.message);
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
}
|
||||
|
||||
describe("should fail first factor validation", () => {
|
||||
it("should fail with error", () => {
|
||||
return should_fail_first_factor_validation("Authentication failed. Please check your credentials.");
|
||||
});
|
||||
});
|
||||
});
|
33
themes/squares/client/test/mocks/NotifierStub.ts
Normal file
|
@ -0,0 +1,33 @@
|
|||
|
||||
import Sinon = require("sinon");
|
||||
import { INotifier } from "../../src/lib/INotifier";
|
||||
|
||||
export class NotifierStub implements INotifier {
|
||||
successStub: Sinon.SinonStub;
|
||||
errorStub: Sinon.SinonStub;
|
||||
warnStub: Sinon.SinonStub;
|
||||
infoStub: Sinon.SinonStub;
|
||||
|
||||
constructor() {
|
||||
this.successStub = Sinon.stub();
|
||||
this.errorStub = Sinon.stub();
|
||||
this.warnStub = Sinon.stub();
|
||||
this.infoStub = Sinon.stub();
|
||||
}
|
||||
|
||||
success(msg: string) {
|
||||
this.successStub();
|
||||
}
|
||||
|
||||
error(msg: string) {
|
||||
this.errorStub();
|
||||
}
|
||||
|
||||
warning(msg: string) {
|
||||
this.warnStub();
|
||||
}
|
||||
|
||||
info(msg: string) {
|
||||
this.infoStub();
|
||||
}
|
||||
}
|
59
themes/squares/client/test/mocks/jquery.ts
Normal file
|
@ -0,0 +1,59 @@
|
|||
|
||||
import sinon = require("sinon");
|
||||
import jquery = require("jquery");
|
||||
|
||||
|
||||
export interface JQueryMock extends sinon.SinonStub {
|
||||
get: sinon.SinonStub;
|
||||
post: sinon.SinonStub;
|
||||
ajax: sinon.SinonStub;
|
||||
notify: sinon.SinonStub;
|
||||
}
|
||||
|
||||
export interface JQueryElementsMock {
|
||||
ready: sinon.SinonStub;
|
||||
show: sinon.SinonStub;
|
||||
hide: sinon.SinonStub;
|
||||
html: sinon.SinonStub;
|
||||
addClass: sinon.SinonStub;
|
||||
removeClass: sinon.SinonStub;
|
||||
fadeIn: sinon.SinonStub;
|
||||
fadeOut: sinon.SinonStub;
|
||||
on: sinon.SinonStub;
|
||||
}
|
||||
|
||||
export interface JQueryDeferredMock {
|
||||
done: sinon.SinonStub;
|
||||
fail: sinon.SinonStub;
|
||||
}
|
||||
|
||||
export function JQueryMock(): { jquery: JQueryMock, element: JQueryElementsMock } {
|
||||
const jquery = sinon.stub() as any;
|
||||
const jqueryInstance: JQueryElementsMock = {
|
||||
ready: sinon.stub(),
|
||||
show: sinon.stub(),
|
||||
hide: sinon.stub(),
|
||||
html: sinon.stub(),
|
||||
addClass: sinon.stub(),
|
||||
removeClass: sinon.stub(),
|
||||
fadeIn: sinon.stub(),
|
||||
fadeOut: sinon.stub(),
|
||||
on: sinon.stub()
|
||||
};
|
||||
jquery.ajax = sinon.stub();
|
||||
jquery.get = sinon.stub();
|
||||
jquery.post = sinon.stub();
|
||||
jquery.notify = sinon.stub();
|
||||
jquery.returns(jqueryInstance);
|
||||
return {
|
||||
jquery: jquery,
|
||||
element: jqueryInstance
|
||||
};
|
||||
}
|
||||
|
||||
export function JQueryDeferredMock(): JQueryDeferredMock {
|
||||
return {
|
||||
done: sinon.stub(),
|
||||
fail: sinon.stub()
|
||||
};
|
||||
}
|
14
themes/squares/client/test/mocks/u2f-api.ts
Normal file
|
@ -0,0 +1,14 @@
|
|||
|
||||
import sinon = require("sinon");
|
||||
|
||||
export interface U2FApiMock {
|
||||
sign: sinon.SinonStub;
|
||||
register: sinon.SinonStub;
|
||||
}
|
||||
|
||||
export function U2FApiMock(): U2FApiMock {
|
||||
return {
|
||||
sign: sinon.stub(),
|
||||
register: sinon.stub()
|
||||
};
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
|
||||
import TOTPValidator = require("../../src/lib/secondfactor/TOTPValidator");
|
||||
import JQueryMock = require("../mocks/jquery");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Assert = require("assert");
|
||||
|
||||
describe("test TOTPValidator", function () {
|
||||
it("should initiate an identity check successfully", () => {
|
||||
const postPromise = JQueryMock.JQueryDeferredMock();
|
||||
postPromise.done.yields({ redirect: "https://home.test.url" });
|
||||
postPromise.done.returns(postPromise);
|
||||
|
||||
const jqueryMock = JQueryMock.JQueryMock();
|
||||
jqueryMock.jquery.ajax.returns(postPromise);
|
||||
|
||||
return TOTPValidator.validate("totp_token", jqueryMock.jquery as any);
|
||||
});
|
||||
|
||||
it("should fail validating TOTP token", () => {
|
||||
const errorMessage = "Error while validating TOTP token";
|
||||
|
||||
const postPromise = JQueryMock.JQueryDeferredMock();
|
||||
postPromise.fail.yields(undefined, errorMessage);
|
||||
postPromise.done.returns(postPromise);
|
||||
|
||||
const jqueryMock = JQueryMock.JQueryMock();
|
||||
jqueryMock.jquery.ajax.returns(postPromise);
|
||||
|
||||
return TOTPValidator.validate("totp_token", jqueryMock.jquery as any)
|
||||
.then(function () {
|
||||
return BluebirdPromise.reject(new Error("Registration successfully finished while it should have not."));
|
||||
}, function (err: Error) {
|
||||
Assert.equal(errorMessage, err.message);
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
});
|
||||
});
|
|
@ -0,0 +1,31 @@
|
|||
|
||||
import sinon = require("sinon");
|
||||
import assert = require("assert");
|
||||
|
||||
import UISelector = require("../../src/lib/totp-register/ui-selector");
|
||||
import TOTPRegister = require("../../src/lib/totp-register/totp-register");
|
||||
|
||||
describe("test totp-register", function() {
|
||||
let jqueryMock: any;
|
||||
let windowMock: any;
|
||||
before(function() {
|
||||
jqueryMock = sinon.stub();
|
||||
windowMock = {
|
||||
QRCode: sinon.spy()
|
||||
};
|
||||
});
|
||||
|
||||
it("should create qrcode in page", function() {
|
||||
const mock = {
|
||||
text: sinon.stub(),
|
||||
empty: sinon.stub(),
|
||||
get: sinon.stub()
|
||||
};
|
||||
jqueryMock.withArgs(UISelector.QRCODE_ID_SELECTOR).returns(mock);
|
||||
|
||||
TOTPRegister.default(windowMock, jqueryMock);
|
||||
|
||||
assert(mock.text.calledOnce);
|
||||
assert(mock.empty.calledOnce);
|
||||
});
|
||||
});
|
24
themes/squares/client/tsconfig.json
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"compilerOptions": {
|
||||
"module": "commonjs",
|
||||
"target": "es6",
|
||||
"moduleResolution": "node",
|
||||
"noImplicitAny": true,
|
||||
"sourceMap": true,
|
||||
"removeComments": true,
|
||||
"outDir": "../dist",
|
||||
"baseUrl": ".",
|
||||
"paths": {
|
||||
"*": [
|
||||
"./types/*",
|
||||
"../shared/types/*"
|
||||
]
|
||||
}
|
||||
},
|
||||
"include": [
|
||||
"src/**/*"
|
||||
],
|
||||
"exclude": [
|
||||
"test/**/*"
|
||||
]
|
||||
}
|
60
themes/squares/client/tslint.json
Normal file
|
@ -0,0 +1,60 @@
|
|||
{
|
||||
"rules": {
|
||||
"class-name": true,
|
||||
"comment-format": [
|
||||
true,
|
||||
"check-space"
|
||||
],
|
||||
"indent": [
|
||||
true,
|
||||
"spaces"
|
||||
],
|
||||
"one-line": [
|
||||
true,
|
||||
"check-open-brace",
|
||||
"check-whitespace"
|
||||
],
|
||||
"no-var-keyword": true,
|
||||
"quotemark": [
|
||||
true,
|
||||
"double",
|
||||
"avoid-escape"
|
||||
],
|
||||
"semicolon": [
|
||||
true,
|
||||
"always",
|
||||
"ignore-bound-class-methods"
|
||||
],
|
||||
"whitespace": [
|
||||
true,
|
||||
"check-branch",
|
||||
"check-decl",
|
||||
"check-operator",
|
||||
"check-module",
|
||||
"check-separator",
|
||||
"check-type"
|
||||
],
|
||||
"typedef-whitespace": [
|
||||
true,
|
||||
{
|
||||
"call-signature": "nospace",
|
||||
"index-signature": "nospace",
|
||||
"parameter": "nospace",
|
||||
"property-declaration": "nospace",
|
||||
"variable-declaration": "nospace"
|
||||
},
|
||||
{
|
||||
"call-signature": "onespace",
|
||||
"index-signature": "onespace",
|
||||
"parameter": "onespace",
|
||||
"property-declaration": "onespace",
|
||||
"variable-declaration": "onespace"
|
||||
}
|
||||
],
|
||||
"no-internal-module": true,
|
||||
"no-trailing-whitespace": true,
|
||||
"no-null-keyword": true,
|
||||
"prefer-const": true,
|
||||
"jsdoc-format": true
|
||||
}
|
||||
}
|
4
themes/squares/server/.directory
Normal file
|
@ -0,0 +1,4 @@
|
|||
[Dolphin]
|
||||
Timestamp=2018,12,17,20,58,20
|
||||
Version=3
|
||||
ViewMode=1
|
28
themes/squares/server/src/index.ts
Executable file
|
@ -0,0 +1,28 @@
|
|||
#! /usr/bin/env node
|
||||
|
||||
import Server from "./lib/Server";
|
||||
import { GlobalDependencies } from "../types/Dependencies";
|
||||
import YAML = require("yamljs");
|
||||
|
||||
const configurationFilepath = process.argv[2];
|
||||
if (!configurationFilepath) {
|
||||
console.log("No config file has been provided.");
|
||||
console.log("Usage: authelia <config>");
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
const yamlContent = YAML.load(configurationFilepath);
|
||||
|
||||
const deps: GlobalDependencies = {
|
||||
u2f: require("u2f"),
|
||||
ldapjs: require("ldapjs"),
|
||||
session: require("express-session"),
|
||||
winston: require("winston"),
|
||||
speakeasy: require("speakeasy"),
|
||||
nedb: require("nedb"),
|
||||
ConnectRedis: require("connect-redis"),
|
||||
Redis: require("redis")
|
||||
};
|
||||
|
||||
const server = new Server(deps);
|
||||
server.start(yamlContent, deps);
|
4
themes/squares/server/src/lib/.directory
Normal file
|
@ -0,0 +1,4 @@
|
|||
[Dolphin]
|
||||
Timestamp=2018,12,17,20,59,13
|
||||
Version=3
|
||||
ViewMode=1
|
|
@ -0,0 +1,45 @@
|
|||
|
||||
|
||||
import express = require("express");
|
||||
import U2f = require("u2f");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import { AuthenticationSession } from "../../types/AuthenticationSession";
|
||||
import { IRequestLogger } from "./logging/IRequestLogger";
|
||||
import { Level } from "./authentication/Level";
|
||||
|
||||
const INITIAL_AUTHENTICATION_SESSION: AuthenticationSession = {
|
||||
keep_me_logged_in: false,
|
||||
authentication_level: Level.NOT_AUTHENTICATED,
|
||||
last_activity_datetime: undefined,
|
||||
userid: undefined,
|
||||
email: undefined,
|
||||
groups: [],
|
||||
register_request: undefined,
|
||||
sign_request: undefined,
|
||||
identity_check: undefined,
|
||||
redirect: undefined
|
||||
};
|
||||
|
||||
export class AuthenticationSessionHandler {
|
||||
static reset(req: express.Request): void {
|
||||
req.session.auth = Object.assign({}, INITIAL_AUTHENTICATION_SESSION, {});
|
||||
|
||||
// Initialize last activity with current time
|
||||
req.session.auth.last_activity_datetime = new Date().getTime();
|
||||
}
|
||||
|
||||
static get(req: express.Request, logger: IRequestLogger): AuthenticationSession {
|
||||
if (!req.session) {
|
||||
const errorMsg = "Something is wrong with session cookies. Please check Redis is running and Authelia can connect to it.";
|
||||
logger.error(req, errorMsg);
|
||||
throw new Error(errorMsg);
|
||||
}
|
||||
|
||||
if (!req.session.auth) {
|
||||
logger.debug(req, "Authentication session %s was undefined. Resetting.", req.sessionID);
|
||||
AuthenticationSessionHandler.reset(req);
|
||||
}
|
||||
|
||||
return req.session.auth;
|
||||
}
|
||||
}
|
49
themes/squares/server/src/lib/ErrorReplies.ts
Normal file
|
@ -0,0 +1,49 @@
|
|||
import express = require("express");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import { IRequestLogger } from "./logging/IRequestLogger";
|
||||
|
||||
function replyWithError(req: express.Request, res: express.Response,
|
||||
code: number, logger: IRequestLogger, body?: Object): (err: Error) => void {
|
||||
return function (err: Error): void {
|
||||
if (req.originalUrl.startsWith("/api/") || code == 200) {
|
||||
logger.error(req, "Reply with error %d: %s", code, err.message);
|
||||
logger.debug(req, "%s", err.stack);
|
||||
res.status(code);
|
||||
res.send(body);
|
||||
}
|
||||
else {
|
||||
logger.error(req, "Redirect to error %d: %s", code, err.message);
|
||||
logger.debug(req, "%s", err.stack);
|
||||
res.redirect("/error/" + code);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
export function redirectTo(redirectUrl: string, req: express.Request,
|
||||
res: express.Response, logger: IRequestLogger) {
|
||||
return function(err: Error) {
|
||||
logger.error(req, "Error: %s", err.message);
|
||||
logger.debug(req, "Redirecting to %s", redirectUrl);
|
||||
res.redirect(redirectUrl);
|
||||
};
|
||||
}
|
||||
|
||||
export function replyWithError400(req: express.Request,
|
||||
res: express.Response, logger: IRequestLogger) {
|
||||
return replyWithError(req, res, 400, logger);
|
||||
}
|
||||
|
||||
export function replyWithError401(req: express.Request,
|
||||
res: express.Response, logger: IRequestLogger) {
|
||||
return replyWithError(req, res, 401, logger);
|
||||
}
|
||||
|
||||
export function replyWithError403(req: express.Request,
|
||||
res: express.Response, logger: IRequestLogger) {
|
||||
return replyWithError(req, res, 403, logger);
|
||||
}
|
||||
|
||||
export function replyWithError200(req: express.Request,
|
||||
res: express.Response, logger: IRequestLogger, message: string) {
|
||||
return replyWithError(req, res, 200, logger, { error: message });
|
||||
}
|
88
themes/squares/server/src/lib/Exceptions.ts
Normal file
|
@ -0,0 +1,88 @@
|
|||
|
||||
export class LdapSearchError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "LdapSearchError";
|
||||
(<any>Object).setPrototypeOf(this, LdapSearchError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class LdapBindError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "LdapBindError";
|
||||
(<any>Object).setPrototypeOf(this, LdapBindError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class LdapError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "LdapError";
|
||||
(<any>Object).setPrototypeOf(this, LdapError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class IdentityError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "IdentityError";
|
||||
(<any>Object).setPrototypeOf(this, IdentityError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class AccessDeniedError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "AccessDeniedError";
|
||||
(<any>Object).setPrototypeOf(this, AccessDeniedError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class AuthenticationRegulationError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "AuthenticationRegulationError";
|
||||
(<any>Object).setPrototypeOf(this, AuthenticationRegulationError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class InvalidTOTPError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "InvalidTOTPError";
|
||||
(<any>Object).setPrototypeOf(this, InvalidTOTPError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class NotAuthenticatedError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "NotAuthenticatedError";
|
||||
(<any>Object).setPrototypeOf(this, NotAuthenticatedError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class NotAuthorizedError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "NotAuthanticatedError";
|
||||
(<any>Object).setPrototypeOf(this, NotAuthorizedError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class FirstFactorValidationError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "FirstFactorValidationError";
|
||||
(<any>Object).setPrototypeOf(this, FirstFactorValidationError.prototype);
|
||||
}
|
||||
}
|
||||
|
||||
export class SecondFactorValidationError extends Error {
|
||||
constructor(message?: string) {
|
||||
super(message);
|
||||
this.name = "SecondFactorValidationError";
|
||||
(<any>Object).setPrototypeOf(this, FirstFactorValidationError.prototype);
|
||||
}
|
||||
}
|
20
themes/squares/server/src/lib/FirstFactorValidator.ts
Normal file
|
@ -0,0 +1,20 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import express = require("express");
|
||||
import objectPath = require("object-path");
|
||||
import Exceptions = require("./Exceptions");
|
||||
import { AuthenticationSessionHandler } from "./AuthenticationSessionHandler";
|
||||
import { IRequestLogger } from "./logging/IRequestLogger";
|
||||
import { Level } from "./authentication/Level";
|
||||
|
||||
export function validate(req: express.Request, logger: IRequestLogger): BluebirdPromise<void> {
|
||||
return new BluebirdPromise(function (resolve, reject) {
|
||||
const authSession = AuthenticationSessionHandler.get(req, logger);
|
||||
|
||||
if (!authSession.userid || authSession.authentication_level < Level.ONE_FACTOR)
|
||||
return reject(new Exceptions.FirstFactorValidationError(
|
||||
"First factor has not been validated yet."));
|
||||
|
||||
resolve();
|
||||
});
|
||||
}
|
176
themes/squares/server/src/lib/IdentityCheckMiddleware.spec.ts
Normal file
|
@ -0,0 +1,176 @@
|
|||
|
||||
import sinon = require("sinon");
|
||||
import IdentityValidator = require("./IdentityCheckMiddleware");
|
||||
import { AuthenticationSessionHandler }
|
||||
from "./AuthenticationSessionHandler";
|
||||
import { AuthenticationSession } from "../../types/AuthenticationSession";
|
||||
import { UserDataStore } from "./storage/UserDataStore";
|
||||
import exceptions = require("./Exceptions");
|
||||
import { ServerVariables } from "./ServerVariables";
|
||||
import Assert = require("assert");
|
||||
import express = require("express");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import ExpressMock = require("./stubs/express.spec");
|
||||
import NotifierMock = require("./notifiers/NotifierStub.spec");
|
||||
import { IdentityValidableStub } from "./IdentityValidableStub.spec";
|
||||
import { RequestLoggerStub } from "./logging/RequestLoggerStub.spec";
|
||||
import { ServerVariablesMock, ServerVariablesMockBuilder }
|
||||
from "./ServerVariablesMockBuilder.spec";
|
||||
import { PRE_VALIDATION_TEMPLATE }
|
||||
from "./IdentityCheckPreValidationTemplate";
|
||||
|
||||
|
||||
describe("IdentityCheckMiddleware", function () {
|
||||
let req: ExpressMock.RequestMock;
|
||||
let res: ExpressMock.ResponseMock;
|
||||
let app: express.Application;
|
||||
let app_get: sinon.SinonStub;
|
||||
let app_post: sinon.SinonStub;
|
||||
let identityValidable: IdentityValidableStub;
|
||||
let mocks: ServerVariablesMock;
|
||||
let vars: ServerVariables;
|
||||
|
||||
beforeEach(function () {
|
||||
const s = ServerVariablesMockBuilder.build();
|
||||
mocks = s.mocks;
|
||||
vars = s.variables;
|
||||
|
||||
req = ExpressMock.RequestMock();
|
||||
res = ExpressMock.ResponseMock();
|
||||
|
||||
req.headers = {};
|
||||
req.originalUrl = "/non-api/xxx";
|
||||
req.session = {};
|
||||
|
||||
req.query = {};
|
||||
req.app = {};
|
||||
|
||||
identityValidable = new IdentityValidableStub();
|
||||
|
||||
mocks.notifier.notifyStub.returns(BluebirdPromise.resolve());
|
||||
mocks.userDataStore.produceIdentityValidationTokenStub
|
||||
.returns(BluebirdPromise.resolve());
|
||||
mocks.userDataStore.consumeIdentityValidationTokenStub
|
||||
.returns(BluebirdPromise.resolve({ userId: "user" }));
|
||||
|
||||
app = express();
|
||||
app_get = sinon.stub(app, "get");
|
||||
app_post = sinon.stub(app, "post");
|
||||
});
|
||||
|
||||
afterEach(function () {
|
||||
app_get.restore();
|
||||
app_post.restore();
|
||||
});
|
||||
|
||||
describe("test start GET", function () {
|
||||
it("should redirect to error 401 if pre validation initialization \
|
||||
throws a first factor error", function () {
|
||||
identityValidable.preValidationInitStub.returns(BluebirdPromise.reject(
|
||||
new exceptions.FirstFactorValidationError(
|
||||
"Error during prevalidation")));
|
||||
const callback = IdentityValidator.get_start_validation(
|
||||
identityValidable, "/endpoint", vars);
|
||||
|
||||
return callback(req as any, res as any, undefined)
|
||||
.then(() => {
|
||||
Assert(res.redirect.calledWith("/error/401"));
|
||||
});
|
||||
});
|
||||
|
||||
// In that case we answer with 200 to avoid user enumeration.
|
||||
it("should send 200 if email is missing in provided identity", function () {
|
||||
const identity = { userid: "abc" };
|
||||
|
||||
identityValidable.preValidationInitStub
|
||||
.returns(BluebirdPromise.resolve(identity));
|
||||
const callback = IdentityValidator
|
||||
.get_start_validation(identityValidable, "/endpoint", vars);
|
||||
|
||||
return callback(req as any, res as any, undefined)
|
||||
.then(function () {
|
||||
Assert(identityValidable.preValidationResponseStub.called);
|
||||
});
|
||||
});
|
||||
|
||||
// In that case we answer with 200 to avoid user enumeration.
|
||||
it("should send 200 if userid is missing in provided identity",
|
||||
function () {
|
||||
const endpoint = "/protected";
|
||||
const identity = { email: "abc@example.com" };
|
||||
|
||||
identityValidable.preValidationInitStub
|
||||
.returns(BluebirdPromise.resolve(identity));
|
||||
const callback = IdentityValidator
|
||||
.get_start_validation(identityValidable, "/endpoint", vars);
|
||||
|
||||
return callback(req as any, res as any, undefined)
|
||||
.then(function () {
|
||||
Assert(identityValidable.preValidationResponseStub.called);
|
||||
});
|
||||
});
|
||||
|
||||
it("should issue a token, send an email and return 204", function () {
|
||||
const endpoint = "/protected";
|
||||
const identity = { userid: "user", email: "abc@example.com" };
|
||||
req.get = sinon.stub().withArgs("Host").returns("localhost");
|
||||
|
||||
identityValidable.preValidationInitStub
|
||||
.returns(BluebirdPromise.resolve(identity));
|
||||
const callback = IdentityValidator
|
||||
.get_start_validation(identityValidable, "/finish_endpoint", vars);
|
||||
|
||||
return callback(req as any, res as any, undefined)
|
||||
.then(function () {
|
||||
Assert(mocks.notifier.notifyStub.calledOnce);
|
||||
Assert(mocks.userDataStore.produceIdentityValidationTokenStub
|
||||
.calledOnce);
|
||||
Assert.equal(mocks.userDataStore.produceIdentityValidationTokenStub
|
||||
.getCall(0).args[0], "user");
|
||||
Assert.equal(mocks.userDataStore.produceIdentityValidationTokenStub
|
||||
.getCall(0).args[3], 240000);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
|
||||
describe("test finish GET", function () {
|
||||
it("should send 401 if no identity_token is provided", () => {
|
||||
const callback = IdentityValidator
|
||||
.get_finish_validation(identityValidable, vars);
|
||||
|
||||
return callback(req as any, res as any, undefined)
|
||||
.then(function () {
|
||||
Assert(res.redirect.calledWith("/error/401"));
|
||||
});
|
||||
});
|
||||
|
||||
it("should call postValidation if identity_token is provided and still \
|
||||
valid", function () {
|
||||
req.query.identity_token = "token";
|
||||
|
||||
const callback = IdentityValidator
|
||||
.get_finish_validation(identityValidable, vars);
|
||||
return callback(req as any, res as any, undefined);
|
||||
});
|
||||
|
||||
it("should return 401 if identity_token is provided but invalid",
|
||||
function () {
|
||||
req.query.identity_token = "token";
|
||||
|
||||
identityValidable.postValidationInitStub
|
||||
.returns(BluebirdPromise.resolve());
|
||||
mocks.userDataStore.consumeIdentityValidationTokenStub.reset();
|
||||
mocks.userDataStore.consumeIdentityValidationTokenStub
|
||||
.returns(BluebirdPromise.reject(new Error("Invalid token")));
|
||||
|
||||
const callback = IdentityValidator
|
||||
.get_finish_validation(identityValidable, vars);
|
||||
return callback(req as any, res as any, undefined)
|
||||
.then(() => {
|
||||
Assert(res.redirect.calledWith("/error/401"));
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
138
themes/squares/server/src/lib/IdentityCheckMiddleware.ts
Normal file
|
@ -0,0 +1,138 @@
|
|||
import objectPath = require("object-path");
|
||||
import randomstring = require("randomstring");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import util = require("util");
|
||||
import Exceptions = require("./Exceptions");
|
||||
import fs = require("fs");
|
||||
import ejs = require("ejs");
|
||||
import { IUserDataStore } from "./storage/IUserDataStore";
|
||||
import Express = require("express");
|
||||
import ErrorReplies = require("./ErrorReplies");
|
||||
import { AuthenticationSessionHandler } from "./AuthenticationSessionHandler";
|
||||
import { AuthenticationSession } from "../../types/AuthenticationSession";
|
||||
import { ServerVariables } from "./ServerVariables";
|
||||
import { IdentityValidable } from "./IdentityValidable";
|
||||
|
||||
import Identity = require("../../types/Identity");
|
||||
import { IdentityValidationDocument }
|
||||
from "./storage/IdentityValidationDocument";
|
||||
|
||||
const filePath = __dirname + "/../resources/email-template.ejs";
|
||||
const email_template = fs.readFileSync(filePath, "utf8");
|
||||
|
||||
function createAndSaveToken(userid: string, challenge: string,
|
||||
userDataStore: IUserDataStore): BluebirdPromise<string> {
|
||||
|
||||
const five_minutes = 4 * 60 * 1000;
|
||||
const token = randomstring.generate({ length: 64 });
|
||||
const that = this;
|
||||
|
||||
return userDataStore.produceIdentityValidationToken(userid, token, challenge,
|
||||
five_minutes)
|
||||
.then(function () {
|
||||
return BluebirdPromise.resolve(token);
|
||||
});
|
||||
}
|
||||
|
||||
function consumeToken(token: string, challenge: string,
|
||||
userDataStore: IUserDataStore)
|
||||
: BluebirdPromise<IdentityValidationDocument> {
|
||||
return userDataStore.consumeIdentityValidationToken(token, challenge);
|
||||
}
|
||||
|
||||
export function register(app: Express.Application,
|
||||
pre_validation_endpoint: string,
|
||||
post_validation_endpoint: string,
|
||||
handler: IdentityValidable,
|
||||
vars: ServerVariables) {
|
||||
|
||||
app.get(pre_validation_endpoint,
|
||||
get_start_validation(handler, post_validation_endpoint, vars));
|
||||
app.get(post_validation_endpoint,
|
||||
get_finish_validation(handler, vars));
|
||||
}
|
||||
|
||||
function checkIdentityToken(req: Express.Request, identityToken: string)
|
||||
: BluebirdPromise<void> {
|
||||
if (!identityToken)
|
||||
return BluebirdPromise.reject(
|
||||
new Exceptions.AccessDeniedError("No identity token provided"));
|
||||
return BluebirdPromise.resolve();
|
||||
}
|
||||
|
||||
export function get_finish_validation(handler: IdentityValidable,
|
||||
vars: ServerVariables)
|
||||
: Express.RequestHandler {
|
||||
|
||||
return function (req: Express.Request, res: Express.Response)
|
||||
: BluebirdPromise<void> {
|
||||
|
||||
let authSession: AuthenticationSession;
|
||||
const identityToken = objectPath.get<Express.Request, string>(
|
||||
req, "query.identity_token");
|
||||
vars.logger.debug(req, "Identity token provided is %s", identityToken);
|
||||
|
||||
return checkIdentityToken(req, identityToken)
|
||||
.then(() => {
|
||||
authSession = AuthenticationSessionHandler.get(req, vars.logger);
|
||||
return handler.postValidationInit(req);
|
||||
})
|
||||
.then(() => {
|
||||
return consumeToken(identityToken, handler.challenge(),
|
||||
vars.userDataStore);
|
||||
})
|
||||
.then((doc: IdentityValidationDocument) => {
|
||||
authSession.identity_check = {
|
||||
challenge: handler.challenge(),
|
||||
userid: doc.userId
|
||||
};
|
||||
handler.postValidationResponse(req, res);
|
||||
return BluebirdPromise.resolve();
|
||||
})
|
||||
.catch(ErrorReplies.replyWithError401(req, res, vars.logger));
|
||||
};
|
||||
}
|
||||
|
||||
export function get_start_validation(handler: IdentityValidable,
|
||||
postValidationEndpoint: string,
|
||||
vars: ServerVariables)
|
||||
: Express.RequestHandler {
|
||||
return function (req: Express.Request, res: Express.Response)
|
||||
: BluebirdPromise<void> {
|
||||
let identity: Identity.Identity;
|
||||
|
||||
return handler.preValidationInit(req)
|
||||
.then((id: Identity.Identity) => {
|
||||
identity = id;
|
||||
const email = identity.email;
|
||||
const userid = identity.userid;
|
||||
vars.logger.info(req, "Start identity validation of user \"%s\"",
|
||||
userid);
|
||||
|
||||
if (!(email && userid))
|
||||
return BluebirdPromise.reject(new Exceptions.IdentityError(
|
||||
"Missing user id or email address"));
|
||||
|
||||
return createAndSaveToken(userid, handler.challenge(),
|
||||
vars.userDataStore);
|
||||
})
|
||||
.then((token) => {
|
||||
const host = req.get("Host");
|
||||
const link_url = util.format("https://%s%s?identity_token=%s", host,
|
||||
postValidationEndpoint, token);
|
||||
vars.logger.info(req, "Notification sent to user \"%s\"",
|
||||
identity.userid);
|
||||
return vars.notifier.notify(identity.email, handler.mailSubject(),
|
||||
link_url);
|
||||
})
|
||||
.then(() => {
|
||||
handler.preValidationResponse(req, res);
|
||||
return BluebirdPromise.resolve();
|
||||
})
|
||||
.catch(Exceptions.IdentityError, (err: Error) => {
|
||||
handler.preValidationResponse(req, res);
|
||||
return BluebirdPromise.resolve();
|
||||
})
|
||||
.catch(ErrorReplies.replyWithError401(req, res, vars.logger));
|
||||
};
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
|
||||
|
||||
export const PRE_VALIDATION_TEMPLATE = "need-identity-validation";
|
19
themes/squares/server/src/lib/IdentityValidable.ts
Normal file
|
@ -0,0 +1,19 @@
|
|||
import Bluebird = require("bluebird");
|
||||
import Identity = require("../../types/Identity");
|
||||
|
||||
// IdentityValidator allows user to go through a identity validation process
|
||||
// in two steps:
|
||||
// - Request an operation to be performed (password reset, registration).
|
||||
// - Confirm operation with email.
|
||||
|
||||
export interface IdentityValidable {
|
||||
challenge(): string;
|
||||
preValidationInit(req: Express.Request): Bluebird<Identity.Identity>;
|
||||
postValidationInit(req: Express.Request): Bluebird<void>;
|
||||
|
||||
// Serves a page after identity check request
|
||||
preValidationResponse(req: Express.Request, res: Express.Response): void;
|
||||
// Serves the page if identity validated
|
||||
postValidationResponse(req: Express.Request, res: Express.Response): void;
|
||||
mailSubject(): string;
|
||||
}
|
52
themes/squares/server/src/lib/IdentityValidableStub.spec.ts
Normal file
|
@ -0,0 +1,52 @@
|
|||
|
||||
import Sinon = require("sinon");
|
||||
import { IdentityValidable } from "./IdentityValidable";
|
||||
import express = require("express");
|
||||
import Bluebird = require("bluebird");
|
||||
import { Identity } from "../../types/Identity";
|
||||
|
||||
|
||||
export class IdentityValidableStub implements IdentityValidable {
|
||||
challengeStub: Sinon.SinonStub;
|
||||
preValidationInitStub: Sinon.SinonStub;
|
||||
postValidationInitStub: Sinon.SinonStub;
|
||||
preValidationResponseStub: Sinon.SinonStub;
|
||||
postValidationResponseStub: Sinon.SinonStub;
|
||||
mailSubjectStub: Sinon.SinonStub;
|
||||
|
||||
constructor() {
|
||||
this.challengeStub = Sinon.stub();
|
||||
|
||||
this.preValidationInitStub = Sinon.stub();
|
||||
this.postValidationInitStub = Sinon.stub();
|
||||
|
||||
this.preValidationResponseStub = Sinon.stub();
|
||||
this.postValidationResponseStub = Sinon.stub();
|
||||
|
||||
this.mailSubjectStub = Sinon.stub();
|
||||
}
|
||||
|
||||
challenge(): string {
|
||||
return this.challengeStub();
|
||||
}
|
||||
|
||||
preValidationInit(req: Express.Request): Bluebird<Identity> {
|
||||
return this.preValidationInitStub(req);
|
||||
}
|
||||
|
||||
postValidationInit(req: Express.Request): Bluebird<void> {
|
||||
return this.postValidationInitStub(req);
|
||||
}
|
||||
|
||||
preValidationResponse(req: Express.Request, res: Express.Response): void {
|
||||
return this.preValidationResponseStub(req, res);
|
||||
}
|
||||
|
||||
postValidationResponse(req: Express.Request, res: Express.Response): void {
|
||||
return this.postValidationResponseStub(req, res);
|
||||
}
|
||||
|
||||
mailSubject(): string {
|
||||
return this.mailSubjectStub();
|
||||
}
|
||||
}
|
81
themes/squares/server/src/lib/Server.spec.ts
Normal file
|
@ -0,0 +1,81 @@
|
|||
|
||||
import Assert = require("assert");
|
||||
import Sinon = require("sinon");
|
||||
import nedb = require("nedb");
|
||||
import express = require("express");
|
||||
import winston = require("winston");
|
||||
import speakeasy = require("speakeasy");
|
||||
import u2f = require("u2f");
|
||||
import session = require("express-session");
|
||||
import { Configuration } from "./configuration/schema/Configuration";
|
||||
import { GlobalDependencies } from "../../types/Dependencies";
|
||||
import Server from "./Server";
|
||||
import { LdapjsMock, LdapjsClientMock } from "./stubs/ldapjs.spec";
|
||||
|
||||
|
||||
describe("Server", function () {
|
||||
let deps: GlobalDependencies;
|
||||
let sessionMock: Sinon.SinonSpy;
|
||||
let ldapjsMock: LdapjsMock;
|
||||
|
||||
before(function () {
|
||||
sessionMock = Sinon.spy(session);
|
||||
ldapjsMock = new LdapjsMock();
|
||||
|
||||
deps = {
|
||||
speakeasy: speakeasy,
|
||||
u2f: u2f,
|
||||
nedb: nedb,
|
||||
winston: winston,
|
||||
ldapjs: ldapjsMock as any,
|
||||
session: sessionMock as any,
|
||||
ConnectRedis: Sinon.spy(),
|
||||
Redis: Sinon.spy() as any
|
||||
};
|
||||
});
|
||||
|
||||
|
||||
it("should set cookie scope to domain set in the config", function () {
|
||||
const config: Configuration = {
|
||||
port: 8081,
|
||||
session: {
|
||||
domain: "example.com",
|
||||
secret: "secret"
|
||||
},
|
||||
authentication_backend: {
|
||||
ldap: {
|
||||
url: "http://ldap",
|
||||
user: "user",
|
||||
password: "password",
|
||||
base_dn: "dc=example,dc=com"
|
||||
},
|
||||
},
|
||||
notifier: {
|
||||
email: {
|
||||
username: "user@example.com",
|
||||
password: "password",
|
||||
sender: "test@authelia.com",
|
||||
service: "gmail"
|
||||
}
|
||||
},
|
||||
regulation: {
|
||||
max_retries: 3,
|
||||
ban_time: 5 * 60,
|
||||
find_time: 5 * 60
|
||||
},
|
||||
storage: {
|
||||
local: {
|
||||
in_memory: true
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
const server = new Server(deps);
|
||||
server.start(config, deps)
|
||||
.then(function () {
|
||||
Assert(sessionMock.calledOnce);
|
||||
Assert.equal(sessionMock.getCall(0).args[0].cookie.domain, "example.com");
|
||||
server.stop();
|
||||
});
|
||||
});
|
||||
});
|
93
themes/squares/server/src/lib/Server.ts
Normal file
|
@ -0,0 +1,93 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
import ObjectPath = require("object-path");
|
||||
|
||||
import { Configuration } from "./configuration/schema/Configuration";
|
||||
import { GlobalDependencies } from "../../types/Dependencies";
|
||||
import { UserDataStore } from "./storage/UserDataStore";
|
||||
import { ConfigurationParser } from "./configuration/ConfigurationParser";
|
||||
import { SessionConfigurationBuilder } from "./configuration/SessionConfigurationBuilder";
|
||||
import { GlobalLogger } from "./logging/GlobalLogger";
|
||||
import { RequestLogger } from "./logging/RequestLogger";
|
||||
import { ServerVariables } from "./ServerVariables";
|
||||
import { ServerVariablesInitializer } from "./ServerVariablesInitializer";
|
||||
import { Configurator } from "./web_server/Configurator";
|
||||
|
||||
import * as Express from "express";
|
||||
import * as Path from "path";
|
||||
import * as http from "http";
|
||||
|
||||
function clone(obj: any) {
|
||||
return JSON.parse(JSON.stringify(obj));
|
||||
}
|
||||
|
||||
export default class Server {
|
||||
private httpServer: http.Server;
|
||||
private globalLogger: GlobalLogger;
|
||||
private requestLogger: RequestLogger;
|
||||
|
||||
constructor(deps: GlobalDependencies) {
|
||||
this.globalLogger = new GlobalLogger(deps.winston);
|
||||
this.requestLogger = new RequestLogger(deps.winston);
|
||||
}
|
||||
|
||||
private displayConfigurations(configuration: Configuration) {
|
||||
const displayableConfiguration: Configuration = clone(configuration);
|
||||
const STARS = "*****";
|
||||
|
||||
if (displayableConfiguration.authentication_backend.ldap) {
|
||||
displayableConfiguration.authentication_backend.ldap.password = STARS;
|
||||
}
|
||||
|
||||
displayableConfiguration.session.secret = STARS;
|
||||
if (displayableConfiguration.notifier && displayableConfiguration.notifier.email)
|
||||
displayableConfiguration.notifier.email.password = STARS;
|
||||
if (displayableConfiguration.notifier && displayableConfiguration.notifier.smtp)
|
||||
displayableConfiguration.notifier.smtp.password = STARS;
|
||||
|
||||
this.globalLogger.debug("User configuration is %s",
|
||||
JSON.stringify(displayableConfiguration, undefined, 2));
|
||||
}
|
||||
|
||||
private setup(config: Configuration, app: Express.Application, deps: GlobalDependencies): BluebirdPromise<void> {
|
||||
const that = this;
|
||||
return ServerVariablesInitializer.initialize(
|
||||
config, this.globalLogger, this.requestLogger, deps)
|
||||
.then(function (vars: ServerVariables) {
|
||||
Configurator.configure(config, app, vars, deps);
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
}
|
||||
|
||||
private startServer(app: Express.Application, port: number) {
|
||||
const that = this;
|
||||
that.globalLogger.info("Starting Authelia...");
|
||||
return new BluebirdPromise<void>((resolve, reject) => {
|
||||
this.httpServer = app.listen(port, function (err: string) {
|
||||
that.globalLogger.info("Listening on port %d...", port);
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
start(configuration: Configuration, deps: GlobalDependencies)
|
||||
: BluebirdPromise<void> {
|
||||
const that = this;
|
||||
const app = Express();
|
||||
|
||||
const appConfiguration = ConfigurationParser.parse(configuration);
|
||||
|
||||
// by default the level of logs is info
|
||||
deps.winston.level = appConfiguration.logs_level;
|
||||
this.displayConfigurations(appConfiguration);
|
||||
|
||||
return this.setup(appConfiguration, app, deps)
|
||||
.then(function () {
|
||||
return that.startServer(app, appConfiguration.port);
|
||||
});
|
||||
}
|
||||
|
||||
stop() {
|
||||
this.httpServer.close();
|
||||
}
|
||||
}
|
||||
|
21
themes/squares/server/src/lib/ServerVariables.ts
Normal file
|
@ -0,0 +1,21 @@
|
|||
import { IRequestLogger } from "./logging/IRequestLogger";
|
||||
import { ITotpHandler } from "./authentication/totp/ITotpHandler";
|
||||
import { IU2fHandler } from "./authentication/u2f/IU2fHandler";
|
||||
import { IUserDataStore } from "./storage/IUserDataStore";
|
||||
import { INotifier } from "./notifiers/INotifier";
|
||||
import { IRegulator } from "./regulation/IRegulator";
|
||||
import { Configuration } from "./configuration/schema/Configuration";
|
||||
import { IAuthorizer } from "./authorization/IAuthorizer";
|
||||
import { IUsersDatabase } from "./authentication/backends/IUsersDatabase";
|
||||
|
||||
export interface ServerVariables {
|
||||
logger: IRequestLogger;
|
||||
usersDatabase: IUsersDatabase;
|
||||
totpHandler: ITotpHandler;
|
||||
u2f: IU2fHandler;
|
||||
userDataStore: IUserDataStore;
|
||||
notifier: INotifier;
|
||||
regulator: IRegulator;
|
||||
config: Configuration;
|
||||
authorizer: IAuthorizer;
|
||||
}
|
116
themes/squares/server/src/lib/ServerVariablesInitializer.ts
Normal file
|
@ -0,0 +1,116 @@
|
|||
|
||||
import winston = require("winston");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import U2F = require("u2f");
|
||||
import Nodemailer = require("nodemailer");
|
||||
|
||||
import { IRequestLogger } from "./logging/IRequestLogger";
|
||||
import { RequestLogger } from "./logging/RequestLogger";
|
||||
|
||||
import { TotpHandler } from "./authentication/totp/TotpHandler";
|
||||
import { ITotpHandler } from "./authentication/totp/ITotpHandler";
|
||||
import { NotifierFactory } from "./notifiers/NotifierFactory";
|
||||
import { MailSenderBuilder } from "./notifiers/MailSenderBuilder";
|
||||
import { LdapUsersDatabase } from "./authentication/backends/ldap/LdapUsersDatabase";
|
||||
import { ConnectorFactory } from "./authentication/backends/ldap/connector/ConnectorFactory";
|
||||
|
||||
import { IUserDataStore } from "./storage/IUserDataStore";
|
||||
import { UserDataStore } from "./storage/UserDataStore";
|
||||
import { INotifier } from "./notifiers/INotifier";
|
||||
import { Regulator } from "./regulation/Regulator";
|
||||
import { IRegulator } from "./regulation/IRegulator";
|
||||
import Configuration = require("./configuration/schema/Configuration");
|
||||
import { CollectionFactoryFactory } from "./storage/CollectionFactoryFactory";
|
||||
import { ICollectionFactory } from "./storage/ICollectionFactory";
|
||||
import { MongoCollectionFactory } from "./storage/mongo/MongoCollectionFactory";
|
||||
import { IMongoClient } from "./connectors/mongo/IMongoClient";
|
||||
|
||||
import { GlobalDependencies } from "../../types/Dependencies";
|
||||
import { ServerVariables } from "./ServerVariables";
|
||||
import { MongoClient } from "./connectors/mongo/MongoClient";
|
||||
import { IGlobalLogger } from "./logging/IGlobalLogger";
|
||||
import { SessionFactory } from "./authentication/backends/ldap/SessionFactory";
|
||||
import { IUsersDatabase } from "./authentication/backends/IUsersDatabase";
|
||||
import { FileUsersDatabase } from "./authentication/backends/file/FileUsersDatabase";
|
||||
import { Authorizer } from "./authorization/Authorizer";
|
||||
|
||||
class UserDataStoreFactory {
|
||||
static create(config: Configuration.Configuration, globalLogger: IGlobalLogger): BluebirdPromise<UserDataStore> {
|
||||
if (config.storage.local) {
|
||||
const nedbOptions: Nedb.DataStoreOptions = {
|
||||
filename: config.storage.local.path,
|
||||
inMemoryOnly: config.storage.local.in_memory
|
||||
};
|
||||
const collectionFactory = CollectionFactoryFactory.createNedb(nedbOptions);
|
||||
return BluebirdPromise.resolve(new UserDataStore(collectionFactory));
|
||||
}
|
||||
else if (config.storage.mongo) {
|
||||
const mongoClient = new MongoClient(
|
||||
config.storage.mongo,
|
||||
globalLogger);
|
||||
const collectionFactory = CollectionFactoryFactory.createMongo(mongoClient);
|
||||
return BluebirdPromise.resolve(new UserDataStore(collectionFactory));
|
||||
}
|
||||
|
||||
return BluebirdPromise.reject(new Error("Storage backend incorrectly configured."));
|
||||
}
|
||||
}
|
||||
|
||||
export class ServerVariablesInitializer {
|
||||
static createUsersDatabase(
|
||||
config: Configuration.Configuration,
|
||||
deps: GlobalDependencies)
|
||||
: IUsersDatabase {
|
||||
|
||||
if (config.authentication_backend.ldap) {
|
||||
const ldapConfig = config.authentication_backend.ldap;
|
||||
return new LdapUsersDatabase(
|
||||
new SessionFactory(
|
||||
ldapConfig,
|
||||
new ConnectorFactory(ldapConfig, deps.ldapjs),
|
||||
deps.winston
|
||||
),
|
||||
ldapConfig
|
||||
);
|
||||
}
|
||||
else if (config.authentication_backend.file) {
|
||||
return new FileUsersDatabase(config.authentication_backend.file);
|
||||
}
|
||||
}
|
||||
|
||||
static initialize(
|
||||
config: Configuration.Configuration,
|
||||
globalLogger: IGlobalLogger,
|
||||
requestLogger: IRequestLogger,
|
||||
deps: GlobalDependencies)
|
||||
: BluebirdPromise<ServerVariables> {
|
||||
|
||||
const mailSenderBuilder =
|
||||
new MailSenderBuilder(Nodemailer);
|
||||
const notifier = NotifierFactory.build(
|
||||
config.notifier, mailSenderBuilder);
|
||||
const authorizer = new Authorizer(config.access_control, deps.winston);
|
||||
const totpHandler = new TotpHandler(deps.speakeasy);
|
||||
const usersDatabase = this.createUsersDatabase(
|
||||
config, deps);
|
||||
|
||||
return UserDataStoreFactory.create(config, globalLogger)
|
||||
.then(function (userDataStore: UserDataStore) {
|
||||
const regulator = new Regulator(userDataStore, config.regulation.max_retries,
|
||||
config.regulation.find_time, config.regulation.ban_time);
|
||||
|
||||
const variables: ServerVariables = {
|
||||
authorizer: authorizer,
|
||||
config: config,
|
||||
usersDatabase: usersDatabase,
|
||||
logger: requestLogger,
|
||||
notifier: notifier,
|
||||
regulator: regulator,
|
||||
totpHandler: totpHandler,
|
||||
u2f: deps.u2f,
|
||||
userDataStore: userDataStore
|
||||
};
|
||||
return BluebirdPromise.resolve(variables);
|
||||
});
|
||||
}
|
||||
}
|
|
@ -0,0 +1,87 @@
|
|||
import { ServerVariables } from "./ServerVariables";
|
||||
|
||||
import { Configuration } from "./configuration/schema/Configuration";
|
||||
import { IUsersDatabaseStub } from "./authentication/backends/IUsersDatabaseStub.spec";
|
||||
import { AuthorizerStub } from "./authorization/AuthorizerStub.spec";
|
||||
import { RequestLoggerStub } from "./logging/RequestLoggerStub.spec";
|
||||
import { NotifierStub } from "./notifiers/NotifierStub.spec";
|
||||
import { RegulatorStub } from "./regulation/RegulatorStub.spec";
|
||||
import { TotpHandlerStub } from "./authentication/totp/TotpHandlerStub.spec";
|
||||
import { UserDataStoreStub } from "./storage/UserDataStoreStub.spec";
|
||||
import { U2fHandlerStub } from "./authentication/u2f/U2fHandlerStub.spec";
|
||||
|
||||
export interface ServerVariablesMock {
|
||||
authorizer: AuthorizerStub;
|
||||
config: Configuration;
|
||||
usersDatabase: IUsersDatabaseStub;
|
||||
logger: RequestLoggerStub;
|
||||
notifier: NotifierStub;
|
||||
regulator: RegulatorStub;
|
||||
totpHandler: TotpHandlerStub;
|
||||
userDataStore: UserDataStoreStub;
|
||||
u2f: U2fHandlerStub;
|
||||
}
|
||||
|
||||
export class ServerVariablesMockBuilder {
|
||||
static build(enableLogging?: boolean): { variables: ServerVariables, mocks: ServerVariablesMock} {
|
||||
const mocks: ServerVariablesMock = {
|
||||
authorizer: new AuthorizerStub(),
|
||||
config: {
|
||||
access_control: {},
|
||||
totp: {
|
||||
issuer: "authelia.com"
|
||||
},
|
||||
authentication_backend: {
|
||||
ldap: {
|
||||
url: "ldap://ldap",
|
||||
base_dn: "dc=example,dc=com",
|
||||
user: "user",
|
||||
password: "password",
|
||||
mail_attribute: "mail",
|
||||
additional_users_dn: "ou=users",
|
||||
additional_groups_dn: "ou=groups",
|
||||
users_filter: "cn={0}",
|
||||
groups_filter: "member={dn}",
|
||||
group_name_attribute: "cn"
|
||||
},
|
||||
},
|
||||
logs_level: "debug",
|
||||
notifier: {},
|
||||
port: 8080,
|
||||
regulation: {
|
||||
ban_time: 50,
|
||||
find_time: 50,
|
||||
max_retries: 3
|
||||
},
|
||||
session: {
|
||||
secret: "my_secret",
|
||||
domain: "mydomain"
|
||||
},
|
||||
storage: {}
|
||||
},
|
||||
usersDatabase: new IUsersDatabaseStub(),
|
||||
logger: new RequestLoggerStub(enableLogging),
|
||||
notifier: new NotifierStub(),
|
||||
regulator: new RegulatorStub(),
|
||||
totpHandler: new TotpHandlerStub(),
|
||||
userDataStore: new UserDataStoreStub(),
|
||||
u2f: new U2fHandlerStub()
|
||||
};
|
||||
const vars: ServerVariables = {
|
||||
authorizer: mocks.authorizer,
|
||||
config: mocks.config,
|
||||
usersDatabase: mocks.usersDatabase,
|
||||
logger: mocks.logger,
|
||||
notifier: mocks.notifier,
|
||||
regulator: mocks.regulator,
|
||||
totpHandler: mocks.totpHandler,
|
||||
userDataStore: mocks.userDataStore,
|
||||
u2f: mocks.u2f
|
||||
};
|
||||
|
||||
return {
|
||||
variables: vars,
|
||||
mocks: mocks
|
||||
};
|
||||
}
|
||||
}
|
5
themes/squares/server/src/lib/authentication/Level.ts
Normal file
|
@ -0,0 +1,5 @@
|
|||
export enum Level {
|
||||
NOT_AUTHENTICATED = 0,
|
||||
ONE_FACTOR = 1,
|
||||
TWO_FACTOR = 2
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
|
||||
export interface GroupsAndEmails {
|
||||
groups: string[];
|
||||
emails: string[];
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
import Bluebird = require("bluebird");
|
||||
|
||||
import { GroupsAndEmails } from "./GroupsAndEmails";
|
||||
|
||||
export interface IUsersDatabase {
|
||||
checkUserPassword(username: string, password: string): Bluebird<GroupsAndEmails>;
|
||||
getEmails(username: string): Bluebird<string[]>;
|
||||
getGroups(username: string): Bluebird<string[]>;
|
||||
updatePassword(username: string, newPassword: string): Bluebird<void>;
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
import Bluebird = require("bluebird");
|
||||
import Sinon = require("sinon");
|
||||
|
||||
import { IUsersDatabase } from "./IUsersDatabase";
|
||||
import { GroupsAndEmails } from "./GroupsAndEmails";
|
||||
|
||||
export class IUsersDatabaseStub implements IUsersDatabase {
|
||||
checkUserPasswordStub: Sinon.SinonStub;
|
||||
getEmailsStub: Sinon.SinonStub;
|
||||
getGroupsStub: Sinon.SinonStub;
|
||||
updatePasswordStub: Sinon.SinonStub;
|
||||
|
||||
constructor() {
|
||||
this.checkUserPasswordStub = Sinon.stub();
|
||||
this.getEmailsStub = Sinon.stub();
|
||||
this.getGroupsStub = Sinon.stub();
|
||||
this.updatePasswordStub = Sinon.stub();
|
||||
}
|
||||
|
||||
checkUserPassword(username: string, password: string): Bluebird<GroupsAndEmails> {
|
||||
return this.checkUserPasswordStub(username, password);
|
||||
}
|
||||
|
||||
getEmails(username: string): Bluebird<string[]> {
|
||||
return this.getEmailsStub(username);
|
||||
}
|
||||
|
||||
getGroups(username: string): Bluebird<string[]> {
|
||||
return this.getGroupsStub(username);
|
||||
}
|
||||
|
||||
updatePassword(username: string, newPassword: string): Bluebird<void> {
|
||||
return this.updatePasswordStub(username, newPassword);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,224 @@
|
|||
import Assert = require("assert");
|
||||
import Bluebird = require("bluebird");
|
||||
import Fs = require("fs");
|
||||
import Sinon = require("sinon");
|
||||
import Tmp = require("tmp");
|
||||
|
||||
import { FileUsersDatabase } from "./FileUsersDatabase";
|
||||
import { FileUsersDatabaseConfiguration } from "../../../configuration/schema/FileUsersDatabaseConfiguration";
|
||||
import { HashGenerator } from "../../../utils/HashGenerator";
|
||||
|
||||
const GOOD_DATABASE = `
|
||||
users:
|
||||
john:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: john.doe@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
|
||||
harry:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
emails: harry.potter@authelia.com
|
||||
groups: []
|
||||
`;
|
||||
|
||||
const BAD_HASH = `
|
||||
users:
|
||||
john:
|
||||
password: "{CRYPT}$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: john.doe@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
`;
|
||||
|
||||
const NO_PASSWORD_DATABASE = `
|
||||
users:
|
||||
john:
|
||||
email: john.doe@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
`;
|
||||
|
||||
const NO_EMAIL_DATABASE = `
|
||||
users:
|
||||
john:
|
||||
password: "{CRYPT}$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
`;
|
||||
|
||||
const SINGLE_USER_DATABASE = `
|
||||
users:
|
||||
john:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: john.doe@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
`
|
||||
|
||||
function createTmpFileFrom(yaml: string) {
|
||||
const tmpFileAsync = Bluebird.promisify(Tmp.file);
|
||||
return tmpFileAsync()
|
||||
.then((path: string) => {
|
||||
Fs.writeFileSync(path, yaml, "utf-8");
|
||||
return Bluebird.resolve(path);
|
||||
});
|
||||
}
|
||||
|
||||
describe("authentication/backends/file/FileUsersDatabase", function() {
|
||||
let configuration: FileUsersDatabaseConfiguration;
|
||||
|
||||
describe("checkUserPassword", () => {
|
||||
describe("good config", () => {
|
||||
beforeEach(() => {
|
||||
return createTmpFileFrom(GOOD_DATABASE)
|
||||
.then((path: string) => configuration = {
|
||||
path: path
|
||||
});
|
||||
});
|
||||
|
||||
it("should succeed", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.checkUserPassword("john", "password")
|
||||
.then((groupsAndEmails) => {
|
||||
Assert.deepEqual(groupsAndEmails.groups, ["admins", "dev"]);
|
||||
Assert.deepEqual(groupsAndEmails.emails, ["john.doe@authelia.com"]);
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when password is wrong", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.checkUserPassword("john", "bad_password")
|
||||
.then(() => Bluebird.reject(new Error("should not be here.")))
|
||||
.catch((err) => {
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when user does not exist", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.checkUserPassword("no_user", "password")
|
||||
.then(() => Bluebird.reject(new Error("should not be here.")))
|
||||
.catch((err) => {
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("bad hash", () => {
|
||||
beforeEach(() => {
|
||||
return createTmpFileFrom(GOOD_DATABASE)
|
||||
.then((path: string) => configuration = {
|
||||
path: path
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when hash is wrong", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.checkUserPassword("john", "password")
|
||||
.then(() => Bluebird.reject(new Error("should not be here.")))
|
||||
.catch((err) => {
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("no password", () => {
|
||||
beforeEach(() => {
|
||||
return createTmpFileFrom(NO_PASSWORD_DATABASE)
|
||||
.then((path: string) => configuration = {
|
||||
path: path
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.checkUserPassword("john", "password")
|
||||
.then(() => Bluebird.reject(new Error("should not be here.")))
|
||||
.catch((err) => {
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("getEmails", () => {
|
||||
describe("good config", () => {
|
||||
beforeEach(() => {
|
||||
return createTmpFileFrom(GOOD_DATABASE)
|
||||
.then((path: string) => configuration = {
|
||||
path: path
|
||||
});
|
||||
});
|
||||
|
||||
it("should succeed", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.getEmails("john")
|
||||
.then((emails) => {
|
||||
Assert.deepEqual(emails, ["john.doe@authelia.com"]);
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when user does not exist", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.getEmails("no_user")
|
||||
.then(() => Bluebird.reject(new Error("should not be here.")))
|
||||
.catch((err) => {
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("no email provided", () => {
|
||||
beforeEach(() => {
|
||||
return createTmpFileFrom(NO_EMAIL_DATABASE)
|
||||
.then((path: string) => configuration = {
|
||||
path: path
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.getEmails("john")
|
||||
.then(() => Bluebird.reject(new Error("should not be here.")))
|
||||
.catch((err) => {
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("updatePassword", () => {
|
||||
beforeEach(() => {
|
||||
return createTmpFileFrom(SINGLE_USER_DATABASE)
|
||||
.then((path: string) => configuration = {
|
||||
path: path
|
||||
});
|
||||
});
|
||||
|
||||
it("should succeed", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
const NEW_HASH = "{CRYPT}$6$rounds=500000$Qw6MhgADvLyYMEq9$ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
const stub = Sinon.stub(HashGenerator, "ssha512").returns(Bluebird.resolve(NEW_HASH));
|
||||
return usersDatabase.updatePassword("john", "mypassword")
|
||||
.then(() => {
|
||||
const content = Fs.readFileSync(configuration.path, "utf-8");
|
||||
const matches = content.match(/password: '(.+)'/);
|
||||
Assert.equal(matches[1], NEW_HASH);
|
||||
})
|
||||
.finally(() => stub.restore());
|
||||
});
|
||||
|
||||
it("should fail when user does not exist", () => {
|
||||
const usersDatabase = new FileUsersDatabase(configuration);
|
||||
return usersDatabase.updatePassword("bad_user", "mypassword")
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch(() => Bluebird.resolve());
|
||||
});
|
||||
});
|
||||
});
|
|
@ -0,0 +1,182 @@
|
|||
import Bluebird = require("bluebird");
|
||||
import Fs = require("fs");
|
||||
import Yaml = require("yamljs");
|
||||
|
||||
import { FileUsersDatabaseConfiguration }
|
||||
from "../../../configuration/schema/FileUsersDatabaseConfiguration";
|
||||
import { GroupsAndEmails } from "../GroupsAndEmails";
|
||||
import { IUsersDatabase } from "../IUsersDatabase";
|
||||
import { HashGenerator } from "../../../utils/HashGenerator";
|
||||
import { ReadWriteQueue } from "./ReadWriteQueue";
|
||||
|
||||
const loadAsync = Bluebird.promisify(Yaml.load);
|
||||
|
||||
export class FileUsersDatabase implements IUsersDatabase {
|
||||
private configuration: FileUsersDatabaseConfiguration;
|
||||
private queue: ReadWriteQueue;
|
||||
|
||||
constructor(configuration: FileUsersDatabaseConfiguration) {
|
||||
this.configuration = configuration;
|
||||
this.queue = new ReadWriteQueue(this.configuration.path);
|
||||
}
|
||||
|
||||
/**
|
||||
* Read database from file.
|
||||
* It enqueues the read task so that it is scheduled
|
||||
* between other reads and writes.
|
||||
*/
|
||||
private readDatabase(): Bluebird<any> {
|
||||
return new Bluebird<string>((resolve, reject) => {
|
||||
this.queue.read((err: Error, data: string) => {
|
||||
if (err) {
|
||||
reject(err);
|
||||
return;
|
||||
}
|
||||
resolve(data);
|
||||
this.queue.next();
|
||||
});
|
||||
})
|
||||
.then((content) => {
|
||||
const database = Yaml.parse(content);
|
||||
if (!database) {
|
||||
return Bluebird.reject(new Error("Unable to parse YAML file."));
|
||||
}
|
||||
return Bluebird.resolve(database);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks the user exists in the database.
|
||||
*/
|
||||
private checkUserExists(
|
||||
database: any,
|
||||
username: string)
|
||||
: Bluebird<void> {
|
||||
if (!(username in database.users)) {
|
||||
return Bluebird.reject(
|
||||
new Error(`User ${username} does not exist in database.`));
|
||||
}
|
||||
return Bluebird.resolve();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check the password of a given user.
|
||||
*/
|
||||
private checkPassword(
|
||||
database: any,
|
||||
username: string,
|
||||
password: string)
|
||||
: Bluebird<void> {
|
||||
const storedHash: string = database.users[username].password;
|
||||
const matches = storedHash.match(/rounds=([0-9]+)\$([a-zA-z0-9]+)\$/);
|
||||
if (!(matches && matches.length == 3)) {
|
||||
return Bluebird.reject(new Error("Unable to detect the hash salt and rounds. " +
|
||||
"Make sure the password is hashed with SSHA512."));
|
||||
}
|
||||
|
||||
const rounds: number = parseInt(matches[1]);
|
||||
const salt = matches[2];
|
||||
|
||||
return HashGenerator.ssha512(password, rounds, salt)
|
||||
.then((hash: string) => {
|
||||
if (hash !== storedHash) {
|
||||
return Bluebird.reject(new Error("Wrong username/password."));
|
||||
}
|
||||
return Bluebird.resolve();
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve email addresses of a given user.
|
||||
*/
|
||||
private retrieveEmails(
|
||||
database: any,
|
||||
username: string)
|
||||
: Bluebird<string[]> {
|
||||
if (!("email" in database.users[username])) {
|
||||
return Bluebird.reject(
|
||||
new Error(`User ${username} has no email address.`));
|
||||
}
|
||||
return Bluebird.resolve(
|
||||
[database.users[username].email]);
|
||||
}
|
||||
|
||||
private retrieveGroups(
|
||||
database: any,
|
||||
username: string)
|
||||
: Bluebird<string[]> {
|
||||
if (!("groups" in database.users[username])) {
|
||||
return Bluebird.resolve([]);
|
||||
}
|
||||
return Bluebird.resolve(
|
||||
database.users[username].groups);
|
||||
}
|
||||
|
||||
private replacePassword(
|
||||
database: any,
|
||||
username: string,
|
||||
newPassword: string)
|
||||
: Bluebird<void> {
|
||||
const that = this;
|
||||
return HashGenerator.ssha512(newPassword)
|
||||
.then((hash) => {
|
||||
database.users[username].password = hash;
|
||||
const str = Yaml.stringify(database, 4, 2);
|
||||
return Bluebird.resolve(str);
|
||||
})
|
||||
.then((content: string) => {
|
||||
return new Bluebird((resolve, reject) => {
|
||||
that.queue.write(content, (err) => {
|
||||
if (err) {
|
||||
return reject(err);
|
||||
}
|
||||
resolve();
|
||||
that.queue.next();
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
checkUserPassword(
|
||||
username: string,
|
||||
password: string)
|
||||
: Bluebird<GroupsAndEmails> {
|
||||
return this.readDatabase()
|
||||
.then((database) => {
|
||||
return this.checkUserExists(database, username)
|
||||
.then(() => this.checkPassword(database, username, password))
|
||||
.then(() => {
|
||||
return Bluebird.join(
|
||||
this.retrieveEmails(database, username),
|
||||
this.retrieveGroups(database, username)
|
||||
).spread((emails: string[], groups: string[]) => {
|
||||
return { emails: emails, groups: groups };
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
getEmails(username: string): Bluebird<string[]> {
|
||||
return this.readDatabase()
|
||||
.then((database) => {
|
||||
return this.checkUserExists(database, username)
|
||||
.then(() => this.retrieveEmails(database, username));
|
||||
});
|
||||
}
|
||||
|
||||
getGroups(username: string): Bluebird<string[]> {
|
||||
return this.readDatabase()
|
||||
.then((database) => {
|
||||
return this.checkUserExists(database, username)
|
||||
.then(() => this.retrieveGroups(database, username));
|
||||
});
|
||||
}
|
||||
|
||||
updatePassword(username: string, newPassword: string): Bluebird<void> {
|
||||
return this.readDatabase()
|
||||
.then((database) => {
|
||||
return this.checkUserExists(database, username)
|
||||
.then(() => this.replacePassword(database, username, newPassword));
|
||||
});
|
||||
}
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
import Fs = require("fs");
|
||||
|
||||
type Callback = (err: Error, data?: string) => void;
|
||||
type ContentAndCallback = [string, Callback] | [string, string, Callback];
|
||||
|
||||
/**
|
||||
* WriteQueue is a queue synchronizing writes to a file.
|
||||
*
|
||||
* Example of use:
|
||||
*
|
||||
* queue.add(mycontent, (err) => {
|
||||
* // do whatever you want here.
|
||||
* queue.next();
|
||||
* })
|
||||
*/
|
||||
export class ReadWriteQueue {
|
||||
private filePath: string;
|
||||
private queue: ContentAndCallback[];
|
||||
|
||||
constructor (filePath: string) {
|
||||
this.queue = [];
|
||||
this.filePath = filePath;
|
||||
}
|
||||
|
||||
next () {
|
||||
if (this.queue.length === 0)
|
||||
return;
|
||||
|
||||
const task = this.queue[0];
|
||||
|
||||
if (task[0] == "write") {
|
||||
Fs.writeFile(this.filePath, task[1], "utf-8", (err) => {
|
||||
this.queue.shift();
|
||||
const cb = task[2] as Callback;
|
||||
cb(err);
|
||||
});
|
||||
}
|
||||
else if (task[0] == "read") {
|
||||
Fs.readFile(this.filePath, { encoding: "utf-8"} , (err, data) => {
|
||||
this.queue.shift();
|
||||
const cb = task[1] as Callback;
|
||||
cb(err, data);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
write (content: string, cb: Callback) {
|
||||
this.queue.push(["write", content, cb]);
|
||||
if (this.queue.length === 1) {
|
||||
this.next();
|
||||
}
|
||||
}
|
||||
|
||||
read (cb: Callback) {
|
||||
this.queue.push(["read", cb]);
|
||||
if (this.queue.length === 1) {
|
||||
this.next();
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
|
||||
import BluebirdPromise = require("bluebird");
|
||||
|
||||
export interface ISession {
|
||||
open(): BluebirdPromise<void>;
|
||||
close(): BluebirdPromise<void>;
|
||||
|
||||
searchUserDn(username: string): BluebirdPromise<string>;
|
||||
searchEmails(username: string): BluebirdPromise<string[]>;
|
||||
searchGroups(username: string): BluebirdPromise<string[]>;
|
||||
modifyPassword(username: string, newPassword: string): BluebirdPromise<void>;
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
|
||||
import { ISession } from "./ISession";
|
||||
|
||||
export interface ISessionFactory {
|
||||
create(userDN: string, password: string): ISession;
|
||||
}
|
|
@ -0,0 +1,386 @@
|
|||
import Assert = require("assert");
|
||||
import Bluebird = require("bluebird");
|
||||
|
||||
import { LdapUsersDatabase } from "./LdapUsersDatabase";
|
||||
|
||||
import { SessionFactoryStub } from "./SessionFactoryStub.spec";
|
||||
import { SessionStub } from "./SessionStub.spec";
|
||||
|
||||
const ADMIN_USER_DN = "cn=admin,dc=example,dc=com";
|
||||
const ADMIN_PASSWORD = "password";
|
||||
|
||||
describe("ldap/connector/LdapUsersDatabase", function() {
|
||||
let sessionFactory: SessionFactoryStub;
|
||||
let usersDatabase: LdapUsersDatabase;
|
||||
|
||||
const USERNAME = "user";
|
||||
const PASSWORD = "pass";
|
||||
const NEW_PASSWORD = "pass2";
|
||||
|
||||
const LDAP_CONFIG = {
|
||||
url: "http://localhost:324",
|
||||
additional_users_dn: "ou=users",
|
||||
additional_groups_dn: "ou=groups",
|
||||
base_dn: "dc=example,dc=com",
|
||||
users_filter: "cn={0}",
|
||||
groups_filter: "member={0}",
|
||||
mail_attribute: "mail",
|
||||
group_name_attribute: "cn",
|
||||
user: ADMIN_USER_DN,
|
||||
password: ADMIN_PASSWORD
|
||||
};
|
||||
|
||||
beforeEach(function() {
|
||||
sessionFactory = new SessionFactoryStub();
|
||||
usersDatabase = new LdapUsersDatabase(sessionFactory, LDAP_CONFIG);
|
||||
})
|
||||
|
||||
describe("checkUserPassword", function() {
|
||||
it("should return groups and emails when user/password matches", function() {
|
||||
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
|
||||
const emails = ["email1", "email2"];
|
||||
const groups = ["group1", "group2"];
|
||||
|
||||
const adminSession = new SessionStub();
|
||||
const userSession = new SessionStub();
|
||||
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
|
||||
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
|
||||
|
||||
adminSession.openStub.returns(Bluebird.resolve());
|
||||
adminSession.closeStub.returns(Bluebird.resolve());
|
||||
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
|
||||
adminSession.searchEmailsStub.withArgs(USERNAME).returns(Bluebird.resolve(emails));
|
||||
adminSession.searchGroupsStub.withArgs(USERNAME).returns(Bluebird.resolve(groups));
|
||||
|
||||
userSession.openStub.returns(Bluebird.resolve());
|
||||
userSession.closeStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
|
||||
.then((groupsAndEmails) => {
|
||||
Assert.deepEqual(groupsAndEmails.groups, groups);
|
||||
Assert.deepEqual(groupsAndEmails.emails, emails);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when username/password is wrong", function() {
|
||||
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
|
||||
|
||||
const adminSession = new SessionStub();
|
||||
const userSession = new SessionStub();
|
||||
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
|
||||
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
|
||||
|
||||
adminSession.openStub.returns(Bluebird.resolve());
|
||||
adminSession.closeStub.returns(Bluebird.resolve());
|
||||
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
|
||||
|
||||
userSession.openStub.returns(Bluebird.reject(new Error("Failed binding")));
|
||||
userSession.closeStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(userSession.closeStub.called);
|
||||
Assert(adminSession.closeStub.called);
|
||||
return Bluebird.resolve();
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when admin binding fails", function() {
|
||||
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
|
||||
|
||||
const adminSession = new SessionStub();
|
||||
const userSession = new SessionStub();
|
||||
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
|
||||
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
|
||||
|
||||
adminSession.openStub.returns(Bluebird.reject(new Error("Failed binding")));
|
||||
adminSession.closeStub.returns(Bluebird.resolve());
|
||||
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
|
||||
|
||||
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(userSession.closeStub.notCalled);
|
||||
Assert(adminSession.closeStub.called);
|
||||
return Bluebird.resolve();
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when search for user dn fails", function() {
|
||||
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
|
||||
|
||||
const adminSession = new SessionStub();
|
||||
const userSession = new SessionStub();
|
||||
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
|
||||
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
|
||||
|
||||
adminSession.openStub.returns(Bluebird.resolve());
|
||||
adminSession.closeStub.returns(Bluebird.resolve());
|
||||
adminSession.searchUserDnStub.returns(Bluebird.reject(new Error("Failed searching user dn")));
|
||||
|
||||
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(userSession.closeStub.notCalled);
|
||||
Assert(adminSession.closeStub.called);
|
||||
return Bluebird.resolve();
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when groups retrieval fails", function() {
|
||||
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
|
||||
const emails = ["email1", "email2"];
|
||||
const groups = ["group1", "group2"];
|
||||
|
||||
const adminSession = new SessionStub();
|
||||
const userSession = new SessionStub();
|
||||
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
|
||||
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
|
||||
|
||||
adminSession.openStub.returns(Bluebird.resolve());
|
||||
adminSession.closeStub.returns(Bluebird.resolve());
|
||||
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
|
||||
adminSession.searchEmailsStub.withArgs(USERNAME)
|
||||
.returns(Bluebird.resolve(emails));
|
||||
adminSession.searchGroupsStub.withArgs(USERNAME)
|
||||
.returns(Bluebird.reject(new Error("Failed retrieving groups")));
|
||||
|
||||
userSession.openStub.returns(Bluebird.resolve());
|
||||
userSession.closeStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
|
||||
.then((groupsAndEmails) => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(userSession.closeStub.called);
|
||||
Assert(adminSession.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when emails retrieval fails", function() {
|
||||
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
|
||||
const emails = ["email1", "email2"];
|
||||
const groups = ["group1", "group2"];
|
||||
|
||||
const adminSession = new SessionStub();
|
||||
const userSession = new SessionStub();
|
||||
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
|
||||
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
|
||||
|
||||
adminSession.openStub.returns(Bluebird.resolve());
|
||||
adminSession.closeStub.returns(Bluebird.resolve());
|
||||
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
|
||||
adminSession.searchEmailsStub.withArgs(USERNAME)
|
||||
.returns(Bluebird.reject(new Error("Emails retrieval failed")));
|
||||
adminSession.searchGroupsStub.withArgs(USERNAME)
|
||||
.returns(Bluebird.resolve(groups));
|
||||
|
||||
userSession.openStub.returns(Bluebird.resolve());
|
||||
userSession.closeStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
|
||||
.then((groupsAndEmails) => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(userSession.closeStub.called);
|
||||
Assert(adminSession.closeStub.called);
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
describe("getEmails", function() {
|
||||
it("should succefully retrieves email", () => {
|
||||
const emails = ["email1", "email2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
session.searchEmailsStub.returns(Bluebird.resolve(emails));
|
||||
|
||||
return usersDatabase.getEmails(USERNAME)
|
||||
.then((foundEmails) => {
|
||||
Assert(session.closeStub.called);
|
||||
Assert.deepEqual(foundEmails, emails);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when binding fails", () => {
|
||||
const emails = ["email1", "email2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.reject(new Error("Binding failed")));
|
||||
|
||||
return usersDatabase.getEmails(USERNAME)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when unbinding fails", () => {
|
||||
const emails = ["email1", "email2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.searchEmailsStub.returns(Bluebird.resolve(emails));
|
||||
session.closeStub.returns(Bluebird.reject(new Error("Unbinding failed")));
|
||||
|
||||
return usersDatabase.getEmails(USERNAME)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when search fails", () => {
|
||||
const emails = ["email1", "email2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.searchEmailsStub.returns(Bluebird.reject(new Error("Search failed")));
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.getEmails(USERNAME)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
describe("getGroups", function() {
|
||||
it("should succefully retrieves groups", () => {
|
||||
const groups = ["group1", "group2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
session.searchGroupsStub.returns(Bluebird.resolve(groups));
|
||||
|
||||
return usersDatabase.getGroups(USERNAME)
|
||||
.then((foundGroups) => {
|
||||
Assert(session.closeStub.called);
|
||||
Assert.deepEqual(foundGroups, groups);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when binding fails", () => {
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.reject(new Error("Binding failed")));
|
||||
|
||||
return usersDatabase.getGroups(USERNAME)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when unbinding fails", () => {
|
||||
const groups = ["group1", "group2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.searchGroupsStub.returns(Bluebird.resolve(groups));
|
||||
session.closeStub.returns(Bluebird.reject(new Error("Unbinding failed")));
|
||||
|
||||
return usersDatabase.getGroups(USERNAME)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when search fails", () => {
|
||||
const groups = ["group1", "group2"];
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.searchGroupsStub.returns(Bluebird.reject(new Error("Search failed")));
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.getGroups(USERNAME)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch((err) => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
describe("updatePassword", function() {
|
||||
it("should successfully update password", () => {
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
session.modifyPasswordStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
|
||||
.then(() => {
|
||||
Assert(session.modifyPasswordStub.calledWith(USERNAME, NEW_PASSWORD));
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when binding fails", () => {
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.reject(new Error("Binding failed")));
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
session.modifyPasswordStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch(() => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when update fails", () => {
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.closeStub.returns(Bluebird.reject(new Error("Update failed")));
|
||||
session.modifyPasswordStub.returns(Bluebird.resolve());
|
||||
|
||||
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch(() => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
|
||||
it("should fail when unbind fails", () => {
|
||||
const session = new SessionStub();
|
||||
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
|
||||
|
||||
session.openStub.returns(Bluebird.resolve());
|
||||
session.closeStub.returns(Bluebird.resolve());
|
||||
session.modifyPasswordStub.returns(Bluebird.reject(new Error("Unbind failed")));
|
||||
|
||||
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
|
||||
.then(() => Bluebird.reject(new Error("should not be here")))
|
||||
.catch(() => {
|
||||
Assert(session.closeStub.called);
|
||||
})
|
||||
});
|
||||
});
|
||||
});
|
|
@ -0,0 +1,107 @@
|
|||
import Bluebird = require("bluebird");
|
||||
import { IUsersDatabase } from "../IUsersDatabase";
|
||||
import { ISessionFactory } from "./ISessionFactory";
|
||||
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
|
||||
import { ISession } from "./ISession";
|
||||
import { GroupsAndEmails } from "../GroupsAndEmails";
|
||||
import Exceptions = require("../../../Exceptions");
|
||||
|
||||
type SessionCallback<T> = (session: ISession) => Bluebird<T>;
|
||||
|
||||
export class LdapUsersDatabase implements IUsersDatabase {
|
||||
private sessionFactory: ISessionFactory;
|
||||
private configuration: LdapConfiguration;
|
||||
|
||||
constructor(
|
||||
sessionFactory: ISessionFactory,
|
||||
configuration: LdapConfiguration) {
|
||||
this.sessionFactory = sessionFactory;
|
||||
this.configuration = configuration;
|
||||
}
|
||||
|
||||
private withSession<T>(
|
||||
username: string,
|
||||
password: string,
|
||||
cb: SessionCallback<T>): Bluebird<T> {
|
||||
const session = this.sessionFactory.create(username, password);
|
||||
return session.open()
|
||||
.then(() => cb(session))
|
||||
.finally(() => session.close());
|
||||
}
|
||||
|
||||
checkUserPassword(username: string, password: string): Bluebird<GroupsAndEmails> {
|
||||
const that = this;
|
||||
function verifyUserPassword(userDN: string) {
|
||||
return that.withSession<void>(
|
||||
userDN,
|
||||
password,
|
||||
(session) => Bluebird.resolve()
|
||||
);
|
||||
}
|
||||
|
||||
function getInfo(session: ISession) {
|
||||
return Bluebird.join(
|
||||
session.searchGroups(username),
|
||||
session.searchEmails(username)
|
||||
)
|
||||
.spread((groups: string[], emails: string[]) => {
|
||||
return { groups: groups, emails: emails };
|
||||
});
|
||||
}
|
||||
|
||||
return that.withSession(
|
||||
that.configuration.user,
|
||||
that.configuration.password,
|
||||
(session) => {
|
||||
return session.searchUserDn(username)
|
||||
.then(verifyUserPassword)
|
||||
.then(() => getInfo(session));
|
||||
})
|
||||
.catch((err) =>
|
||||
Bluebird.reject(new Exceptions.LdapError(err.message)));
|
||||
}
|
||||
|
||||
getEmails(username: string): Bluebird<string[]> {
|
||||
const that = this;
|
||||
return that.withSession(
|
||||
that.configuration.user,
|
||||
that.configuration.password,
|
||||
(session) => {
|
||||
return session.searchEmails(username);
|
||||
}
|
||||
)
|
||||
.catch((err) =>
|
||||
Bluebird.reject(new Exceptions.LdapError("Failed during email retrieval: " + err.message))
|
||||
);
|
||||
}
|
||||
|
||||
getGroups(username: string): Bluebird<string[]> {
|
||||
const that = this;
|
||||
return that.withSession(
|
||||
that.configuration.user,
|
||||
that.configuration.password,
|
||||
(session) => {
|
||||
return session.searchGroups(username);
|
||||
}
|
||||
)
|
||||
.catch((err) =>
|
||||
Bluebird.reject(new Exceptions.LdapError("Failed during email retrieval: " + err.message))
|
||||
);
|
||||
}
|
||||
|
||||
updatePassword(username: string, newPassword: string): Bluebird<void> {
|
||||
const that = this;
|
||||
return that.withSession(
|
||||
that.configuration.user,
|
||||
that.configuration.password,
|
||||
(session) => {
|
||||
return session.modifyPassword(username, newPassword);
|
||||
}
|
||||
)
|
||||
.catch(function (err: Error) {
|
||||
return Bluebird.reject(
|
||||
new Exceptions.LdapError(
|
||||
"Error while updating password: " + err.message));
|
||||
});
|
||||
}
|
||||
}
|
|
@ -0,0 +1,76 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
import { SessionStub } from "./SessionStub.spec";
|
||||
import { SafeSession } from "./SafeSession";
|
||||
|
||||
describe("ldap/SanitizedClient", function () {
|
||||
let client: SafeSession;
|
||||
|
||||
beforeEach(function () {
|
||||
const clientStub = new SessionStub();
|
||||
clientStub.searchUserDnStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
|
||||
client = new SafeSession(clientStub);
|
||||
});
|
||||
|
||||
describe("special chars are used", function () {
|
||||
it("should fail when special chars are used in searchUserDn", function () {
|
||||
// potential ldap injection";
|
||||
return client.searchUserDn("cn=dummy_user,ou=groupgs")
|
||||
.then(function () {
|
||||
return BluebirdPromise.reject(new Error("Should not be here."));
|
||||
}, function () {
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when special chars are used in searchGroups", function () {
|
||||
// potential ldap injection";
|
||||
return client.searchGroups("cn=dummy_user,ou=groupgs")
|
||||
.then(function () {
|
||||
return BluebirdPromise.reject(new Error("Should not be here."));
|
||||
}, function () {
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when special chars are used in searchEmails", function () {
|
||||
// potential ldap injection";
|
||||
return client.searchEmails("cn=dummy_user,ou=groupgs")
|
||||
.then(function () {
|
||||
return BluebirdPromise.reject(new Error("Should not be here."));
|
||||
}, function () {
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
});
|
||||
|
||||
it("should fail when special chars are used in modifyPassword", function () {
|
||||
// potential ldap injection";
|
||||
return client.modifyPassword("cn=dummy_user,ou=groupgs", "abc")
|
||||
.then(function () {
|
||||
return BluebirdPromise.reject(new Error("Should not be here."));
|
||||
}, function () {
|
||||
return BluebirdPromise.resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("no special chars are used", function() {
|
||||
it("should succeed when no special chars are used in searchUserDn", function () {
|
||||
return client.searchUserDn("dummy_user");
|
||||
});
|
||||
|
||||
it("should succeed when no special chars are used in searchGroups", function () {
|
||||
return client.searchGroups("dummy_user");
|
||||
});
|
||||
|
||||
it("should succeed when no special chars are used in searchEmails", function () {
|
||||
return client.searchEmails("dummy_user");
|
||||
});
|
||||
|
||||
it("should succeed when no special chars are used in modifyPassword", function () {
|
||||
return client.modifyPassword("dummy_user", "abc");
|
||||
});
|
||||
});
|
||||
});
|
|
@ -0,0 +1,62 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
import { ISession } from "./ISession";
|
||||
import { Sanitizer } from "./Sanitizer";
|
||||
|
||||
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
|
||||
|
||||
|
||||
export class SafeSession implements ISession {
|
||||
private sesion: ISession;
|
||||
|
||||
constructor(sesion: ISession) {
|
||||
this.sesion = sesion;
|
||||
}
|
||||
|
||||
open(): BluebirdPromise<void> {
|
||||
return this.sesion.open();
|
||||
}
|
||||
|
||||
close(): BluebirdPromise<void> {
|
||||
return this.sesion.close();
|
||||
}
|
||||
|
||||
searchGroups(username: string): BluebirdPromise<string[]> {
|
||||
try {
|
||||
const sanitizedUsername = Sanitizer.sanitize(username);
|
||||
return this.sesion.searchGroups(sanitizedUsername);
|
||||
}
|
||||
catch (e) {
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
||||
searchUserDn(username: string): BluebirdPromise<string> {
|
||||
try {
|
||||
const sanitizedUsername = Sanitizer.sanitize(username);
|
||||
return this.sesion.searchUserDn(sanitizedUsername);
|
||||
}
|
||||
catch (e) {
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
||||
searchEmails(username: string): BluebirdPromise<string[]> {
|
||||
try {
|
||||
const sanitizedUsername = Sanitizer.sanitize(username);
|
||||
return this.sesion.searchEmails(sanitizedUsername);
|
||||
}
|
||||
catch (e) {
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
|
||||
modifyPassword(username: string, newPassword: string): BluebirdPromise<void> {
|
||||
try {
|
||||
const sanitizedUsername = Sanitizer.sanitize(username);
|
||||
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
|
||||
}
|
||||
catch (e) {
|
||||
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
import Assert = require("assert");
|
||||
import { Sanitizer } from "./Sanitizer";
|
||||
|
||||
describe("ldap/InputsSanitizer", function () {
|
||||
it("should fail when special characters are used", function () {
|
||||
Assert.throws(() => { Sanitizer.sanitize("ab,c"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a\\bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a'bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a#bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a+bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a<bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a>bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a;bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a\"bc"); }, Error);
|
||||
Assert.throws(() => { Sanitizer.sanitize("a=bc"); }, Error);
|
||||
});
|
||||
|
||||
it("should return original string", function () {
|
||||
Assert.equal(Sanitizer.sanitize("abcdef"), "abcdef");
|
||||
});
|
||||
|
||||
it("should trim", function () {
|
||||
Assert.throws(() => { Sanitizer.sanitize(" abc "); }, Error);
|
||||
});
|
||||
});
|
|
@ -0,0 +1,25 @@
|
|||
|
||||
// returns true for 1 or more matches, where 'a' is an array and 'b' is a search string or an array of multiple search strings
|
||||
function contains(a: string, character: string) {
|
||||
// string match
|
||||
return a.indexOf(character) > -1;
|
||||
}
|
||||
|
||||
function containsOneOf(s: string, characters: string[]) {
|
||||
return characters
|
||||
.map((character: string) => { return contains(s, character); })
|
||||
.reduce((acc: boolean, current: boolean) => { return acc || current; }, false);
|
||||
}
|
||||
|
||||
export class Sanitizer {
|
||||
static sanitize(input: string): string {
|
||||
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
|
||||
if (containsOneOf(input, forbiddenChars))
|
||||
throw new Error("Input containing unsafe characters.");
|
||||
|
||||
if (input != input.trim())
|
||||
throw new Error("Input has unexpected spaces.");
|
||||
|
||||
return input;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,127 @@
|
|||
|
||||
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
|
||||
import { Session } from "./Session";
|
||||
import { ConnectorFactoryStub } from "./connector/ConnectorFactoryStub.spec";
|
||||
import { ConnectorStub } from "./connector/ConnectorStub.spec";
|
||||
|
||||
import Sinon = require("sinon");
|
||||
import BluebirdPromise = require("bluebird");
|
||||
import Assert = require("assert");
|
||||
import Winston = require("winston");
|
||||
|
||||
describe("ldap/Session", function () {
|
||||
const USERNAME = "username";
|
||||
const ADMIN_USER_DN = "cn=admin,dc=example,dc=com";
|
||||
const ADMIN_PASSWORD = "password";
|
||||
|
||||
it("should replace {0} by username when searching for groups in LDAP", function () {
|
||||
const options: LdapConfiguration = {
|
||||
url: "ldap://ldap",
|
||||
additional_users_dn: "ou=users",
|
||||
additional_groups_dn: "ou=groups",
|
||||
base_dn: "dc=example,dc=com",
|
||||
users_filter: "cn={0}",
|
||||
groups_filter: "member=cn={0},ou=users,dc=example,dc=com",
|
||||
group_name_attribute: "cn",
|
||||
mail_attribute: "mail",
|
||||
user: "cn=admin,dc=example,dc=com",
|
||||
password: "password"
|
||||
};
|
||||
const connectorStub = new ConnectorStub();
|
||||
connectorStub.searchAsyncStub.returns(BluebirdPromise.resolve([{
|
||||
cn: "group1"
|
||||
}]));
|
||||
const client = new Session(ADMIN_USER_DN, ADMIN_PASSWORD, options, connectorStub, Winston);
|
||||
|
||||
return client.searchGroups("user1")
|
||||
.then(function () {
|
||||
Assert.equal(connectorStub.searchAsyncStub.getCall(0).args[1].filter,
|
||||
"member=cn=user1,ou=users,dc=example,dc=com");
|
||||
});
|
||||
});
|
||||
|
||||
it("should replace {dn} by user DN when searching for groups in LDAP", function () {
|
||||
const USER_DN = "cn=user1,ou=users,dc=example,dc=com";
|
||||
const options: LdapConfiguration = {
|
||||
url: "ldap://ldap",
|
||||
additional_users_dn: "ou=users",
|
||||
additional_groups_dn: "ou=groups",
|
||||
base_dn: "dc=example,dc=com",
|
||||
users_filter: "cn={0}",
|
||||
groups_filter: "member={dn}",
|
||||
group_name_attribute: "cn",
|
||||
mail_attribute: "mail",
|
||||
user: "cn=admin,dc=example,dc=com",
|
||||
password: "password"
|
||||
};
|
||||
const ldapClient = new ConnectorStub();
|
||||
|
||||
// Retrieve user DN
|
||||
ldapClient.searchAsyncStub.withArgs("ou=users,dc=example,dc=com", {
|
||||
scope: "sub",
|
||||
sizeLimit: 1,
|
||||
attributes: ["dn"],
|
||||
filter: "cn=user1"
|
||||
}).returns(BluebirdPromise.resolve([{
|
||||
dn: USER_DN
|
||||
}]));
|
||||
|
||||
// Retrieve groups
|
||||
ldapClient.searchAsyncStub.withArgs("ou=groups,dc=example,dc=com", {
|
||||
scope: "sub",
|
||||
attributes: ["cn"],
|
||||
filter: "member=" + USER_DN
|
||||
}).returns(BluebirdPromise.resolve([{
|
||||
cn: "group1"
|
||||
}]));
|
||||
|
||||
const client = new Session(ADMIN_USER_DN, ADMIN_PASSWORD, options, ldapClient, Winston);
|
||||
|
||||
return client.searchGroups("user1")
|
||||
.then(function (groups: string[]) {
|
||||
Assert.deepEqual(groups, ["group1"]);
|
||||
});
|
||||
});
|
||||
|
||||
it("should retrieve mail from custom attribute", function () {
|
||||
const USER_DN = "cn=user1,ou=users,dc=example,dc=com";
|
||||
const options: LdapConfiguration = {
|
||||
url: "ldap://ldap",
|
||||
additional_users_dn: "ou=users",
|
||||
additional_groups_dn: "ou=groups",
|
||||
base_dn: "dc=example,dc=com",
|
||||
users_filter: "cn={0}",
|
||||
groups_filter: "member={dn}",
|
||||
group_name_attribute: "cn",
|
||||
mail_attribute: "custom_mail",
|
||||
user: "cn=admin,dc=example,dc=com",
|
||||
password: "password"
|
||||
};
|
||||
const connector = new ConnectorStub();
|
||||
// Retrieve user DN
|
||||
connector.searchAsyncStub.withArgs("ou=users,dc=example,dc=com", {
|
||||
scope: "sub",
|
||||
sizeLimit: 1,
|
||||
attributes: ["dn"],
|
||||
filter: "cn=user1"
|
||||
}).returns(BluebirdPromise.resolve([{
|
||||
dn: USER_DN
|
||||
}]));
|
||||
|
||||
// Retrieve email
|
||||
connector.searchAsyncStub.withArgs("cn=user1,ou=users,dc=example,dc=com", {
|
||||
scope: "base",
|
||||
sizeLimit: 1,
|
||||
attributes: ["custom_mail"],
|
||||
}).returns(BluebirdPromise.resolve([{
|
||||
custom_mail: "user1@example.com"
|
||||
}]));
|
||||
|
||||
const client = new Session(ADMIN_USER_DN, ADMIN_PASSWORD, options, connector, Winston);
|
||||
|
||||
return client.searchEmails("user1")
|
||||
.then(function (emails: string[]) {
|
||||
Assert.deepEqual(emails, ["user1@example.com"]);
|
||||
});
|
||||
});
|
||||
});
|
|
@ -0,0 +1,156 @@
|
|||
import BluebirdPromise = require("bluebird");
|
||||
import exceptions = require("../../../Exceptions");
|
||||
import { EventEmitter } from "events";
|
||||
import { ISession } from "./ISession";
|
||||
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
|
||||
import { Winston } from "../../../../../types/Dependencies";
|
||||
import Util = require("util");
|
||||
import { HashGenerator } from "../../../utils/HashGenerator";
|
||||
import { IConnector } from "./connector/IConnector";
|
||||
|
||||
export class Session implements ISession {
|
||||
private userDN: string;
|
||||
private password: string;
|
||||
private connector: IConnector;
|
||||
private logger: Winston;
|
||||
private options: LdapConfiguration;
|
||||
|
||||
private groupsSearchBase: string;
|
||||
private usersSearchBase: string;
|
||||
|
||||
constructor(userDN: string, password: string, options: LdapConfiguration,
|
||||
connector: IConnector, logger: Winston) {
|
||||
this.options = options;
|
||||
this.logger = logger;
|
||||
this.userDN = userDN;
|
||||
this.password = password;
|
||||
this.connector = connector;
|
||||
|
||||
this.groupsSearchBase = (this.options.additional_groups_dn)
|
||||
? Util.format("%s,%s", this.options.additional_groups_dn, this.options.base_dn)
|
||||
: this.options.base_dn;
|
||||
|
||||
this.usersSearchBase = (this.options.additional_users_dn)
|
||||
? Util.format("%s,%s", this.options.additional_users_dn, this.options.base_dn)
|
||||
: this.options.base_dn;
|
||||
}
|
||||
|
||||
open(): BluebirdPromise<void> {
|
||||
this.logger.debug("LDAP: Bind user '%s'", this.userDN);
|
||||
return this.connector.bindAsync(this.userDN, this.password)
|
||||
.error(function (err: Error) {
|
||||
return BluebirdPromise.reject(new exceptions.LdapBindError(err.message));
|
||||
});
|
||||
}
|
||||
|
||||
close(): BluebirdPromise<void> {
|
||||
this.logger.debug("LDAP: Unbind user '%s'", this.userDN);
|
||||
return this.connector.unbindAsync()
|
||||
.error(function (err: Error) {
|
||||
return BluebirdPromise.reject(new exceptions.LdapBindError(err.message));
|
||||
});
|
||||
}
|
||||
|
||||
private createGroupsFilter(userGroupsFilter: string, username: string): BluebirdPromise<string> {
|
||||
if (userGroupsFilter.indexOf("{0}") > 0) {
|
||||
return BluebirdPromise.resolve(userGroupsFilter.replace("{0}", username));
|
||||
}
|
||||
else if (userGroupsFilter.indexOf("{dn}") > 0) {
|
||||
return this.searchUserDn(username)
|
||||
.then(function (userDN: string) {
|
||||
return BluebirdPromise.resolve(userGroupsFilter.replace("{dn}", userDN));
|
||||
});
|
||||
}
|
||||
return BluebirdPromise.resolve(userGroupsFilter);
|
||||
}
|
||||
|
||||
searchGroups(username: string): BluebirdPromise<string[]> {
|
||||
const that = this;
|
||||
return this.createGroupsFilter(this.options.groups_filter, username)
|
||||
.then(function (groupsFilter: string) {
|
||||
that.logger.debug("Computed groups filter is %s", groupsFilter);
|
||||
const query = {
|
||||
scope: "sub",
|
||||
attributes: [that.options.group_name_attribute],
|
||||
filter: groupsFilter
|
||||
};
|
||||
return that.connector.searchAsync(that.groupsSearchBase, query);
|
||||
})
|
||||
.then(function (docs: { cn: string }[]) {
|
||||
const groups = docs.map((doc: any) => { return doc.cn; });
|
||||
that.logger.debug("LDAP: groups of user %s are [%s]", username, groups.join(","));
|
||||
return BluebirdPromise.resolve(groups);
|
||||
});
|
||||
}
|
||||
|
||||
searchUserDn(username: string): BluebirdPromise<string> {
|
||||
const that = this;
|
||||
const filter = this.options.users_filter.replace("{0}", username);
|
||||
this.logger.debug("Computed users filter is %s", filter);
|
||||
const query = {
|
||||
scope: "sub",
|
||||
sizeLimit: 1,
|
||||
attributes: ["dn"],
|
||||
filter: filter
|
||||
};
|
||||
|
||||
that.logger.debug("LDAP: searching for user dn of %s", username);
|
||||
return that.connector.searchAsync(this.usersSearchBase, query)
|
||||
.then(function (users: { dn: string }[]) {
|
||||
if (users.length > 0) {
|
||||
that.logger.debug("LDAP: retrieved user dn is %s", users[0].dn);
|
||||
return BluebirdPromise.resolve(users[0].dn);
|
||||
}
|
||||
return BluebirdPromise.reject(new Error(
|
||||
Util.format("No user DN found for user '%s'", username)));
|
||||
});
|
||||
}
|
||||
|
||||
searchEmails(username: string): BluebirdPromise<string[]> {
|
||||
const that = this;
|
||||
const query = {
|
||||
scope: "base",
|
||||
sizeLimit: 1,
|
||||
attributes: [this.options.mail_attribute]
|
||||
};
|
||||
|
||||
return this.searchUserDn(username)
|
||||
.then(function (userDN) {
|
||||
return that.connector.searchAsync(userDN, query);
|
||||
})
|
||||
.then(function (docs: { [mail_attribute: string]: string }[]) {
|
||||
const emails: string[] = docs
|
||||
.filter((d) => { return typeof d[that.options.mail_attribute] === "string"; })
|
||||
.map((d) => { return d[that.options.mail_attribute]; });
|
||||
that.logger.debug("LDAP: emails of user '%s' are %s", username, emails);
|
||||
return BluebirdPromise.resolve(emails);
|
||||
})
|
||||
.catch(function (err: Error) {
|
||||
return BluebirdPromise.reject(new exceptions.LdapError("Error while searching emails. " + err.stack));
|
||||
});
|
||||
}
|
||||
|
||||
modifyPassword(username: string, newPassword: string): BluebirdPromise<void> {
|
||||
const that = this;
|
||||
this.logger.debug("LDAP: update password of user '%s'", username);
|
||||
return this.searchUserDn(username)
|
||||
.then(function (userDN: string) {
|
||||
return BluebirdPromise.join(
|
||||
HashGenerator.ssha512(newPassword),
|
||||
BluebirdPromise.resolve(userDN));
|
||||
})
|
||||
.then(function (res: string[]) {
|
||||
const change = {
|
||||
operation: "replace",
|
||||
modification: {
|
||||
userPassword: res[0]
|
||||
}
|
||||
};
|
||||
that.logger.debug("Password new='%s'", change.modification.userPassword);
|
||||
return that.connector.modifyAsync(res[1], change);
|
||||
})
|
||||
.then(function () {
|
||||
return that.connector.unbindAsync();
|
||||
});
|
||||
}
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
import Ldapjs = require("ldapjs");
|
||||
import Winston = require("winston");
|
||||
|
||||
import { IConnectorFactory } from "./connector/IConnectorFactory";
|
||||
import { ISessionFactory } from "./ISessionFactory";
|
||||
import { ISession } from "./ISession";
|
||||
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
|
||||
import { Session } from "./Session";
|
||||
import { SafeSession } from "./SafeSession";
|
||||
|
||||
|
||||
export class SessionFactory implements ISessionFactory {
|
||||
private config: LdapConfiguration;
|
||||
private connectorFactory: IConnectorFactory;
|
||||
private logger: typeof Winston;
|
||||
|
||||
constructor(ldapConfiguration: LdapConfiguration,
|
||||
connectorFactory: IConnectorFactory,
|
||||
logger: typeof Winston) {
|
||||
this.config = ldapConfiguration;
|
||||
this.connectorFactory = connectorFactory;
|
||||
this.logger = logger;
|
||||
}
|
||||
|
||||
create(userDN: string, password: string): ISession {
|
||||
const connector = this.connectorFactory.create();
|
||||
return new SafeSession(
|
||||
new Session(
|
||||
userDN,
|
||||
password,
|
||||
this.config,
|
||||
connector,
|
||||
this.logger
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
import Sinon = require("sinon");
|
||||
|
||||
import { ISession } from "./ISession";
|
||||
import { ISessionFactory } from "./ISessionFactory";
|
||||
|
||||
export class SessionFactoryStub implements ISessionFactory {
|
||||
createStub: Sinon.SinonStub;
|
||||
|
||||
constructor() {
|
||||
this.createStub = Sinon.stub();
|
||||
}
|
||||
|
||||
create(userDN: string, password: string): ISession {
|
||||
return this.createStub(userDN, password);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
import Bluebird = require("bluebird");
|
||||
import Sinon = require("sinon");
|
||||
|
||||
import { ISession } from "./ISession";
|
||||
|
||||
export class SessionStub implements ISession {
|
||||
openStub: Sinon.SinonStub;
|
||||
closeStub: Sinon.SinonStub;
|
||||
searchUserDnStub: Sinon.SinonStub;
|
||||
searchEmailsStub: Sinon.SinonStub;
|
||||
searchGroupsStub: Sinon.SinonStub;
|
||||
modifyPasswordStub: Sinon.SinonStub;
|
||||
|
||||
constructor() {
|
||||
this.openStub = Sinon.stub();
|
||||
this.closeStub = Sinon.stub();
|
||||
this.searchUserDnStub = Sinon.stub();
|
||||
this.searchEmailsStub = Sinon.stub();
|
||||
this.searchGroupsStub = Sinon.stub();
|
||||
this.modifyPasswordStub = Sinon.stub();
|
||||
}
|
||||
|
||||
open(): Bluebird<void> {
|
||||
return this.openStub();
|
||||
}
|
||||
|
||||
close(): Bluebird<void> {
|
||||
return this.closeStub();
|
||||
}
|
||||
|
||||
searchUserDn(username: string): Bluebird<string> {
|
||||
return this.searchUserDnStub(username);
|
||||
}
|
||||
|
||||
searchEmails(username: string): Bluebird<string[]> {
|
||||
return this.searchEmailsStub(username);
|
||||
}
|
||||
|
||||
searchGroups(username: string): Bluebird<string[]> {
|
||||
return this.searchGroupsStub(username);
|
||||
}
|
||||
|
||||
modifyPassword(username: string, newPassword: string): Bluebird<void> {
|
||||
return this.modifyPasswordStub(username, newPassword);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
import LdapJs = require("ldapjs");
|
||||
import EventEmitter = require("events");
|
||||
import Bluebird = require("bluebird");
|
||||
import { IConnector } from "./IConnector";
|
||||
import Exceptions = require("../../../../Exceptions");
|
||||
|
||||
interface SearchEntry {
|
||||
object: any;
|
||||
}
|
||||
|
||||
export interface ClientAsync {
|
||||
on(event: string, callback: (data?: any) => void): void;
|
||||
bindAsync(username: string, password: string): Bluebird<void>;
|
||||
unbindAsync(): Bluebird<void>;
|
||||
searchAsync(base: string, query: LdapJs.SearchOptions): Bluebird<EventEmitter>;
|
||||
modifyAsync(userdn: string, change: LdapJs.Change): Bluebird<void>;
|
||||
}
|
||||
|
||||
export class Connector implements IConnector {
|
||||
private client: ClientAsync;
|
||||
|
||||
constructor(url: string, ldapjs: typeof LdapJs) {
|
||||
const ldapClient = ldapjs.createClient({
|
||||
url: url,
|
||||
reconnect: true
|
||||
});
|
||||
|
||||
/*const clientLogger = (ldapClient as any).log;
|
||||
if (clientLogger) {
|
||||
clientLogger.level("trace");
|
||||
}*/
|
||||
|
||||
this.client = Bluebird.promisifyAll(ldapClient) as any;
|
||||
}
|
||||
|
||||
bindAsync(username: string, password: string): Bluebird<void> {
|
||||
return this.client.bindAsync(username, password);
|
||||
}
|
||||
|
||||
unbindAsync(): Bluebird<void> {
|
||||
return this.client.unbindAsync();
|
||||
}
|
||||
|
||||
searchAsync(base: string, query: any): Bluebird<any[]> {
|
||||
const that = this;
|
||||
return this.client.searchAsync(base, query)
|
||||
.then(function (res: EventEmitter) {
|
||||
const doc: SearchEntry[] = [];
|
||||
return new Bluebird<any[]>((resolve, reject) => {
|
||||
res.on("searchEntry", function (entry: SearchEntry) {
|
||||
doc.push(entry.object);
|
||||
});
|
||||
res.on("error", function (err: Error) {
|
||||
reject(new Exceptions.LdapSearchError(err.message));
|
||||
});
|
||||
res.on("end", function () {
|
||||
resolve(doc);
|
||||
});
|
||||
});
|
||||
})
|
||||
.catch(function (err: Error) {
|
||||
return Bluebird.reject(new Exceptions.LdapSearchError(err.message));
|
||||
});
|
||||
}
|
||||
|
||||
modifyAsync(dn: string, changeRequest: any): Bluebird<void> {
|
||||
return this.client.modifyAsync(dn, changeRequest);
|
||||
}
|
||||
}
|