diff --git a/.gitignore b/.gitignore index ca068bf0..a8d1d2b9 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,9 @@ # NodeJs modules node_modules/ +# npm debug logs +npm-debug.log* + # Coverage reports coverage/ @@ -24,3 +27,5 @@ notifications/ # Generated by TypeScript compiler dist/ + +.nyc_output/ diff --git a/.travis.yml b/.travis.yml index 7503d1ed..c26d76f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ addons: before_install: npm install -g npm@'>=2.13.5' script: - grunt test -- grunt build +- grunt dist - grunt docker-build - docker-compose build - docker-compose up -d diff --git a/Dockerfile b/Dockerfile index eef8b58f..aec7ddcf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /usr/src COPY package.json /usr/src/package.json RUN npm install --production -COPY dist/src /usr/src +COPY dist/src/server /usr/src ENV PORT=80 EXPOSE 80 diff --git a/Gruntfile.js b/Gruntfile.js index 4b248405..a4d08ccc 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -1,10 +1,12 @@ -module.exports = function(grunt) { +module.exports = function (grunt) { + const buildDir = "dist"; + grunt.initConfig({ run: { options: {}, - "build-ts": { + "build": { cmd: "npm", - args: ['run', 'build-ts'] + args: ['run', 'build'] }, "tslint": { cmd: "npm", @@ -17,39 +19,136 @@ module.exports = function(grunt) { "docker-build": { cmd: "docker", args: ['build', '-t', 'clems4ever/authelia', '.'] + }, + "docker-restart": { + cmd: "docker-compose", + args: ['-f', 'docker-compose.yml', '-f', 'docker-compose.dev.yml', 'restart', 'auth'] + }, + "minify": { + cmd: "./node_modules/.bin/uglifyjs", + args: [`${buildDir}/src/server/public_html/js/authelia.js`, '-o', `${buildDir}/src/server/public_html/js/authelia.min.js`] + }, + "apidoc": { + cmd: "./node_modules/.bin/apidoc", + args: ["-i", "src/server", "-o", "doc"] } }, copy: { resources: { expand: true, - cwd: 'src/resources/', + cwd: 'src/server/resources/', src: '**', - dest: 'dist/src/resources/' + dest: `${buildDir}/src/server/resources/` }, views: { expand: true, - cwd: 'src/views/', + cwd: 'src/server/views/', src: '**', - dest: 'dist/src/views/' + dest: `${buildDir}/src/server/views/` }, - public_html: { + images: { expand: true, - cwd: 'src/public_html/', + cwd: 'src/client/img', src: '**', - dest: 'dist/src/public_html/' + dest: `${buildDir}/src/server/public_html/img/` + }, + thirdparties: { + expand: true, + cwd: 'src/client/thirdparties', + src: '**', + dest: `${buildDir}/src/server/public_html/js/` + }, + }, + browserify: { + dist: { + src: ['dist/src/client/index.js'], + dest: `${buildDir}/src/server/public_html/js/authelia.js`, + options: { + browserifyOptions: { + standalone: 'authelia' + }, + }, + }, + }, + watch: { + views: { + files: ['src/server/views/**/*.pug'], + tasks: ['copy:views'], + options: { + interrupt: false, + atBegin: true + } + }, + resources: { + files: ['src/server/resources/*.ejs'], + tasks: ['copy:resources'], + options: { + interrupt: false, + atBegin: true + } + }, + images: { + files: ['src/client/img/**'], + tasks: ['copy:images'], + options: { + interrupt: false, + atBegin: true + } + }, + css: { + files: ['src/client/**/*.css'], + tasks: ['concat:css', 'cssmin'], + options: { + interrupt: true, + atBegin: true + } + }, + client: { + files: ['src/client/**/*.ts', 'test/client/**/*.ts'], + tasks: ['build'], + options: { + interrupt: true, + atBegin: true + } + }, + server: { + files: ['src/server/**/*.ts', 'test/server/**/*.ts'], + tasks: ['build', 'run:docker-restart'], + options: { + interrupt: true, + } + } + }, + concat: { + css: { + src: ['src/client/css/*.css'], + dest: `${buildDir}/src/server/public_html/css/authelia.css` + }, + }, + cssmin: { + target: { + files: { + [`${buildDir}/src/server/public_html/css/authelia.min.css`]: [`${buildDir}/src/server/public_html/css/authelia.css`] + } } } }); + grunt.loadNpmTasks('grunt-browserify'); + grunt.loadNpmTasks('grunt-contrib-concat'); + grunt.loadNpmTasks('grunt-contrib-copy'); + grunt.loadNpmTasks('grunt-contrib-cssmin'); + grunt.loadNpmTasks('grunt-contrib-watch'); grunt.loadNpmTasks('grunt-run'); - grunt.loadNpmTasks('grunt-contrib-copy'); grunt.registerTask('default', ['build']); - - grunt.registerTask('res', ['copy:resources', 'copy:views', 'copy:public_html']); - grunt.registerTask('build', ['run:tslint', 'run:build-ts', 'res']); + grunt.registerTask('build-resources', ['copy:resources', 'copy:views', 'copy:images', 'copy:thirdparties', 'concat:css', 'cssmin']); + grunt.registerTask('build', ['run:tslint', 'run:build', 'browserify:dist']); + grunt.registerTask('dist', ['build', 'build-resources', 'run:minify', 'cssmin']); + grunt.registerTask('docker-build', ['run:docker-build']); + grunt.registerTask('docker-restart', ['run:docker-restart']); grunt.registerTask('test', ['run:test']); }; diff --git a/README.md b/README.md index 57311feb..ab5aaeea 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,8 @@ email address. For the sake of the example, the email is delivered in the file ./notifications/notification.txt. Paste the link in your browser and you should be able to reset the password. +![reset-password](https://raw.githubusercontent.com/clems4ever/authelia/master/images/reset_password.png) + ### Access Control With **Authelia**, you can define your own access control rules for restricting the access to certain subdomains to your users. Those rules are defined in the diff --git a/config.template.yml b/config.template.yml index 4a112c92..2b234c11 100644 --- a/config.template.yml +++ b/config.template.yml @@ -76,7 +76,7 @@ session: # The directory where the DB files will be saved -store_directory: /var/lib/auth-server/store +store_directory: /var/lib/authelia/store # Notifications are sent to users when they require a password reset, a u2f diff --git a/doc/api_data.js b/doc/api_data.js index 3591eab6..2eacc2aa 100644 --- a/doc/api_data.js +++ b/doc/api_data.js @@ -1,67 +1,9 @@ define({ "api": [ - { - "type": "post", - "url": "/authentication/2ndfactor/u2f/sign", - "title": "U2F Complete authentication", - "name": "CompleteU2FAuthentication", - "group": "Authentication", - "version": "1.0.0", - "success": { - "fields": { - "Success 204": [ - { - "group": "Success 204", - "optional": false, - "field": "status", - "description": "

The U2F authentication succeeded.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "type": "none", - "optional": false, - "field": "error", - "description": "

No authentication request has been provided.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" - } - ] - } - }, - "description": "

Complete authentication request of the U2F device.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Authentication", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, { "type": "get", - "url": "/authentication/2ndfactor/u2f/sign_request", - "title": "U2F Start authentication", - "name": "StartU2FAuthentication", + "url": "/", + "title": "First factor page", + "name": "Login", "group": "Authentication", "version": "1.0.0", "success": { @@ -69,56 +11,82 @@ define({ "api": [ "Success 200": [ { "group": "Success 200", + "type": "String", "optional": false, - "field": "authentication_request", - "description": "

The U2F authentication request.

" + "field": "Content", + "description": "

The content of the first factor page.

" } ] } }, - "error": { + "description": "

Serves the login page and create a create a cookie for the client.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "Authentication" + }, + { + "type": "get", + "url": "/logout", + "title": "Serves logout page", + "name": "Logout", + "group": "Authentication", + "version": "1.0.0", + "parameter": { "fields": { - "Error 401": [ + "Parameter": [ { - "group": "Error 401", - "type": "none", - "optional": false, - "field": "error", - "description": "

There is no key registered for user in session.

" - } - ], - "Error 500": [ - { - "group": "Error 500", + "group": "Parameter", "type": "String", "optional": false, - "field": "error", - "description": "

Internal error message.

" + "field": "redirect", + "description": "

Redirect to this URL when user is deauthenticated.

" } ] } }, - "description": "

Initiate an authentication request using a U2F device.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Authentication", - "header": { + "success": { "fields": { - "Header": [ + "Success 302": [ { - "group": "Header", - "type": "String", + "group": "Success 302", "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "field": "redirect", + "description": "

Redirect to the URL.

" } ] } - } + }, + "description": "

Log out the user and redirect to the URL.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "Authentication" + }, + { + "type": "get", + "url": "/secondfactor", + "title": "Second factor page", + "name": "SecondFactor", + "group": "Authentication", + "version": "1.0.0", + "success": { + "fields": { + "Success 200": [ + { + "group": "Success 200", + "type": "String", + "optional": false, + "field": "Content", + "description": "

The content of second factor page.

" + } + ] + } + }, + "description": "

Serves the second factor page

", + "filename": "src/server/endpoints.ts", + "groupTitle": "Authentication" }, { "type": "post", - "url": "/authentication/1stfactor", - "title": "LDAP authentication", + "url": "/1stfactor", + "title": "Bind user against LDAP", "name": "ValidateFirstFactor", "group": "Authentication", "version": "1.0.0", @@ -165,15 +133,6 @@ define({ "api": [ "description": "

1st factor is not validated.

" } ], - "Error 403": [ - { - "group": "Error 403", - "type": "none", - "optional": false, - "field": "error", - "description": "

Access has been restricted after too many authentication attempts

" - } - ], "Error 500": [ { "group": "Error 500", @@ -186,7 +145,7 @@ define({ "api": [ } }, "description": "

Verify credentials against the LDAP.

", - "filename": "src/lib/setup_endpoints.js", + "filename": "src/server/endpoints.ts", "groupTitle": "Authentication", "header": { "fields": { @@ -196,7 +155,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -204,10 +163,343 @@ define({ "api": [ }, { "type": "post", - "url": "/authentication/2ndfactor/totp", - "title": "TOTP authentication", + "url": "/reset-password/request", + "title": "Finish password reset request", + "name": "FinishPasswordResetRequest", + "group": "PasswordReset", + "version": "1.0.0", + "description": "

Start password reset request.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "identity_token", + "description": "

The one-time identity validation token provided in the email.

" + } + ] + } + }, + "success": { + "fields": { + "Success 200": [ + { + "group": "Success 200", + "type": "String", + "optional": false, + "field": "content", + "description": "

The content of the page.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/password-reset/request", + "title": "Request username", + "name": "ServePasswordResetPage", + "group": "PasswordReset", + "version": "1.0.0", + "description": "

Serve a page that requires the username.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + } + }, + { + "type": "post", + "url": "/api/password-reset", + "title": "Set new password", + "name": "SetNewLDAPPassword", + "group": "PasswordReset", + "version": "1.0.0", + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "password", + "description": "

New password

" + } + ] + } + }, + "description": "

Set a new password for the user.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/password-reset/identity/start", + "title": "Start password reset request", + "name": "StartPasswordResetRequest", + "group": "PasswordReset", + "version": "1.0.0", + "description": "

Start password reset request.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "success": { + "fields": { + "Success 204": [ + { + "group": "Success 204", + "optional": false, + "field": "status", + "description": "

Identity validation has been initiated.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 400": [ + { + "group": "Error 400", + "optional": false, + "field": "InvalidIdentity", + "description": "

User identity is invalid.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/secondfactor/totp/identity/finish", + "title": "Finish TOTP registration identity validation", + "name": "FinishTOTPRegistration", + "group": "TOTP", + "version": "1.0.0", + "description": "

Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "TOTP", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "identity_token", + "description": "

The one-time identity validation token provided in the email.

" + } + ] + } + }, + "success": { + "fields": { + "Success 200": [ + { + "group": "Success 200", + "type": "String", + "optional": false, + "field": "content", + "description": "

The content of the page.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/secondfactor/totp/identity/start", + "title": "Start TOTP registration identity validation", + "name": "StartTOTPRegistration", + "group": "TOTP", + "version": "1.0.0", + "description": "

Initiates the identity validation

", + "filename": "src/server/endpoints.ts", + "groupTitle": "TOTP", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "success": { + "fields": { + "Success 204": [ + { + "group": "Success 204", + "optional": false, + "field": "status", + "description": "

Identity validation has been initiated.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 400": [ + { + "group": "Error 400", + "optional": false, + "field": "InvalidIdentity", + "description": "

User identity is invalid.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "post", + "url": "/api/totp", + "title": "Complete TOTP authentication", "name": "ValidateTOTPSecondFactor", - "group": "Authentication", + "group": "TOTP", "version": "1.0.0", "parameter": { "fields": { @@ -224,12 +516,12 @@ define({ "api": [ }, "success": { "fields": { - "Success 204": [ + "Success 302": [ { - "group": "Success 204", + "group": "Success 302", "optional": false, - "field": "status", - "description": "

TOTP token is valid.

" + "field": "Redirect", + "description": "

to the URL that has been stored during last call to /verify.

" } ] } @@ -257,8 +549,8 @@ define({ "api": [ } }, "description": "

Verify TOTP token. The user is authenticated upon success.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Authentication", + "filename": "src/server/endpoints.ts", + "groupTitle": "TOTP", "header": { "fields": { "Header": [ @@ -267,222 +559,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, - { - "type": "get", - "url": "/authentication/login", - "title": "Serve login page", - "name": "Login", - "group": "Pages", - "version": "1.0.0", - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "redirect", - "description": "

Redirect to this URL when user is authenticated.

" - } - ] - } - }, - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "Content", - "description": "

The content of the login page.

" - } - ] - } - }, - "description": "

Create a user session and serve the login page along with a cookie.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages" - }, - { - "type": "get", - "url": "/authentication/logout", - "title": "Server logout page", - "name": "Logout", - "group": "Pages", - "version": "1.0.0", - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "redirect", - "description": "

Redirect to this URL when user is deauthenticated.

" - } - ] - } - }, - "success": { - "fields": { - "Success 301": [ - { - "group": "Success 301", - "optional": false, - "field": "redirect", - "description": "

Redirect to the URL.

" - } - ] - } - }, - "description": "

Deauthenticate the user and redirect him.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages" - }, - { - "type": "get", - "url": "/authentication/reset-password", - "title": "Serve password reset form.", - "name": "ServePasswordResetForm", - "group": "Pages", - "version": "1.0.0", - "description": "

Serves password reset form that allow the user to provide the new password.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "identity_token", - "description": "

The one-time identity validation token provided in the email.

" - } - ] - } - }, - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "content", - "description": "

The content of the page.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" - } - ] - } - } - }, - { - "type": "get", - "url": "/authentication/u2f-register", - "title": "Serve U2F registration page", - "name": "ServeU2FRegistrationPage", - "group": "Pages", - "version": "1.0.0", - "description": "

Serves the U2F registration page that asks the user to touch the token of the U2F device.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "identity_token", - "description": "

The one-time identity validation token provided in the email.

" - } - ] - } - }, - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "content", - "description": "

The content of the page.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -490,19 +567,19 @@ define({ "api": [ }, { "type": "post", - "url": "/authentication/2ndfactor/u2f/register", - "title": "U2F Complete device registration", - "name": "CompleteU2FRegistration", - "group": "Registration", + "url": "/api/u2f/sign", + "title": "Complete U2F authentication", + "name": "CompleteU2FAuthentication", + "group": "U2F", "version": "1.0.0", "success": { "fields": { - "Success 204": [ + "Success 302": [ { - "group": "Success 204", + "group": "Success 302", "optional": false, - "field": "status", - "description": "

The U2F registration succeeded.

" + "field": "Redirect", + "description": "

to the URL that has been stored during last call to /verify.

" } ] } @@ -515,7 +592,7 @@ define({ "api": [ "type": "none", "optional": false, "field": "error", - "description": "

Unexpected identity validation challenge.

" + "description": "

No authentication request has been provided.

" } ], "Error 500": [ @@ -529,9 +606,45 @@ define({ "api": [ ] } }, + "description": "

Complete authentication request of the U2F device.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + } + }, + { + "type": "post", + "url": "/api/secondfactor/u2f/register", + "title": "Complete U2F registration", + "name": "FinishU2FRegistration", + "group": "U2F", + "version": "1.0.0", + "success": { + "fields": { + "Success 302": [ + { + "group": "Success 302", + "optional": false, + "field": "Redirect", + "description": "

to the URL that has been stored during last call to /verify.

" + } + ] + } + }, "description": "

Complete U2F registration request.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -540,137 +653,13 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, - { - "type": "post", - "url": "/authentication/new-totp-secret", - "title": "Generate TOTP secret", - "name": "GenerateTOTPSecret", - "group": "Registration", - "version": "1.0.0", - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "base32", - "description": "

The base32 representation of the secret.

" - }, - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "ascii", - "description": "

The ASCII representation of the secret.

" - }, - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "qrcode", - "description": "

The QRCode of the secret in URI format.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "error": { "fields": { - "Error 403": [ - { - "group": "Error 403", - "type": "String", - "optional": false, - "field": "error", - "description": "

No user provided in the session or unexpected identity validation challenge in the session.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message

" - } - ] - } - }, - "description": "

Generate a new TOTP secret and returns it.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, - { - "type": "post", - "url": "/authentication/reset-password", - "title": "Request for password reset", - "name": "RequestPasswordReset", - "group": "Registration", - "version": "1.0.0", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "success": { - "fields": { - "Success 204": [ - { - "group": "Success 204", - "optional": false, - "field": "status", - "description": "

Identity validation has been initiated.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 400": [ - { - "group": "Error 400", - "optional": false, - "field": "InvalidIdentity", - "description": "

User identity is invalid.

" - } - ], "Error 500": [ { "group": "Error 500", @@ -681,83 +670,17 @@ define({ "api": [ } ] } - }, - "description": "

This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.

" + } }, { - "type": "post", - "url": "/authentication/totp-register", - "title": "Request TOTP registration", - "name": "RequestTOTPRegistration", - "group": "Registration", - "version": "1.0.0", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "success": { - "fields": { - "Success 204": [ - { - "group": "Success 204", - "optional": false, - "field": "status", - "description": "

Identity validation has been initiated.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 400": [ - { - "group": "Error 400", - "optional": false, - "field": "InvalidIdentity", - "description": "

User identity is invalid.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" - } - ] - } - }, - "description": "

This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.

" - }, - { - "type": "post", - "url": "/authentication/u2f-register", - "title": "Request U2F registration", + "type": "get", + "url": "/secondfactor/u2f/identity/start", + "title": "Start U2F registration identity validation", "name": "RequestU2FRegistration", - "group": "Registration", + "group": "U2F", "version": "1.0.0", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -766,7 +689,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -816,14 +739,14 @@ define({ "api": [ }, { "type": "get", - "url": "/authentication/totp-register", - "title": "Serve TOTP registration page", - "name": "ServeTOTPRegistrationPage", - "group": "Registration", + "url": "/secondfactor/u2f/identity/finish", + "title": "Finish U2F registration identity validation", + "name": "ServeU2FRegistrationPage", + "group": "U2F", "version": "1.0.0", - "description": "

Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "description": "

Serves the U2F registration page that asks the user to touch the token of the U2F device.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -832,7 +755,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -886,28 +809,49 @@ define({ "api": [ } }, { - "type": "post", - "url": "/authentication/new-password", - "title": "Set LDAP password", - "name": "SetLDAPPassword", - "group": "Registration", + "type": "get", + "url": "/api/u2f/sign_request", + "title": "Start U2F authentication", + "name": "StartU2FAuthentication", + "group": "U2F", "version": "1.0.0", - "parameter": { + "success": { "fields": { - "Parameter": [ + "Success 200": [ { - "group": "Parameter", - "type": "String", + "group": "Success 200", "optional": false, - "field": "password", - "description": "

New password

" + "field": "authentication_request", + "description": "

The U2F authentication request.

" } ] } }, - "description": "

Set a new password for the user.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "error": { + "fields": { + "Error 401": [ + { + "group": "Error 401", + "type": "none", + "optional": false, + "field": "error", + "description": "

There is no key registered for user in session.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + }, + "description": "

Initiate an authentication request using a U2F device.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -916,7 +860,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -924,10 +868,10 @@ define({ "api": [ }, { "type": "get", - "url": "/authentication/2ndfactor/u2f/register_request", - "title": "U2F Start device registration", + "url": "/api/u2f/register_request", + "title": "Start U2F registration", "name": "StartU2FRegistration", - "group": "Registration", + "group": "U2F", "version": "1.0.0", "success": { "fields": { @@ -964,8 +908,8 @@ define({ "api": [ } }, "description": "

Initiate a U2F device registration request.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -974,7 +918,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -982,7 +926,7 @@ define({ "api": [ }, { "type": "get", - "url": "/authentication/verify", + "url": "/verify", "title": "Verify user authentication", "name": "VerifyAuthentication", "group": "Verification", @@ -1012,7 +956,7 @@ define({ "api": [ } }, "description": "

Verify that the user is authenticated, i.e., the two factors have been validated

", - "filename": "src/lib/setup_endpoints.js", + "filename": "src/server/endpoints.ts", "groupTitle": "Verification", "header": { "fields": { @@ -1022,7 +966,7 @@ define({ "api": [ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } diff --git a/doc/api_data.json b/doc/api_data.json index 60247d1f..527b6750 100644 --- a/doc/api_data.json +++ b/doc/api_data.json @@ -1,67 +1,9 @@ [ - { - "type": "post", - "url": "/authentication/2ndfactor/u2f/sign", - "title": "U2F Complete authentication", - "name": "CompleteU2FAuthentication", - "group": "Authentication", - "version": "1.0.0", - "success": { - "fields": { - "Success 204": [ - { - "group": "Success 204", - "optional": false, - "field": "status", - "description": "

The U2F authentication succeeded.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "type": "none", - "optional": false, - "field": "error", - "description": "

No authentication request has been provided.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" - } - ] - } - }, - "description": "

Complete authentication request of the U2F device.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Authentication", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, { "type": "get", - "url": "/authentication/2ndfactor/u2f/sign_request", - "title": "U2F Start authentication", - "name": "StartU2FAuthentication", + "url": "/", + "title": "First factor page", + "name": "Login", "group": "Authentication", "version": "1.0.0", "success": { @@ -69,56 +11,82 @@ "Success 200": [ { "group": "Success 200", + "type": "String", "optional": false, - "field": "authentication_request", - "description": "

The U2F authentication request.

" + "field": "Content", + "description": "

The content of the first factor page.

" } ] } }, - "error": { + "description": "

Serves the login page and create a create a cookie for the client.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "Authentication" + }, + { + "type": "get", + "url": "/logout", + "title": "Serves logout page", + "name": "Logout", + "group": "Authentication", + "version": "1.0.0", + "parameter": { "fields": { - "Error 401": [ + "Parameter": [ { - "group": "Error 401", - "type": "none", - "optional": false, - "field": "error", - "description": "

There is no key registered for user in session.

" - } - ], - "Error 500": [ - { - "group": "Error 500", + "group": "Parameter", "type": "String", "optional": false, - "field": "error", - "description": "

Internal error message.

" + "field": "redirect", + "description": "

Redirect to this URL when user is deauthenticated.

" } ] } }, - "description": "

Initiate an authentication request using a U2F device.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Authentication", - "header": { + "success": { "fields": { - "Header": [ + "Success 302": [ { - "group": "Header", - "type": "String", + "group": "Success 302", "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "field": "redirect", + "description": "

Redirect to the URL.

" } ] } - } + }, + "description": "

Log out the user and redirect to the URL.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "Authentication" + }, + { + "type": "get", + "url": "/secondfactor", + "title": "Second factor page", + "name": "SecondFactor", + "group": "Authentication", + "version": "1.0.0", + "success": { + "fields": { + "Success 200": [ + { + "group": "Success 200", + "type": "String", + "optional": false, + "field": "Content", + "description": "

The content of second factor page.

" + } + ] + } + }, + "description": "

Serves the second factor page

", + "filename": "src/server/endpoints.ts", + "groupTitle": "Authentication" }, { "type": "post", - "url": "/authentication/1stfactor", - "title": "LDAP authentication", + "url": "/1stfactor", + "title": "Bind user against LDAP", "name": "ValidateFirstFactor", "group": "Authentication", "version": "1.0.0", @@ -165,15 +133,6 @@ "description": "

1st factor is not validated.

" } ], - "Error 403": [ - { - "group": "Error 403", - "type": "none", - "optional": false, - "field": "error", - "description": "

Access has been restricted after too many authentication attempts

" - } - ], "Error 500": [ { "group": "Error 500", @@ -186,7 +145,7 @@ } }, "description": "

Verify credentials against the LDAP.

", - "filename": "src/lib/setup_endpoints.js", + "filename": "src/server/endpoints.ts", "groupTitle": "Authentication", "header": { "fields": { @@ -196,7 +155,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -204,10 +163,343 @@ }, { "type": "post", - "url": "/authentication/2ndfactor/totp", - "title": "TOTP authentication", + "url": "/reset-password/request", + "title": "Finish password reset request", + "name": "FinishPasswordResetRequest", + "group": "PasswordReset", + "version": "1.0.0", + "description": "

Start password reset request.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "identity_token", + "description": "

The one-time identity validation token provided in the email.

" + } + ] + } + }, + "success": { + "fields": { + "Success 200": [ + { + "group": "Success 200", + "type": "String", + "optional": false, + "field": "content", + "description": "

The content of the page.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/password-reset/request", + "title": "Request username", + "name": "ServePasswordResetPage", + "group": "PasswordReset", + "version": "1.0.0", + "description": "

Serve a page that requires the username.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + } + }, + { + "type": "post", + "url": "/api/password-reset", + "title": "Set new password", + "name": "SetNewLDAPPassword", + "group": "PasswordReset", + "version": "1.0.0", + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "password", + "description": "

New password

" + } + ] + } + }, + "description": "

Set a new password for the user.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/password-reset/identity/start", + "title": "Start password reset request", + "name": "StartPasswordResetRequest", + "group": "PasswordReset", + "version": "1.0.0", + "description": "

Start password reset request.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "PasswordReset", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "success": { + "fields": { + "Success 204": [ + { + "group": "Success 204", + "optional": false, + "field": "status", + "description": "

Identity validation has been initiated.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 400": [ + { + "group": "Error 400", + "optional": false, + "field": "InvalidIdentity", + "description": "

User identity is invalid.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/secondfactor/totp/identity/finish", + "title": "Finish TOTP registration identity validation", + "name": "FinishTOTPRegistration", + "group": "TOTP", + "version": "1.0.0", + "description": "

Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "TOTP", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "identity_token", + "description": "

The one-time identity validation token provided in the email.

" + } + ] + } + }, + "success": { + "fields": { + "Success 200": [ + { + "group": "Success 200", + "type": "String", + "optional": false, + "field": "content", + "description": "

The content of the page.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "get", + "url": "/secondfactor/totp/identity/start", + "title": "Start TOTP registration identity validation", + "name": "StartTOTPRegistration", + "group": "TOTP", + "version": "1.0.0", + "description": "

Initiates the identity validation

", + "filename": "src/server/endpoints.ts", + "groupTitle": "TOTP", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + }, + "success": { + "fields": { + "Success 204": [ + { + "group": "Success 204", + "optional": false, + "field": "status", + "description": "

Identity validation has been initiated.

" + } + ] + } + }, + "error": { + "fields": { + "Error 403": [ + { + "group": "Error 403", + "optional": false, + "field": "AccessDenied", + "description": "

Access is denied.

" + } + ], + "Error 400": [ + { + "group": "Error 400", + "optional": false, + "field": "InvalidIdentity", + "description": "

User identity is invalid.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + } + }, + { + "type": "post", + "url": "/api/totp", + "title": "Complete TOTP authentication", "name": "ValidateTOTPSecondFactor", - "group": "Authentication", + "group": "TOTP", "version": "1.0.0", "parameter": { "fields": { @@ -224,12 +516,12 @@ }, "success": { "fields": { - "Success 204": [ + "Success 302": [ { - "group": "Success 204", + "group": "Success 302", "optional": false, - "field": "status", - "description": "

TOTP token is valid.

" + "field": "Redirect", + "description": "

to the URL that has been stored during last call to /verify.

" } ] } @@ -257,8 +549,8 @@ } }, "description": "

Verify TOTP token. The user is authenticated upon success.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Authentication", + "filename": "src/server/endpoints.ts", + "groupTitle": "TOTP", "header": { "fields": { "Header": [ @@ -267,222 +559,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, - { - "type": "get", - "url": "/authentication/login", - "title": "Serve login page", - "name": "Login", - "group": "Pages", - "version": "1.0.0", - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "redirect", - "description": "

Redirect to this URL when user is authenticated.

" - } - ] - } - }, - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "Content", - "description": "

The content of the login page.

" - } - ] - } - }, - "description": "

Create a user session and serve the login page along with a cookie.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages" - }, - { - "type": "get", - "url": "/authentication/logout", - "title": "Server logout page", - "name": "Logout", - "group": "Pages", - "version": "1.0.0", - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "redirect", - "description": "

Redirect to this URL when user is deauthenticated.

" - } - ] - } - }, - "success": { - "fields": { - "Success 301": [ - { - "group": "Success 301", - "optional": false, - "field": "redirect", - "description": "

Redirect to the URL.

" - } - ] - } - }, - "description": "

Deauthenticate the user and redirect him.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages" - }, - { - "type": "get", - "url": "/authentication/reset-password", - "title": "Serve password reset form.", - "name": "ServePasswordResetForm", - "group": "Pages", - "version": "1.0.0", - "description": "

Serves password reset form that allow the user to provide the new password.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "identity_token", - "description": "

The one-time identity validation token provided in the email.

" - } - ] - } - }, - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "content", - "description": "

The content of the page.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" - } - ] - } - } - }, - { - "type": "get", - "url": "/authentication/u2f-register", - "title": "Serve U2F registration page", - "name": "ServeU2FRegistrationPage", - "group": "Pages", - "version": "1.0.0", - "description": "

Serves the U2F registration page that asks the user to touch the token of the U2F device.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Pages", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "identity_token", - "description": "

The one-time identity validation token provided in the email.

" - } - ] - } - }, - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "content", - "description": "

The content of the page.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -490,19 +567,19 @@ }, { "type": "post", - "url": "/authentication/2ndfactor/u2f/register", - "title": "U2F Complete device registration", - "name": "CompleteU2FRegistration", - "group": "Registration", + "url": "/api/u2f/sign", + "title": "Complete U2F authentication", + "name": "CompleteU2FAuthentication", + "group": "U2F", "version": "1.0.0", "success": { "fields": { - "Success 204": [ + "Success 302": [ { - "group": "Success 204", + "group": "Success 302", "optional": false, - "field": "status", - "description": "

The U2F registration succeeded.

" + "field": "Redirect", + "description": "

to the URL that has been stored during last call to /verify.

" } ] } @@ -515,7 +592,7 @@ "type": "none", "optional": false, "field": "error", - "description": "

Unexpected identity validation challenge.

" + "description": "

No authentication request has been provided.

" } ], "Error 500": [ @@ -529,9 +606,45 @@ ] } }, + "description": "

Complete authentication request of the U2F device.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", + "header": { + "fields": { + "Header": [ + { + "group": "Header", + "type": "String", + "optional": false, + "field": "Cookie", + "description": "

Cookie containing "connect.sid", the user session token.

" + } + ] + } + } + }, + { + "type": "post", + "url": "/api/secondfactor/u2f/register", + "title": "Complete U2F registration", + "name": "FinishU2FRegistration", + "group": "U2F", + "version": "1.0.0", + "success": { + "fields": { + "Success 302": [ + { + "group": "Success 302", + "optional": false, + "field": "Redirect", + "description": "

to the URL that has been stored during last call to /verify.

" + } + ] + } + }, "description": "

Complete U2F registration request.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -540,137 +653,13 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, - { - "type": "post", - "url": "/authentication/new-totp-secret", - "title": "Generate TOTP secret", - "name": "GenerateTOTPSecret", - "group": "Registration", - "version": "1.0.0", - "success": { - "fields": { - "Success 200": [ - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "base32", - "description": "

The base32 representation of the secret.

" - }, - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "ascii", - "description": "

The ASCII representation of the secret.

" - }, - { - "group": "Success 200", - "type": "String", - "optional": false, - "field": "qrcode", - "description": "

The QRCode of the secret in URI format.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "error": { "fields": { - "Error 403": [ - { - "group": "Error 403", - "type": "String", - "optional": false, - "field": "error", - "description": "

No user provided in the session or unexpected identity validation challenge in the session.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message

" - } - ] - } - }, - "description": "

Generate a new TOTP secret and returns it.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - } - }, - { - "type": "post", - "url": "/authentication/reset-password", - "title": "Request for password reset", - "name": "RequestPasswordReset", - "group": "Registration", - "version": "1.0.0", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "success": { - "fields": { - "Success 204": [ - { - "group": "Success 204", - "optional": false, - "field": "status", - "description": "

Identity validation has been initiated.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 400": [ - { - "group": "Error 400", - "optional": false, - "field": "InvalidIdentity", - "description": "

User identity is invalid.

" - } - ], "Error 500": [ { "group": "Error 500", @@ -681,83 +670,17 @@ } ] } - }, - "description": "

This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.

" + } }, { - "type": "post", - "url": "/authentication/totp-register", - "title": "Request TOTP registration", - "name": "RequestTOTPRegistration", - "group": "Registration", - "version": "1.0.0", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", - "header": { - "fields": { - "Header": [ - { - "group": "Header", - "type": "String", - "optional": false, - "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" - } - ] - } - }, - "success": { - "fields": { - "Success 204": [ - { - "group": "Success 204", - "optional": false, - "field": "status", - "description": "

Identity validation has been initiated.

" - } - ] - } - }, - "error": { - "fields": { - "Error 403": [ - { - "group": "Error 403", - "optional": false, - "field": "AccessDenied", - "description": "

Access is denied.

" - } - ], - "Error 400": [ - { - "group": "Error 400", - "optional": false, - "field": "InvalidIdentity", - "description": "

User identity is invalid.

" - } - ], - "Error 500": [ - { - "group": "Error 500", - "type": "String", - "optional": false, - "field": "error", - "description": "

Internal error message.

" - } - ] - } - }, - "description": "

This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.

" - }, - { - "type": "post", - "url": "/authentication/u2f-register", - "title": "Request U2F registration", + "type": "get", + "url": "/secondfactor/u2f/identity/start", + "title": "Start U2F registration identity validation", "name": "RequestU2FRegistration", - "group": "Registration", + "group": "U2F", "version": "1.0.0", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -766,7 +689,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -816,14 +739,14 @@ }, { "type": "get", - "url": "/authentication/totp-register", - "title": "Serve TOTP registration page", - "name": "ServeTOTPRegistrationPage", - "group": "Registration", + "url": "/secondfactor/u2f/identity/finish", + "title": "Finish U2F registration identity validation", + "name": "ServeU2FRegistrationPage", + "group": "U2F", "version": "1.0.0", - "description": "

Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "description": "

Serves the U2F registration page that asks the user to touch the token of the U2F device.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -832,7 +755,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -886,28 +809,49 @@ } }, { - "type": "post", - "url": "/authentication/new-password", - "title": "Set LDAP password", - "name": "SetLDAPPassword", - "group": "Registration", + "type": "get", + "url": "/api/u2f/sign_request", + "title": "Start U2F authentication", + "name": "StartU2FAuthentication", + "group": "U2F", "version": "1.0.0", - "parameter": { + "success": { "fields": { - "Parameter": [ + "Success 200": [ { - "group": "Parameter", - "type": "String", + "group": "Success 200", "optional": false, - "field": "password", - "description": "

New password

" + "field": "authentication_request", + "description": "

The U2F authentication request.

" } ] } }, - "description": "

Set a new password for the user.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "error": { + "fields": { + "Error 401": [ + { + "group": "Error 401", + "type": "none", + "optional": false, + "field": "error", + "description": "

There is no key registered for user in session.

" + } + ], + "Error 500": [ + { + "group": "Error 500", + "type": "String", + "optional": false, + "field": "error", + "description": "

Internal error message.

" + } + ] + } + }, + "description": "

Initiate an authentication request using a U2F device.

", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -916,7 +860,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -924,10 +868,10 @@ }, { "type": "get", - "url": "/authentication/2ndfactor/u2f/register_request", - "title": "U2F Start device registration", + "url": "/api/u2f/register_request", + "title": "Start U2F registration", "name": "StartU2FRegistration", - "group": "Registration", + "group": "U2F", "version": "1.0.0", "success": { "fields": { @@ -964,8 +908,8 @@ } }, "description": "

Initiate a U2F device registration request.

", - "filename": "src/lib/setup_endpoints.js", - "groupTitle": "Registration", + "filename": "src/server/endpoints.ts", + "groupTitle": "U2F", "header": { "fields": { "Header": [ @@ -974,7 +918,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } @@ -982,7 +926,7 @@ }, { "type": "get", - "url": "/authentication/verify", + "url": "/verify", "title": "Verify user authentication", "name": "VerifyAuthentication", "group": "Verification", @@ -1012,7 +956,7 @@ } }, "description": "

Verify that the user is authenticated, i.e., the two factors have been validated

", - "filename": "src/lib/setup_endpoints.js", + "filename": "src/server/endpoints.ts", "groupTitle": "Verification", "header": { "fields": { @@ -1022,7 +966,7 @@ "type": "String", "optional": false, "field": "Cookie", - "description": "

Cookie containing 'connect.sid', the user session token.

" + "description": "

Cookie containing "connect.sid", the user session token.

" } ] } diff --git a/doc/api_project.js b/doc/api_project.js index e51a09d6..9b4ecf09 100644 --- a/doc/api_project.js +++ b/doc/api_project.js @@ -1,15 +1,15 @@ define({ "title": "Authelia API documentation", "name": "authelia", - "version": "1.0.11", - "description": "2-factor authentication server using LDAP as 1st factor and TOTP or U2F as 2nd factor", + "version": "2.1.3", + "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", - "time": "2017-01-29T00:44:17.687Z", + "time": "2017-06-11T20:41:36.025Z", "url": "http://apidocjs.com", - "version": "0.17.5" + "version": "0.17.6" } }); diff --git a/doc/api_project.json b/doc/api_project.json index 8962ef15..b27e7e63 100644 --- a/doc/api_project.json +++ b/doc/api_project.json @@ -1,15 +1,15 @@ { "title": "Authelia API documentation", "name": "authelia", - "version": "1.0.11", - "description": "2-factor authentication server using LDAP as 1st factor and TOTP or U2F as 2nd factor", + "version": "2.1.3", + "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", - "time": "2017-01-29T00:44:17.687Z", + "time": "2017-06-11T20:41:36.025Z", "url": "http://apidocjs.com", - "version": "0.17.5" + "version": "0.17.6" } } diff --git a/doc/css/style.css b/doc/css/style.css index eb953166..6468b2b2 100644 --- a/doc/css/style.css +++ b/doc/css/style.css @@ -172,6 +172,7 @@ pre { border-radius: 6px; position: relative; margin: 10px 0 20px 0; + overflow-x: auto; } pre.prettyprint { diff --git a/doc/index.html b/doc/index.html index d6347f26..5f04deda 100644 --- a/doc/index.html +++ b/doc/index.html @@ -224,7 +224,7 @@
{{#each params.examples}}
-
{{{reformat content type}}}
+
{{reformat content type}}
{{/each}}
@@ -274,7 +274,7 @@ {{#each this}}
- +
{{{type}}}
{{/each}} diff --git a/doc/locales/locale.js b/doc/locales/locale.js index efe980ab..ba82385a 100644 --- a/doc/locales/locale.js +++ b/doc/locales/locale.js @@ -9,6 +9,8 @@ define([ './locales/pt_br.js', './locales/ro.js', './locales/ru.js', + './locales/tr.js', + './locales/vi.js', './locales/zh.js', './locales/zh_cn.js' ], function() { diff --git a/doc/locales/tr.js b/doc/locales/tr.js new file mode 100644 index 00000000..5c64e52d --- /dev/null +++ b/doc/locales/tr.js @@ -0,0 +1,25 @@ +define({ + tr: { + 'Allowed values:' : 'İzin verilen değerler:', + 'Compare all with predecessor': 'Tümünü öncekiler ile karşılaştır', + 'compare changes to:' : 'değişiklikleri karşılaştır:', + 'compared to' : 'karşılaştır', + 'Default value:' : 'Varsayılan değer:', + 'Description' : 'Açıklama', + 'Field' : 'Alan', + 'General' : 'Genel', + 'Generated with' : 'Oluşturan', + 'Name' : 'İsim', + 'No response values.' : 'Dönüş verisi yok.', + 'optional' : 'opsiyonel', + 'Parameter' : 'Parametre', + 'Permission:' : 'İzin:', + 'Response' : 'Dönüş', + 'Send' : 'Gönder', + 'Send a Sample Request' : 'Örnek istek gönder', + 'show up to version:' : 'bu versiyona kadar göster:', + 'Size range:' : 'Boyut aralığı:', + 'Type' : 'Tip', + 'url' : 'url' + } +}); diff --git a/doc/locales/vi.js b/doc/locales/vi.js new file mode 100644 index 00000000..7ce77050 --- /dev/null +++ b/doc/locales/vi.js @@ -0,0 +1,25 @@ +define({ + vi: { + 'Allowed values:' : 'Giá trị chấp nhận:', + 'Compare all with predecessor': 'So sánh với tất cả phiên bản trước', + 'compare changes to:' : 'so sánh sự thay đổi với:', + 'compared to' : 'so sánh với', + 'Default value:' : 'Giá trị mặc định:', + 'Description' : 'Chú thích', + 'Field' : 'Trường dữ liệu', + 'General' : 'Tổng quan', + 'Generated with' : 'Được tạo bởi', + 'Name' : 'Tên', + 'No response values.' : 'Không có kết quả trả về.', + 'optional' : 'Tùy chọn', + 'Parameter' : 'Tham số', + 'Permission:' : 'Quyền hạn:', + 'Response' : 'Kết quả', + 'Send' : 'Gửi', + 'Send a Sample Request' : 'Gửi một yêu cầu mẫu', + 'show up to version:' : 'hiển thị phiên bản:', + 'Size range:' : 'Kích cỡ:', + 'Type' : 'Kiểu', + 'url' : 'liên kết' + } +}); diff --git a/doc/utils/send_sample_request.js b/doc/utils/send_sample_request.js index a03877ec..f2396ea9 100755 --- a/doc/utils/send_sample_request.js +++ b/doc/utils/send_sample_request.js @@ -50,7 +50,9 @@ define([ var paramType = {}; $root.find(".sample-request-param:checked").each(function(i, element) { var group = $(element).data("sample-request-param-group-id"); - $root.find("[data-sample-request-param-group=\"" + group + "\"]").each(function(i, element) { + $root.find("[data-sample-request-param-group=\"" + group + "\"]").not(function(){ + return $(this).val() == "" && $(this).is("[data-sample-request-param-optional='true']"); + }).each(function(i, element) { var key = $(element).data("sample-request-param-name"); var value = element.value; if ( ! element.optional && element.defaultValue !== '') { diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index bbdd7bc4..79b5208b 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -4,8 +4,8 @@ services: auth: volumes: - ./test:/usr/src/test - - ./src/views:/usr/src/views - - ./src/public_html:/usr/src/public_html + - ./dist/src/server:/usr/src + - ./node_modules:/usr/src/node_modules - ./config.yml:/etc/auth-server/config.yml:ro ldap-admin: diff --git a/example/ldap/base.ldif b/example/ldap/base.ldif index 07d4e5a8..97ca0356 100644 --- a/example/ldap/base.ldif +++ b/example/ldap/base.ldif @@ -25,7 +25,7 @@ dn: cn=john,ou=users,dc=example,dc=com cn: john objectclass: inetOrgPerson objectclass: top -mail: john.doe@example.com +mail: clement.michaud34@gmail.com sn: John Doe userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= diff --git a/example/nginx_conf/nginx.conf b/example/nginx_conf/nginx.conf index fc666447..400eb115 100644 --- a/example/nginx_conf/nginx.conf +++ b/example/nginx_conf/nginx.conf @@ -30,10 +30,6 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; - error_page 401 = @error401; - location @error401 { - return 302 https://auth.test.local:8080/login?redirect=$scheme://$http_host$request_uri; - } location / { proxy_set_header X-Original-URI $request_uri; @@ -41,18 +37,12 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://auth/; - } - location /js/ { - proxy_pass http://auth/js/; - } + proxy_intercept_errors on; - location /img/ { - proxy_pass http://auth/img/; - } - - location /css/ { - proxy_pass http://auth/css/; + error_page 401 = /error/401; + error_page 403 = /error/403; + error_page 404 = /error/404; } } @@ -61,8 +51,7 @@ http { root /usr/share/nginx/html; server_name secret1.test.local secret2.test.local secret.test.local - home.test.local mx1.mail.test.local mx2.mail.test.local - localhost; + home.test.local mx1.mail.test.local mx2.mail.test.local; ssl on; ssl_certificate /etc/ssl/server.crt; @@ -70,7 +59,7 @@ http { error_page 401 = @error401; location @error401 { - return 302 https://auth.test.local:8080/login?redirect=$scheme://$http_host$request_uri; + return 302 https://auth.test.local:8080; } location /auth_verify { diff --git a/images/email_confirmation.png b/images/email_confirmation.png new file mode 100644 index 00000000..fd0d84e0 Binary files /dev/null and b/images/email_confirmation.png differ diff --git a/images/first_factor.png b/images/first_factor.png index 9f388325..195bc3c9 100644 Binary files a/images/first_factor.png and b/images/first_factor.png differ diff --git a/images/reset_password.png b/images/reset_password.png new file mode 100644 index 00000000..2d88a3cd Binary files /dev/null and b/images/reset_password.png differ diff --git a/images/second_factor.png b/images/second_factor.png index e98452fb..7b4761ca 100644 Binary files a/images/second_factor.png and b/images/second_factor.png differ diff --git a/images/secret-key.png b/images/secret-key.png deleted file mode 100644 index 30a6a75c..00000000 Binary files a/images/secret-key.png and /dev/null differ diff --git a/images/totp.png b/images/totp.png index 30f84a7b..3c58db61 100644 Binary files a/images/totp.png and b/images/totp.png differ diff --git a/images/u2f.png b/images/u2f.png index 6ca0beef..15abd489 100644 Binary files a/images/u2f.png and b/images/u2f.png differ diff --git a/package.json b/package.json index 6347bcb8..f0e70b08 100644 --- a/package.json +++ b/package.json @@ -1,20 +1,18 @@ { "name": "authelia", "version": "2.1.9", - "description": "2-factor authentication server using LDAP as 1st factor and TOTP or U2F as 2nd factor", + "description": "2FA Single Sign-On server for nginx using LDAP, TOTP and U2F", "main": "src/index.js", "bin": { "authelia": "src/index.js" }, "scripts": { - "test": "./node_modules/.bin/mocha --compilers ts:ts-node/register --recursive test/unitary", - "test-dbg": "./node_modules/.bin/mocha --debug-brk --compilers ts:ts-node/register --recursive test/unitary", - "int-test": "./node_modules/.bin/mocha --recursive test/integration", - "coverage": "./node_modules/.bin/istanbul cover _mocha -- -R spec --recursive test", - "build-ts": "tsc", - "watch-ts": "tsc -w", + "test": "./node_modules/.bin/mocha --compilers ts:ts-node/register --recursive test/client test/server", + "int-test": "./node_modules/.bin/mocha --compilers ts:ts-node/register --recursive test/integration", + "cover": "NODE_ENV=test nyc npm t", + "build": "tsc", "tslint": "tslint -c tslint.json -p tsconfig.json", - "serve": "node dist/src/index.js" + "serve": "node dist/server/index.js" }, "repository": { "type": "git", @@ -29,7 +27,7 @@ "title": "Authelia API documentation" }, "dependencies": { - "authdog": "^0.1.1", + "@types/cors": "^2.8.1", "bluebird": "^3.4.7", "body-parser": "^1.15.2", "dovehash": "0.0.5", @@ -40,8 +38,10 @@ "nedb": "^1.8.0", "nodemailer": "^2.7.0", "object-path": "^0.11.3", + "pug": "^2.0.0-rc.2", "randomstring": "^1.1.5", "speakeasy": "^2.0.0", + "u2f": "^0.1.2", "winston": "^2.3.1", "yamljs": "^0.2.8" }, @@ -52,6 +52,8 @@ "@types/ejs": "^2.3.33", "@types/express": "^4.0.35", "@types/express-session": "0.0.32", + "@types/jquery": "^2.0.45", + "@types/jsdom": "^2.0.30", "@types/ldapjs": "^1.0.0", "@types/mocha": "^2.2.41", "@types/mockdate": "^2.0.0", @@ -59,6 +61,7 @@ "@types/nodemailer": "^1.3.32", "@types/object-path": "^0.9.28", "@types/proxyquire": "^1.3.27", + "@types/query-string": "^4.3.1", "@types/randomstring": "^1.1.5", "@types/request": "0.0.43", "@types/sinon": "^2.2.1", @@ -66,12 +69,25 @@ "@types/tmp": "0.0.33", "@types/winston": "^2.3.2", "@types/yamljs": "^0.2.30", + "apidoc": "^0.17.6", + "browserify": "^14.3.0", "grunt": "^1.0.1", + "grunt-browserify": "^5.0.0", + "grunt-contrib-concat": "^1.0.1", "grunt-contrib-copy": "^1.0.0", + "grunt-contrib-cssmin": "^2.2.0", + "grunt-contrib-watch": "^1.0.0", "grunt-run": "^0.6.0", + "istanbul": "^0.4.5", + "jquery": "^3.2.1", + "js-logger": "^1.3.0", + "jsdom": "^11.0.0", "mocha": "^3.2.0", "mockdate": "^2.0.1", + "notifyjs-browser": "^0.4.2", + "nyc": "^10.3.2", "proxyquire": "^1.8.0", + "query-string": "^4.3.4", "request": "^2.79.0", "should": "^11.1.1", "sinon": "^1.17.6", @@ -79,6 +95,31 @@ "tmp": "0.0.31", "ts-node": "^3.0.4", "tslint": "^5.2.0", - "typescript": "^2.3.2" + "typescript": "^2.3.2", + "u2f-api": "0.0.9", + "uglify-es": "^3.0.15" + }, + "nyc": { + "include": [ + "src/*.ts", + "src/**/*.ts" + ], + "exclude": [ + "doc", + "src/types", + "dist", + "test" + ], + "extension": [ + ".ts" + ], + "require": [ + "ts-node/register" + ], + "reporter": [ + "json", + "html" + ], + "all": true } } diff --git a/src/client/css/00-bootstrap.min.css b/src/client/css/00-bootstrap.min.css new file mode 100644 index 00000000..ed3905e0 --- /dev/null +++ b/src/client/css/00-bootstrap.min.css @@ -0,0 +1,6 @@ +/*! + * Bootstrap v3.3.7 (http://getbootstrap.com) + * Copyright 2011-2016 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{margin:0;font:inherit;color:inherit}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}input{line-height:normal}input[type=checkbox],input[type=radio]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}legend{padding:0;border:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-spacing:0;border-collapse:collapse}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}blockquote,pre{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table td,.table th{background-color:#fff!important}.table-bordered td,.table-bordered th{border:1px solid #ddd!important}}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.woff2) format('woff2'),url(../fonts/glyphicons-halflings-regular.woff) format('woff'),url(../fonts/glyphicons-halflings-regular.ttf) format('truetype'),url(../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular) format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-eur:before,.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:after,:before{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}button,input,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:focus,a:hover{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.carousel-inner>.item>a>img,.carousel-inner>.item>img,.img-responsive,.thumbnail a>img,.thumbnail>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{display:inline-block;max-width:100%;height:auto;padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role=button]{cursor:pointer}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}.h1 .small,.h1 small,.h2 .small,.h2 small,.h3 .small,.h3 small,.h4 .small,.h4 small,.h5 .small,.h5 small,.h6 .small,.h6 small,h1 .small,h1 small,h2 .small,h2 small,h3 .small,h3 small,h4 .small,h4 small,h5 .small,h5 small,h6 .small,h6 small{font-weight:400;line-height:1;color:#777}.h1,.h2,.h3,h1,h2,h3{margin-top:20px;margin-bottom:10px}.h1 .small,.h1 small,.h2 .small,.h2 small,.h3 .small,.h3 small,h1 .small,h1 small,h2 .small,h2 small,h3 .small,h3 small{font-size:65%}.h4,.h5,.h6,h4,h5,h6{margin-top:10px;margin-bottom:10px}.h4 .small,.h4 small,.h5 .small,.h5 small,.h6 .small,.h6 small,h4 .small,h4 small,h5 .small,h5 small,h6 .small,h6 small{font-size:75%}.h1,h1{font-size:36px}.h2,h2{font-size:30px}.h3,h3{font-size:24px}.h4,h4{font-size:18px}.h5,h5{font-size:14px}.h6,h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}.small,small{font-size:85%}.mark,mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#337ab7}a.text-primary:focus,a.text-primary:hover{color:#286090}.text-success{color:#3c763d}a.text-success:focus,a.text-success:hover{color:#2b542c}.text-info{color:#31708f}a.text-info:focus,a.text-info:hover{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:focus,a.text-warning:hover{color:#66512c}.text-danger{color:#a94442}a.text-danger:focus,a.text-danger:hover{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:focus,a.bg-primary:hover{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:focus,a.bg-success:hover{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:focus,a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:focus,a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:focus,a.bg-danger:hover{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ol,ul{margin-top:0;margin-bottom:10px}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;margin-left:-5px;list-style:none}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dd,dt{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[data-original-title],abbr[title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote ol:last-child,blockquote p:last-child,blockquote ul:last-child{margin-bottom:0}blockquote .small,blockquote footer,blockquote small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote .small:before,blockquote footer:before,blockquote small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse .small:before,.blockquote-reverse footer:before,.blockquote-reverse small:before,blockquote.pull-right .small:before,blockquote.pull-right footer:before,blockquote.pull-right small:before{content:''}.blockquote-reverse .small:after,.blockquote-reverse footer:after,.blockquote-reverse small:after,blockquote.pull-right .small:after,blockquote.pull-right footer:after,blockquote.pull-right small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>tbody>tr>td,.table>tbody>tr>th,.table>tfoot>tr>td,.table>tfoot>tr>th,.table>thead>tr>td,.table>thead>tr>th{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>td,.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>td,.table>thead:first-child>tr:first-child>th{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>tbody>tr>td,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>td,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>thead>tr>th{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>tbody>tr>td,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>td,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border:1px solid #ddd}.table-bordered>thead>tr>td,.table-bordered>thead>tr>th{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*=col-]{position:static;display:table-column;float:none}table td[class*=col-],table th[class*=col-]{position:static;display:table-cell;float:none}.table>tbody>tr.active>td,.table>tbody>tr.active>th,.table>tbody>tr>td.active,.table>tbody>tr>th.active,.table>tfoot>tr.active>td,.table>tfoot>tr.active>th,.table>tfoot>tr>td.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>thead>tr.active>th,.table>thead>tr>td.active,.table>thead>tr>th.active{background-color:#f5f5f5}.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover{background-color:#e8e8e8}.table>tbody>tr.success>td,.table>tbody>tr.success>th,.table>tbody>tr>td.success,.table>tbody>tr>th.success,.table>tfoot>tr.success>td,.table>tfoot>tr.success>th,.table>tfoot>tr>td.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>thead>tr.success>th,.table>thead>tr>td.success,.table>thead>tr>th.success{background-color:#dff0d8}.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover{background-color:#d0e9c6}.table>tbody>tr.info>td,.table>tbody>tr.info>th,.table>tbody>tr>td.info,.table>tbody>tr>th.info,.table>tfoot>tr.info>td,.table>tfoot>tr.info>th,.table>tfoot>tr>td.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>thead>tr.info>th,.table>thead>tr>td.info,.table>thead>tr>th.info{background-color:#d9edf7}.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover{background-color:#c4e3f3}.table>tbody>tr.warning>td,.table>tbody>tr.warning>th,.table>tbody>tr>td.warning,.table>tbody>tr>th.warning,.table>tfoot>tr.warning>td,.table>tfoot>tr.warning>th,.table>tfoot>tr>td.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>thead>tr.warning>th,.table>thead>tr>td.warning,.table>thead>tr>th.warning{background-color:#fcf8e3}.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover{background-color:#faf2cc}.table>tbody>tr.danger>td,.table>tbody>tr.danger>th,.table>tbody>tr>td.danger,.table>tbody>tr>th.danger,.table>tfoot>tr.danger>td,.table>tfoot>tr.danger>th,.table>tfoot>tr>td.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>thead>tr.danger>th,.table>thead>tr>td.danger,.table>thead>tr>th.danger{background-color:#f2dede}.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>td,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>thead>tr>th{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=checkbox],input[type=radio]{margin:4px 0 0;margin-top:1px\9;line-height:normal}input[type=file]{display:block}input[type=range]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type=file]:focus,input[type=checkbox]:focus,input[type=radio]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color ease-in-out .15s,-webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type=search]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type=date].form-control,input[type=time].form-control,input[type=datetime-local].form-control,input[type=month].form-control{line-height:34px}.input-group-sm input[type=date],.input-group-sm input[type=time],.input-group-sm input[type=datetime-local],.input-group-sm input[type=month],input[type=date].input-sm,input[type=time].input-sm,input[type=datetime-local].input-sm,input[type=month].input-sm{line-height:30px}.input-group-lg input[type=date],.input-group-lg input[type=time],.input-group-lg input[type=datetime-local],.input-group-lg input[type=month],input[type=date].input-lg,input[type=time].input-lg,input[type=datetime-local].input-lg,input[type=month].input-lg{line-height:46px}}.form-group{margin-bottom:15px}.checkbox,.radio{position:relative;display:block;margin-top:10px;margin-bottom:10px}.checkbox label,.radio label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox],.radio input[type=radio],.radio-inline input[type=radio]{position:absolute;margin-top:4px\9;margin-left:-20px}.checkbox+.checkbox,.radio+.radio{margin-top:-5px}.checkbox-inline,.radio-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.checkbox-inline+.checkbox-inline,.radio-inline+.radio-inline{margin-top:0;margin-left:10px}fieldset[disabled] input[type=checkbox],fieldset[disabled] input[type=radio],input[type=checkbox].disabled,input[type=checkbox][disabled],input[type=radio].disabled,input[type=radio][disabled]{cursor:not-allowed}.checkbox-inline.disabled,.radio-inline.disabled,fieldset[disabled] .checkbox-inline,fieldset[disabled] .radio-inline{cursor:not-allowed}.checkbox.disabled label,.radio.disabled label,fieldset[disabled] .checkbox label,fieldset[disabled] .radio label{cursor:not-allowed}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}select[multiple].input-sm,textarea.input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm select[multiple].form-control,.form-group-sm textarea.form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}select[multiple].input-lg,textarea.input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg select[multiple].form-control,.form-group-lg textarea.form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.form-group-lg .form-control+.form-control-feedback,.input-group-lg+.form-control-feedback,.input-lg+.form-control-feedback{width:46px;height:46px;line-height:46px}.form-group-sm .form-control+.form-control-feedback,.input-group-sm+.form-control-feedback,.input-sm+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .checkbox,.has-success .checkbox-inline,.has-success .control-label,.has-success .help-block,.has-success .radio,.has-success .radio-inline,.has-success.checkbox label,.has-success.checkbox-inline label,.has-success.radio label,.has-success.radio-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .checkbox,.has-warning .checkbox-inline,.has-warning .control-label,.has-warning .help-block,.has-warning .radio,.has-warning .radio-inline,.has-warning.checkbox label,.has-warning.checkbox-inline label,.has-warning.radio label,.has-warning.radio-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .checkbox,.has-error .checkbox-inline,.has-error .control-label,.has-error .help-block,.has-error .radio,.has-error .radio-inline,.has-error.checkbox label,.has-error.checkbox-inline label,.has-error.radio label,.has-error.radio-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .form-control,.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .checkbox,.form-inline .radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .checkbox label,.form-inline .radio label{padding-left:0}.form-inline .checkbox input[type=checkbox],.form-inline .radio input[type=radio]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .checkbox,.form-horizontal .checkbox-inline,.form-horizontal .radio,.form-horizontal .radio-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .checkbox,.form-horizontal .radio{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;padding:6px 12px;margin-bottom:0;font-size:14px;font-weight:400;line-height:1.42857143;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-image:none;border:1px solid transparent;border-radius:4px}.btn.active.focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn:active:focus,.btn:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.focus,.btn:focus,.btn:hover{color:#333;text-decoration:none}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none;opacity:.65}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default.focus,.btn-default:focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default.active.focus,.btn-default.active:focus,.btn-default.active:hover,.btn-default:active.focus,.btn-default:active:focus,.btn-default:active:hover,.open>.dropdown-toggle.btn-default.focus,.open>.dropdown-toggle.btn-default:focus,.open>.dropdown-toggle.btn-default:hover{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.active,.btn-default:active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled.focus,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled].focus,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#337ab7;border-color:#2e6da4}.btn-primary.focus,.btn-primary:focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary.active.focus,.btn-primary.active:focus,.btn-primary.active:hover,.btn-primary:active.focus,.btn-primary:active:focus,.btn-primary:active:hover,.open>.dropdown-toggle.btn-primary.focus,.open>.dropdown-toggle.btn-primary:focus,.open>.dropdown-toggle.btn-primary:hover{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.active,.btn-primary:active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled.focus,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled].focus,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success.focus,.btn-success:focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success.active.focus,.btn-success.active:focus,.btn-success.active:hover,.btn-success:active.focus,.btn-success:active:focus,.btn-success:active:hover,.open>.dropdown-toggle.btn-success.focus,.open>.dropdown-toggle.btn-success:focus,.open>.dropdown-toggle.btn-success:hover{color:#fff;background-color:#398439;border-color:#255625}.btn-success.active,.btn-success:active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled.focus,.btn-success.disabled:focus,.btn-success.disabled:hover,.btn-success[disabled].focus,.btn-success[disabled]:focus,.btn-success[disabled]:hover,fieldset[disabled] .btn-success.focus,fieldset[disabled] .btn-success:focus,fieldset[disabled] .btn-success:hover{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info.focus,.btn-info:focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info.active.focus,.btn-info.active:focus,.btn-info.active:hover,.btn-info:active.focus,.btn-info:active:focus,.btn-info:active:hover,.open>.dropdown-toggle.btn-info.focus,.open>.dropdown-toggle.btn-info:focus,.open>.dropdown-toggle.btn-info:hover{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.active,.btn-info:active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled.focus,.btn-info.disabled:focus,.btn-info.disabled:hover,.btn-info[disabled].focus,.btn-info[disabled]:focus,.btn-info[disabled]:hover,fieldset[disabled] .btn-info.focus,fieldset[disabled] .btn-info:focus,fieldset[disabled] .btn-info:hover{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning.focus,.btn-warning:focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning.active.focus,.btn-warning.active:focus,.btn-warning.active:hover,.btn-warning:active.focus,.btn-warning:active:focus,.btn-warning:active:hover,.open>.dropdown-toggle.btn-warning.focus,.open>.dropdown-toggle.btn-warning:focus,.open>.dropdown-toggle.btn-warning:hover{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.active,.btn-warning:active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled.focus,.btn-warning.disabled:focus,.btn-warning.disabled:hover,.btn-warning[disabled].focus,.btn-warning[disabled]:focus,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning.focus,fieldset[disabled] .btn-warning:focus,fieldset[disabled] .btn-warning:hover{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger.focus,.btn-danger:focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger.active.focus,.btn-danger.active:focus,.btn-danger.active:hover,.btn-danger:active.focus,.btn-danger:active:focus,.btn-danger:active:hover,.open>.dropdown-toggle.btn-danger.focus,.open>.dropdown-toggle.btn-danger:focus,.open>.dropdown-toggle.btn-danger:hover{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.active,.btn-danger:active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled.focus,.btn-danger.disabled:focus,.btn-danger.disabled:hover,.btn-danger[disabled].focus,.btn-danger[disabled]:focus,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger.focus,fieldset[disabled] .btn-danger:focus,fieldset[disabled] .btn-danger:hover{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link.active,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:active,.btn-link:focus,.btn-link:hover{border-color:transparent}.btn-link:focus,.btn-link:hover{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:focus,.btn-link[disabled]:hover,fieldset[disabled] .btn-link:focus,fieldset[disabled] .btn-link:hover{color:#777;text-decoration:none}.btn-group-lg>.btn,.btn-lg{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-group-sm>.btn,.btn-sm{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-group-xs>.btn,.btn-xs{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type=button].btn-block,input[type=reset].btn-block,input[type=submit].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-property:height,visibility;-o-transition-property:height,visibility;transition-property:height,visibility}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid\9;border-right:4px solid transparent;border-left:4px solid transparent}.dropdown,.dropup{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,.175);box-shadow:0 6px 12px rgba(0,0,0,.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{color:#777}.dropdown-menu>.disabled>a:focus,.dropdown-menu>.disabled>a:hover{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid\9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;float:left}.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle=buttons]>.btn input[type=checkbox],[data-toggle=buttons]>.btn input[type=radio],[data-toggle=buttons]>.btn-group>.btn input[type=checkbox],[data-toggle=buttons]>.btn-group>.btn input[type=radio]{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*=col-]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn,textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn,textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn{height:auto}.input-group .form-control,.input-group-addon,.input-group-btn{display:table-cell}.input-group .form-control:not(:first-child):not(:last-child),.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type=checkbox],.input-group-addon input[type=radio]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn-group:not(:last-child)>.btn,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:first-child>.btn-group:not(:first-child)>.btn,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:active,.input-group-btn>.btn:focus,.input-group-btn>.btn:hover{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:focus,.nav>li>a:hover{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:focus,.nav>li.disabled>a:hover{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:focus,.nav .open>a:hover{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:focus,.nav-tabs>li.active>a:hover{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:focus,.nav-tabs.nav-justified>.active>a:hover{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:focus,.nav-pills>li.active>a:hover{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:focus,.nav-tabs-justified>.active>a:hover{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;-webkit-overflow-scrolling:touch;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-bottom .navbar-collapse,.navbar-fixed-top .navbar-collapse{max-height:200px}}.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container-fluid>.navbar-collapse,.container-fluid>.navbar-header,.container>.navbar-collapse,.container>.navbar-header{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-bottom,.navbar-fixed-top{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-bottom,.navbar-fixed-top{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:focus,.navbar-brand:hover{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-top:8px;margin-right:15px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu .dropdown-header,.navbar-nav .open .dropdown-menu>li>a{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:focus,.navbar-nav .open .dropdown-menu>li>a:hover{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-top:8px;margin-right:-15px;margin-bottom:8px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1)}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .form-control,.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .checkbox,.navbar-form .radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .checkbox label,.navbar-form .radio label{padding-left:0}.navbar-form .checkbox input[type=checkbox],.navbar-form .radio input[type=radio]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:focus,.navbar-default .navbar-brand:hover{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:focus,.navbar-default .navbar-nav>li>a:hover{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:focus,.navbar-default .navbar-nav>.active>a:hover{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:focus,.navbar-default .navbar-nav>.disabled>a:hover{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:focus,.navbar-default .navbar-toggle:hover{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:focus,.navbar-default .navbar-nav>.open>a:hover{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:focus,.navbar-default .btn-link:hover{color:#333}.navbar-default .btn-link[disabled]:focus,.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:focus,fieldset[disabled] .navbar-default .btn-link:hover{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:focus,.navbar-inverse .navbar-brand:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:focus,.navbar-inverse .navbar-nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:focus,.navbar-inverse .navbar-nav>.active>a:hover{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:focus,.navbar-inverse .navbar-nav>.disabled>a:hover{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:focus,.navbar-inverse .navbar-toggle:hover{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:focus,.navbar-inverse .navbar-nav>.open>a:hover{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:focus,.navbar-inverse .btn-link:hover{color:#fff}.navbar-inverse .btn-link[disabled]:focus,.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:focus,fieldset[disabled] .navbar-inverse .btn-link:hover{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>li>a:focus,.pagination>li>a:hover,.pagination>li>span:focus,.pagination>li>span:hover{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>.active>a,.pagination>.active>a:focus,.pagination>.active>a:hover,.pagination>.active>span,.pagination>.active>span:focus,.pagination>.active>span:hover{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>a,.pagination>.disabled>a:focus,.pagination>.disabled>a:hover,.pagination>.disabled>span,.pagination>.disabled>span:focus,.pagination>.disabled>span:hover{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:focus,.pager li>a:hover{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:focus,.pager .disabled>a:hover,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:focus,a.label:hover{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:focus,.label-default[href]:hover{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:focus,.label-primary[href]:hover{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:focus,.label-success[href]:hover{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:focus,.label-info[href]:hover{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:focus,.label-warning[href]:hover{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:focus,.label-danger[href]:hover{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-group-xs>.btn .badge,.btn-xs .badge{top:0;padding:1px 5px}a.badge:focus,a.badge:hover{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron .h1,.jumbotron h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron .h1,.jumbotron h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail a>img,.thumbnail>img{margin-right:auto;margin-left:auto}a.thumbnail.active,a.thumbnail:focus,a.thumbnail:hover{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-bar-striped,.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress-bar.active,.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-body,.media-left,.media-right{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:focus,a.list-group-item:hover,button.list-group-item:focus,button.list-group-item:hover{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item.disabled,.list-group-item.disabled:focus,.list-group-item.disabled:hover{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:focus .list-group-item-text,.list-group-item.active:hover .list-group-item-text{color:#c7ddef}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:focus,a.list-group-item-success:hover,button.list-group-item-success:focus,button.list-group-item-success:hover{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,a.list-group-item-success.active:focus,a.list-group-item-success.active:hover,button.list-group-item-success.active,button.list-group-item-success.active:focus,button.list-group-item-success.active:hover{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:focus,a.list-group-item-info:hover,button.list-group-item-info:focus,button.list-group-item-info:hover{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,a.list-group-item-info.active:focus,a.list-group-item-info.active:hover,button.list-group-item-info.active,button.list-group-item-info.active:focus,button.list-group-item-info.active:hover{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:focus,a.list-group-item-warning:hover,button.list-group-item-warning:focus,button.list-group-item-warning:hover{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,a.list-group-item-warning.active:focus,a.list-group-item-warning.active:hover,button.list-group-item-warning.active,button.list-group-item-warning.active:focus,button.list-group-item-warning.active:hover{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:focus,a.list-group-item-danger:hover,button.list-group-item-danger:focus,button.list-group-item-danger:hover{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,a.list-group-item-danger.active:focus,a.list-group-item-danger.active:hover,button.list-group-item-danger.active,button.list-group-item-danger.active:focus,button.list-group-item-danger.active:hover{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,.05);box-shadow:0 1px 1px rgba(0,0,0,.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>.small,.panel-title>.small>a,.panel-title>a,.panel-title>small,.panel-title>small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.panel-collapse>.table,.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.panel-collapse>.table caption,.panel>.table caption,.panel>.table-responsive>.table caption{padding-right:15px;padding-left:15px}.panel>.table-responsive:first-child>.table:first-child,.panel>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table:first-child>thead:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table-responsive:last-child>.table:last-child,.panel>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child td,.panel>.table>tbody:first-child>tr:first-child th{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child{border-left:0}.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child{border-right:0}.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.list-group,.panel-group .panel-heading+.panel-collapse>.panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive embed,.embed-responsive iframe,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.05);box-shadow:inset 0 1px 1px rgba(0,0,0,.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:focus,.close:hover{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{-webkit-appearance:none;padding:0;cursor:pointer;background:0 0;border:0}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transition:-webkit-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out;-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);-o-transform:translate(0,-25%);transform:translate(0,-25%)}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);-o-transform:translate(0,0);transform:translate(0,0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,.2);border-radius:6px;outline:0;-webkit-box-shadow:0 3px 9px rgba(0,0,0,.5);box-shadow:0 3px 9px rgba(0,0,0,.5)}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,.5);box-shadow:0 5px 15px rgba(0,0,0,.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:12px;font-style:normal;font-weight:400;line-height:1.42857143;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;filter:alpha(opacity=0);opacity:0;line-break:auto}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;font-style:normal;font-weight:400;line-height:1.42857143;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);line-break:auto}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow{border-width:11px}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>a>img,.carousel-inner>.item>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform .6s ease-in-out;-o-transition:-o-transform .6s ease-in-out;transition:transform .6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.active.right,.carousel-inner>.item.next{left:0;-webkit-transform:translate3d(100%,0,0);transform:translate3d(100%,0,0)}.carousel-inner>.item.active.left,.carousel-inner>.item.prev{left:0;-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0)}.carousel-inner>.item.active,.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right{left:0;-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-image:-o-linear-gradient(left,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.5)),to(rgba(0,0,0,.0001)));background-image:linear-gradient(to right,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-image:-o-linear-gradient(left,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-image:-webkit-gradient(linear,left top,right top,from(rgba(0,0,0,.0001)),to(rgba(0,0,0,.5)));background-image:linear-gradient(to right,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:focus,.carousel-control:hover{color:#fff;text-decoration:none;filter:alpha(opacity=90);outline:0;opacity:.9}.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next,.carousel-control .icon-prev{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{left:50%;margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{right:50%;margin-right:-10px}.carousel-control .icon-next,.carousel-control .icon-prev{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000\9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next,.carousel-control .icon-prev{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.btn-group-vertical>.btn-group:after,.btn-group-vertical>.btn-group:before,.btn-toolbar:after,.btn-toolbar:before,.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{display:table;content:" "}.btn-group-vertical>.btn-group:after,.btn-toolbar:after,.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none!important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-lg,.visible-md,.visible-sm,.visible-xs{display:none!important}.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table!important}tr.visible-xs{display:table-row!important}td.visible-xs,th.visible-xs{display:table-cell!important}}@media (max-width:767px){.visible-xs-block{display:block!important}}@media (max-width:767px){.visible-xs-inline{display:inline!important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table!important}tr.visible-sm{display:table-row!important}td.visible-sm,th.visible-sm{display:table-cell!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline!important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table!important}tr.visible-md{display:table-row!important}td.visible-md,th.visible-md{display:table-cell!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline!important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table!important}tr.visible-lg{display:table-row!important}td.visible-lg,th.visible-lg{display:table-cell!important}}@media (min-width:1200px){.visible-lg-block{display:block!important}}@media (min-width:1200px){.visible-lg-inline{display:inline!important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table!important}tr.visible-print{display:table-row!important}td.visible-print,th.visible-print{display:table-cell!important}}.visible-print-block{display:none!important}@media print{.visible-print-block{display:block!important}}.visible-print-inline{display:none!important}@media print{.visible-print-inline{display:inline!important}}.visible-print-inline-block{display:none!important}@media print{.visible-print-inline-block{display:inline-block!important}}@media print{.hidden-print{display:none!important}} +/*# sourceMappingURL=bootstrap.min.css.map */ \ No newline at end of file diff --git a/src/client/css/01-main.css b/src/client/css/01-main.css new file mode 100644 index 00000000..377215e9 --- /dev/null +++ b/src/client/css/01-main.css @@ -0,0 +1,4 @@ + +body { + background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI1NiIgaGVpZ2h0PSIxMDAiPgo8cmVjdCB3aWR0aD0iNTYiIGhlaWdodD0iMTAwIiBmaWxsPSIjRkZGRkZGIj48L3JlY3Q+CjxwYXRoIGQ9Ik0yOCA2NkwwIDUwTDAgMTZMMjggMEw1NiAxNkw1NiA1MEwyOCA2NkwyOCAxMDAiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI0ZDRkNGQyIgc3Ryb2tlLXdpZHRoPSIyIj48L3BhdGg+CjxwYXRoIGQ9Ik0yOCAwTDI4IDM0TDAgNTBMMCA4NEwyOCAxMDBMNTYgODRMNTYgNTBMMjggMzQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI0ZCRkJGQiIgc3Ryb2tlLXdpZHRoPSIyIj48L3BhdGg+Cjwvc3ZnPg=="); +} \ No newline at end of file diff --git a/src/client/css/02-login.css b/src/client/css/02-login.css new file mode 100644 index 00000000..9d7ec922 --- /dev/null +++ b/src/client/css/02-login.css @@ -0,0 +1,101 @@ +.form-signin +{ + padding: 15px; + margin: 0 auto; +} + +.form-signin .form-signin-heading, .form-signin .checkbox +{ + margin-bottom: 10px; +} + +.form-signin .checkbox +{ + font-weight: normal; +} + +.form-signin .form-control +{ + position: relative; + font-size: 16px; + height: auto; + padding: 10px; + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} +.form-signin .form-control:focus +{ + z-index: 2; +} +.form-signin input[type="text"] +{ + margin-bottom: -1px; + border-bottom-left-radius: 0; + border-bottom-right-radius: 0; +} +.form-signin input[type="password"] +{ + /* margin-bottom: 10px; */ + border-top-left-radius: 0; + border-top-right-radius: 0; +} +.account-wall +{ + border: 1px solid #DDD; + margin-top: 20px; + padding: 20px; + padding-bottom: 40px; + background-color: #f7f7f7; + -moz-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); + -webkit-box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); + box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); +} +.account-wall h1 +{ + color: #555; + margin-bottom: 30px; + font-weight: 400; + display: block; + text-align: center; +} +.account-wall p +{ + text-align: center; + margin: 10px 10px; + margin-top: 30px; + font-size: 1.3em; +} +.account-wall .form-inputs +{ + margin-bottom: 10px; +} +.account-wall hr { + border-color: #c5c5c5; +} + +.header-img +{ + width: 96px; + height: 96px; + margin: 0 auto 10px; + display: block; + -moz-border-radius: 50%; + -webkit-border-radius: 50%; + border-radius: 50%; +} + +.link +{ + margin-top: 10px; +} + +.btn-primary.totp +{ + background-color: rgb(102, 135, 162); +} + +.btn-primary.u2f +{ + background-color: rgb(83, 149, 204); +} \ No newline at end of file diff --git a/src/client/css/03-errors.css b/src/client/css/03-errors.css new file mode 100644 index 00000000..e9f97f33 --- /dev/null +++ b/src/client/css/03-errors.css @@ -0,0 +1,12 @@ + +.error-401 .header-img { + border-radius: 0%; +} + +.error-403 .header-img { + border-radius: 0%; +} + +.error-404 .header-img { + border-radius: 0%; +} \ No newline at end of file diff --git a/src/client/css/03-password-reset-form.css b/src/client/css/03-password-reset-form.css new file mode 100644 index 00000000..34066bc2 --- /dev/null +++ b/src/client/css/03-password-reset-form.css @@ -0,0 +1,4 @@ + +.password-reset-form .header-img { + border-radius: 0%; +} diff --git a/src/client/css/03-password-reset-request.css b/src/client/css/03-password-reset-request.css new file mode 100644 index 00000000..1a2ad4df --- /dev/null +++ b/src/client/css/03-password-reset-request.css @@ -0,0 +1,4 @@ + +.password-reset-request .header-img { + border-radius: 0%; +} diff --git a/src/client/css/03-totp-register.css b/src/client/css/03-totp-register.css new file mode 100644 index 00000000..b51fa6db --- /dev/null +++ b/src/client/css/03-totp-register.css @@ -0,0 +1,12 @@ +.totp-register #secret { + background-color: white; + font-size: 0.9em; + font-weight: bold; + padding: 5px; + border: 1px solid #c7c7c7; + word-wrap: break-word; +} + +.totp-register #qrcode img { + margin: 20px auto; +} \ No newline at end of file diff --git a/src/client/css/03-u2f-register.css b/src/client/css/03-u2f-register.css new file mode 100644 index 00000000..e54cddf8 --- /dev/null +++ b/src/client/css/03-u2f-register.css @@ -0,0 +1,5 @@ + +.u2f-register img { + display: block; + margin: 20px auto; +} \ No newline at end of file diff --git a/src/client/firstfactor/FirstFactorValidator.ts b/src/client/firstfactor/FirstFactorValidator.ts new file mode 100644 index 00000000..369cd535 --- /dev/null +++ b/src/client/firstfactor/FirstFactorValidator.ts @@ -0,0 +1,20 @@ + +import BluebirdPromise = require("bluebird"); +import Endpoints = require("../../server/endpoints"); + +export function validate(username: string, password: string, $: JQueryStatic): BluebirdPromise < void> { + return new BluebirdPromise(function (resolve, reject) { + $.post(Endpoints.FIRST_FACTOR_POST, { + username: username, + password: password, + }) + .done(function () { + resolve(); + }) + .fail(function (xhr: JQueryXHR, textStatus: string) { + if (xhr.status == 401) + reject(new Error("Authetication failed. Please check your credentials")); + reject(new Error(textStatus)); + }); + }); +} diff --git a/src/client/firstfactor/UISelectors.ts b/src/client/firstfactor/UISelectors.ts new file mode 100644 index 00000000..25dc81ff --- /dev/null +++ b/src/client/firstfactor/UISelectors.ts @@ -0,0 +1,3 @@ + +export const USERNAME_FIELD_ID = "#username"; +export const PASSWORD_FIELD_ID = "#password"; \ No newline at end of file diff --git a/src/client/firstfactor/index.ts b/src/client/firstfactor/index.ts new file mode 100644 index 00000000..fea6b4e3 --- /dev/null +++ b/src/client/firstfactor/index.ts @@ -0,0 +1,39 @@ +import FirstFactorValidator = require("./FirstFactorValidator"); +import JSLogger = require("js-logger"); +import UISelectors = require("./UISelectors"); + +import Endpoints = require("../../server/endpoints"); + +export default function (window: Window, $: JQueryStatic, firstFactorValidator: typeof FirstFactorValidator, jslogger: typeof JSLogger) { + function onFormSubmitted() { + const username: string = $(UISelectors.USERNAME_FIELD_ID).val(); + const password: string = $(UISelectors.PASSWORD_FIELD_ID).val(); + jslogger.debug("Form submitted"); + firstFactorValidator.validate(username, password, $) + .then(onFirstFactorSuccess, onFirstFactorFailure); + return false; + } + + function onFirstFactorSuccess() { + jslogger.debug("First factor validated."); + $(UISelectors.USERNAME_FIELD_ID).val(""); + $(UISelectors.PASSWORD_FIELD_ID).val(""); + + // Redirect to second factor + window.location.href = Endpoints.SECOND_FACTOR_GET; + } + + function onFirstFactorFailure(err: Error) { + jslogger.debug("First factor failed."); + + $(UISelectors.PASSWORD_FIELD_ID).val(""); + $.notify("Error during authentication: " + err.message, "error"); + } + + + $(window.document).ready(function () { + jslogger.info("Enter first factor"); + $("form").on("submit", onFormSubmitted); + }); +} + diff --git a/src/client/img/icon.png b/src/client/img/icon.png new file mode 100644 index 00000000..145a2751 Binary files /dev/null and b/src/client/img/icon.png differ diff --git a/src/client/img/mail.png b/src/client/img/mail.png new file mode 100644 index 00000000..834bfce9 Binary files /dev/null and b/src/client/img/mail.png differ diff --git a/src/client/img/padlock.png b/src/client/img/padlock.png new file mode 100644 index 00000000..31abbaee Binary files /dev/null and b/src/client/img/padlock.png differ diff --git a/src/client/img/password.png b/src/client/img/password.png new file mode 100644 index 00000000..cf616474 Binary files /dev/null and b/src/client/img/password.png differ diff --git a/src/public_html/img/pendrive.png b/src/client/img/pendrive.png similarity index 100% rename from src/public_html/img/pendrive.png rename to src/client/img/pendrive.png diff --git a/src/client/img/success.png b/src/client/img/success.png new file mode 100644 index 00000000..ee9d6841 Binary files /dev/null and b/src/client/img/success.png differ diff --git a/src/client/img/user.png b/src/client/img/user.png new file mode 100644 index 00000000..00941399 Binary files /dev/null and b/src/client/img/user.png differ diff --git a/src/client/img/warning.png b/src/client/img/warning.png new file mode 100644 index 00000000..c6acd953 Binary files /dev/null and b/src/client/img/warning.png differ diff --git a/src/client/index.ts b/src/client/index.ts new file mode 100644 index 00000000..8d7e37ce --- /dev/null +++ b/src/client/index.ts @@ -0,0 +1,38 @@ + +import FirstFactorValidator = require("./firstfactor/FirstFactorValidator"); + +import FirstFactor from "./firstfactor/index"; +import SecondFactor from "./secondfactor/index"; +import TOTPRegister from "./totp-register/totp-register"; +import U2fRegister from "./u2f-register/u2f-register"; +import ResetPasswordRequest from "./reset-password/reset-password-request"; +import ResetPasswordForm from "./reset-password/reset-password-form"; +import jslogger = require("js-logger"); +import jQuery = require("jquery"); +import u2fApi = require("u2f-api"); + +jslogger.useDefaults(); +jslogger.setLevel(jslogger.INFO); + +require("notifyjs-browser")(jQuery); + +export = { + firstfactor: function () { + FirstFactor(window, jQuery, FirstFactorValidator, jslogger); + }, + secondfactor: function () { + SecondFactor(window, jQuery, u2fApi); + }, + register_totp: function() { + TOTPRegister(window, jQuery); + }, + register_u2f: function () { + U2fRegister(window, jQuery); + }, + reset_password_request: function () { + ResetPasswordRequest(window, jQuery); + }, + reset_password_form: function () { + ResetPasswordForm(window, jQuery); + } +}; \ No newline at end of file diff --git a/src/client/reset-password/constants.ts b/src/client/reset-password/constants.ts new file mode 100644 index 00000000..d48d4e67 --- /dev/null +++ b/src/client/reset-password/constants.ts @@ -0,0 +1,2 @@ + +export const FORM_SELECTOR = ".form-signin"; \ No newline at end of file diff --git a/src/client/reset-password/reset-password-form.ts b/src/client/reset-password/reset-password-form.ts new file mode 100644 index 00000000..dfd48e45 --- /dev/null +++ b/src/client/reset-password/reset-password-form.ts @@ -0,0 +1,49 @@ +import BluebirdPromise = require("bluebird"); + +import Endpoints = require("../../server/endpoints"); +import Constants = require("./constants"); + +export default function (window: Window, $: JQueryStatic) { + function modifyPassword(newPassword: string) { + return new BluebirdPromise(function (resolve, reject) { + $.post(Endpoints.RESET_PASSWORD_FORM_POST, { + password: newPassword, + }) + .done(function (data) { + resolve(data); + }) + .fail(function (xhr, status) { + reject(status); + }); + }); + } + + function onFormSubmitted() { + const password1 = $("#password1").val(); + const password2 = $("#password2").val(); + + if (!password1 || !password2) { + $.notify("You must enter your new password twice.", "warn"); + return false; + } + + if (password1 != password2) { + $.notify("The passwords are different", "warn"); + return false; + } + + modifyPassword(password1) + .then(function () { + $.notify("Your password has been changed. Please login again", "success"); + window.location.href = Endpoints.FIRST_FACTOR_GET; + }) + .error(function () { + $.notify("An error occurred during password change.", "warn"); + }); + return false; + } + + $(document).ready(function () { + $(Constants.FORM_SELECTOR).on("submit", onFormSubmitted); + }); +} diff --git a/src/client/reset-password/reset-password-request.ts b/src/client/reset-password/reset-password-request.ts new file mode 100644 index 00000000..e390fbc5 --- /dev/null +++ b/src/client/reset-password/reset-password-request.ts @@ -0,0 +1,49 @@ + +import BluebirdPromise = require("bluebird"); + +import Endpoints = require("../../server/endpoints"); +import Constants = require("./constants"); +import jslogger = require("js-logger"); + +export default function(window: Window, $: JQueryStatic) { + function requestPasswordReset(username: string) { + return new BluebirdPromise(function (resolve, reject) { + $.get(Endpoints.RESET_PASSWORD_IDENTITY_START_GET, { + userid: username, + }) + .done(function () { + resolve(); + }) + .fail(function (xhr: JQueryXHR, textStatus: string) { + reject(new Error(textStatus)); + }); + }); + } + + function onFormSubmitted() { + const username = $("#username").val(); + + if (!username) { + $.notify("You must provide your username to reset your password.", "warn"); + return; + } + + requestPasswordReset(username) + .then(function () { + $.notify("An email has been sent. Click on the link to change your password", "success"); + setTimeout(function () { + window.location.replace(Endpoints.FIRST_FACTOR_GET); + }, 1000); + }) + .error(function () { + $.notify("Are you sure this is your username?", "warn"); + }); + return false; + } + + $(document).ready(function () { + jslogger.debug("Reset password request form setup"); + $(Constants.FORM_SELECTOR).on("submit", onFormSubmitted); + }); +} + diff --git a/src/client/secondfactor/TOTPValidator.ts b/src/client/secondfactor/TOTPValidator.ts new file mode 100644 index 00000000..7538f7f1 --- /dev/null +++ b/src/client/secondfactor/TOTPValidator.ts @@ -0,0 +1,22 @@ + +import BluebirdPromise = require("bluebird"); +import Endpoints = require("../../server/endpoints"); + +export function validate(token: string, $: JQueryStatic): BluebirdPromise { + return new BluebirdPromise(function (resolve, reject) { + $.ajax({ + url: Endpoints.SECOND_FACTOR_TOTP_POST, + data: { + token: token, + }, + method: "POST", + dataType: "json" + } as JQueryAjaxSettings) + .done(function (data: any) { + resolve(data); + }) + .fail(function (xhr: JQueryXHR, textStatus: string) { + reject(new Error(textStatus)); + }); + }); +} \ No newline at end of file diff --git a/src/client/secondfactor/U2FValidator.ts b/src/client/secondfactor/U2FValidator.ts new file mode 100644 index 00000000..fb5da8e1 --- /dev/null +++ b/src/client/secondfactor/U2FValidator.ts @@ -0,0 +1,61 @@ + +import U2fApi = require("u2f-api"); +import U2f = require("u2f"); +import BluebirdPromise = require("bluebird"); +import { SignMessage } from "../../server/lib/routes/secondfactor/u2f/sign_request/SignMessage"; +import Endpoints = require("../../server/endpoints"); + +function finishU2fAuthentication(responseData: U2fApi.SignResponse, $: JQueryStatic): BluebirdPromise { + return new BluebirdPromise(function (resolve, reject) { + $.ajax({ + url: Endpoints.SECOND_FACTOR_U2F_SIGN_POST, + data: responseData, + method: "POST", + dataType: "json" + } as JQueryAjaxSettings) + .done(function (data) { + resolve(data); + }) + .fail(function (xhr: JQueryXHR, textStatus: string) { + reject(new Error(textStatus)); + }); + }); +} + +function startU2fAuthentication($: JQueryStatic, u2fApi: typeof U2fApi): BluebirdPromise { + return new BluebirdPromise(function (resolve, reject) { + $.get(Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, {}, undefined, "json") + .done(function (signResponse: SignMessage) { + $.notify("Please touch the token", "info"); + + const signRequest: U2fApi.SignRequest = { + appId: signResponse.request.appId, + challenge: signResponse.request.challenge, + keyHandle: signResponse.keyHandle, // linked to the client session cookie + version: "U2F_V2" + }; + + u2fApi.sign([signRequest], 60) + .then(function (signResponse: U2fApi.SignResponse) { + finishU2fAuthentication(signResponse, $) + .then(function (data) { + resolve(data); + }, function (err) { + $.notify("Error when finish U2F transaction", "error"); + reject(err); + }); + }) + .catch(function (err: Error) { + reject(err); + }); + }) + .fail(function (xhr: JQueryXHR, textStatus: string) { + reject(new Error(textStatus)); + }); + }); +} + + +export function validate($: JQueryStatic, u2fApi: typeof U2fApi): BluebirdPromise { + return startU2fAuthentication($, u2fApi); +} diff --git a/src/client/secondfactor/constants.ts b/src/client/secondfactor/constants.ts new file mode 100644 index 00000000..eb8b154b --- /dev/null +++ b/src/client/secondfactor/constants.ts @@ -0,0 +1,5 @@ + +export const TOTP_FORM_SELECTOR = ".form-signin.totp"; +export const TOTP_TOKEN_SELECTOR = ".form-signin #token"; + +export const U2F_FORM_SELECTOR = ".form-signin.u2f"; \ No newline at end of file diff --git a/src/client/secondfactor/index.ts b/src/client/secondfactor/index.ts new file mode 100644 index 00000000..1129bc2a --- /dev/null +++ b/src/client/secondfactor/index.ts @@ -0,0 +1,57 @@ + +import U2fApi = require("u2f-api"); +import jslogger = require("js-logger"); + +import TOTPValidator = require("./TOTPValidator"); +import U2FValidator = require("./U2FValidator"); + +import Endpoints = require("../../server/endpoints"); + +import Constants = require("./constants"); + + +export default function (window: Window, $: JQueryStatic, u2fApi: typeof U2fApi) { + function onAuthenticationSuccess(data: any) { + window.location.href = data.redirection_url; + } + + + function onSecondFactorTotpSuccess(data: any) { + onAuthenticationSuccess(data); + } + + function onSecondFactorTotpFailure(err: Error) { + $.notify("Error while validating TOTP token. Cause: " + err.message, "error"); + } + + function onU2fAuthenticationSuccess(data: any) { + onAuthenticationSuccess(data); + } + + function onU2fAuthenticationFailure() { + $.notify("Problem with U2F authentication. Did you register before authenticating?", "warn"); + } + + + function onTOTPFormSubmitted(): boolean { + const token = $(Constants.TOTP_TOKEN_SELECTOR).val(); + jslogger.debug("TOTP token is %s", token); + + TOTPValidator.validate(token, $) + .then(onSecondFactorTotpSuccess) + .catch(onSecondFactorTotpFailure); + return false; + } + + function onU2FFormSubmitted(): boolean { + jslogger.debug("Start U2F authentication"); + U2FValidator.validate($, U2fApi) + .then(onU2fAuthenticationSuccess, onU2fAuthenticationFailure); + return false; + } + + $(window.document).ready(function () { + $(Constants.TOTP_FORM_SELECTOR).on("submit", onTOTPFormSubmitted); + $(Constants.U2F_FORM_SELECTOR).on("submit", onU2FFormSubmitted); + }); +} \ No newline at end of file diff --git a/src/public_html/js/qrcode.min.js b/src/client/thirdparties/qrcode.min.js similarity index 100% rename from src/public_html/js/qrcode.min.js rename to src/client/thirdparties/qrcode.min.js diff --git a/src/client/totp-register/totp-register.ts b/src/client/totp-register/totp-register.ts new file mode 100644 index 00000000..6a9aa7ee --- /dev/null +++ b/src/client/totp-register/totp-register.ts @@ -0,0 +1,11 @@ + +import jslogger = require("js-logger"); +import UISelector = require("./ui-selector"); + +export default function(window: Window, $: JQueryStatic) { + jslogger.debug("Creating QRCode from OTPAuth url"); + const qrcode = $(UISelector.QRCODE_ID_SELECTOR); + const val = qrcode.text(); + qrcode.empty(); + new (window as any).QRCode(qrcode.get(0), val); +} diff --git a/src/client/totp-register/ui-selector.ts b/src/client/totp-register/ui-selector.ts new file mode 100644 index 00000000..9d43fabe --- /dev/null +++ b/src/client/totp-register/ui-selector.ts @@ -0,0 +1,2 @@ + +export const QRCODE_ID_SELECTOR = "#qrcode"; \ No newline at end of file diff --git a/src/client/u2f-register/u2f-register.ts b/src/client/u2f-register/u2f-register.ts new file mode 100644 index 00000000..d584ab03 --- /dev/null +++ b/src/client/u2f-register/u2f-register.ts @@ -0,0 +1,53 @@ + +import BluebirdPromise = require("bluebird"); +import U2f = require("u2f"); +import u2fApi = require("u2f-api"); + +import Endpoints = require("../../server/endpoints"); +import jslogger = require("js-logger"); + +export default function(window: Window, $: JQueryStatic) { + + function checkRegistration(regResponse: u2fApi.RegisterResponse, fn: (err: Error) => void) { + const registrationData: U2f.RegistrationData = regResponse; + + jslogger.debug("registrationResponse = %s", JSON.stringify(registrationData)); + + $.post(Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, registrationData, undefined, "json") + .done(function (data) { + document.location.href = data.redirection_url; + }) + .fail(function (xhr, status) { + $.notify("Error when finish U2F transaction" + status); + }); + } + + function requestRegistration(fn: (err: Error) => void) { + $.get(Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, {}, undefined, "json") + .done(function (registrationRequest: U2f.Request) { + jslogger.debug("registrationRequest = %s", JSON.stringify(registrationRequest)); + + const registerRequest: u2fApi.RegisterRequest = registrationRequest; + u2fApi.register([registerRequest], [], 120) + .then(function (res: u2fApi.RegisterResponse) { + checkRegistration(res, fn); + }) + .catch(function (err: Error) { + fn(err); + }); + }); + } + + function onRegisterFailure(err: Error) { + $.notify("Problem authenticating with U2F.", "error"); + } + + $(document).ready(function () { + requestRegistration(function (err: Error) { + if (err) { + onRegisterFailure(err); + return; + } + }); + }); +} diff --git a/src/lib/IdentityValidator.ts b/src/lib/IdentityValidator.ts deleted file mode 100644 index 94f19458..00000000 --- a/src/lib/IdentityValidator.ts +++ /dev/null @@ -1,156 +0,0 @@ - -import objectPath = require("object-path"); -import randomstring = require("randomstring"); -import BluebirdPromise = require("bluebird"); -import util = require("util"); -import exceptions = require("./Exceptions"); -import fs = require("fs"); -import ejs = require("ejs"); -import UserDataStore from "./UserDataStore"; -import { ILogger } from "../types/ILogger"; -import express = require("express"); - -import Identity = require("../types/Identity"); -import { IdentityValidationRequestContent } from "./UserDataStore"; - -const filePath = __dirname + "/../resources/email-template.ejs"; -const email_template = fs.readFileSync(filePath, "utf8"); - - -// IdentityValidator allows user to go through a identity validation process in two steps: -// - Request an operation to be performed (password reset, registration). -// - Confirm operation with email. - -export interface IdentityValidable { - challenge(): string; - templateName(): string; - preValidation(req: express.Request): BluebirdPromise; - mailSubject(): string; -} - -export class IdentityValidator { - private userDataStore: UserDataStore; - private logger: ILogger; - - constructor(userDataStore: UserDataStore, logger: ILogger) { - this.userDataStore = userDataStore; - this.logger = logger; - } - - - static setup(app: express.Application, endpoint: string, handler: IdentityValidable, userDataStore: UserDataStore, logger: ILogger) { - const identityValidator = new IdentityValidator(userDataStore, logger); - app.get(endpoint, identityValidator.identity_check_get(endpoint, handler)); - app.post(endpoint, identityValidator.identity_check_post(endpoint, handler)); - } - - - private issue_token(userid: string, content: Object): BluebirdPromise { - const five_minutes = 4 * 60 * 1000; - const token = randomstring.generate({ length: 64 }); - const that = this; - - this.logger.debug("identity_check: issue identity token %s for 5 minutes", token); - return this.userDataStore.issue_identity_check_token(userid, token, content, five_minutes) - .then(function () { - return BluebirdPromise.resolve(token); - }); - } - - private consume_token(token: string): BluebirdPromise { - this.logger.debug("identity_check: consume token %s", token); - return this.userDataStore.consume_identity_check_token(token); - } - - private identity_check_get(endpoint: string, handler: IdentityValidable): express.RequestHandler { - const that = this; - return function (req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const identity_token = objectPath.get(req, "query.identity_token"); - logger.info("GET identity_check: identity token provided is %s", identity_token); - - if (!identity_token) { - res.status(403); - res.send(); - return; - } - - that.consume_token(identity_token) - .then(function (content: IdentityValidationRequestContent) { - objectPath.set(req, "session.auth_session.identity_check", {}); - req.session.auth_session.identity_check.challenge = handler.challenge(); - req.session.auth_session.identity_check.userid = content.userid; - res.render(handler.templateName()); - }, function (err: Error) { - logger.error("GET identity_check: Error while consuming token %s", err); - throw new exceptions.AccessDeniedError("Access denied"); - }) - .catch(exceptions.AccessDeniedError, function (err: Error) { - logger.error("GET identity_check: Access Denied %s", err); - res.status(403); - res.send(); - }) - .catch(function (err: Error) { - logger.error("GET identity_check: Internal error %s", err); - res.status(500); - res.send(); - }); - }; - } - - - private identity_check_post(endpoint: string, handler: IdentityValidable): express.RequestHandler { - const that = this; - return function (req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const notifier = req.app.get("notifier"); - let identity: Identity.Identity; - - handler.preValidation(req) - .then(function (id: Identity.Identity) { - identity = id; - const email_address = objectPath.get(identity, "email"); - const userid = objectPath.get(identity, "userid"); - - if (!(email_address && userid)) { - throw new exceptions.IdentityError("Missing user id or email address"); - } - - return that.issue_token(userid, undefined); - }, function (err: Error) { - throw new exceptions.AccessDeniedError(err.message); - }) - .then(function (token: string) { - const redirect_url = objectPath.get(req, "body.redirect"); - const original_uri = objectPath.get(req, "headers.x-original-uri", ""); - const original_url = util.format("https://%s%s", req.headers.host, original_uri); - let link_url = util.format("%s?identity_token=%s", original_url, token); - if (redirect_url) { - link_url = util.format("%s&redirect=%s", link_url, redirect_url); - } - - logger.info("POST identity_check: notify to %s", identity.userid); - return notifier.notify(identity, handler.mailSubject(), link_url); - }) - .then(function () { - res.status(204); - res.send(); - }) - .catch(exceptions.IdentityError, function (err: Error) { - logger.error("POST identity_check: %s", err); - res.status(400); - res.send(); - }) - .catch(exceptions.AccessDeniedError, function (err: Error) { - logger.error("POST identity_check: %s", err); - res.status(403); - res.send(); - }) - .catch(function (err: Error) { - logger.error("POST identity_check: Error %s", err); - res.status(500); - res.send(); - }); - }; - } -} diff --git a/src/lib/RestApi.ts b/src/lib/RestApi.ts deleted file mode 100644 index 558321b2..00000000 --- a/src/lib/RestApi.ts +++ /dev/null @@ -1,282 +0,0 @@ - -import express = require("express"); -import routes = require("./routes"); -import IdentityValidator = require("./IdentityValidator"); -import UserDataStore from "./UserDataStore"; -import { ILogger } from "../types/ILogger"; - -export default class RestApi { - static setup(app: express.Application, userDataStore: UserDataStore, logger: ILogger): void { - /** - * @apiDefine UserSession - * @apiHeader {String} Cookie Cookie containing "connect.sid", the user - * session token. - */ - - /** - * @apiDefine InternalError - * @apiError (Error 500) {String} error Internal error message. - */ - - /** - * @apiDefine IdentityValidationPost - * - * @apiSuccess (Success 204) status Identity validation has been initiated. - * @apiError (Error 403) AccessDenied Access is denied. - * @apiError (Error 400) InvalidIdentity User identity is invalid. - * @apiError (Error 500) {String} error Internal error message. - * - * @apiDescription This request issue an identity validation token for the user - * bound to the session. It sends a challenge to the email address set in the user - * LDAP entry. The user must visit the sent URL to complete the validation and - * continue the registration process. - */ - - /** - * @apiDefine IdentityValidationGet - * @apiParam {String} identity_token The one-time identity validation token provided in the email. - * @apiSuccess (Success 200) {String} content The content of the page. - * @apiError (Error 403) AccessDenied Access is denied. - * @apiError (Error 500) {String} error Internal error message. - */ - - /** - * @api {get} /login Serve login page - * @apiName Login - * @apiGroup Pages - * @apiVersion 1.0.0 - * - * @apiParam {String} redirect Redirect to this URL when user is authenticated. - * @apiSuccess (Success 200) {String} Content The content of the login page. - * - * @apiDescription Create a user session and serve the login page along with - * a cookie. - */ - app.get("/login", routes.login); - - /** - * @api {get} /logout Server logout page - * @apiName Logout - * @apiGroup Pages - * @apiVersion 1.0.0 - * - * @apiParam {String} redirect Redirect to this URL when user is deauthenticated. - * @apiSuccess (Success 301) redirect Redirect to the URL. - * - * @apiDescription Deauthenticate the user and redirect him. - */ - app.get("/logout", routes.logout); - - /** - * @api {post} /totp-register Request TOTP registration - * @apiName RequestTOTPRegistration - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse IdentityValidationPost - */ - /** - * @api {get} /totp-register Serve TOTP registration page - * @apiName ServeTOTPRegistrationPage - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse IdentityValidationGet - * - * - * @apiDescription Serves the TOTP registration page that displays the secret. - * The secret is a QRCode and a base32 secret. - */ - IdentityValidator.IdentityValidator.setup(app, "/totp-register", routes.totp_register.icheck_interface, userDataStore, logger); - - - /** - * @api {post} /u2f-register Request U2F registration - * @apiName RequestU2FRegistration - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse IdentityValidationPost - */ - /** - * @api {get} /u2f-register Serve U2F registration page - * @apiName ServeU2FRegistrationPage - * @apiGroup Pages - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse IdentityValidationGet - * - * @apiDescription Serves the U2F registration page that asks the user to - * touch the token of the U2F device. - */ - IdentityValidator.IdentityValidator.setup(app, "/u2f-register", routes.u2f_register.icheck_interface, userDataStore, logger); - - /** - * @api {post} /reset-password Request for password reset - * @apiName RequestPasswordReset - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse IdentityValidationPost - */ - /** - * @api {get} /reset-password Serve password reset form. - * @apiName ServePasswordResetForm - * @apiGroup Pages - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse IdentityValidationGet - * - * @apiDescription Serves password reset form that allow the user to provide - * the new password. - */ - IdentityValidator.IdentityValidator.setup(app, "/reset-password", routes.reset_password.icheck_interface, userDataStore, logger); - - app.get("/reset-password-form", function (req, res) { res.render("reset-password-form"); }); - - /** - * @api {post} /new-password Set LDAP password - * @apiName SetLDAPPassword - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * - * @apiParam {String} password New password - * - * @apiDescription Set a new password for the user. - */ - app.post("/new-password", routes.reset_password.post); - - /** - * @api {post} /new-totp-secret Generate TOTP secret - * @apiName GenerateTOTPSecret - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * - * @apiSuccess (Success 200) {String} base32 The base32 representation of the secret. - * @apiSuccess (Success 200) {String} ascii The ASCII representation of the secret. - * @apiSuccess (Success 200) {String} qrcode The QRCode of the secret in URI format. - * - * @apiError (Error 403) {String} error No user provided in the session or - * unexpected identity validation challenge in the session. - * @apiError (Error 500) {String} error Internal error message - * - * @apiDescription Generate a new TOTP secret and returns it. - */ - app.post("/new-totp-secret", routes.totp_register.post); - - /** - * @api {get} /verify Verify user authentication - * @apiName VerifyAuthentication - * @apiGroup Verification - * @apiVersion 1.0.0 - * @apiUse UserSession - * - * @apiSuccess (Success 204) status The user is authenticated. - * @apiError (Error 401) status The user is not authenticated. - * - * @apiDescription Verify that the user is authenticated, i.e., the two - * factors have been validated - */ - app.get("/verify", routes.verify); - - /** - * @api {post} /1stfactor LDAP authentication - * @apiName ValidateFirstFactor - * @apiGroup Authentication - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse InternalError - * - * @apiParam {String} username User username. - * @apiParam {String} password User password. - * - * @apiSuccess (Success 204) status 1st factor is validated. - * @apiError (Error 401) {none} error 1st factor is not validated. - * @apiError (Error 403) {none} error Access has been restricted after too - * many authentication attempts - * - * @apiDescription Verify credentials against the LDAP. - */ - app.post("/1stfactor", routes.first_factor); - - /** - * @api {post} /2ndfactor/totp TOTP authentication - * @apiName ValidateTOTPSecondFactor - * @apiGroup Authentication - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse InternalError - * - * @apiParam {String} token TOTP token. - * - * @apiSuccess (Success 204) status TOTP token is valid. - * @apiError (Error 401) {none} error TOTP token is invalid. - * - * @apiDescription Verify TOTP token. The user is authenticated upon success. - */ - app.post("/2ndfactor/totp", routes.second_factor.totp); - - /** - * @api {get} /2ndfactor/u2f/sign_request U2F Start authentication - * @apiName StartU2FAuthentication - * @apiGroup Authentication - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse InternalError - * - * @apiSuccess (Success 200) authentication_request The U2F authentication request. - * @apiError (Error 401) {none} error There is no key registered for user in session. - * - * @apiDescription Initiate an authentication request using a U2F device. - */ - app.get("/2ndfactor/u2f/sign_request", routes.second_factor.u2f.sign_request); - - /** - * @api {post} /2ndfactor/u2f/sign U2F Complete authentication - * @apiName CompleteU2FAuthentication - * @apiGroup Authentication - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse InternalError - * - * @apiSuccess (Success 204) status The U2F authentication succeeded. - * @apiError (Error 403) {none} error No authentication request has been provided. - * - * @apiDescription Complete authentication request of the U2F device. - */ - app.post("/2ndfactor/u2f/sign", routes.second_factor.u2f.sign); - - /** - * @api {get} /2ndfactor/u2f/register_request U2F Start device registration - * @apiName StartU2FRegistration - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse InternalError - * - * @apiSuccess (Success 200) authentication_request The U2F registration request. - * @apiError (Error 403) {none} error Unexpected identity validation challenge. - * - * @apiDescription Initiate a U2F device registration request. - */ - app.get("/2ndfactor/u2f/register_request", routes.second_factor.u2f.register_request); - - /** - * @api {post} /2ndfactor/u2f/register U2F Complete device registration - * @apiName CompleteU2FRegistration - * @apiGroup Registration - * @apiVersion 1.0.0 - * @apiUse UserSession - * @apiUse InternalError - * - * @apiSuccess (Success 204) status The U2F registration succeeded. - * @apiError (Error 403) {none} error Unexpected identity validation challenge. - * @apiError (Error 403) {none} error No registration request has been provided. - * - * @apiDescription Complete U2F registration request. - */ - app.post("/2ndfactor/u2f/register", routes.second_factor.u2f.register); - } -} diff --git a/src/lib/Server.ts b/src/lib/Server.ts deleted file mode 100644 index da54cd38..00000000 --- a/src/lib/Server.ts +++ /dev/null @@ -1,94 +0,0 @@ - -import { UserConfiguration } from "./Configuration"; -import { GlobalDependencies } from "../types/Dependencies"; -import AuthenticationRegulator from "./AuthenticationRegulator"; -import UserDataStore from "./UserDataStore"; -import ConfigurationAdapter from "./ConfigurationAdapter"; -import { NotifierFactory } from "./notifiers/NotifierFactory"; -import TOTPValidator from "./TOTPValidator"; -import TOTPGenerator from "./TOTPGenerator"; -import RestApi from "./RestApi"; -import { LdapClient } from "./LdapClient"; -import BluebirdPromise = require("bluebird"); -import { IdentityValidator } from "./IdentityValidator"; - -import * as Express from "express"; -import * as BodyParser from "body-parser"; -import * as Path from "path"; -import * as http from "http"; - -import AccessController from "./access_control/AccessController"; - -export default class Server { - private httpServer: http.Server; - - start(yaml_configuration: UserConfiguration, deps: GlobalDependencies): BluebirdPromise { - const config = ConfigurationAdapter.adapt(yaml_configuration); - - const view_directory = Path.resolve(__dirname, "../views"); - const public_html_directory = Path.resolve(__dirname, "../public_html"); - const datastore_options = { - directory: config.store_directory, - inMemory: config.store_in_memory - }; - - const app = Express(); - app.use(Express.static(public_html_directory)); - app.use(BodyParser.urlencoded({ extended: false })); - app.use(BodyParser.json()); - app.set("trust proxy", 1); // trust first proxy - - app.use(deps.session({ - secret: config.session.secret, - resave: false, - saveUninitialized: true, - cookie: { - secure: false, - maxAge: config.session.expiration, - domain: config.session.domain - }, - })); - - app.set("views", view_directory); - app.set("view engine", "ejs"); - - // by default the level of logs is info - deps.winston.level = config.logs_level || "info"; - - const five_minutes = 5 * 60; - const userDataStore = new UserDataStore(datastore_options, deps.nedb); - const regulator = new AuthenticationRegulator(userDataStore, five_minutes); - const notifier = NotifierFactory.build(config.notifier, deps.nodemailer); - const ldap = new LdapClient(config.ldap, deps.ldapjs, deps.winston); - const accessController = new AccessController(config.access_control, deps.winston); - const totpValidator = new TOTPValidator(deps.speakeasy); - const totpGenerator = new TOTPGenerator(deps.speakeasy); - const identityValidator = new IdentityValidator(userDataStore, deps.winston); - - app.set("logger", deps.winston); - app.set("ldap", ldap); - app.set("totp validator", totpValidator); - app.set("totp generator", totpGenerator); - app.set("u2f", deps.u2f); - app.set("user data store", userDataStore); - app.set("notifier", notifier); - app.set("authentication regulator", regulator); - app.set("config", config); - app.set("access controller", accessController); - app.set("identity validator", identityValidator); - - RestApi.setup(app, userDataStore, deps.winston); - - return new BluebirdPromise((resolve, reject) => { - this.httpServer = app.listen(config.port, function (err: string) { - console.log("Listening on %d...", config.port); - resolve(); - }); - }); - } - - stop() { - this.httpServer.close(); - } -} - diff --git a/src/lib/routes.ts b/src/lib/routes.ts deleted file mode 100644 index 4c2d680d..00000000 --- a/src/lib/routes.ts +++ /dev/null @@ -1,41 +0,0 @@ - -import FirstFactor = require("./routes/FirstFactor"); -import SecondFactorRoutes = require("./routes/SecondFactorRoutes"); -import PasswordReset = require("./routes/PasswordReset"); -import AuthenticationValidator = require("./routes/AuthenticationValidator"); -import U2FRegistration = require("./routes/U2FRegistration"); -import TOTPRegistration = require("./routes/TOTPRegistration"); -import objectPath = require("object-path"); - -import express = require("express"); - -export = { - login: serveLogin, - logout: serveLogout, - verify: AuthenticationValidator, - first_factor: FirstFactor, - second_factor: SecondFactorRoutes, - reset_password: PasswordReset, - u2f_register: U2FRegistration, - totp_register: TOTPRegistration, -}; - -function serveLogin(req: express.Request, res: express.Response) { - if (!(objectPath.has(req, "session.auth_session"))) { - req.session.auth_session = {}; - req.session.auth_session.first_factor = false; - req.session.auth_session.second_factor = false; - } - res.render("login"); -} - -function serveLogout(req: express.Request, res: express.Response) { - const redirect_param = req.query.redirect; - const redirect_url = redirect_param || "/"; - req.session.auth_session = { - first_factor: false, - second_factor: false - }; - res.redirect(redirect_url); -} - diff --git a/src/lib/routes/AuthenticationValidator.ts b/src/lib/routes/AuthenticationValidator.ts deleted file mode 100644 index d5ae1178..00000000 --- a/src/lib/routes/AuthenticationValidator.ts +++ /dev/null @@ -1,53 +0,0 @@ - -import objectPath = require("object-path"); -import BluebirdPromise = require("bluebird"); -import express = require("express"); -import AccessController from "../access_control/AccessController"; -import exceptions = require("../Exceptions"); - -function verify_filter(req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const accessController: AccessController = req.app.get("access controller"); - - if (!objectPath.has(req, "session.auth_session")) - return BluebirdPromise.reject("No auth_session variable"); - - if (!objectPath.has(req, "session.auth_session.first_factor")) - return BluebirdPromise.reject("No first factor variable"); - - if (!objectPath.has(req, "session.auth_session.second_factor")) - return BluebirdPromise.reject("No second factor variable"); - - if (!objectPath.has(req, "session.auth_session.userid")) - return BluebirdPromise.reject("No userid variable"); - - const username = objectPath.get(req, "session.auth_session.userid"); - const groups = objectPath.get(req, "session.auth_session.groups"); - - const host = objectPath.get(req, "headers.host"); - const domain = host.split(":")[0]; - - const isAllowed = accessController.isDomainAllowedForUser(domain, username, groups); - if (!isAllowed) return BluebirdPromise.reject( - new exceptions.DomainAccessDenied("User '" + username + "' does not have access to " + domain)); - - if (!req.session.auth_session.first_factor || - !req.session.auth_session.second_factor) - return BluebirdPromise.reject(new exceptions.AccessDeniedError("First or second factor not validated")); - - return BluebirdPromise.resolve(); -} - -export = function (req: express.Request, res: express.Response) { - verify_filter(req, res) - .then(function () { - res.status(204); - res.send(); - }) - .catch(function (err) { - req.app.get("logger").error(err); - res.status(401); - res.send(); - }); -}; - diff --git a/src/lib/routes/DenyNotLogged.ts b/src/lib/routes/DenyNotLogged.ts deleted file mode 100644 index 2c2b71d9..00000000 --- a/src/lib/routes/DenyNotLogged.ts +++ /dev/null @@ -1,19 +0,0 @@ - -import objectPath = require("object-path"); -import express = require("express"); - -type ExpressRequest = (req: express.Request, res: express.Response, next?: express.NextFunction) => void; - -export = function(callback: ExpressRequest): ExpressRequest { - return function (req: express.Request, res: express.Response, next: express.NextFunction) { - const auth_session = req.session.auth_session; - const first_factor = objectPath.has(req, "session.auth_session.first_factor") - && req.session.auth_session.first_factor; - if (!first_factor) { - res.status(403); - res.send(); - return; - } - callback(req, res, next); - }; -}; diff --git a/src/lib/routes/FirstFactor.ts b/src/lib/routes/FirstFactor.ts deleted file mode 100644 index 7d33afc9..00000000 --- a/src/lib/routes/FirstFactor.ts +++ /dev/null @@ -1,82 +0,0 @@ - -import exceptions = require("../Exceptions"); -import objectPath = require("object-path"); -import BluebirdPromise = require("bluebird"); -import express = require("express"); -import AccessController from "../access_control/AccessController"; -import AuthenticationRegulator from "../AuthenticationRegulator"; -import { LdapClient } from "../LdapClient"; - -export = function (req: express.Request, res: express.Response) { - const username: string = req.body.username; - const password: string = req.body.password; - if (!username || !password) { - res.status(401); - res.send(); - return; - } - - const logger = req.app.get("logger"); - const ldap: LdapClient = req.app.get("ldap"); - const config = req.app.get("config"); - const regulator: AuthenticationRegulator = req.app.get("authentication regulator"); - const accessController: AccessController = req.app.get("access controller"); - - logger.info("1st factor: Starting authentication of user \"%s\"", username); - logger.debug("1st factor: Start bind operation against LDAP"); - logger.debug("1st factor: username=%s", username); - - regulator.regulate(username) - .then(function () { - return ldap.bind(username, password); - }) - .then(function () { - objectPath.set(req, "session.auth_session.userid", username); - objectPath.set(req, "session.auth_session.first_factor", true); - logger.info("1st factor: LDAP binding successful"); - logger.debug("1st factor: Retrieve email from LDAP"); - return BluebirdPromise.join(ldap.get_emails(username), ldap.get_groups(username)); - }) - .then(function (data: [string[], string[]]) { - const emails: string[] = data[0]; - const groups: string[] = data[1]; - - if (!emails && emails.length <= 0) throw new Error("No email found"); - logger.debug("1st factor: Retrieved email are %s", emails); - objectPath.set(req, "session.auth_session.email", emails[0]); - objectPath.set(req, "session.auth_session.groups", groups); - - regulator.mark(username, true); - res.status(204); - res.send(); - }) - .catch(exceptions.LdapSeachError, function (err: Error) { - logger.error("1st factor: Unable to retrieve email from LDAP", err); - res.status(500); - res.send(); - }) - .catch(exceptions.LdapBindError, function (err: Error) { - logger.error("1st factor: LDAP binding failed"); - logger.debug("1st factor: LDAP binding failed due to ", err); - regulator.mark(username, false); - res.status(401); - res.send("Bad credentials"); - }) - .catch(exceptions.AuthenticationRegulationError, function (err: Error) { - logger.error("1st factor: the regulator rejected the authentication of user %s", username); - logger.debug("1st factor: authentication rejected due to %s", err); - res.status(403); - res.send("Access has been restricted for a few minutes..."); - }) - .catch(exceptions.DomainAccessDenied, (err: Error) => { - logger.error("1st factor: ", err); - res.status(401); - res.send("Access denied..."); - }) - .catch(function (err: Error) { - console.log(err.stack); - logger.error("1st factor: Unhandled error %s", err); - res.status(500); - res.send("Internal error"); - }); -}; diff --git a/src/lib/routes/PasswordReset.ts b/src/lib/routes/PasswordReset.ts deleted file mode 100644 index 25b8e107..00000000 --- a/src/lib/routes/PasswordReset.ts +++ /dev/null @@ -1,81 +0,0 @@ - -import BluebirdPromise = require("bluebird"); -import objectPath = require("object-path"); -import exceptions = require("../Exceptions"); -import express = require("express"); -import { Identity } from "../../types/Identity"; -import { IdentityValidable } from "../IdentityValidator"; - -const CHALLENGE = "reset-password"; - -class PasswordResetHandler implements IdentityValidable { - challenge(): string { - return CHALLENGE; - } - - templateName(): string { - return "reset-password"; - } - - preValidation(req: express.Request): BluebirdPromise { - const userid = objectPath.get(req, "body.userid"); - if (!userid) { - return BluebirdPromise.reject(new exceptions.AccessDeniedError("No user id provided")); - } - - const ldap = req.app.get("ldap"); - return ldap.get_emails(userid) - .then(function (emails: string[]) { - if (!emails && emails.length <= 0) throw new Error("No email found"); - - const identity = { - email: emails[0], - userid: userid - }; - return BluebirdPromise.resolve(identity); - }); - } - - mailSubject(): string { - return "Reset your password"; - } -} - -function protect(fn: express.RequestHandler) { - return function (req: express.Request, res: express.Response) { - const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge"); - if (challenge != CHALLENGE) { - res.status(403); - res.send(); - return; - } - fn(req, res, undefined); - }; -} - -function post(req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const ldap = req.app.get("ldap"); - const new_password = objectPath.get(req, "body.password"); - const userid = objectPath.get(req, "session.auth_session.identity_check.userid"); - - logger.info("POST reset-password: User %s wants to reset his/her password", userid); - - ldap.update_password(userid, new_password) - .then(function () { - logger.info("POST reset-password: Password reset for user %s", userid); - objectPath.set(req, "session.auth_session", undefined); - res.status(204); - res.send(); - }) - .catch(function (err: Error) { - logger.error("POST reset-password: Error while resetting the password of user %s. %s", userid, err); - res.status(500); - res.send(); - }); -} - -export = { - icheck_interface: new PasswordResetHandler(), - post: protect(post) -}; diff --git a/src/lib/routes/SecondFactorRoutes.ts b/src/lib/routes/SecondFactorRoutes.ts deleted file mode 100644 index f8698c2f..00000000 --- a/src/lib/routes/SecondFactorRoutes.ts +++ /dev/null @@ -1,28 +0,0 @@ - -import DenyNotLogged = require("./DenyNotLogged"); -import U2FRoutes = require("./U2FRoutes"); -import TOTPAuthenticator = require("./TOTPAuthenticator"); - -import express = require("express"); - -interface SecondFactorRoutes { - totp: express.RequestHandler; - u2f: { - register_request: express.RequestHandler; - register: express.RequestHandler; - sign_request: express.RequestHandler; - sign: express.RequestHandler; - }; -} - -export = { - totp: DenyNotLogged(TOTPAuthenticator), - u2f: { - register_request: U2FRoutes.register_request, - register: U2FRoutes.register, - - sign_request: DenyNotLogged(U2FRoutes.sign_request), - sign: DenyNotLogged(U2FRoutes.sign), - } -} as SecondFactorRoutes; - diff --git a/src/lib/routes/TOTPAuthenticator.ts b/src/lib/routes/TOTPAuthenticator.ts deleted file mode 100644 index 7f63f2ff..00000000 --- a/src/lib/routes/TOTPAuthenticator.ts +++ /dev/null @@ -1,49 +0,0 @@ - -import exceptions = require("../Exceptions"); -import objectPath = require("object-path"); -import express = require("express"); -import { TOTPSecretDocument } from "../UserDataStore"; -import BluebirdPromise = require("bluebird"); - -const UNAUTHORIZED_MESSAGE = "Unauthorized access"; - -export = function(req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const userid = objectPath.get(req, "session.auth_session.userid"); - logger.info("POST 2ndfactor totp: Initiate TOTP validation for user %s", userid); - - if (!userid) { - logger.error("POST 2ndfactor totp: No user id in the session"); - res.status(403); - res.send(); - return; - } - - const token = req.body.token; - const totpValidator = req.app.get("totp validator"); - const userDataStore = req.app.get("user data store"); - - logger.debug("POST 2ndfactor totp: Fetching secret for user %s", userid); - userDataStore.get_totp_secret(userid) - .then(function (doc: TOTPSecretDocument) { - logger.debug("POST 2ndfactor totp: TOTP secret is %s", JSON.stringify(doc)); - return totpValidator.validate(token, doc.secret.base32); - }) - .then(function () { - logger.debug("POST 2ndfactor totp: TOTP validation succeeded"); - objectPath.set(req, "session.auth_session.second_factor", true); - res.status(204); - res.send(); - }) - .catch(exceptions.InvalidTOTPError, function (err: Error) { - logger.error("POST 2ndfactor totp: Invalid TOTP token %s", err.message); - res.status(401); - res.send("Invalid TOTP token"); - }) - .catch(function (err: Error) { - console.log(err.stack); - logger.error("POST 2ndfactor totp: Internal error %s", err.message); - res.status(500); - res.send("Internal error"); - }); -}; diff --git a/src/lib/routes/TOTPRegistration.ts b/src/lib/routes/TOTPRegistration.ts deleted file mode 100644 index 1be58181..00000000 --- a/src/lib/routes/TOTPRegistration.ts +++ /dev/null @@ -1,86 +0,0 @@ -import objectPath = require("object-path"); -import BluebirdPromise = require("bluebird"); -import express = require("express"); -import exceptions = require("../Exceptions"); -import { Identity } from "../../types/Identity"; -import { IdentityValidable } from "../IdentityValidator"; - -const CHALLENGE = "totp-register"; -const TEMPLATE_NAME = "totp-register"; - - -class TOTPRegistrationHandler implements IdentityValidable { - challenge(): string { - return CHALLENGE; - } - - templateName(): string { - return TEMPLATE_NAME; - } - - preValidation(req: express.Request): BluebirdPromise { - const first_factor_passed = objectPath.get(req, "session.auth_session.first_factor"); - if (!first_factor_passed) { - return BluebirdPromise.reject("Authentication required before registering TOTP secret key"); - } - - const userid = objectPath.get(req, "session.auth_session.userid"); - const email = objectPath.get(req, "session.auth_session.email"); - - if (!(userid && email)) { - return BluebirdPromise.reject("User ID or email is missing"); - } - - const identity = { - email: email, - userid: userid - }; - return BluebirdPromise.resolve(identity); - } - - mailSubject(): string { - return "Register your TOTP secret key"; - } -} - -// Generate a secret and send it to the user -function post(req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const userid = objectPath.get(req, "session.auth_session.identity_check.userid"); - const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge"); - - if (challenge != CHALLENGE || !userid) { - res.status(403); - res.send(); - return; - } - - const user_data_store = req.app.get("user data store"); - const totpGenerator = req.app.get("totp generator"); - const secret = totpGenerator.generate(); - - logger.debug("POST new-totp-secret: save the TOTP secret in DB"); - user_data_store.set_totp_secret(userid, secret) - .then(function () { - const doc = { - otpauth_url: secret.otpauth_url, - base32: secret.base32, - ascii: secret.ascii - }; - objectPath.set(req, "session", undefined); - - res.status(200); - res.json(doc); - }) - .catch(function (err: Error) { - logger.error("POST new-totp-secret: Internal error %s", err); - res.status(500); - res.send(); - }); -} - - -export = { - icheck_interface: new TOTPRegistrationHandler(), - post: post, -}; diff --git a/src/lib/routes/U2FAuthenticationProcess.ts b/src/lib/routes/U2FAuthenticationProcess.ts deleted file mode 100644 index 84c8690b..00000000 --- a/src/lib/routes/U2FAuthenticationProcess.ts +++ /dev/null @@ -1,84 +0,0 @@ - -import u2f_register_handler = require("./U2FRegistration"); -import objectPath = require("object-path"); -import u2f_common = require("./u2f_common"); -import BluebirdPromise = require("bluebird"); -import express = require("express"); -import authdog = require("../../types/authdog"); -import UserDataStore, { U2FMetaDocument } from "../UserDataStore"; - - -function retrieve_u2f_meta(req: express.Request, userDataStore: UserDataStore) { - const userid = req.session.auth_session.userid; - const appid = u2f_common.extract_app_id(req); - return userDataStore.get_u2f_meta(userid, appid); -} - - -function sign_request(req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const userDataStore = req.app.get("user data store"); - - retrieve_u2f_meta(req, userDataStore) - .then(function (doc: U2FMetaDocument) { - if (!doc) { - u2f_common.reply_with_missing_registration(res); - return; - } - - const u2f = req.app.get("u2f"); - const meta = doc.meta; - const appid = u2f_common.extract_app_id(req); - logger.info("U2F sign_request: Start authentication to app %s", appid); - return u2f.startAuthentication(appid, [meta]); - }) - .then(function (authRequest: authdog.AuthenticationRequest) { - logger.info("U2F sign_request: Store authentication request and reply"); - req.session.auth_session.sign_request = authRequest; - res.status(200); - res.json(authRequest); - }) - .catch(function (err: Error) { - logger.info("U2F sign_request: %s", err); - res.status(500); - res.send(); - }); -} - - -function sign(req: express.Request, res: express.Response) { - if (!objectPath.has(req, "session.auth_session.sign_request")) { - u2f_common.reply_with_unauthorized(res); - return; - } - - const logger = req.app.get("logger"); - const userDataStore = req.app.get("user data store"); - - retrieve_u2f_meta(req, userDataStore) - .then(function (doc: U2FMetaDocument) { - const appid = u2f_common.extract_app_id(req); - const u2f = req.app.get("u2f"); - const authRequest = req.session.auth_session.sign_request; - const meta = doc.meta; - logger.info("U2F sign: Finish authentication"); - return u2f.finishAuthentication(authRequest, req.body, [meta]); - }) - .then(function (authenticationStatus: authdog.Authentication) { - logger.info("U2F sign: Authentication successful"); - req.session.auth_session.second_factor = true; - res.status(204); - res.send(); - }) - .catch(function (err: Error) { - logger.error("U2F sign: %s", err); - res.status(500); - res.send(); - }); -} - - -export = { - sign_request: sign_request, - sign: sign -}; diff --git a/src/lib/routes/U2FRegistration.ts b/src/lib/routes/U2FRegistration.ts deleted file mode 100644 index d8126c46..00000000 --- a/src/lib/routes/U2FRegistration.ts +++ /dev/null @@ -1,51 +0,0 @@ - -import objectPath = require("object-path"); -import BluebirdPromise = require("bluebird"); -import express = require("express"); - -import { IdentityValidable } from "../IdentityValidator"; -import { Identity } from "../../types/Identity"; - -const CHALLENGE = "u2f-register"; -const TEMPLATE_NAME = "u2f-register"; -const MAIL_SUBJECT = "Register your U2F device"; - - -class U2FRegistrationHandler implements IdentityValidable { - challenge(): string { - return CHALLENGE; - } - - templateName(): string { - return TEMPLATE_NAME; - } - - preValidation(req: express.Request): BluebirdPromise { - const first_factor_passed = objectPath.get(req, "session.auth_session.first_factor"); - if (!first_factor_passed) { - return BluebirdPromise.reject("Authentication required before issuing a u2f registration request"); - } - - const userid = objectPath.get(req, "session.auth_session.userid"); - const email = objectPath.get(req, "session.auth_session.email"); - - if (!(userid && email)) { - return BluebirdPromise.reject("User ID or email is missing"); - } - - const identity = { - email: email, - userid: userid - }; - return BluebirdPromise.resolve(identity); - } - - mailSubject(): string { - return MAIL_SUBJECT; - } -} - -export = { - icheck_interface: new U2FRegistrationHandler(), -}; - diff --git a/src/lib/routes/U2FRegistrationProcess.ts b/src/lib/routes/U2FRegistrationProcess.ts deleted file mode 100644 index 1737e256..00000000 --- a/src/lib/routes/U2FRegistrationProcess.ts +++ /dev/null @@ -1,89 +0,0 @@ - -import u2f_register_handler = require("./U2FRegistration"); -import objectPath = require("object-path"); -import u2f_common = require("./u2f_common"); -import BluebirdPromise = require("bluebird"); -import express = require("express"); -import authdog = require("../../types/authdog"); - -function register_request(req: express.Request, res: express.Response) { - const logger = req.app.get("logger"); - const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge"); - if (challenge != "u2f-register") { - res.status(403); - res.send(); - return; - } - - const u2f = req.app.get("u2f"); - const appid = u2f_common.extract_app_id(req); - - logger.debug("U2F register_request: headers=%s", JSON.stringify(req.headers)); - logger.info("U2F register_request: Starting registration of app %s", appid); - u2f.startRegistration(appid, []) - .then(function (registrationRequest: authdog.AuthenticationRequest) { - logger.info("U2F register_request: Sending back registration request"); - req.session.auth_session.register_request = registrationRequest; - res.status(200); - res.json(registrationRequest); - }) - .catch(function (err: Error) { - logger.error("U2F register_request: %s", err); - res.status(500); - res.send("Unable to start registration request"); - }); -} - -function register(req: express.Request, res: express.Response) { - const registrationRequest = objectPath.get(req, "session.auth_session.register_request"); - const challenge = objectPath.get(req, "session.auth_session.identity_check.challenge"); - - if (!registrationRequest) { - res.status(403); - res.send(); - return; - } - - if (!(registrationRequest && challenge == "u2f-register")) { - res.status(403); - res.send(); - return; - } - - - const user_data_storage = req.app.get("user data store"); - const u2f = req.app.get("u2f"); - const userid = req.session.auth_session.userid; - const appid = u2f_common.extract_app_id(req); - const logger = req.app.get("logger"); - - logger.info("U2F register: Finishing registration"); - logger.debug("U2F register: register_request=%s", JSON.stringify(registrationRequest)); - logger.debug("U2F register: body=%s", JSON.stringify(req.body)); - - u2f.finishRegistration(registrationRequest, req.body) - .then(function (registrationStatus: authdog.Registration) { - logger.info("U2F register: Store registration and reply"); - const meta = { - keyHandle: registrationStatus.keyHandle, - publicKey: registrationStatus.publicKey, - certificate: registrationStatus.certificate - }; - return user_data_storage.set_u2f_meta(userid, appid, meta); - }) - .then(function () { - objectPath.set(req, "session.auth_session.identity_check", undefined); - res.status(204); - res.send(); - }) - .catch(function (err: Error) { - logger.error("U2F register: %s", err); - res.status(500); - res.send("Unable to register"); - }); -} - -export = { - register_request: register_request, - register: register -}; diff --git a/src/lib/routes/U2FRoutes.ts b/src/lib/routes/U2FRoutes.ts deleted file mode 100644 index 50c150ee..00000000 --- a/src/lib/routes/U2FRoutes.ts +++ /dev/null @@ -1,19 +0,0 @@ - -import U2FRegistrationProcess = require("./U2FRegistrationProcess"); -import U2FAuthenticationProcess = require("./U2FAuthenticationProcess"); - -import express = require("express"); - -interface U2FRoutes { - register_request: express.RequestHandler; - register: express.RequestHandler; - sign_request: express.RequestHandler; - sign: express.RequestHandler; -} - -export = { - register_request: U2FRegistrationProcess.register_request, - register: U2FRegistrationProcess.register, - sign_request: U2FAuthenticationProcess.sign_request, - sign: U2FAuthenticationProcess.sign, -} as U2FRoutes; diff --git a/src/lib/routes/u2f_common.ts b/src/lib/routes/u2f_common.ts deleted file mode 100644 index cb13bd01..00000000 --- a/src/lib/routes/u2f_common.ts +++ /dev/null @@ -1,39 +0,0 @@ - -import util = require("util"); -import express = require("express"); - -function extract_app_id(req: express.Request) { - return util.format("https://%s", req.headers.host); -} - -function extract_original_url(req: express.Request) { - return util.format("https://%s%s", req.headers.host, req.headers["x-original-uri"]); -} - -function extract_referrer(req: express.Request) { - return req.headers.referrer; -} - -function reply_with_internal_error(res: express.Response, msg: string) { - res.status(500); - res.send(msg); -} - -function reply_with_missing_registration(res: express.Response) { - res.status(401); - res.send("Please register before authenticate"); -} - -function reply_with_unauthorized(res: express.Response) { - res.status(401); - res.send(); -} - -export = { - extract_app_id: extract_app_id, - extract_original_url: extract_original_url, - extract_referrer: extract_referrer, - reply_with_internal_error: reply_with_internal_error, - reply_with_missing_registration: reply_with_missing_registration, - reply_with_unauthorized: reply_with_unauthorized -}; \ No newline at end of file diff --git a/src/public_html/css/login.css b/src/public_html/css/login.css deleted file mode 100644 index 85143d5e..00000000 --- a/src/public_html/css/login.css +++ /dev/null @@ -1,126 +0,0 @@ -@import url(https://fonts.googleapis.com/css?family=Open+Sans); -.btn { display: inline-block; *display: inline; *zoom: 1; padding: 4px 10px 4px; margin-bottom: 0; font-size: 13px; line-height: 18px; color: #333333; text-align: center;text-shadow: 0 1px 1px rgba(255, 255, 255, 0.75); vertical-align: middle; background-color: #f5f5f5; background-image: -moz-linear-gradient(top, #ffffff, #e6e6e6); background-image: -ms-linear-gradient(top, #ffffff, #e6e6e6); background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), to(#e6e6e6)); background-image: -webkit-linear-gradient(top, #ffffff, #e6e6e6); background-image: -o-linear-gradient(top, #ffffff, #e6e6e6); background-image: linear-gradient(top, #ffffff, #e6e6e6); background-repeat: repeat-x; filter: progid:dximagetransform.microsoft.gradient(startColorstr=#ffffff, endColorstr=#e6e6e6, GradientType=0); border-color: #e6e6e6 #e6e6e6 #e6e6e6; border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); border: 1px solid #e6e6e6; -webkit-border-radius: 4px; -moz-border-radius: 4px; border-radius: 4px; -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); -moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.05); cursor: pointer; *margin-left: .3em; } -.btn:hover, .btn:active, .btn.active, .btn.disabled, .btn[disabled] { background-color: #e6e6e6; } -.btn-large { padding: 9px 14px; font-size: 15px; line-height: normal; -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; } -.btn:hover { color: #333333; text-decoration: none; background-color: #e6e6e6; background-position: 0 -15px; -webkit-transition: background-position 0.1s linear; -moz-transition: background-position 0.1s linear; -ms-transition: background-position 0.1s linear; -o-transition: background-position 0.1s linear; transition: background-position 0.1s linear; } -.btn-primary, .btn-primary:hover { text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); color: #ffffff; } -.btn-primary.active { color: rgba(255, 255, 255, 0.75); } -.btn-primary { background-color: #4a77d4; background-image: -moz-linear-gradient(top, #6eb6de, #4a77d4); background-image: -ms-linear-gradient(top, #6eb6de, #4a77d4); background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#6eb6de), to(#4a77d4)); background-image: -webkit-linear-gradient(top, #6eb6de, #4a77d4); background-image: -o-linear-gradient(top, #6eb6de, #4a77d4); background-image: linear-gradient(top, #6eb6de, #4a77d4); background-repeat: repeat-x; filter: progid:dximagetransform.microsoft.gradient(startColorstr=#6eb6de, endColorstr=#4a77d4, GradientType=0); border: 1px solid #3762bc; text-shadow: 1px 1px 1px rgba(0,0,0,0.4); box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.2), 0 1px 2px rgba(0, 0, 0, 0.5); } -.btn-primary:hover, .btn-primary:active, .btn-primary.active, .btn-primary.disabled, .btn-primary[disabled] { filter: none; background-color: #4a77d4; } -.btn-block { width: 100%; display:block; } - -* { -webkit-box-sizing:border-box; -moz-box-sizing:border-box; -ms-box-sizing:border-box; -o-box-sizing:border-box; box-sizing:border-box; } - -html { width: 100%; height:100%; overflow:hidden; } - -body { - width: 100%; - height:100%; - font-family: 'Open Sans', sans-serif; - background: #092756; - background: -moz-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%),-moz-linear-gradient(top, rgba(57,173,219,.25) 0%, rgba(42,60,87,.4) 100%), -moz-linear-gradient(-45deg, #670d10 0%, #092756 100%); - background: -webkit-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), -webkit-linear-gradient(top, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), -webkit-linear-gradient(-45deg, #670d10 0%,#092756 100%); - background: -o-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), -o-linear-gradient(top, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), -o-linear-gradient(-45deg, #670d10 0%,#092756 100%); - background: -ms-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), -ms-linear-gradient(top, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), -ms-linear-gradient(-45deg, #670d10 0%,#092756 100%); - background: -webkit-radial-gradient(0% 100%, ellipse cover, rgba(104,128,138,.4) 10%,rgba(138,114,76,0) 40%), linear-gradient(to bottom, rgba(57,173,219,.25) 0%,rgba(42,60,87,.4) 100%), linear-gradient(135deg, #670d10 0%,#092756 100%); - filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#3E1D6D', endColorstr='#092756',GradientType=1 ); -} - -.vr { - margin-left: 10px; - margin-right: 10px; -} - -.login { - position: absolute; - top: 50%; - left: 50%; - margin: -150px 0 0 -150px; - width:300px; - height:300px; -} - -.totp { - position: absolute; - top: 50%; - left: 50%; - margin: -150px 0 0 -150px; - width:400px; - height:300px; -} - -h1 { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text-align:center; } - -h2 { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text-align:center; font-size: 1em; } - -p { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text-align:center; } - -a { color: #fff; text-align: center; } - -#qrcode img { - margin: auto; - text-align: center; - padding: 10px; - background: white; -} - -#secret { font-size: 0.7em; } - -input { - width: 100%; - margin-bottom: 10px; - background: rgba(0,0,0,0.3); - border: none; - outline: none; - padding: 10px; - font-size: 13px; - color: #fff; - text-shadow: 1px 1px 1px rgba(0,0,0,0.3); - border: 1px solid rgba(0,0,0,0.3); - border-radius: 4px; - box-shadow: inset 0 -5px 45px rgba(100,100,100,0.2), 0 1px 1px rgba(255,255,255,0.2); - -webkit-transition: box-shadow .5s ease; - -moz-transition: box-shadow .5s ease; - -o-transition: box-shadow .5s ease; - -ms-transition: box-shadow .5s ease; - transition: box-shadow .5s ease; -} -input:focus { box-shadow: inset 0 -5px 45px rgba(100,100,100,0.4), 0 1px 1px rgba(255,255,255,0.2); } - -#information { - border: 1px solid black; - padding: 10px 20px; - margin-top: 25px; - font-size: 0.8em; - border-radius: 4px; -} - -#information.failure { - background-color: rgb(255, 124, 124); -} - -#information.success { - background-color: rgb(43, 188, 99); -} - -#second-factor { - width: 400px; -} - -#second-factor .login { - display: inline-block; -} - -#second-factor #totp { - width: 180px; - float: left; -} - -#second-factor #u2f { - width: 180px; - float: right; -} - -button { - margin-top: 5px; -} diff --git a/src/public_html/js/jquery.min.js b/src/public_html/js/jquery.min.js deleted file mode 100644 index 4c5be4c0..00000000 --- a/src/public_html/js/jquery.min.js +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */ -!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.push,G=D.push,H=D.slice,I=function(a,b){for(var c=0,d=a.length;c+~]|"+K+")"+K+"*"),S=new RegExp("="+K+"*([^\\]'\"]*?)"+K+"*\\]","g"),T=new RegExp(N),U=new RegExp("^"+L+"$"),V={ID:new RegExp("^#("+L+")"),CLASS:new RegExp("^\\.("+L+")"),TAG:new RegExp("^("+L+"|[*])"),ATTR:new RegExp("^"+M),PSEUDO:new RegExp("^"+N),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+K+"*(even|odd|(([+-]|)(\\d*)n|)"+K+"*(?:([+-]|)"+K+"*(\\d+)|))"+K+"*\\)|)","i"),bool:new RegExp("^(?:"+J+")$","i"),needsContext:new RegExp("^"+K+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+K+"*((?:-\\d)?\\d*)"+K+"*\\)|)(?=[^-]|$)","i")},W=/^(?:input|select|textarea|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da-f]{1,6}"+K+"?|("+K+")|.)","ig"),aa=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:d<0?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},ba=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ca=function(a,b){return b?"\0"===a?"\ufffd":a.slice(0,-1)+"\\"+a.charCodeAt(a.length-1).toString(16)+" ":"\\"+a},da=function(){m()},ea=ta(function(a){return a.disabled===!0&&("form"in a||"label"in a)},{dir:"parentNode",next:"legend"});try{G.apply(D=H.call(v.childNodes),v.childNodes),D[v.childNodes.length].nodeType}catch(fa){G={apply:D.length?function(a,b){F.apply(a,H.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ga(a,b,d,e){var f,h,j,k,l,o,r,s=b&&b.ownerDocument,w=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==w&&9!==w&&11!==w)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==w&&(l=Z.exec(a)))if(f=l[1]){if(9===w){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(s&&(j=s.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(l[2])return G.apply(d,b.getElementsByTagName(a)),d;if((f=l[3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.setAttribute("id",k=u),o=g(a),h=o.length;while(h--)o[h]="#"+k+" "+sa(o[h]);r=o.join(","),s=$.test(a)&&qa(b.parentNode)||b}if(r)try{return G.apply(d,s.querySelectorAll(r)),d}catch(x){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(P,"$1"),b,d,e)}function ha(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ia(a){return a[u]=!0,a}function ja(a){var b=n.createElement("fieldset");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ka(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function la(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&a.sourceIndex-b.sourceIndex;if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function oa(a){return function(b){return"form"in b?b.parentNode&&b.disabled===!1?"label"in b?"label"in b.parentNode?b.parentNode.disabled===a:b.disabled===a:b.isDisabled===a||b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function qa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=ga.support={},f=ga.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return!!b&&"HTML"!==b.nodeName},m=ga.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),v!==n&&(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ja(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Y.test(n.getElementsByClassName),c.getById=ja(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){return a.getAttribute("id")===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}}):(d.filter.ID=function(a){var b=a.replace(_,aa);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value===a)return[f];e=b.getElementsByName(a),d=0;while(f=e[d++])if(c=f.getAttributeNode("id"),c&&c.value===a)return[f]}return[]}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){if("undefined"!=typeof b.getElementsByClassName&&p)return b.getElementsByClassName(a)},r=[],q=[],(c.qsa=Y.test(n.querySelectorAll))&&(ja(function(a){o.appendChild(a).innerHTML="",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+K+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+K+"*(?:value|"+J+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ja(function(a){a.innerHTML="";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"*[*^$|!~]?="),2!==a.querySelectorAll(":enabled").length&&q.push(":enabled",":disabled"),o.appendChild(a).disabled=!0,2!==a.querySelectorAll(":disabled").length&&q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Y.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ja(function(a){c.disconnectedMatch=s.call(a,"*"),s.call(a,"[s!='']:x"),r.push("!=",N)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Y.test(o.compareDocumentPosition),t=b||Y.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?la(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},ga.matches=function(a,b){return ga(a,null,null,b)},ga.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(S,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return ga(b,n,null,[a]).length>0},ga.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},ga.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&C.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},ga.escape=function(a){return(a+"").replace(ba,ca)},ga.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},ga.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=ga.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=ga.selectors={cacheLength:50,createPseudo:ia,match:V,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(_,aa),a[3]=(a[3]||a[4]||a[5]||"").replace(_,aa),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||ga.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&ga.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return V.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&T.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(_,aa).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+K+")"+a+"("+K+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=ga.attr(d,a);return null==e?"!="===b:!b||(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(O," ")+" ").indexOf(c)>-1:"|="===b&&(e===c||e.slice(0,c.length+1)===c+"-"))}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||ga.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ia(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=I(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ia(function(a){var b=[],c=[],d=h(a.replace(P,"$1"));return d[u]?ia(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ia(function(a){return function(b){return ga(a,b).length>0}}),contains:ia(function(a){return a=a.replace(_,aa),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ia(function(a){return U.test(a||"")||ga.error("unsupported lang: "+a),a=a.replace(_,aa).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:oa(!1),disabled:oa(!0),checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return X.test(a.nodeName)},input:function(a){return W.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:pa(function(){return[0]}),last:pa(function(a,b){return[b-1]}),eq:pa(function(a,b,c){return[c<0?c+b:c]}),even:pa(function(a,b){for(var c=0;c=0;)a.push(d);return a}),gt:pa(function(a,b,c){for(var d=c<0?c+b:c;++d1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function va(a,b,c){for(var d=0,e=b.length;d-1&&(f[j]=!(g[j]=l))}}else r=wa(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):G.apply(g,r)})}function ya(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ta(function(a){return a===b},h,!0),l=ta(function(a){return I(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];i1&&ua(m),i>1&&sa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(P,"$1"),c,i0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=E.call(i));u=wa(u)}G.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&ga.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ia(f):f}return h=ga.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=ya(b[c]),f[u]?d.push(f):e.push(f);f=A(a,za(e,d)),f.selector=a}return f},i=ga.select=function(a,b,c,e){var f,i,j,k,l,m="function"==typeof a&&a,n=!e&&g(a=m.selector||a);if(c=c||[],1===n.length){if(i=n[0]=n[0].slice(0),i.length>2&&"ID"===(j=i[0]).type&&9===b.nodeType&&p&&d.relative[i[1].type]){if(b=(d.find.ID(j.matches[0].replace(_,aa),b)||[])[0],!b)return c;m&&(b=b.parentNode),a=a.slice(i.shift().value.length)}f=V.needsContext.test(a)?0:i.length;while(f--){if(j=i[f],d.relative[k=j.type])break;if((l=d.find[k])&&(e=l(j.matches[0].replace(_,aa),$.test(i[0].type)&&qa(b.parentNode)||b))){if(i.splice(f,1),a=e.length&&sa(i),!a)return G.apply(c,e),c;break}}}return(m||h(a,n))(e,b,!p,c,!b||$.test(a)&&qa(b.parentNode)||b),c},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ja(function(a){return 1&a.compareDocumentPosition(n.createElement("fieldset"))}),ja(function(a){return a.innerHTML="","#"===a.firstChild.getAttribute("href")})||ka("type|href|height|width",function(a,b,c){if(!c)return a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ja(function(a){return a.innerHTML="",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ka("value",function(a,b,c){if(!c&&"input"===a.nodeName.toLowerCase())return a.defaultValue}),ja(function(a){return null==a.getAttribute("disabled")})||ka(J,function(a,b,c){var d;if(!c)return a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),ga}(a);r.find=x,r.expr=x.selectors,r.expr[":"]=r.expr.pseudos,r.uniqueSort=r.unique=x.uniqueSort,r.text=x.getText,r.isXMLDoc=x.isXML,r.contains=x.contains,r.escapeSelector=x.escape;var y=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&r(a).is(c))break;d.push(a)}return d},z=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},A=r.expr.match.needsContext,B=/^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i,C=/^.[^:#\[\.,]*$/;function D(a,b,c){return r.isFunction(b)?r.grep(a,function(a,d){return!!b.call(a,d,a)!==c}):b.nodeType?r.grep(a,function(a){return a===b!==c}):"string"!=typeof b?r.grep(a,function(a){return i.call(b,a)>-1!==c}):C.test(b)?r.filter(b,a,c):(b=r.filter(b,a),r.grep(a,function(a){return i.call(b,a)>-1!==c&&1===a.nodeType}))}r.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?r.find.matchesSelector(d,a)?[d]:[]:r.find.matches(a,r.grep(b,function(a){return 1===a.nodeType}))},r.fn.extend({find:function(a){var b,c,d=this.length,e=this;if("string"!=typeof a)return this.pushStack(r(a).filter(function(){for(b=0;b1?r.uniqueSort(c):c},filter:function(a){return this.pushStack(D(this,a||[],!1))},not:function(a){return this.pushStack(D(this,a||[],!0))},is:function(a){return!!D(this,"string"==typeof a&&A.test(a)?r(a):a||[],!1).length}});var E,F=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/,G=r.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||E,"string"==typeof a){if(e="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:F.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof r?b[0]:b,r.merge(this,r.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),B.test(e[1])&&r.isPlainObject(b))for(e in b)r.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}return f=d.getElementById(e[2]),f&&(this[0]=f,this.length=1),this}return a.nodeType?(this[0]=a,this.length=1,this):r.isFunction(a)?void 0!==c.ready?c.ready(a):a(r):r.makeArray(a,this)};G.prototype=r.fn,E=r(d);var H=/^(?:parents|prev(?:Until|All))/,I={children:!0,contents:!0,next:!0,prev:!0};r.fn.extend({has:function(a){var b=r(a,this),c=b.length;return this.filter(function(){for(var a=0;a-1:1===c.nodeType&&r.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?r.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?i.call(r(a),this[0]):i.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(r.uniqueSort(r.merge(this.get(),r(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function J(a,b){while((a=a[b])&&1!==a.nodeType);return a}r.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return y(a,"parentNode")},parentsUntil:function(a,b,c){return y(a,"parentNode",c)},next:function(a){return J(a,"nextSibling")},prev:function(a){return J(a,"previousSibling")},nextAll:function(a){return y(a,"nextSibling")},prevAll:function(a){return y(a,"previousSibling")},nextUntil:function(a,b,c){return y(a,"nextSibling",c)},prevUntil:function(a,b,c){return y(a,"previousSibling",c)},siblings:function(a){return z((a.parentNode||{}).firstChild,a)},children:function(a){return z(a.firstChild)},contents:function(a){return a.contentDocument||r.merge([],a.childNodes)}},function(a,b){r.fn[a]=function(c,d){var e=r.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=r.filter(d,e)),this.length>1&&(I[a]||r.uniqueSort(e),H.test(a)&&e.reverse()),this.pushStack(e)}});var K=/[^\x20\t\r\n\f]+/g;function L(a){var b={};return r.each(a.match(K)||[],function(a,c){b[c]=!0}),b}r.Callbacks=function(a){a="string"==typeof a?L(a):r.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h-1)f.splice(c,1),c<=h&&h--}),this},has:function(a){return a?r.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=g=[],c||b||(f=c=""),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j};function M(a){return a}function N(a){throw a}function O(a,b,c){var d;try{a&&r.isFunction(d=a.promise)?d.call(a).done(b).fail(c):a&&r.isFunction(d=a.then)?d.call(a,b,c):b.call(void 0,a)}catch(a){c.call(void 0,a)}}r.extend({Deferred:function(b){var c=[["notify","progress",r.Callbacks("memory"),r.Callbacks("memory"),2],["resolve","done",r.Callbacks("once memory"),r.Callbacks("once memory"),0,"resolved"],["reject","fail",r.Callbacks("once memory"),r.Callbacks("once memory"),1,"rejected"]],d="pending",e={state:function(){return d},always:function(){return f.done(arguments).fail(arguments),this},"catch":function(a){return e.then(null,a)},pipe:function(){var a=arguments;return r.Deferred(function(b){r.each(c,function(c,d){var e=r.isFunction(a[d[4]])&&a[d[4]];f[d[1]](function(){var a=e&&e.apply(this,arguments);a&&r.isFunction(a.promise)?a.promise().progress(b.notify).done(b.resolve).fail(b.reject):b[d[0]+"With"](this,e?[a]:arguments)})}),a=null}).promise()},then:function(b,d,e){var f=0;function g(b,c,d,e){return function(){var h=this,i=arguments,j=function(){var a,j;if(!(b=f&&(d!==N&&(h=void 0,i=[a]),c.rejectWith(h,i))}};b?k():(r.Deferred.getStackHook&&(k.stackTrace=r.Deferred.getStackHook()),a.setTimeout(k))}}return r.Deferred(function(a){c[0][3].add(g(0,a,r.isFunction(e)?e:M,a.notifyWith)),c[1][3].add(g(0,a,r.isFunction(b)?b:M)),c[2][3].add(g(0,a,r.isFunction(d)?d:N))}).promise()},promise:function(a){return null!=a?r.extend(a,e):e}},f={};return r.each(c,function(a,b){var g=b[2],h=b[5];e[b[1]]=g.add,h&&g.add(function(){d=h},c[3-a][2].disable,c[0][2].lock),g.add(b[3].fire),f[b[0]]=function(){return f[b[0]+"With"](this===f?void 0:this,arguments),this},f[b[0]+"With"]=g.fireWith}),e.promise(f),b&&b.call(f,f),f},when:function(a){var b=arguments.length,c=b,d=Array(c),e=f.call(arguments),g=r.Deferred(),h=function(a){return function(c){d[a]=this,e[a]=arguments.length>1?f.call(arguments):c,--b||g.resolveWith(d,e)}};if(b<=1&&(O(a,g.done(h(c)).resolve,g.reject),"pending"===g.state()||r.isFunction(e[c]&&e[c].then)))return g.then();while(c--)O(e[c],h(c),g.reject);return g.promise()}});var P=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;r.Deferred.exceptionHook=function(b,c){a.console&&a.console.warn&&b&&P.test(b.name)&&a.console.warn("jQuery.Deferred exception: "+b.message,b.stack,c)},r.readyException=function(b){a.setTimeout(function(){throw b})};var Q=r.Deferred();r.fn.ready=function(a){return Q.then(a)["catch"](function(a){r.readyException(a)}),this},r.extend({isReady:!1,readyWait:1,holdReady:function(a){a?r.readyWait++:r.ready(!0)},ready:function(a){(a===!0?--r.readyWait:r.isReady)||(r.isReady=!0,a!==!0&&--r.readyWait>0||Q.resolveWith(d,[r]))}}),r.ready.then=Q.then;function R(){d.removeEventListener("DOMContentLoaded",R), -a.removeEventListener("load",R),r.ready()}"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll?a.setTimeout(r.ready):(d.addEventListener("DOMContentLoaded",R),a.addEventListener("load",R));var S=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===r.type(c)){e=!0;for(h in c)S(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,r.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(r(a),c)})),b))for(;h1,null,!0)},removeData:function(a){return this.each(function(){W.remove(this,a)})}}),r.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=V.get(a,b),c&&(!d||r.isArray(c)?d=V.access(a,b,r.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=r.queue(a,b),d=c.length,e=c.shift(),f=r._queueHooks(a,b),g=function(){r.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return V.get(a,c)||V.access(a,c,{empty:r.Callbacks("once memory").add(function(){V.remove(a,[b+"queue",c])})})}}),r.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length\x20\t\r\n\f]+)/i,ka=/^$|\/(?:java|ecma)script/i,la={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};la.optgroup=la.option,la.tbody=la.tfoot=la.colgroup=la.caption=la.thead,la.th=la.td;function ma(a,b){var c;return c="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):[],void 0===b||b&&r.nodeName(a,b)?r.merge([a],c):c}function na(a,b){for(var c=0,d=a.length;c-1)e&&e.push(f);else if(j=r.contains(f.ownerDocument,f),g=ma(l.appendChild(f),"script"),j&&na(g),c){k=0;while(f=g[k++])ka.test(f.type||"")&&c.push(f)}return l}!function(){var a=d.createDocumentFragment(),b=a.appendChild(d.createElement("div")),c=d.createElement("input");c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),b.appendChild(c),o.checkClone=b.cloneNode(!0).cloneNode(!0).lastChild.checked,b.innerHTML="",o.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var qa=d.documentElement,ra=/^key/,sa=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,ta=/^([^.]*)(?:\.(.+)|)/;function ua(){return!0}function va(){return!1}function wa(){try{return d.activeElement}catch(a){}}function xa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)xa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=va;else if(!e)return a;return 1===f&&(g=e,e=function(a){return r().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=r.guid++)),a.each(function(){r.event.add(this,b,e,d,c)})}r.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=V.get(a);if(q){c.handler&&(f=c,c=f.handler,e=f.selector),e&&r.find.matchesSelector(qa,e),c.guid||(c.guid=r.guid++),(i=q.events)||(i=q.events={}),(g=q.handle)||(g=q.handle=function(b){return"undefined"!=typeof r&&r.event.triggered!==b.type?r.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(K)||[""],j=b.length;while(j--)h=ta.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n&&(l=r.event.special[n]||{},n=(e?l.delegateType:l.bindType)||n,l=r.event.special[n]||{},k=r.extend({type:n,origType:p,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&r.expr.match.needsContext.test(e),namespace:o.join(".")},f),(m=i[n])||(m=i[n]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,o,g)!==!1||a.addEventListener&&a.addEventListener(n,g)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),r.event.global[n]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,p,q=V.hasData(a)&&V.get(a);if(q&&(i=q.events)){b=(b||"").match(K)||[""],j=b.length;while(j--)if(h=ta.exec(b[j])||[],n=p=h[1],o=(h[2]||"").split(".").sort(),n){l=r.event.special[n]||{},n=(d?l.delegateType:l.bindType)||n,m=i[n]||[],h=h[2]&&new RegExp("(^|\\.)"+o.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&p!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,o,q.handle)!==!1||r.removeEvent(a,n,q.handle),delete i[n])}else for(n in i)r.event.remove(a,n+b[j],c,d,!0);r.isEmptyObject(i)&&V.remove(a,"handle events")}},dispatch:function(a){var b=r.event.fix(a),c,d,e,f,g,h,i=new Array(arguments.length),j=(V.get(this,"events")||{})[b.type]||[],k=r.event.special[b.type]||{};for(i[0]=b,c=1;c=1))for(;j!==this;j=j.parentNode||this)if(1===j.nodeType&&("click"!==a.type||j.disabled!==!0)){for(f=[],g={},c=0;c-1:r.find(e,this,null,[j]).length),g[e]&&f.push(d);f.length&&h.push({elem:j,handlers:f})}return j=this,i\x20\t\r\n\f]*)[^>]*)\/>/gi,za=/\s*$/g;function Da(a,b){return r.nodeName(a,"table")&&r.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a:a}function Ea(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function Fa(a){var b=Ba.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Ga(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(V.hasData(a)&&(f=V.access(a),g=V.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;c1&&"string"==typeof q&&!o.checkClone&&Aa.test(q))return a.each(function(e){var f=a.eq(e);s&&(b[0]=q.call(this,e,f.html())),Ia(f,b,c,d)});if(m&&(e=pa(b,a[0].ownerDocument,!1,a,d),f=e.firstChild,1===e.childNodes.length&&(e=f),f||d)){for(h=r.map(ma(e,"script"),Ea),i=h.length;l")},clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=r.contains(a.ownerDocument,a);if(!(o.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||r.isXMLDoc(a)))for(g=ma(h),f=ma(a),d=0,e=f.length;d0&&na(g,!i&&ma(a,"script")),h},cleanData:function(a){for(var b,c,d,e=r.event.special,f=0;void 0!==(c=a[f]);f++)if(T(c)){if(b=c[V.expando]){if(b.events)for(d in b.events)e[d]?r.event.remove(c,d):r.removeEvent(c,d,b.handle);c[V.expando]=void 0}c[W.expando]&&(c[W.expando]=void 0)}}}),r.fn.extend({detach:function(a){return Ja(this,a,!0)},remove:function(a){return Ja(this,a)},text:function(a){return S(this,function(a){return void 0===a?r.text(this):this.empty().each(function(){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Da(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ia(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ia(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(r.cleanData(ma(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null!=a&&a,b=null==b?a:b,this.map(function(){return r.clone(this,a,b)})},html:function(a){return S(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!za.test(a)&&!la[(ja.exec(a)||["",""])[1].toLowerCase()]){a=r.htmlPrefilter(a);try{for(;c1)}});function Ya(a,b,c,d,e){return new Ya.prototype.init(a,b,c,d,e)}r.Tween=Ya,Ya.prototype={constructor:Ya,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||r.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(r.cssNumber[c]?"":"px")},cur:function(){var a=Ya.propHooks[this.prop];return a&&a.get?a.get(this):Ya.propHooks._default.get(this)},run:function(a){var b,c=Ya.propHooks[this.prop];return this.options.duration?this.pos=b=r.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):Ya.propHooks._default.set(this),this}},Ya.prototype.init.prototype=Ya.prototype,Ya.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=r.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){r.fx.step[a.prop]?r.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[r.cssProps[a.prop]]&&!r.cssHooks[a.prop]?a.elem[a.prop]=a.now:r.style(a.elem,a.prop,a.now+a.unit)}}},Ya.propHooks.scrollTop=Ya.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},r.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},r.fx=Ya.prototype.init,r.fx.step={};var Za,$a,_a=/^(?:toggle|show|hide)$/,ab=/queueHooks$/;function bb(){$a&&(a.requestAnimationFrame(bb),r.fx.tick())}function cb(){return a.setTimeout(function(){Za=void 0}),Za=r.now()}function db(a,b){var c,d=0,e={height:a};for(b=b?1:0;d<4;d+=2-b)c=ba[d],e["margin"+c]=e["padding"+c]=a;return b&&(e.opacity=e.width=a),e}function eb(a,b,c){for(var d,e=(hb.tweeners[b]||[]).concat(hb.tweeners["*"]),f=0,g=e.length;f1)},removeAttr:function(a){return this.each(function(){r.removeAttr(this,a)})}}),r.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?r.prop(a,b,c):(1===f&&r.isXMLDoc(a)||(e=r.attrHooks[b.toLowerCase()]||(r.expr.match.bool.test(b)?ib:void 0)), -void 0!==c?null===c?void r.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=r.find.attr(a,b),null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!o.radioValue&&"radio"===b&&r.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d=0,e=b&&b.match(K);if(e&&1===a.nodeType)while(c=e[d++])a.removeAttribute(c)}}),ib={set:function(a,b,c){return b===!1?r.removeAttr(a,c):a.setAttribute(c,c),c}},r.each(r.expr.match.bool.source.match(/\w+/g),function(a,b){var c=jb[b]||r.find.attr;jb[b]=function(a,b,d){var e,f,g=b.toLowerCase();return d||(f=jb[g],jb[g]=e,e=null!=c(a,b,d)?g:null,jb[g]=f),e}});var kb=/^(?:input|select|textarea|button)$/i,lb=/^(?:a|area)$/i;r.fn.extend({prop:function(a,b){return S(this,r.prop,a,b,arguments.length>1)},removeProp:function(a){return this.each(function(){delete this[r.propFix[a]||a]})}}),r.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&r.isXMLDoc(a)||(b=r.propFix[b]||b,e=r.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=r.find.attr(a,"tabindex");return b?parseInt(b,10):kb.test(a.nodeName)||lb.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),o.optSelected||(r.propHooks.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){r.propFix[this.toLowerCase()]=this});function mb(a){var b=a.match(K)||[];return b.join(" ")}function nb(a){return a.getAttribute&&a.getAttribute("class")||""}r.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(r.isFunction(a))return this.each(function(b){r(this).addClass(a.call(this,b,nb(this)))});if("string"==typeof a&&a){b=a.match(K)||[];while(c=this[i++])if(e=nb(c),d=1===c.nodeType&&" "+mb(e)+" "){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=mb(d),e!==h&&c.setAttribute("class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(r.isFunction(a))return this.each(function(b){r(this).removeClass(a.call(this,b,nb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(K)||[];while(c=this[i++])if(e=nb(c),d=1===c.nodeType&&" "+mb(e)+" "){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=mb(d),e!==h&&c.setAttribute("class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):r.isFunction(a)?this.each(function(c){r(this).toggleClass(a.call(this,c,nb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=r(this),f=a.match(K)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=nb(this),b&&V.set(this,"__className__",b),this.setAttribute&&this.setAttribute("class",b||a===!1?"":V.get(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+mb(nb(c))+" ").indexOf(b)>-1)return!0;return!1}});var ob=/\r/g;r.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=r.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,r(this).val()):a,null==e?e="":"number"==typeof e?e+="":r.isArray(e)&&(e=r.map(e,function(a){return null==a?"":a+""})),b=r.valHooks[this.type]||r.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=r.valHooks[e.type]||r.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(ob,""):null==c?"":c)}}}),r.extend({valHooks:{option:{get:function(a){var b=r.find.attr(a,"value");return null!=b?b:mb(r.text(a))}},select:{get:function(a){var b,c,d,e=a.options,f=a.selectedIndex,g="select-one"===a.type,h=g?null:[],i=g?f+1:e.length;for(d=f<0?i:g?f:0;d-1)&&(c=!0);return c||(a.selectedIndex=-1),f}}}}),r.each(["radio","checkbox"],function(){r.valHooks[this]={set:function(a,b){if(r.isArray(b))return a.checked=r.inArray(r(a).val(),b)>-1}},o.checkOn||(r.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var pb=/^(?:focusinfocus|focusoutblur)$/;r.extend(r.event,{trigger:function(b,c,e,f){var g,h,i,j,k,m,n,o=[e||d],p=l.call(b,"type")?b.type:b,q=l.call(b,"namespace")?b.namespace.split("."):[];if(h=i=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!pb.test(p+r.event.triggered)&&(p.indexOf(".")>-1&&(q=p.split("."),p=q.shift(),q.sort()),k=p.indexOf(":")<0&&"on"+p,b=b[r.expando]?b:new r.Event(p,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=q.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+q.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:r.makeArray(c,[b]),n=r.event.special[p]||{},f||!n.trigger||n.trigger.apply(e,c)!==!1)){if(!f&&!n.noBubble&&!r.isWindow(e)){for(j=n.delegateType||p,pb.test(j+p)||(h=h.parentNode);h;h=h.parentNode)o.push(h),i=h;i===(e.ownerDocument||d)&&o.push(i.defaultView||i.parentWindow||a)}g=0;while((h=o[g++])&&!b.isPropagationStopped())b.type=g>1?j:n.bindType||p,m=(V.get(h,"events")||{})[b.type]&&V.get(h,"handle"),m&&m.apply(h,c),m=k&&h[k],m&&m.apply&&T(h)&&(b.result=m.apply(h,c),b.result===!1&&b.preventDefault());return b.type=p,f||b.isDefaultPrevented()||n._default&&n._default.apply(o.pop(),c)!==!1||!T(e)||k&&r.isFunction(e[p])&&!r.isWindow(e)&&(i=e[k],i&&(e[k]=null),r.event.triggered=p,e[p](),r.event.triggered=void 0,i&&(e[k]=i)),b.result}},simulate:function(a,b,c){var d=r.extend(new r.Event,c,{type:a,isSimulated:!0});r.event.trigger(d,null,b)}}),r.fn.extend({trigger:function(a,b){return this.each(function(){r.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];if(c)return r.event.trigger(a,b,c,!0)}}),r.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(a,b){r.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),r.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}}),o.focusin="onfocusin"in a,o.focusin||r.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){r.event.simulate(b,a.target,r.event.fix(a))};r.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=V.access(d,b);e||d.addEventListener(a,c,!0),V.access(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=V.access(d,b)-1;e?V.access(d,b,e):(d.removeEventListener(a,c,!0),V.remove(d,b))}}});var qb=a.location,rb=r.now(),sb=/\?/;r.parseXML=function(b){var c;if(!b||"string"!=typeof b)return null;try{c=(new a.DOMParser).parseFromString(b,"text/xml")}catch(d){c=void 0}return c&&!c.getElementsByTagName("parsererror").length||r.error("Invalid XML: "+b),c};var tb=/\[\]$/,ub=/\r?\n/g,vb=/^(?:submit|button|image|reset|file)$/i,wb=/^(?:input|select|textarea|keygen)/i;function xb(a,b,c,d){var e;if(r.isArray(b))r.each(b,function(b,e){c||tb.test(a)?d(a,e):xb(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==r.type(b))d(a,b);else for(e in b)xb(a+"["+e+"]",b[e],c,d)}r.param=function(a,b){var c,d=[],e=function(a,b){var c=r.isFunction(b)?b():b;d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(null==c?"":c)};if(r.isArray(a)||a.jquery&&!r.isPlainObject(a))r.each(a,function(){e(this.name,this.value)});else for(c in a)xb(c,a[c],b,e);return d.join("&")},r.fn.extend({serialize:function(){return r.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=r.prop(this,"elements");return a?r.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!r(this).is(":disabled")&&wb.test(this.nodeName)&&!vb.test(a)&&(this.checked||!ia.test(a))}).map(function(a,b){var c=r(this).val();return null==c?null:r.isArray(c)?r.map(c,function(a){return{name:b.name,value:a.replace(ub,"\r\n")}}):{name:b.name,value:c.replace(ub,"\r\n")}}).get()}});var yb=/%20/g,zb=/#.*$/,Ab=/([?&])_=[^&]*/,Bb=/^(.*?):[ \t]*([^\r\n]*)$/gm,Cb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Db=/^(?:GET|HEAD)$/,Eb=/^\/\//,Fb={},Gb={},Hb="*/".concat("*"),Ib=d.createElement("a");Ib.href=qb.href;function Jb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(K)||[];if(r.isFunction(c))while(d=f[e++])"+"===d[0]?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Kb(a,b,c,d){var e={},f=a===Gb;function g(h){var i;return e[h]=!0,r.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Lb(a,b){var c,d,e=r.ajaxSettings.flatOptions||{};for(c in b)void 0!==b[c]&&((e[c]?a:d||(d={}))[c]=b[c]);return d&&r.extend(!0,a,d),a}function Mb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===d&&(d=a.mimeType||b.getResponseHeader("Content-Type"));if(d)for(e in h)if(h[e]&&h[e].test(d)){i.unshift(e);break}if(i[0]in c)f=i[0];else{for(e in c){if(!i[0]||a.converters[e+" "+i[0]]){f=e;break}g||(g=e)}f=f||g}if(f)return f!==i[0]&&i.unshift(f),c[f]}function Nb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}r.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:qb.href,type:"GET",isLocal:Cb.test(qb.protocol),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Hb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":JSON.parse,"text xml":r.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Lb(Lb(a,r.ajaxSettings),b):Lb(r.ajaxSettings,a)},ajaxPrefilter:Jb(Fb),ajaxTransport:Jb(Gb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var e,f,g,h,i,j,k,l,m,n,o=r.ajaxSetup({},c),p=o.context||o,q=o.context&&(p.nodeType||p.jquery)?r(p):r.event,s=r.Deferred(),t=r.Callbacks("once memory"),u=o.statusCode||{},v={},w={},x="canceled",y={readyState:0,getResponseHeader:function(a){var b;if(k){if(!h){h={};while(b=Bb.exec(g))h[b[1].toLowerCase()]=b[2]}b=h[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return k?g:null},setRequestHeader:function(a,b){return null==k&&(a=w[a.toLowerCase()]=w[a.toLowerCase()]||a,v[a]=b),this},overrideMimeType:function(a){return null==k&&(o.mimeType=a),this},statusCode:function(a){var b;if(a)if(k)y.always(a[y.status]);else for(b in a)u[b]=[u[b],a[b]];return this},abort:function(a){var b=a||x;return e&&e.abort(b),A(0,b),this}};if(s.promise(y),o.url=((b||o.url||qb.href)+"").replace(Eb,qb.protocol+"//"),o.type=c.method||c.type||o.method||o.type,o.dataTypes=(o.dataType||"*").toLowerCase().match(K)||[""],null==o.crossDomain){j=d.createElement("a");try{j.href=o.url,j.href=j.href,o.crossDomain=Ib.protocol+"//"+Ib.host!=j.protocol+"//"+j.host}catch(z){o.crossDomain=!0}}if(o.data&&o.processData&&"string"!=typeof o.data&&(o.data=r.param(o.data,o.traditional)),Kb(Fb,o,c,y),k)return y;l=r.event&&o.global,l&&0===r.active++&&r.event.trigger("ajaxStart"),o.type=o.type.toUpperCase(),o.hasContent=!Db.test(o.type),f=o.url.replace(zb,""),o.hasContent?o.data&&o.processData&&0===(o.contentType||"").indexOf("application/x-www-form-urlencoded")&&(o.data=o.data.replace(yb,"+")):(n=o.url.slice(f.length),o.data&&(f+=(sb.test(f)?"&":"?")+o.data,delete o.data),o.cache===!1&&(f=f.replace(Ab,"$1"),n=(sb.test(f)?"&":"?")+"_="+rb++ +n),o.url=f+n),o.ifModified&&(r.lastModified[f]&&y.setRequestHeader("If-Modified-Since",r.lastModified[f]),r.etag[f]&&y.setRequestHeader("If-None-Match",r.etag[f])),(o.data&&o.hasContent&&o.contentType!==!1||c.contentType)&&y.setRequestHeader("Content-Type",o.contentType),y.setRequestHeader("Accept",o.dataTypes[0]&&o.accepts[o.dataTypes[0]]?o.accepts[o.dataTypes[0]]+("*"!==o.dataTypes[0]?", "+Hb+"; q=0.01":""):o.accepts["*"]);for(m in o.headers)y.setRequestHeader(m,o.headers[m]);if(o.beforeSend&&(o.beforeSend.call(p,y,o)===!1||k))return y.abort();if(x="abort",t.add(o.complete),y.done(o.success),y.fail(o.error),e=Kb(Gb,o,c,y)){if(y.readyState=1,l&&q.trigger("ajaxSend",[y,o]),k)return y;o.async&&o.timeout>0&&(i=a.setTimeout(function(){y.abort("timeout")},o.timeout));try{k=!1,e.send(v,A)}catch(z){if(k)throw z;A(-1,z)}}else A(-1,"No Transport");function A(b,c,d,h){var j,m,n,v,w,x=c;k||(k=!0,i&&a.clearTimeout(i),e=void 0,g=h||"",y.readyState=b>0?4:0,j=b>=200&&b<300||304===b,d&&(v=Mb(o,y,d)),v=Nb(o,v,y,j),j?(o.ifModified&&(w=y.getResponseHeader("Last-Modified"),w&&(r.lastModified[f]=w),w=y.getResponseHeader("etag"),w&&(r.etag[f]=w)),204===b||"HEAD"===o.type?x="nocontent":304===b?x="notmodified":(x=v.state,m=v.data,n=v.error,j=!n)):(n=x,!b&&x||(x="error",b<0&&(b=0))),y.status=b,y.statusText=(c||x)+"",j?s.resolveWith(p,[m,x,y]):s.rejectWith(p,[y,x,n]),y.statusCode(u),u=void 0,l&&q.trigger(j?"ajaxSuccess":"ajaxError",[y,o,j?m:n]),t.fireWith(p,[y,x]),l&&(q.trigger("ajaxComplete",[y,o]),--r.active||r.event.trigger("ajaxStop")))}return y},getJSON:function(a,b,c){return r.get(a,b,c,"json")},getScript:function(a,b){return r.get(a,void 0,b,"script")}}),r.each(["get","post"],function(a,b){r[b]=function(a,c,d,e){return r.isFunction(c)&&(e=e||d,d=c,c=void 0),r.ajax(r.extend({url:a,type:b,dataType:e,data:c,success:d},r.isPlainObject(a)&&a))}}),r._evalUrl=function(a){return r.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},r.fn.extend({wrapAll:function(a){var b;return this[0]&&(r.isFunction(a)&&(a=a.call(this[0])),b=r(a,this[0].ownerDocument).eq(0).clone(!0),this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstElementChild)a=a.firstElementChild;return a}).append(this)),this},wrapInner:function(a){return r.isFunction(a)?this.each(function(b){r(this).wrapInner(a.call(this,b))}):this.each(function(){var b=r(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=r.isFunction(a);return this.each(function(c){r(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(a){return this.parent(a).not("body").each(function(){r(this).replaceWith(this.childNodes)}),this}}),r.expr.pseudos.hidden=function(a){return!r.expr.pseudos.visible(a)},r.expr.pseudos.visible=function(a){return!!(a.offsetWidth||a.offsetHeight||a.getClientRects().length)},r.ajaxSettings.xhr=function(){try{return new a.XMLHttpRequest}catch(b){}};var Ob={0:200,1223:204},Pb=r.ajaxSettings.xhr();o.cors=!!Pb&&"withCredentials"in Pb,o.ajax=Pb=!!Pb,r.ajaxTransport(function(b){var c,d;if(o.cors||Pb&&!b.crossDomain)return{send:function(e,f){var g,h=b.xhr();if(h.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(g in b.xhrFields)h[g]=b.xhrFields[g];b.mimeType&&h.overrideMimeType&&h.overrideMimeType(b.mimeType),b.crossDomain||e["X-Requested-With"]||(e["X-Requested-With"]="XMLHttpRequest");for(g in e)h.setRequestHeader(g,e[g]);c=function(a){return function(){c&&(c=d=h.onload=h.onerror=h.onabort=h.onreadystatechange=null,"abort"===a?h.abort():"error"===a?"number"!=typeof h.status?f(0,"error"):f(h.status,h.statusText):f(Ob[h.status]||h.status,h.statusText,"text"!==(h.responseType||"text")||"string"!=typeof h.responseText?{binary:h.response}:{text:h.responseText},h.getAllResponseHeaders()))}},h.onload=c(),d=h.onerror=c("error"),void 0!==h.onabort?h.onabort=d:h.onreadystatechange=function(){4===h.readyState&&a.setTimeout(function(){c&&d()})},c=c("abort");try{h.send(b.hasContent&&b.data||null)}catch(i){if(c)throw i}},abort:function(){c&&c()}}}),r.ajaxPrefilter(function(a){a.crossDomain&&(a.contents.script=!1)}),r.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return r.globalEval(a),a}}}),r.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET")}),r.ajaxTransport("script",function(a){if(a.crossDomain){var b,c;return{send:function(e,f){b=r(" \ No newline at end of file diff --git a/src/server/views/layout/layout.pug b/src/server/views/layout/layout.pug new file mode 100644 index 00000000..a085cb22 --- /dev/null +++ b/src/server/views/layout/layout.pug @@ -0,0 +1,27 @@ +block variables + +html + head + title Authelia - 2FA + meta(name="viewport", content="width=device-width, initial-scale=1.0")/ + link(rel="icon", href="/img/icon.png" type="image/gif" sizes="32x32")/ + link(rel="stylesheet", type="text/css", href="/css/authelia.min.css")/ + if redirection_url + + body +
+
+
+ +
+
+
+ script(src="/js/authelia.min.js") + block entrypoint \ No newline at end of file diff --git a/src/server/views/need-identity-validation.pug b/src/server/views/need-identity-validation.pug new file mode 100644 index 00000000..c6690b0b --- /dev/null +++ b/src/server/views/need-identity-validation.pug @@ -0,0 +1,8 @@ +extends layout/layout.pug + +block form-header +

Registration

+ + +block content +

A confirmation email has been sent to your mailbox. Please open it and click on the link within 15 minutes to confirm the registration.

diff --git a/src/server/views/password-reset-form.pug b/src/server/views/password-reset-form.pug new file mode 100644 index 00000000..e90c5e3f --- /dev/null +++ b/src/server/views/password-reset-form.pug @@ -0,0 +1,22 @@ +extends layout/layout.pug + +block variables + - page_classname = "password-reset-form"; + +block form-header +

Reset password

+ +

Set your new password and confirm it.

+ +block content + + +block entrypoint + diff --git a/src/server/views/password-reset-request.pug b/src/server/views/password-reset-request.pug new file mode 100644 index 00000000..714ff0ea --- /dev/null +++ b/src/server/views/password-reset-request.pug @@ -0,0 +1,22 @@ +extends layout/layout.pug + +block variables + - page_classname = "password-reset-request"; + +block form-header +

Reset password

+ +

After giving your username, you will receive an email to change your password.

+ +block content + + +block entrypoint + + diff --git a/src/server/views/secondfactor.pug b/src/server/views/secondfactor.pug new file mode 100644 index 00000000..1f824c2c --- /dev/null +++ b/src/server/views/secondfactor.pug @@ -0,0 +1,26 @@ +extends layout/layout.pug + +block form-header +

Sign in

+ + +block content + +
+ + +block entrypoint + \ No newline at end of file diff --git a/src/server/views/totp-register.pug b/src/server/views/totp-register.pug new file mode 100644 index 00000000..f4c4237e --- /dev/null +++ b/src/server/views/totp-register.pug @@ -0,0 +1,19 @@ +extends layout/layout.pug + +block variables + - page_classname = "totp-register"; + +block form-header +

TOTP Secret

+

Insert your secret in Google Authenticator

+ +block content + p(id="secret") #{ base32_secret } + div(id="qrcode") #{ otpauth_url } +

Login

+ +block entrypoint + + diff --git a/src/server/views/u2f-register.pug b/src/server/views/u2f-register.pug new file mode 100644 index 00000000..af24eae9 --- /dev/null +++ b/src/server/views/u2f-register.pug @@ -0,0 +1,14 @@ +extends layout/layout.pug + +block variables + - page_classname = "u2f-register"; + +block form-header +

U2F Registration

+

Touch the token to register your U2F device.

+ +block content + pendrive + +block entrypoint + diff --git a/src/lib/Configuration.ts b/src/types/Configuration.ts similarity index 100% rename from src/lib/Configuration.ts rename to src/types/Configuration.ts diff --git a/src/types/Dependencies.ts b/src/types/Dependencies.ts index 3047938f..261cd2ff 100644 --- a/src/types/Dependencies.ts +++ b/src/types/Dependencies.ts @@ -4,6 +4,7 @@ import nodemailer = require("nodemailer"); import session = require("express-session"); import nedb = require("nedb"); import ldapjs = require("ldapjs"); +import u2f = require("u2f"); export type Nodemailer = typeof nodemailer; export type Speakeasy = typeof speakeasy; @@ -11,9 +12,10 @@ export type Winston = typeof winston; export type Session = typeof session; export type Nedb = typeof nedb; export type Ldapjs = typeof ldapjs; +export type U2f = typeof u2f; export interface GlobalDependencies { - u2f: object; + u2f: U2f; nodemailer: Nodemailer; ldapjs: Ldapjs; session: Session; diff --git a/src/types/ILogger.ts b/src/types/ILogger.ts deleted file mode 100644 index 96f03fe6..00000000 --- a/src/types/ILogger.ts +++ /dev/null @@ -1,7 +0,0 @@ - -import * as winston from "winston"; - -export interface ILogger { - debug: winston.LeveledLogMethod; -} - diff --git a/src/types/TOTPSecret.ts b/src/types/TOTPSecret.ts index e4a6b7d7..33ce602c 100644 --- a/src/types/TOTPSecret.ts +++ b/src/types/TOTPSecret.ts @@ -2,5 +2,5 @@ export interface TOTPSecret { base32: string; ascii: string; - otpauth_url: string; + otpauth_url?: string; } \ No newline at end of file diff --git a/src/types/authdog.d.ts b/src/types/authdog.d.ts deleted file mode 100644 index 4405f6f1..00000000 --- a/src/types/authdog.d.ts +++ /dev/null @@ -1,69 +0,0 @@ - -import BluebirdPromise = require("bluebird"); - -declare module "authdog" { - interface RegisterRequest { - challenge: string; - } - - interface RegisteredKey { - version: number; - keyHandle: string; - } - - type RegisteredKeys = Array; - type RegisterRequests = Array; - type AppId = string; - - interface RegistrationRequest { - appId: AppId; - type: string; - registerRequests: RegisterRequests; - registeredKeys: RegisteredKeys; - } - - interface Registration { - publicKey: string; - keyHandle: string; - certificate: string; - } - - interface ClientData { - challenge: string; - } - - interface RegistrationResponse { - clientData: ClientData; - registrationData: string; - } - - interface Options { - timeoutSeconds: number; - requestId: string; - } - - interface AuthenticationRequest { - appId: AppId; - type: string; - challenge: string; - registeredKeys: RegisteredKeys; - timeoutSeconds: number; - requestId: string; - } - - interface AuthenticationResponse { - keyHandle: string; - clientData: ClientData; - signatureData: string; - } - - interface Authentication { - userPresence: Uint8Array, - counter: Uint32Array - } - - export function startRegistration(appId: AppId, registeredKeys: RegisteredKeys, options?: Options): BluebirdPromise; - export function finishRegistration(registrationRequest: RegistrationRequest, registrationResponse: RegistrationResponse): BluebirdPromise; - export function startAuthentication(appId: AppId, registeredKeys: RegisteredKeys, options: Options): BluebirdPromise; - export function finishAuthentication(challenge: string, deviceResponse: AuthenticationResponse, registeredKeys: RegisteredKeys): BluebirdPromise; -} \ No newline at end of file diff --git a/src/types/jquery-notify.d.ts b/src/types/jquery-notify.d.ts new file mode 100644 index 00000000..60d08cc1 --- /dev/null +++ b/src/types/jquery-notify.d.ts @@ -0,0 +1,4 @@ + +interface JQueryStatic { + notify: any; +} diff --git a/src/types/request-async.d.ts b/src/types/request-async.d.ts index 164d6919..964a7b24 100644 --- a/src/types/request-async.d.ts +++ b/src/types/request-async.d.ts @@ -1,8 +1,9 @@ import * as BluebirdPromise from "bluebird"; -import * as request from "request"; declare module "request" { - export interface RequestAsync extends RequestAPI { + export interface RequestAPI { getAsync(uri: string, options?: RequiredUriUrl): BluebirdPromise; getAsync(uri: string): BluebirdPromise; getAsync(options: RequiredUriUrl & CoreOptions): BluebirdPromise; diff --git a/src/types/u2f-api.d.ts b/src/types/u2f-api.d.ts new file mode 100644 index 00000000..87a0e4b8 --- /dev/null +++ b/src/types/u2f-api.d.ts @@ -0,0 +1,63 @@ + + +declare module "u2f-api" { + type MessageTypes = "u2f_register_request" | "u2f_sign_request" | "u2f_register_response" | "u2f_sign_response"; + + export interface Request { + type: MessageTypes, + signRequests: SignRequest[], + registerRequests?: RegisterRequest[], + timeoutSeconds?: number, + requestId?: number + } + + type ResponseData = Error | RegisterResponse | SignResponse; + + + export interface Response { + type: MessageTypes; + responseData: ResponseData; + requestId?: number; + } + + export enum ErrorCodes { + 'OK' = 0, + 'OTHER_ERROR' = 1, + 'BAD_REQUEST' = 2, + 'CONFIGURATION_UNSUPPORTED' = 3, + 'DEVICE_INELIGIBLE' = 4, + 'TIMEOUT' = 5 + } + + export interface Error { + errorCode: ErrorCodes; + errorMessage?: string; + } + + export interface RegisterResponse { + registrationData: string; + clientData: string; + } + + export interface RegisterRequest { + version: string; + challenge: string; + appId: string; + } + + export interface SignResponse { + keyHandle: string; + signatureData: string; + clientData: string; + } + + export interface SignRequest { + version: string; + challenge: string; + keyHandle: string; + appId: string; + } + + export function sign(signRequests: SignRequest[], timeout: number): Promise; + export function register(registerRequests: RegisterRequest[], signRequests: SignRequest[], timeout: number): Promise; +} \ No newline at end of file diff --git a/src/types/u2f.d.ts b/src/types/u2f.d.ts new file mode 100644 index 00000000..b308fbc4 --- /dev/null +++ b/src/types/u2f.d.ts @@ -0,0 +1,45 @@ + + +declare module "u2f" { + export interface Request { + version: "U2F_V2"; + appId: string; + challenge: string; + keyHandle?: string; + } + + export interface RegistrationData { + clientData: string; + registrationData: string; + errorCode?: number; + } + + export interface RegistrationResult { + successful: boolean; + publicKey: string; + keyHandle: string; + certificate: string; + } + + + export interface SignatureData { + clientData: string; + signatureData: string; + errorCode?: number; + } + + export interface SignatureResult { + successful: boolean; + userPresent: boolean; + counter: number; + } + + export interface Error { + errorCode: number; + errorMessage: string; + } + + export function request(appId: string, keyHandle?: string): Request; + export function checkRegistration(request: Request, registerData: RegistrationData): RegistrationResult | Error; + export function checkSignature(request: Request, signData: SignatureData, publicKey: string): SignatureResult | Error; +} \ No newline at end of file diff --git a/src/views/head.ejs b/src/views/head.ejs deleted file mode 100644 index 618957e4..00000000 --- a/src/views/head.ejs +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/views/login.ejs b/src/views/login.ejs deleted file mode 100644 index cacd1517..00000000 --- a/src/views/login.ejs +++ /dev/null @@ -1,35 +0,0 @@ - - - Login - <% include head %> - - - - - - - <% include scripts %> - - - diff --git a/src/views/reset-password-form.ejs b/src/views/reset-password-form.ejs deleted file mode 100644 index 7a4f44d0..00000000 --- a/src/views/reset-password-form.ejs +++ /dev/null @@ -1,18 +0,0 @@ - - - Reset Password - <% include head %> - - - - - <% include scripts %> - - diff --git a/src/views/reset-password.ejs b/src/views/reset-password.ejs deleted file mode 100644 index 60341754..00000000 --- a/src/views/reset-password.ejs +++ /dev/null @@ -1,19 +0,0 @@ - - - Reset Password - <% include head %> - - - - - <% include scripts %> - - diff --git a/src/views/scripts.ejs b/src/views/scripts.ejs deleted file mode 100644 index 49ad79ac..00000000 --- a/src/views/scripts.ejs +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/src/views/totp-register.ejs b/src/views/totp-register.ejs deleted file mode 100644 index 0e94f70e..00000000 --- a/src/views/totp-register.ejs +++ /dev/null @@ -1,19 +0,0 @@ - - - TOTP Registration - <% include head %> - - -
-

TOTP Secret

-

Insert your secret in Google Authenticator

-

-
-

Login

-
- - - <% include scripts %> - - - diff --git a/src/views/u2f-register.ejs b/src/views/u2f-register.ejs deleted file mode 100644 index d7b743ea..00000000 --- a/src/views/u2f-register.ejs +++ /dev/null @@ -1,16 +0,0 @@ - - - FIDO U2F Registration - <% include head %> - - - - - - <% include scripts %> - - - diff --git a/test/client/firstfactor/FirstFactorValidator.test.ts b/test/client/firstfactor/FirstFactorValidator.test.ts new file mode 100644 index 00000000..717f1060 --- /dev/null +++ b/test/client/firstfactor/FirstFactorValidator.test.ts @@ -0,0 +1,48 @@ + +import FirstFactorValidator = require("../../../src/client/firstfactor/FirstFactorValidator"); +import JQueryMock = require("../mocks/jquery"); +import BluebirdPromise = require("bluebird"); +import Assert = require("assert"); + +describe("test FirstFactorValidator", function () { + it("should validate first factor successfully", () => { + const postPromise = JQueryMock.JQueryDeferredMock(); + postPromise.done.yields(); + postPromise.done.returns(postPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.post.returns(postPromise); + + return FirstFactorValidator.validate("username", "password", jqueryMock as any); + }); + + function should_fail_first_factor_validation(statusCode: number, errorMessage: string) { + const xhr = { + status: statusCode + }; + const postPromise = JQueryMock.JQueryDeferredMock(); + postPromise.fail.yields(xhr, errorMessage); + postPromise.done.returns(postPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.post.returns(postPromise); + + return FirstFactorValidator.validate("username", "password", jqueryMock as any) + .then(function () { + return BluebirdPromise.reject(new Error("First factor validation successfully finished while it should have not.")); + }, function (err: Error) { + Assert.equal(errorMessage, err.message); + return BluebirdPromise.resolve(); + }); + } + + describe("should fail first factor validation", () => { + it("should fail with error 500", () => { + return should_fail_first_factor_validation(500, "Internal error"); + }); + + it("should fail with error 401", () => { + return should_fail_first_factor_validation(401, "Authetication failed. Please check your credentials"); + }); + }); +}); \ No newline at end of file diff --git a/test/client/firstfactor/login.test.ts b/test/client/firstfactor/login.test.ts new file mode 100644 index 00000000..50e7307f --- /dev/null +++ b/test/client/firstfactor/login.test.ts @@ -0,0 +1,87 @@ + +import Endpoints = require("../../../src/server/endpoints"); +import BluebirdPromise = require("bluebird"); + +import UISelectors = require("../../../src/client/firstfactor/UISelectors"); +import firstfactor from "../../../src/client/firstfactor/index"; +import JQueryMock = require("../mocks/jquery"); +import Assert = require("assert"); +import sinon = require("sinon"); +import jslogger = require("js-logger"); + +describe("test first factor page", () => { + it("should validate first factor", () => { + const jQuery = JQueryMock.JQueryMock(); + const window = { + location: { + search: "?redirect=https://example.com", + href: "" + }, + document: {}, + }; + + const thenSpy = sinon.spy(); + const FirstFactorValidator: any = { + validate: sinon.stub().returns({ then: thenSpy }) + }; + + firstfactor(window as Window, jQuery as any, FirstFactorValidator, jslogger); + const readyCallback = jQuery.getCall(0).returnValue.ready.getCall(0).args[0]; + readyCallback(); + + const onSubmitCallback = jQuery.getCall(1).returnValue.on.getCall(0).args[1]; + jQuery.onCall(2).returns({ val: sinon.stub() }); + jQuery.onCall(3).returns({ val: sinon.stub() }); + jQuery.onCall(4).returns({ val: sinon.stub() }); + jQuery.onCall(5).returns({ val: sinon.stub() }); + + onSubmitCallback(); + + const successCallback = thenSpy.getCall(0).args[0]; + successCallback(); + + Assert.equal(window.location.href, Endpoints.SECOND_FACTOR_GET); + }); + + describe("fail to validate first factor", () => { + let jQuery: JQueryMock.JQueryMock; + beforeEach(function () { + jQuery = JQueryMock.JQueryMock(); + const window = { + location: { + search: "?redirect=https://example.com", + href: "" + }, + document: {}, + }; + + const thenSpy = sinon.spy(); + const FirstFactorValidator: any = { + validate: sinon.stub().returns({ then: thenSpy }) + }; + + firstfactor(window as Window, jQuery as any, FirstFactorValidator, jslogger); + const readyCallback = jQuery.getCall(0).returnValue.ready.getCall(0).args[0]; + readyCallback(); + + const onSubmitCallback = jQuery.getCall(1).returnValue.on.getCall(0).args[1]; + jQuery.onCall(2).returns({ val: sinon.stub() }); + jQuery.onCall(3).returns({ val: sinon.stub() }); + jQuery.onCall(4).returns({ val: sinon.stub() }); + jQuery.onCall(5).returns({ val: sinon.stub() }); + + onSubmitCallback(); + + const failureCallback = thenSpy.getCall(0).args[1]; + failureCallback(new Error("Error when validating first factor")); + }); + + it("should notify the user there is a failure", function () { + Assert(jQuery.notify.calledOnce); + }); + + it("should reset the password field", function () { + Assert.equal(jQuery.getCall(4).returnValue.val.getCall(0).args[0], ""); + }); + }); +}); \ No newline at end of file diff --git a/test/client/mocks/jquery.ts b/test/client/mocks/jquery.ts new file mode 100644 index 00000000..905840ac --- /dev/null +++ b/test/client/mocks/jquery.ts @@ -0,0 +1,39 @@ + +import sinon = require("sinon"); +import jquery = require("jquery"); + + +export interface JQueryMock extends sinon.SinonStub { + get: sinon.SinonStub; + post: sinon.SinonStub; + ajax: sinon.SinonStub; + notify: sinon.SinonStub; +} + +export interface JQueryDeferredMock { + done: sinon.SinonStub; + fail: sinon.SinonStub; +} + +export function JQueryMock(): JQueryMock { + const jquery = sinon.stub() as any; + const jqueryInstance = { + ready: sinon.stub(), + show: sinon.stub(), + hide: sinon.stub(), + on: sinon.stub() + }; + jquery.ajax = sinon.stub(); + jquery.get = sinon.stub(); + jquery.post = sinon.stub(); + jquery.notify = sinon.stub(); + jquery.returns(jqueryInstance); + return jquery; +} + +export function JQueryDeferredMock(): JQueryDeferredMock { + return { + done: sinon.stub(), + fail: sinon.stub() + }; +} diff --git a/test/client/mocks/u2f-api.ts b/test/client/mocks/u2f-api.ts new file mode 100644 index 00000000..d123f6a9 --- /dev/null +++ b/test/client/mocks/u2f-api.ts @@ -0,0 +1,14 @@ + +import sinon = require("sinon"); + +export interface U2FApiMock { + sign: sinon.SinonStub; + register: sinon.SinonStub; +} + +export function U2FApiMock(): U2FApiMock { + return { + sign: sinon.stub(), + register: sinon.stub() + }; +} \ No newline at end of file diff --git a/test/client/secondfactor/TOTPValidator.test.ts b/test/client/secondfactor/TOTPValidator.test.ts new file mode 100644 index 00000000..dd10db8b --- /dev/null +++ b/test/client/secondfactor/TOTPValidator.test.ts @@ -0,0 +1,37 @@ + +import TOTPValidator = require("../../../src/client/secondfactor/TOTPValidator"); +import JQueryMock = require("../mocks/jquery"); +import BluebirdPromise = require("bluebird"); +import Assert = require("assert"); + +describe("test TOTPValidator", function () { + it("should initiate an identity check successfully", () => { + const postPromise = JQueryMock.JQueryDeferredMock(); + postPromise.done.yields(); + postPromise.done.returns(postPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.ajax.returns(postPromise); + + return TOTPValidator.validate("totp_token", jqueryMock as any); + }); + + it("should fail validating TOTP token", () => { + const errorMessage = "Error while validating TOTP token"; + + const postPromise = JQueryMock.JQueryDeferredMock(); + postPromise.fail.yields(undefined, errorMessage); + postPromise.done.returns(postPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.ajax.returns(postPromise); + + return TOTPValidator.validate("totp_token", jqueryMock as any) + .then(function () { + return BluebirdPromise.reject(new Error("Registration successfully finished while it should have not.")); + }, function (err: Error) { + Assert.equal(errorMessage, err.message); + return BluebirdPromise.resolve(); + }); + }); +}); \ No newline at end of file diff --git a/test/client/secondfactor/U2FValidator.test.ts b/test/client/secondfactor/U2FValidator.test.ts new file mode 100644 index 00000000..feb08297 --- /dev/null +++ b/test/client/secondfactor/U2FValidator.test.ts @@ -0,0 +1,110 @@ + +import U2FValidator = require("../../../src/client/secondfactor/U2FValidator"); +import JQueryMock = require("../mocks/jquery"); +import U2FApiMock = require("../mocks/u2f-api"); +import { SignMessage } from "../../../src/server/lib/routes/secondfactor/u2f/sign_request/SignMessage"; +import BluebirdPromise = require("bluebird"); +import Assert = require("assert"); + +describe("test U2F validation", function () { + it("should validate the U2F device", () => { + const signatureRequest: SignMessage = { + keyHandle: "keyhandle", + request: { + version: "U2F_V2", + appId: "https://example.com", + challenge: "challenge" + } + }; + const u2fClient = U2FApiMock.U2FApiMock(); + u2fClient.sign.returns(BluebirdPromise.resolve()); + + const getPromise = JQueryMock.JQueryDeferredMock(); + getPromise.done.yields(signatureRequest); + getPromise.done.returns(getPromise); + + const postPromise = JQueryMock.JQueryDeferredMock(); + postPromise.done.yields(); + postPromise.done.returns(postPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.get.returns(getPromise); + jqueryMock.ajax.returns(postPromise); + + return U2FValidator.validate(jqueryMock as any, u2fClient as any); + }); + + it("should fail during initial authentication request", () => { + const u2fClient = U2FApiMock.U2FApiMock(); + + const getPromise = JQueryMock.JQueryDeferredMock(); + getPromise.done.returns(getPromise); + getPromise.fail.yields(undefined, "Error while issuing authentication request"); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.get.returns(getPromise); + + return U2FValidator.validate(jqueryMock as any, u2fClient as any) + .catch(function(err: Error) { + Assert.equal("Error while issuing authentication request", err.message); + return BluebirdPromise.resolve(); + }); + }); + + it("should fail during device signature", () => { + const signatureRequest: SignMessage = { + keyHandle: "keyhandle", + request: { + version: "U2F_V2", + appId: "https://example.com", + challenge: "challenge" + } + }; + const u2fClient = U2FApiMock.U2FApiMock(); + u2fClient.sign.returns(BluebirdPromise.reject(new Error("Device unable to sign"))); + + const getPromise = JQueryMock.JQueryDeferredMock(); + getPromise.done.yields(signatureRequest); + getPromise.done.returns(getPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.get.returns(getPromise); + + return U2FValidator.validate(jqueryMock as any, u2fClient as any) + .catch(function(err: Error) { + Assert.equal("Device unable to sign", err.message); + return BluebirdPromise.resolve(); + }); + }); + + it("should fail at the end of the authentication request", () => { + const signatureRequest: SignMessage = { + keyHandle: "keyhandle", + request: { + version: "U2F_V2", + appId: "https://example.com", + challenge: "challenge" + } + }; + const u2fClient = U2FApiMock.U2FApiMock(); + u2fClient.sign.returns(BluebirdPromise.resolve()); + + const getPromise = JQueryMock.JQueryDeferredMock(); + getPromise.done.yields(signatureRequest); + getPromise.done.returns(getPromise); + + const postPromise = JQueryMock.JQueryDeferredMock(); + postPromise.fail.yields(undefined, "Error while finishing authentication"); + postPromise.done.returns(postPromise); + + const jqueryMock = JQueryMock.JQueryMock(); + jqueryMock.get.returns(getPromise); + jqueryMock.ajax.returns(postPromise); + + return U2FValidator.validate(jqueryMock as any, u2fClient as any) + .catch(function(err: Error) { + Assert.equal("Error while finishing authentication", err.message); + return BluebirdPromise.resolve(); + }); + }); +}); \ No newline at end of file diff --git a/test/client/totp-register/totp-register.test.ts b/test/client/totp-register/totp-register.test.ts new file mode 100644 index 00000000..0a445cc4 --- /dev/null +++ b/test/client/totp-register/totp-register.test.ts @@ -0,0 +1,31 @@ + +import sinon = require("sinon"); +import assert = require("assert"); + +import UISelector = require("../../../src/client/totp-register/ui-selector"); +import TOTPRegister = require("../../../src/client/totp-register/totp-register"); + +describe("test totp-register", function() { + let jqueryMock: any; + let windowMock: any; + before(function() { + jqueryMock = sinon.stub(); + windowMock = { + QRCode: sinon.spy() + }; + }); + + it("should create qrcode in page", function() { + const mock = { + text: sinon.stub(), + empty: sinon.stub(), + get: sinon.stub() + }; + jqueryMock.withArgs(UISelector.QRCODE_ID_SELECTOR).returns(mock); + + TOTPRegister.default(windowMock, jqueryMock); + + assert(mock.text.calledOnce); + assert(mock.empty.calledOnce); + }); +}); \ No newline at end of file diff --git a/test/integration/test_server.js b/test/integration/test_server.js deleted file mode 100644 index d9134287..00000000 --- a/test/integration/test_server.js +++ /dev/null @@ -1,156 +0,0 @@ - -var request_ = require('request'); -var assert = require('assert'); -var speakeasy = require('speakeasy'); -var j = request_.jar(); -var Promise = require('bluebird'); -var request = Promise.promisifyAll(request_.defaults({jar: j})); -var util = require('util'); -var sinon = require('sinon'); - -process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; - -var AUTHELIA_HOST = 'nginx'; -var DOMAIN = 'test.local'; -var PORT = 8080; - -var HOME_URL = util.format('https://%s.%s:%d', 'home', DOMAIN, PORT); -var SECRET_URL = util.format('https://%s.%s:%d', 'secret', DOMAIN, PORT); -var SECRET1_URL = util.format('https://%s.%s:%d', 'secret1', DOMAIN, PORT); -var SECRET2_URL = util.format('https://%s.%s:%d', 'secret2', DOMAIN, PORT); -var MX1_URL = util.format('https://%s.%s:%d', 'mx1.mail', DOMAIN, PORT); -var MX2_URL = util.format('https://%s.%s:%d', 'mx2.mail', DOMAIN, PORT); -var BASE_AUTH_URL = util.format('https://%s.%s:%d', 'auth', DOMAIN, PORT); - -describe('test the server', function() { - var home_page; - var login_page; - - before(function() { - var home_page_promise = getHomePage() - .then(function(data) { - home_page = data.body; - }); - var login_page_promise = getLoginPage() - .then(function(data) { - login_page = data.body; - }); - return Promise.all([home_page_promise, - login_page_promise]); - }); - - function str_contains(str, pattern) { - return str.indexOf(pattern) != -1; - } - - function home_page_contains(pattern) { - return str_contains(home_page, pattern); - } - - it('should serve a correct home page', function() { - assert(home_page_contains(BASE_AUTH_URL + '/logout?redirect=' + HOME_URL + '/')); - assert(home_page_contains(HOME_URL + '/secret.html')); - assert(home_page_contains(SECRET_URL + '/secret.html')); - assert(home_page_contains(SECRET1_URL + '/secret.html')); - assert(home_page_contains(SECRET2_URL + '/secret.html')); - assert(home_page_contains(MX1_URL + '/secret.html')); - assert(home_page_contains(MX2_URL + '/secret.html')); - }); - - it('should serve the login page', function(done) { - getPromised(BASE_AUTH_URL + '/login?redirect=/') - .then(function(data) { - assert.equal(data.statusCode, 200); - done(); - }); - }); - - it('should serve the homepage', function(done) { - getPromised(HOME_URL + '/') - .then(function(data) { - assert.equal(data.statusCode, 200); - done(); - }); - }); - - it('should redirect when logout', function(done) { - getPromised(BASE_AUTH_URL + '/logout?redirect=' + HOME_URL) - .then(function(data) { - assert.equal(data.statusCode, 200); - assert.equal(data.body, home_page); - done(); - }); - }); - - it('should be redirected to the login page when accessing secret while not authenticated', function(done) { - var url = HOME_URL + '/secret.html'; - // console.log(url); - getPromised(url) - .then(function(data) { - assert.equal(data.statusCode, 200); - assert.equal(data.body, login_page); - done(); - }); - }); - - it.skip('should fail the first factor', function(done) { - postPromised(BASE_AUTH_URL + '/1stfactor', { - form: { - username: 'admin', - password: 'password', - } - }) - .then(function(data) { - assert.equal(data.body, 'Bad credentials'); - done(); - }); - }); - - function login_as(username, password) { - return postPromised(BASE_AUTH_URL + '/1stfactor', { - form: { - username: 'john', - password: 'password', - } - }) - .then(function(data) { - assert.equal(data.statusCode, 204); - return Promise.resolve(); - }); - } - - it('should succeed the first factor', function() { - return login_as('john', 'password'); - }); - - describe('test ldap connection', function() { - it('should not fail after inactivity', function() { - var clock = sinon.useFakeTimers(); - return login_as('john', 'password') - .then(function() { - clock.tick(3600000 * 24); // 24 hour - return login_as('john', 'password'); - }) - .then(function() { - clock.restore(); - return Promise.resolve(); - }); - }); - }); -}); - -function getPromised(url) { - return request.getAsync(url); -} - -function postPromised(url, body) { - return request.postAsync(url, body); -} - -function getHomePage() { - return getPromised(HOME_URL + '/'); -} - -function getLoginPage() { - return getPromised(BASE_AUTH_URL + '/login'); -} diff --git a/test/integration/test_server.ts b/test/integration/test_server.ts new file mode 100644 index 00000000..5a0541ed --- /dev/null +++ b/test/integration/test_server.ts @@ -0,0 +1,157 @@ + +import request_ = require("request"); +import assert = require("assert"); +import speakeasy = require("speakeasy"); +import BluebirdPromise = require("bluebird"); +import util = require("util"); +import sinon = require("sinon"); +import Endpoints = require("../../src/server/endpoints"); + +const j = request_.jar(); +const request: typeof request_ = BluebirdPromise.promisifyAll(request_.defaults({ jar: j })); + +process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; + +const AUTHELIA_HOST = "nginx"; +const DOMAIN = "test.local"; +const PORT = 8080; + +const HOME_URL = util.format("https://%s.%s:%d", "home", DOMAIN, PORT); +const SECRET_URL = util.format("https://%s.%s:%d", "secret", DOMAIN, PORT); +const SECRET1_URL = util.format("https://%s.%s:%d", "secret1", DOMAIN, PORT); +const SECRET2_URL = util.format("https://%s.%s:%d", "secret2", DOMAIN, PORT); +const MX1_URL = util.format("https://%s.%s:%d", "mx1.mail", DOMAIN, PORT); +const MX2_URL = util.format("https://%s.%s:%d", "mx2.mail", DOMAIN, PORT); +const BASE_AUTH_URL = util.format("https://%s.%s:%d", "auth", DOMAIN, PORT); + +describe("test the server", function () { + let home_page: string; + let login_page: string; + + before(function () { + const home_page_promise = getHomePage() + .then(function (data) { + home_page = data.body; + }); + const login_page_promise = getLoginPage() + .then(function (data) { + login_page = data.body; + }); + return BluebirdPromise.all([home_page_promise, + login_page_promise]); + }); + + function str_contains(str: string, pattern: string) { + return str.indexOf(pattern) != -1; + } + + function home_page_contains(pattern: string) { + return str_contains(home_page, pattern); + } + + it("should serve a correct home page", function () { + assert(home_page_contains(BASE_AUTH_URL + Endpoints.LOGOUT_GET + "?redirect=" + HOME_URL + "/")); + assert(home_page_contains(HOME_URL + "/secret.html")); + assert(home_page_contains(SECRET_URL + "/secret.html")); + assert(home_page_contains(SECRET1_URL + "/secret.html")); + assert(home_page_contains(SECRET2_URL + "/secret.html")); + assert(home_page_contains(MX1_URL + "/secret.html")); + assert(home_page_contains(MX2_URL + "/secret.html")); + }); + + it("should serve the login page", function (done) { + getPromised(BASE_AUTH_URL + Endpoints.FIRST_FACTOR_GET + "?redirect=/") + .then(function (data: request_.RequestResponse) { + assert.equal(data.statusCode, 200); + done(); + }); + }); + + it("should serve the homepage", function (done) { + getPromised(HOME_URL + "/") + .then(function (data: request_.RequestResponse) { + assert.equal(data.statusCode, 200); + done(); + }); + }); + + it("should redirect when logout", function (done) { + getPromised(BASE_AUTH_URL + Endpoints.LOGOUT_GET + "?redirect=" + HOME_URL) + .then(function (data: request_.RequestResponse) { + assert.equal(data.statusCode, 200); + assert.equal(data.body, home_page); + done(); + }); + }); + + it("should be redirected to the login page when accessing secret while not authenticated", function (done) { + const url = HOME_URL + "/secret.html"; + getPromised(url) + .then(function (data: request_.RequestResponse) { + assert.equal(data.statusCode, 200); + assert.equal(data.body, login_page); + done(); + }); + }); + + it.skip("should fail the first factor", function (done) { + postPromised(BASE_AUTH_URL + Endpoints.FIRST_FACTOR_POST, { + form: { + username: "admin", + password: "password", + } + }) + .then(function (data: request_.RequestResponse) { + assert.equal(data.body, "Bad credentials"); + done(); + }); + }); + + function login_as(username: string, password: string) { + return postPromised(BASE_AUTH_URL + Endpoints.FIRST_FACTOR_POST, { + form: { + username: "john", + password: "password", + } + }) + .then(function (data: request_.RequestResponse) { + assert.equal(data.statusCode, 302); + return BluebirdPromise.resolve(); + }); + } + + it("should succeed the first factor", function () { + return login_as("john", "password"); + }); + + describe("test ldap connection", function () { + it("should not fail after inactivity", function () { + const clock = sinon.useFakeTimers(); + return login_as("john", "password") + .then(function () { + clock.tick(3600000 * 24); // 24 hour + return login_as("john", "password"); + }) + .then(function () { + clock.restore(); + return BluebirdPromise.resolve(); + }); + }); + }); +}); + +function getPromised(url: string) { + return request.getAsync(url); +} + +function postPromised(url: string, body: Object) { + return request.postAsync(url, body); +} + +function getHomePage(): BluebirdPromise { + return getPromised(HOME_URL + "/"); +} + +function getLoginPage(): BluebirdPromise { + return getPromised(BASE_AUTH_URL + Endpoints.FIRST_FACTOR_GET); +} diff --git a/test/unitary/AuthenticationRegulator.test.ts b/test/server/AuthenticationRegulator.test.ts similarity index 89% rename from test/unitary/AuthenticationRegulator.test.ts rename to test/server/AuthenticationRegulator.test.ts index 27053790..549ea054 100644 --- a/test/unitary/AuthenticationRegulator.test.ts +++ b/test/server/AuthenticationRegulator.test.ts @@ -1,8 +1,8 @@ -import AuthenticationRegulator from "../../src/lib/AuthenticationRegulator"; -import UserDataStore from "../../src/lib/UserDataStore"; +import { AuthenticationRegulator } from "../../src/server/lib/AuthenticationRegulator"; +import UserDataStore from "../../src/server/lib/UserDataStore"; import MockDate = require("mockdate"); -import exceptions = require("../../src/lib/Exceptions"); +import exceptions = require("../../src/server/lib/Exceptions"); import nedb = require("nedb"); describe("test authentication regulator", function() { diff --git a/test/server/IdentityCheckMiddleware.test.ts b/test/server/IdentityCheckMiddleware.test.ts new file mode 100644 index 00000000..12d40e83 --- /dev/null +++ b/test/server/IdentityCheckMiddleware.test.ts @@ -0,0 +1,173 @@ + +import sinon = require("sinon"); +import IdentityValidator = require("../../src/server/lib/IdentityCheckMiddleware"); +import AuthenticationSession = require("../../src/server/lib/AuthenticationSession"); +import exceptions = require("../../src/server/lib/Exceptions"); +import assert = require("assert"); +import winston = require("winston"); +import Promise = require("bluebird"); +import express = require("express"); +import BluebirdPromise = require("bluebird"); + +import ExpressMock = require("./mocks/express"); +import UserDataStoreMock = require("./mocks/UserDataStore"); +import NotifierMock = require("./mocks/Notifier"); +import IdentityValidatorMock = require("./mocks/IdentityValidator"); +import ServerVariablesMock = require("./mocks/ServerVariablesMock"); + + +describe("test identity check process", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let notifier: NotifierMock.NotifierMock; + let app: express.Application; + let app_get: sinon.SinonStub; + let app_post: sinon.SinonStub; + let identityValidable: IdentityValidatorMock.IdentityValidableMock; + + beforeEach(function () { + req = ExpressMock.RequestMock(); + res = ExpressMock.ResponseMock(); + + identityValidable = IdentityValidatorMock.IdentityValidableMock(); + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.issue_identity_check_token = sinon.stub(); + userDataStore.issue_identity_check_token.returns(Promise.resolve()); + userDataStore.consume_identity_check_token = sinon.stub(); + userDataStore.consume_identity_check_token.returns(Promise.resolve({ userid: "user" })); + + notifier = NotifierMock.NotifierMock(); + notifier.notify = sinon.stub().returns(Promise.resolve()); + + req.headers = {}; + req.session = {}; + req.session = {}; + + req.query = {}; + req.app = {}; + const mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + mocks.userDataStore = userDataStore; + mocks.notifier = notifier; + + app = express(); + app_get = sinon.stub(app, "get"); + app_post = sinon.stub(app, "post"); + }); + + afterEach(function () { + app_get.restore(); + app_post.restore(); + }); + + describe("test start GET", test_start_get_handler); + describe("test finish GET", test_finish_get_handler); + + function test_start_get_handler() { + it("should send 401 if pre validation initialization throws a first factor error", function () { + identityValidable.preValidationInit.returns(BluebirdPromise.reject(new exceptions.FirstFactorValidationError("Error during prevalidation"))); + const callback = IdentityValidator.get_start_validation(identityValidable, "/endpoint"); + + return callback(req as any, res as any, undefined) + .then(function () { return BluebirdPromise.reject("Should fail"); }) + .catch(function () { + assert.equal(res.status.getCall(0).args[0], 401); + }); + }); + + it("should send 400 if email is missing in provided identity", function () { + const identity = { userid: "abc" }; + + identityValidable.preValidationInit.returns(BluebirdPromise.resolve(identity)); + const callback = IdentityValidator.get_start_validation(identityValidable, "/endpoint"); + + return callback(req as any, res as any, undefined) + .then(function () { return BluebirdPromise.reject("Should fail"); }) + .catch(function () { + assert.equal(res.status.getCall(0).args[0], 400); + }); + }); + + it("should send 400 if userid is missing in provided identity", function () { + const endpoint = "/protected"; + const identity = { email: "abc@example.com" }; + + identityValidable.preValidationInit.returns(BluebirdPromise.resolve(identity)); + const callback = IdentityValidator.get_start_validation(identityValidable, "/endpoint"); + + return callback(req as any, res as any, undefined) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function (err: Error) { + assert.equal(res.status.getCall(0).args[0], 400); + return BluebirdPromise.resolve(); + }); + }); + + it("should issue a token, send an email and return 204", function () { + const endpoint = "/protected"; + const identity = { userid: "user", email: "abc@example.com" }; + req.get = sinon.stub().withArgs("Host").returns("localhost"); + + identityValidable.preValidationInit.returns(BluebirdPromise.resolve(identity)); + const callback = IdentityValidator.get_start_validation(identityValidable, "/finish_endpoint"); + + return callback(req as any, res as any, undefined) + .then(function () { + assert(notifier.notify.calledOnce); + assert(userDataStore.issue_identity_check_token.calledOnce); + assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user"); + assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000); + }); + }); + } + + function test_finish_get_handler() { + it("should send 403 if no identity_token is provided", function () { + + const callback = IdentityValidator.get_finish_validation(identityValidable); + + return callback(req as any, res as any, undefined) + .then(function () { return BluebirdPromise.reject("Should fail"); }) + .catch(function () { + assert.equal(res.status.getCall(0).args[0], 403); + }); + }); + + it("should call postValidation if identity_token is provided and still valid", function () { + req.query.identity_token = "token"; + + const callback = IdentityValidator.get_finish_validation(identityValidable); + return callback(req as any, res as any, undefined); + }); + + it("should return 500 if identity_token is provided but invalid", function () { + req.query.identity_token = "token"; + + userDataStore.consume_identity_check_token + .returns(BluebirdPromise.reject(new Error("Invalid token"))); + + const callback = IdentityValidator.get_finish_validation(identityValidable); + return callback(req as any, res as any, undefined) + .then(function () { return BluebirdPromise.reject("Should fail"); }) + .catch(function () { + assert.equal(res.status.getCall(0).args[0], 500); + }); + }); + + it("should set the identity_check session object even if session does not exist yet", function () { + req.query.identity_token = "token"; + + req.session = {}; + const authSession = AuthenticationSession.get(req as any); + const callback = IdentityValidator.get_finish_validation(identityValidable); + return callback(req as any, res as any, undefined) + .then(function () { return BluebirdPromise.reject("Should fail"); }) + .catch(function () { + assert.equal(authSession.identity_check.userid, "user"); + return BluebirdPromise.resolve(); + }); + }); + } +}); diff --git a/test/unitary/LdapClient.test.ts b/test/server/LdapClient.test.ts similarity index 93% rename from test/unitary/LdapClient.test.ts rename to test/server/LdapClient.test.ts index 82f49c7c..994c7943 100644 --- a/test/unitary/LdapClient.test.ts +++ b/test/server/LdapClient.test.ts @@ -1,6 +1,6 @@ -import LdapClient = require("../../src/lib/LdapClient"); -import { LdapConfiguration } from "../../src/lib/Configuration"; +import LdapClient = require("../../src/server/lib/LdapClient"); +import { LdapConfiguration } from "../../src/types/Configuration"; import sinon = require("sinon"); import BluebirdPromise = require("bluebird"); @@ -77,7 +77,7 @@ describe("test ldap validation", function () { ldap_client.bind.yields("wrong credentials"); const promise = test_bind(); return promise.catch(function () { - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); } @@ -106,7 +106,7 @@ describe("test ldap validation", function () { return ldap.get_emails("user") .then(function (emails) { assert.deepEqual(emails, [expected_doc.object.mail]); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); @@ -116,7 +116,7 @@ describe("test ldap validation", function () { return ldap.get_emails("username") .then(function (emails) { assert.deepEqual(emails, ["user@example.com"]); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); @@ -128,7 +128,7 @@ describe("test ldap validation", function () { return ldap.get_emails("user") .catch(function () { - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); } @@ -163,7 +163,7 @@ describe("test ldap validation", function () { return ldap.get_groups("user") .then(function (groups) { assert.deepEqual(groups, ["group1", "group2"]); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); @@ -192,7 +192,7 @@ describe("test ldap validation", function () { ldap_client.search.yields("error"); return ldap.get_groups("user") .catch(function () { - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); } @@ -217,7 +217,7 @@ describe("test ldap validation", function () { const userPassword = ldap_client.modify.getCall(0).args[1].modification.userPassword; assert(/{SSHA}/.test(userPassword)); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); @@ -227,7 +227,7 @@ describe("test ldap validation", function () { return ldap.update_password("user", "new-password") .catch(function () { - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); diff --git a/test/unitary/Server.test.ts b/test/server/Server.test.ts similarity index 70% rename from test/unitary/Server.test.ts rename to test/server/Server.test.ts index 15105b26..0fa64f03 100644 --- a/test/unitary/Server.test.ts +++ b/test/server/Server.test.ts @@ -1,15 +1,17 @@ -import Server from "../../src/lib/Server"; -import LdapClient = require("../../src/lib/LdapClient"); +import Server from "../../src/server/lib/Server"; +import LdapClient = require("../../src/server/lib/LdapClient"); -import Promise = require("bluebird"); +import BluebirdPromise = require("bluebird"); import speakeasy = require("speakeasy"); import request = require("request"); import nedb = require("nedb"); import { TOTPSecret } from "../../src/types/TOTPSecret"; +import U2FMock = require("./mocks/u2f"); +import Endpoints = require("../../src/server/endpoints"); -const requestp = Promise.promisifyAll(request) as request.RequestAsync; +const requestp = BluebirdPromise.promisifyAll(request) as typeof request; const assert = require("assert"); const sinon = require("sinon"); const MockDate = require("mockdate"); @@ -24,7 +26,7 @@ const requests = require("./requests")(PORT); describe("test the server", function () { let server: Server; let transporter: object; - let u2f: any; + let u2f: U2FMock.U2FMock; beforeEach(function () { const config = { @@ -62,12 +64,7 @@ describe("test the server", function () { }) }; - u2f = { - startRegistration: sinon.stub(), - finishRegistration: sinon.stub(), - startAuthentication: sinon.stub(), - finishAuthentication: sinon.stub() - }; + u2f = U2FMock.U2FMock(); transporter = { sendMail: sinon.stub().yields() @@ -120,79 +117,70 @@ describe("test the server", function () { server.stop(); }); - describe("test GET /login", function () { + describe("test GET " + Endpoints.FIRST_FACTOR_GET, function () { test_login(); }); - describe("test GET /logout", function () { + describe("test GET " + Endpoints.LOGOUT_GET, function () { test_logout(); }); - describe("test GET /reset-password-form", function () { + describe("test GET" + Endpoints.RESET_PASSWORD_REQUEST_GET, function () { test_reset_password_form(); }); - describe("test endpoints locks", function () { - function should_post_and_reply_with(url: string, status_code: number) { + describe("Second factor endpoints must be protected if first factor is not validated", function () { + function should_post_and_reply_with(url: string, status_code: number): BluebirdPromise { return requestp.postAsync(url).then(function (response: request.RequestResponse) { assert.equal(response.statusCode, status_code); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); } - function should_get_and_reply_with(url: string, status_code: number) { + function should_get_and_reply_with(url: string, status_code: number): BluebirdPromise { return requestp.getAsync(url).then(function (response: request.RequestResponse) { assert.equal(response.statusCode, status_code); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); } - function should_post_and_reply_with_403(url: string) { - return should_post_and_reply_with(url, 403); - } - function should_get_and_reply_with_403(url: string) { - return should_get_and_reply_with(url, 403); - } - - function should_post_and_reply_with_401(url: string) { + function should_post_and_reply_with_401(url: string): BluebirdPromise { return should_post_and_reply_with(url, 401); } - function should_get_and_reply_with_401(url: string) { + function should_get_and_reply_with_401(url: string): BluebirdPromise { return should_get_and_reply_with(url, 401); } - function should_get_and_post_reply_with_403(url: string) { - const p1 = should_post_and_reply_with_403(url); - const p2 = should_get_and_reply_with_403(url); - return Promise.all([p1, p2]); - } - - it("should block /new-password", function () { - return should_post_and_reply_with_403(BASE_URL + "/new-password"); + it("should block " + Endpoints.SECOND_FACTOR_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_GET); }); - it("should block /u2f-register", function () { - return should_get_and_post_reply_with_403(BASE_URL + "/u2f-register"); + it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET); }); - it("should block /reset-password", function () { - return should_get_and_post_reply_with_403(BASE_URL + "/reset-password"); + it("should block " + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET + "?identity_token=dummy"); }); - it("should block /2ndfactor/u2f/register_request", function () { - return should_get_and_reply_with_403(BASE_URL + "/2ndfactor/u2f/register_request"); + it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET); }); - it("should block /2ndfactor/u2f/register", function () { - return should_post_and_reply_with_403(BASE_URL + "/2ndfactor/u2f/register"); + it("should block " + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, function () { + return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST); }); - it("should block /2ndfactor/u2f/sign_request", function () { - return should_get_and_reply_with_403(BASE_URL + "/2ndfactor/u2f/sign_request"); + it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, function () { + return should_get_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET); }); - it("should block /2ndfactor/u2f/sign", function () { - return should_post_and_reply_with_403(BASE_URL + "/2ndfactor/u2f/sign"); + it("should block " + Endpoints.SECOND_FACTOR_U2F_SIGN_POST, function () { + return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_POST); + }); + + it("should block " + Endpoints.SECOND_FACTOR_TOTP_POST, function () { + return should_post_and_reply_with_401(BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST); }); }); @@ -204,7 +192,7 @@ describe("test the server", function () { function test_reset_password_form() { it("should serve the reset password form page", function (done) { - requestp.getAsync(BASE_URL + "/reset-password-form") + requestp.getAsync(BASE_URL + Endpoints.RESET_PASSWORD_REQUEST_GET) .then(function (response: request.RequestResponse) { assert.equal(response.statusCode, 200); done(); @@ -214,7 +202,7 @@ describe("test the server", function () { function test_login() { it("should serve the login page", function (done) { - requestp.getAsync(BASE_URL + "/login") + requestp.getAsync(BASE_URL + Endpoints.FIRST_FACTOR_GET) .then(function (response: request.RequestResponse) { assert.equal(response.statusCode, 200); done(); @@ -224,7 +212,7 @@ describe("test the server", function () { function test_logout() { it("should logout and redirect to /", function (done) { - requestp.getAsync(BASE_URL + "/logout") + requestp.getAsync(BASE_URL + Endpoints.LOGOUT_GET) .then(function (response: any) { assert.equal(response.req.path, "/"); done(); @@ -234,10 +222,10 @@ describe("test the server", function () { function test_authentication() { it("should return status code 401 when user is not authenticated", function () { - return requestp.getAsync({ url: BASE_URL + "/verify" }) + return requestp.getAsync({ url: BASE_URL + Endpoints.VERIFY_GET }) .then(function (response: request.RequestResponse) { assert.equal(response.statusCode, 401); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); @@ -249,24 +237,23 @@ describe("test the server", function () { return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "first factor failed"); + assert.equal(res.statusCode, 302, "first factor failed"); return requests.register_totp(j, transporter); }) - .then(function (secret: string) { - const sec = JSON.parse(secret) as TOTPSecret; + .then(function (base32_secret: string) { const real_token = speakeasy.totp({ - secret: sec.base32, + secret: base32_secret, encoding: "base32" }); return requests.totp(j, real_token); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "second factor failed"); + assert.equal(res.statusCode, 200, "second factor failed"); return requests.verify(j); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 204, "verify failed"); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); @@ -295,7 +282,7 @@ describe("test the server", function () { }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 204, "verify failed"); - return Promise.resolve(); + return BluebirdPromise.resolve(); }) .catch(function (err: Error) { console.error(err); @@ -307,10 +294,9 @@ describe("test the server", function () { const sign_status = {}; const registration_request = {}; const registration_status = {}; - u2f.startRegistration.returns(Promise.resolve(sign_request)); - u2f.finishRegistration.returns(Promise.resolve(sign_status)); - u2f.startAuthentication.returns(Promise.resolve(registration_request)); - u2f.finishAuthentication.returns(Promise.resolve(registration_status)); + u2f.request.returns(BluebirdPromise.resolve(sign_request)); + u2f.checkRegistration.returns(BluebirdPromise.resolve(sign_status)); + u2f.checkSignature.returns(BluebirdPromise.resolve(registration_status)); const j = requestp.jar(); return requests.login(j) @@ -319,20 +305,22 @@ describe("test the server", function () { return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "first factor failed"); + // console.log(res); + assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET); + assert.equal(res.statusCode, 302, "first factor failed"); return requests.u2f_registration(j, transporter); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "second factor, finish register failed"); + assert.equal(res.statusCode, 200, "second factor, finish register failed"); return requests.u2f_authentication(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "second factor, finish sign failed"); + assert.equal(res.statusCode, 200, "second factor, finish sign failed"); return requests.verify(j); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 204, "verify failed"); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); } @@ -346,12 +334,13 @@ describe("test the server", function () { return requests.first_factor(j); }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204, "first factor failed"); + assert.equal(res.headers.location, Endpoints.SECOND_FACTOR_GET); + assert.equal(res.statusCode, 302, "first factor failed"); return requests.reset_password(j, transporter, "user", "new-password"); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 204, "second factor, finish register failed"); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); } @@ -384,7 +373,7 @@ describe("test the server", function () { }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 401, "first factor failed"); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); } diff --git a/test/unitary/TOTPValidator.test.ts b/test/server/TOTPValidator.test.ts similarity index 91% rename from test/unitary/TOTPValidator.test.ts rename to test/server/TOTPValidator.test.ts index 84baa040..e848e694 100644 --- a/test/unitary/TOTPValidator.test.ts +++ b/test/server/TOTPValidator.test.ts @@ -1,5 +1,5 @@ -import TOTPValidator from "../../src/lib/TOTPValidator"; +import { TOTPValidator } from "../../src/server/lib/TOTPValidator"; import sinon = require("sinon"); import Promise = require("bluebird"); import SpeakeasyMock = require("./mocks/speakeasy"); diff --git a/test/unitary/UserDataStore.test.ts b/test/server/UserDataStore.test.ts similarity index 88% rename from test/unitary/UserDataStore.test.ts rename to test/server/UserDataStore.test.ts index a7ce7dd9..8c7b8128 100644 --- a/test/unitary/UserDataStore.test.ts +++ b/test/server/UserDataStore.test.ts @@ -1,6 +1,6 @@ -import UserDataStore from "../../src/lib/UserDataStore"; -import { U2FMetaDocument, Options } from "../../src/lib/UserDataStore"; +import UserDataStore from "../../src/server/lib/UserDataStore"; +import { U2FRegistrationDocument, Options } from "../../src/server/lib/UserDataStore"; import nedb = require("nedb"); import assert = require("assert"); @@ -24,11 +24,10 @@ describe("test user data store", () => { const userid = "user"; const app_id = "https://localhost"; - const meta = { - publicKey: "pbk" - }; + const keyHandle = "keyhandle"; + const publicKey = "publicKey"; - return data_store.set_u2f_meta(userid, app_id, meta) + return data_store.set_u2f_meta(userid, app_id, keyHandle, publicKey) .then(function (numUpdated) { assert.equal(1, numUpdated); return Promise.resolve(); @@ -64,19 +63,19 @@ describe("test user data store", () => { const userid = "user"; const app_id = "https://localhost"; - const meta = { - publicKey: "pbk" - }; + const keyHandle = "keyHandle"; + const publicKey = "publicKey"; - return data_store.set_u2f_meta(userid, app_id, meta) + return data_store.set_u2f_meta(userid, app_id, keyHandle, publicKey) .then(function (numUpdated: number) { assert.equal(1, numUpdated); return data_store.get_u2f_meta(userid, app_id); }) - .then(function (doc: U2FMetaDocument) { - assert.deepEqual(meta, doc.meta); - assert.deepEqual(userid, doc.userid); - assert.deepEqual(app_id, doc.appid); + .then(function (doc: U2FRegistrationDocument) { + assert.deepEqual(keyHandle, doc.keyHandle); + assert.deepEqual(publicKey, doc.publicKey); + assert.deepEqual(userid, doc.userId); + assert.deepEqual(app_id, doc.appId); assert("_id" in doc); return Promise.resolve(); }); diff --git a/test/unitary/access_control/AccessController.test.ts b/test/server/access_control/AccessController.test.ts similarity index 92% rename from test/unitary/access_control/AccessController.test.ts rename to test/server/access_control/AccessController.test.ts index 9af32227..5e5f5e3f 100644 --- a/test/unitary/access_control/AccessController.test.ts +++ b/test/server/access_control/AccessController.test.ts @@ -1,8 +1,8 @@ import assert = require("assert"); import winston = require("winston"); -import AccessController from "../../../src/lib/access_control/AccessController"; -import { ACLConfiguration } from "../../../src/lib/Configuration"; +import { AccessController } from "../../../src/server/lib/access_control/AccessController"; +import { ACLConfiguration } from "../../../src/types/Configuration"; describe("test access control manager", function () { let accessController: AccessController; diff --git a/test/unitary/access_control/PatternBuilder.test.ts b/test/server/access_control/PatternBuilder.test.ts similarity index 96% rename from test/unitary/access_control/PatternBuilder.test.ts rename to test/server/access_control/PatternBuilder.test.ts index a563556c..391919fb 100644 --- a/test/unitary/access_control/PatternBuilder.test.ts +++ b/test/server/access_control/PatternBuilder.test.ts @@ -2,8 +2,8 @@ import assert = require("assert"); import winston = require("winston"); -import PatternBuilder from "../../../src/lib/access_control/PatternBuilder"; -import { ACLConfiguration } from "../../../src/lib/Configuration"; +import PatternBuilder from "../../../src/server/lib/access_control/PatternBuilder"; +import { ACLConfiguration } from "../../../src/types/Configuration"; describe("test access control manager", function () { describe("test access control pattern builder when no configuration is provided", () => { diff --git a/test/unitary/config_adapter.test.ts b/test/server/config_adapter.test.ts similarity index 95% rename from test/unitary/config_adapter.test.ts rename to test/server/config_adapter.test.ts index 0c8a651e..9c27f43a 100644 --- a/test/unitary/config_adapter.test.ts +++ b/test/server/config_adapter.test.ts @@ -1,6 +1,6 @@ import * as Assert from "assert"; -import { UserConfiguration } from "../../src/lib/Configuration"; -import ConfigurationAdapter from "../../src/lib/ConfigurationAdapter"; +import { UserConfiguration } from "../../src/types/Configuration"; +import ConfigurationAdapter from "../../src/server/lib/ConfigurationAdapter"; describe("test config adapter", function() { function build_yaml_config(): UserConfiguration { diff --git a/test/unitary/data_persistence.test.ts b/test/server/data_persistence.test.ts similarity index 78% rename from test/unitary/data_persistence.test.ts rename to test/server/data_persistence.test.ts index 1e721872..1beac313 100644 --- a/test/unitary/data_persistence.test.ts +++ b/test/server/data_persistence.test.ts @@ -1,14 +1,15 @@ -import * as Promise from "bluebird"; +import * as BluebirdPromise from "bluebird"; import * as request from "request"; -import Server from "../../src/lib/Server"; -import { UserConfiguration } from "../../src/lib/Configuration"; +import Server from "../../src/server/lib/Server"; +import { UserConfiguration } from "../../src/types/Configuration"; import { GlobalDependencies } from "../../src/types/Dependencies"; import * as tmp from "tmp"; +import U2FMock = require("./mocks/u2f"); -const requestp = Promise.promisifyAll(request) as request.Request; +const requestp = BluebirdPromise.promisifyAll(request) as request.Request; const assert = require("assert"); const speakeasy = require("speakeasy"); const sinon = require("sinon"); @@ -20,7 +21,7 @@ const PORT = 8050; const requests = require("./requests")(PORT); describe("test data persistence", function () { - let u2f: any; + let u2f: U2FMock.U2FMock; let tmpDir: tmp.SynchrounousResult; const ldap_client = { bind: sinon.stub(), @@ -36,12 +37,7 @@ describe("test data persistence", function () { let config: UserConfiguration; before(function () { - u2f = { - startRegistration: sinon.stub(), - finishRegistration: sinon.stub(), - startAuthentication: sinon.stub(), - finishAuthentication: sinon.stub() - }; + u2f = U2FMock.U2FMock(); const search_doc = { object: { @@ -92,12 +88,10 @@ describe("test data persistence", function () { let server: Server; const sign_request = {}; const sign_status = {}; - const registration_request = {}; const registration_status = {}; - u2f.startRegistration.returns(Promise.resolve(sign_request)); - u2f.finishRegistration.returns(Promise.resolve(sign_status)); - u2f.startAuthentication.returns(Promise.resolve(registration_request)); - u2f.finishAuthentication.returns(Promise.resolve(registration_status)); + u2f.request.returns(sign_request); + u2f.checkRegistration.returns(sign_status); + u2f.checkSignature.returns(registration_status); const nodemailer = { createTransport: sinon.spy(function () { @@ -152,18 +146,18 @@ describe("test data persistence", function () { return requests.u2f_authentication(j2); }) .then(function (res) { - assert.equal(204, res.statusCode); + assert.equal(200, res.statusCode); server.stop(); - return Promise.resolve(); + return BluebirdPromise.resolve(); }) .catch(function (err) { console.error(err); - return Promise.reject(err); + return BluebirdPromise.reject(err); }); }); - function start_server(config: UserConfiguration, deps: GlobalDependencies): Promise { - return new Promise(function (resolve, reject) { + function start_server(config: UserConfiguration, deps: GlobalDependencies): BluebirdPromise { + return new BluebirdPromise(function (resolve, reject) { const s = new Server(); s.start(config, deps); resolve(s); @@ -171,7 +165,7 @@ describe("test data persistence", function () { } function stop_server(s: Server) { - return new Promise(function (resolve, reject) { + return new BluebirdPromise(function (resolve, reject) { s.stop(); resolve(); }); diff --git a/test/unitary/mocks/AccessController.ts b/test/server/mocks/AccessController.ts similarity index 100% rename from test/unitary/mocks/AccessController.ts rename to test/server/mocks/AccessController.ts diff --git a/test/unitary/mocks/AuthenticationRegulator.ts b/test/server/mocks/AuthenticationRegulator.ts similarity index 100% rename from test/unitary/mocks/AuthenticationRegulator.ts rename to test/server/mocks/AuthenticationRegulator.ts diff --git a/test/unitary/mocks/IdentityValidator.ts b/test/server/mocks/IdentityValidator.ts similarity index 58% rename from test/unitary/mocks/IdentityValidator.ts rename to test/server/mocks/IdentityValidator.ts index fd341770..bd8dcd7e 100644 --- a/test/unitary/mocks/IdentityValidator.ts +++ b/test/server/mocks/IdentityValidator.ts @@ -1,6 +1,6 @@ import sinon = require("sinon"); -import { IdentityValidable } from "../../../src/lib/IdentityValidator"; +import { IdentityValidable } from "../../../src/server/lib/IdentityCheckMiddleware"; import express = require("express"); import BluebirdPromise = require("bluebird"); import { Identity } from "../../../src/types/Identity"; @@ -8,16 +8,20 @@ import { Identity } from "../../../src/types/Identity"; export interface IdentityValidableMock { challenge: sinon.SinonStub; - templateName: sinon.SinonStub; - preValidation: sinon.SinonStub; + preValidationInit: sinon.SinonStub; + preValidationResponse: sinon.SinonStub | sinon.SinonSpy; + postValidationInit: sinon.SinonStub; + postValidationResponse: sinon.SinonStub | sinon.SinonSpy; mailSubject: sinon.SinonStub; } export function IdentityValidableMock() { return { challenge: sinon.stub(), - templateName: sinon.stub(), - preValidation: sinon.stub(), + preValidationInit: sinon.stub(), + preValidationResponse: sinon.stub(), + postValidationInit: sinon.stub(), + postValidationResponse: sinon.stub(), mailSubject: sinon.stub() }; } diff --git a/test/unitary/mocks/LdapClient.ts b/test/server/mocks/LdapClient.ts similarity index 100% rename from test/unitary/mocks/LdapClient.ts rename to test/server/mocks/LdapClient.ts diff --git a/test/unitary/mocks/Notifier.ts b/test/server/mocks/Notifier.ts similarity index 100% rename from test/unitary/mocks/Notifier.ts rename to test/server/mocks/Notifier.ts diff --git a/test/server/mocks/ServerVariablesMock.ts b/test/server/mocks/ServerVariablesMock.ts new file mode 100644 index 00000000..b5dda7da --- /dev/null +++ b/test/server/mocks/ServerVariablesMock.ts @@ -0,0 +1,34 @@ +import sinon = require("sinon"); +import express = require("express"); +import {  ServerVariables, VARIABLES_KEY }  from "../../../src/server/lib/ServerVariables"; + +export interface ServerVariablesMock { + logger: any; + ldap: any; + totpValidator: any; + totpGenerator: any; + u2f: any; + userDataStore: any; + notifier: any; + regulator: any; + config: any; + accessController: any; +} + + +export function mock(app: express.Application): ServerVariablesMock { + const mocks: ServerVariablesMock = { + accessController: sinon.stub(), + config: sinon.stub(), + ldap: sinon.stub(), + logger: sinon.stub(), + notifier: sinon.stub(), + regulator: sinon.stub(), + totpGenerator: sinon.stub(), + totpValidator: sinon.stub(), + u2f: sinon.stub(), + userDataStore: sinon.stub() + }; + app.get = sinon.stub().withArgs(VARIABLES_KEY).returns(mocks); + return mocks; +} \ No newline at end of file diff --git a/test/unitary/mocks/TOTPValidator.ts b/test/server/mocks/TOTPValidator.ts similarity index 100% rename from test/unitary/mocks/TOTPValidator.ts rename to test/server/mocks/TOTPValidator.ts diff --git a/test/unitary/mocks/UserDataStore.ts b/test/server/mocks/UserDataStore.ts similarity index 100% rename from test/unitary/mocks/UserDataStore.ts rename to test/server/mocks/UserDataStore.ts diff --git a/test/unitary/mocks/express.ts b/test/server/mocks/express.ts similarity index 98% rename from test/unitary/mocks/express.ts rename to test/server/mocks/express.ts index daa3e170..b2adda98 100644 --- a/test/unitary/mocks/express.ts +++ b/test/server/mocks/express.ts @@ -32,7 +32,7 @@ export interface ResponseMock { clearCookie: sinon.SinonStub; cookie: sinon.SinonStub; location: sinon.SinonStub; - redirect: sinon.SinonStub; + redirect: sinon.SinonStub | sinon.SinonSpy; render: sinon.SinonStub | sinon.SinonSpy; locals: sinon.SinonStub; charset: string; diff --git a/test/unitary/mocks/ldapjs.ts b/test/server/mocks/ldapjs.ts similarity index 100% rename from test/unitary/mocks/ldapjs.ts rename to test/server/mocks/ldapjs.ts diff --git a/test/unitary/mocks/nodemailer.ts b/test/server/mocks/nodemailer.ts similarity index 100% rename from test/unitary/mocks/nodemailer.ts rename to test/server/mocks/nodemailer.ts diff --git a/test/unitary/mocks/speakeasy.ts b/test/server/mocks/speakeasy.ts similarity index 100% rename from test/unitary/mocks/speakeasy.ts rename to test/server/mocks/speakeasy.ts diff --git a/test/server/mocks/u2f.ts b/test/server/mocks/u2f.ts new file mode 100644 index 00000000..234b28c1 --- /dev/null +++ b/test/server/mocks/u2f.ts @@ -0,0 +1,16 @@ + +import sinon = require("sinon"); + +export interface U2FMock { + request: sinon.SinonStub; + checkSignature: sinon.SinonStub; + checkRegistration: sinon.SinonStub; +} + +export function U2FMock(): U2FMock { + return { + request: sinon.stub(), + checkSignature: sinon.stub(), + checkRegistration: sinon.stub() + }; +} diff --git a/test/unitary/notifiers/FileSystemNotifier.test.ts b/test/server/notifiers/FileSystemNotifier.test.ts similarity index 84% rename from test/unitary/notifiers/FileSystemNotifier.test.ts rename to test/server/notifiers/FileSystemNotifier.test.ts index b5197157..add77dcc 100644 --- a/test/unitary/notifiers/FileSystemNotifier.test.ts +++ b/test/server/notifiers/FileSystemNotifier.test.ts @@ -1,9 +1,10 @@ import * as sinon from "sinon"; import * as assert from "assert"; -import { FileSystemNotifier } from "../../../src/lib/notifiers/FileSystemNotifier"; +import { FileSystemNotifier } from "../../../src/server/lib/notifiers/FileSystemNotifier"; import * as tmp from "tmp"; import * as fs from "fs"; +import BluebirdPromise = require("bluebird"); const NOTIFICATIONS_DIRECTORY = "notifications"; @@ -36,7 +37,7 @@ describe("test FS notifier", function() { .then(function() { const content = fs.readFileSync(options.filename, "UTF-8"); assert(content.length > 0); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); }); diff --git a/test/unitary/notifiers/GMailNotifier.test.ts b/test/server/notifiers/GMailNotifier.test.ts similarity index 87% rename from test/unitary/notifiers/GMailNotifier.test.ts rename to test/server/notifiers/GMailNotifier.test.ts index feaae479..c9deb8fe 100644 --- a/test/unitary/notifiers/GMailNotifier.test.ts +++ b/test/server/notifiers/GMailNotifier.test.ts @@ -1,8 +1,9 @@ import * as sinon from "sinon"; import * as assert from "assert"; +import BluebirdPromise = require("bluebird"); import NodemailerMock = require("../mocks/nodemailer"); -import GMailNotifier = require("../../../src/lib/notifiers/GMailNotifier"); +import GMailNotifier = require("../../../src/server/lib/notifiers/GMailNotifier"); describe("test gmail notifier", function () { @@ -34,7 +35,7 @@ describe("test gmail notifier", function () { assert.equal(nodemailerMock.createTransport.getCall(0).args[0].auth.pass, "pass_gmail"); assert.equal(transporter.sendMail.getCall(0).args[0].to, "user@example.com"); assert.equal(transporter.sendMail.getCall(0).args[0].subject, "subject"); - return Promise.resolve(); + return BluebirdPromise.resolve(); }); }); }); diff --git a/test/unitary/notifiers/NotifierFactory.test.ts b/test/server/notifiers/NotifierFactory.test.ts similarity index 77% rename from test/unitary/notifiers/NotifierFactory.test.ts rename to test/server/notifiers/NotifierFactory.test.ts index d327a9ba..bf6c79a5 100644 --- a/test/unitary/notifiers/NotifierFactory.test.ts +++ b/test/server/notifiers/NotifierFactory.test.ts @@ -3,9 +3,9 @@ import * as sinon from "sinon"; import * as BluebirdPromise from "bluebird"; import * as assert from "assert"; -import { NotifierFactory } from "../../../src/lib/notifiers/NotifierFactory"; -import { GMailNotifier } from "../../../src/lib/notifiers/GMailNotifier"; -import { FileSystemNotifier } from "../../../src/lib/notifiers/FileSystemNotifier"; +import { NotifierFactory } from "../../../src/server/lib/notifiers/NotifierFactory"; +import { GMailNotifier } from "../../../src/server/lib/notifiers/GMailNotifier"; +import { FileSystemNotifier } from "../../../src/server/lib/notifiers/FileSystemNotifier"; import NodemailerMock = require("../mocks/nodemailer"); diff --git a/test/unitary/requests.ts b/test/server/requests.ts similarity index 70% rename from test/unitary/requests.ts rename to test/server/requests.ts index 221f4b37..a7837436 100644 --- a/test/unitary/requests.ts +++ b/test/server/requests.ts @@ -4,36 +4,37 @@ import request = require("request"); import assert = require("assert"); import express = require("express"); import nodemailer = require("nodemailer"); +import Endpoints = require("../../src/server/endpoints"); import NodemailerMock = require("./mocks/nodemailer"); -const requestAsync = BluebirdPromise.promisifyAll(request) as request.RequestAsync; +const requestAsync: typeof request = BluebirdPromise.promisifyAll(request) as typeof request; export = function (port: number) { const PORT = port; const BASE_URL = "http://localhost:" + PORT; function execute_reset_password(jar: request.CookieJar, transporter: NodemailerMock.NodemailerTransporterMock, user: string, new_password: string) { - return requestAsync.postAsync({ - url: BASE_URL + "/reset-password", + return requestAsync.getAsync({ + url: BASE_URL + Endpoints.RESET_PASSWORD_IDENTITY_START_GET, jar: jar, - form: { userid: user } + qs: { userid: user } }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204); + assert.equal(res.statusCode, 200); const html_content = transporter.sendMail.getCall(0).args[0].html; const regexp = /identity_token=([a-zA-Z0-9]+)/; const token = regexp.exec(html_content)[1]; // console.log(html_content, token); return requestAsync.getAsync({ - url: BASE_URL + "/reset-password?identity_token=" + token, + url: BASE_URL + Endpoints.RESET_PASSWORD_IDENTITY_FINISH_GET + "?identity_token=" + token, jar: jar }); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 200); return requestAsync.postAsync({ - url: BASE_URL + "/new-password", + url: BASE_URL + Endpoints.RESET_PASSWORD_FORM_POST, jar: jar, form: { password: new_password @@ -43,39 +44,31 @@ export = function (port: number) { } function execute_register_totp(jar: request.CookieJar, transporter: NodemailerMock.NodemailerTransporterMock) { - return requestAsync.postAsync({ - url: BASE_URL + "/totp-register", + return requestAsync.getAsync({ + url: BASE_URL + Endpoints.SECOND_FACTOR_TOTP_IDENTITY_START_GET, jar: jar }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204); + assert.equal(res.statusCode, 200); const html_content = transporter.sendMail.getCall(0).args[0].html; const regexp = /identity_token=([a-zA-Z0-9]+)/; const token = regexp.exec(html_content)[1]; - // console.log(html_content, token); return requestAsync.getAsync({ - url: BASE_URL + "/totp-register?identity_token=" + token, + url: BASE_URL + Endpoints.SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET + "?identity_token=" + token, jar: jar }); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 200); - return requestAsync.postAsync({ - url: BASE_URL + "/new-totp-secret", - jar: jar, - }); - }) - .then(function (res: request.RequestResponse) { - console.log(res.statusCode); - console.log(res.body); - assert.equal(res.statusCode, 200); - return Promise.resolve(res.body); + const regex = /

([A-Z0-9]+)<\/p>/g; + const secret = regex.exec(res.body); + return BluebirdPromise.resolve(secret[1]); }); } function execute_totp(jar: request.CookieJar, token: string) { return requestAsync.postAsync({ - url: BASE_URL + "/2ndfactor/totp", + url: BASE_URL + Endpoints.SECOND_FACTOR_TOTP_POST, jar: jar, form: { token: token @@ -85,13 +78,13 @@ export = function (port: number) { function execute_u2f_authentication(jar: request.CookieJar) { return requestAsync.getAsync({ - url: BASE_URL + "/2ndfactor/u2f/sign_request", + url: BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, jar: jar }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 200); return requestAsync.postAsync({ - url: BASE_URL + "/2ndfactor/u2f/sign", + url: BASE_URL + Endpoints.SECOND_FACTOR_U2F_SIGN_POST, jar: jar, form: { } @@ -100,40 +93,40 @@ export = function (port: number) { } function execute_verification(jar: request.CookieJar) { - return requestAsync.getAsync({ url: BASE_URL + "/verify", jar: jar }); + return requestAsync.getAsync({ url: BASE_URL + Endpoints.VERIFY_GET, jar: jar }); } function execute_login(jar: request.CookieJar) { - return requestAsync.getAsync({ url: BASE_URL + "/login", jar: jar }); + return requestAsync.getAsync({ url: BASE_URL + Endpoints.FIRST_FACTOR_GET, jar: jar }); } function execute_u2f_registration(jar: request.CookieJar, transporter: NodemailerMock.NodemailerTransporterMock) { - return requestAsync.postAsync({ - url: BASE_URL + "/u2f-register", + return requestAsync.getAsync({ + url: BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_START_GET, jar: jar }) .then(function (res: request.RequestResponse) { - assert.equal(res.statusCode, 204); + assert.equal(res.statusCode, 200); const html_content = transporter.sendMail.getCall(0).args[0].html; const regexp = /identity_token=([a-zA-Z0-9]+)/; const token = regexp.exec(html_content)[1]; // console.log(html_content, token); return requestAsync.getAsync({ - url: BASE_URL + "/u2f-register?identity_token=" + token, + url: BASE_URL + Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET + "?identity_token=" + token, jar: jar }); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 200); return requestAsync.getAsync({ - url: BASE_URL + "/2ndfactor/u2f/register_request", + url: BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, jar: jar, }); }) .then(function (res: request.RequestResponse) { assert.equal(res.statusCode, 200); return requestAsync.postAsync({ - url: BASE_URL + "/2ndfactor/u2f/register", + url: BASE_URL + Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, jar: jar, form: { s: "test" @@ -144,7 +137,7 @@ export = function (port: number) { function execute_first_factor(jar: request.CookieJar) { return requestAsync.postAsync({ - url: BASE_URL + "/1stfactor", + url: BASE_URL + Endpoints.FIRST_FACTOR_POST, jar: jar, form: { username: "test_ok", @@ -155,7 +148,7 @@ export = function (port: number) { function execute_failing_first_factor(jar: request.CookieJar) { return requestAsync.postAsync({ - url: BASE_URL + "/1stfactor", + url: BASE_URL + Endpoints.FIRST_FACTOR_POST, jar: jar, form: { username: "test_nok", diff --git a/test/unitary/routes/FirstFactor.test.ts b/test/server/routes/firstfactor/post.test.ts similarity index 57% rename from test/unitary/routes/FirstFactor.test.ts rename to test/server/routes/firstfactor/post.test.ts index 0ee5b07e..e38bbec0 100644 --- a/test/unitary/routes/FirstFactor.test.ts +++ b/test/server/routes/firstfactor/post.test.ts @@ -4,12 +4,16 @@ import BluebirdPromise = require("bluebird"); import assert = require("assert"); import winston = require("winston"); -import FirstFactor = require("../../../src/lib/routes/FirstFactor"); -import exceptions = require("../../../src/lib/Exceptions"); -import AuthenticationRegulatorMock = require("../mocks/AuthenticationRegulator"); -import AccessControllerMock = require("../mocks/AccessController"); -import { LdapClientMock } from "../mocks/LdapClient"; -import ExpressMock = require("../mocks/express"); +import FirstFactorPost = require("../../../../src/server/lib/routes/firstfactor/post"); +import exceptions = require("../../../../src/server/lib/Exceptions"); +import AuthenticationSession = require("../../../../src/server/lib/AuthenticationSession"); +import Endpoints = require("../../../../src/server/endpoints"); + +import AuthenticationRegulatorMock = require("../../mocks/AuthenticationRegulator"); +import AccessControllerMock = require("../../mocks/AccessController"); +import { LdapClientMock } from "../../mocks/LdapClient"; +import ExpressMock = require("../../mocks/express"); +import ServerVariablesMock = require("../../mocks/ServerVariablesMock"); describe("test the first factor validation route", function () { let req: ExpressMock.RequestMock; @@ -41,65 +45,59 @@ describe("test the first factor validation route", function () { regulator.regulate.returns(BluebirdPromise.resolve()); regulator.mark.returns(BluebirdPromise.resolve()); - const app_get = sinon.stub(); - app_get.withArgs("ldap").returns(ldapMock); - app_get.withArgs("configuration").returns(configuration); - app_get.withArgs("logger").returns(winston); - app_get.withArgs("authentication regulator").returns(regulator); - app_get.withArgs("access controller").returns(accessController); - req = { app: { - get: app_get }, body: { username: "username", password: "password" }, session: { - auth_session: { - FirstFactor: false, - second_factor: false - } }, headers: { host: "home.example.com" } }; + + AuthenticationSession.reset(req as any); + + const mocks = ServerVariablesMock.mock(req.app); + mocks.ldap = ldapMock; + mocks.config = configuration; + mocks.logger = winston; + mocks.regulator = regulator; + mocks.accessController = accessController; + res = ExpressMock.ResponseMock(); }); - it("should return status code 204 when LDAP binding succeeds", function () { - return new Promise(function (resolve, reject) { - res.send = sinon.spy(function () { - assert.equal("username", req.session.auth_session.userid); - assert.equal(204, res.status.getCall(0).args[0]); - resolve(); + it("should redirect client to second factor page", function () { + ldapMock.bind.withArgs("username").returns(BluebirdPromise.resolve()); + ldapMock.get_emails.returns(BluebirdPromise.resolve(emails)); + const authSession = AuthenticationSession.get(req as any); + return FirstFactorPost.default(req as any, res as any) + .then(function () { + assert.equal("username", authSession.userid); + assert.equal(Endpoints.SECOND_FACTOR_GET, res.redirect.getCall(0).args[0]); }); - ldapMock.bind.withArgs("username").returns(BluebirdPromise.resolve()); - ldapMock.get_emails.returns(BluebirdPromise.resolve(emails)); - FirstFactor(req as any, res as any); - }); }); it("should retrieve email from LDAP", function (done) { - res.send = sinon.spy(function () { done(); }); + res.redirect = sinon.spy(function () { done(); }); ldapMock.bind.returns(BluebirdPromise.resolve()); ldapMock.get_emails = sinon.stub().withArgs("username").returns(BluebirdPromise.resolve([{ mail: ["test@example.com"] }])); - FirstFactor(req as any, res as any); + FirstFactorPost.default(req as any, res as any); }); it("should set email as session variables", function () { - return new Promise(function (resolve, reject) { - res.send = sinon.spy(function () { - assert.equal("test_ok@example.com", req.session.auth_session.email); - resolve(); + const emails = ["test_ok@example.com"]; + const authSession = AuthenticationSession.get(req as any); + ldapMock.bind.returns(BluebirdPromise.resolve()); + ldapMock.get_emails.returns(BluebirdPromise.resolve(emails)); + return FirstFactorPost.default(req as any, res as any) + .then(function () { + assert.equal("test_ok@example.com", authSession.email); }); - const emails = ["test_ok@example.com"]; - ldapMock.bind.returns(BluebirdPromise.resolve()); - ldapMock.get_emails.returns(BluebirdPromise.resolve(emails)); - FirstFactor(req as any, res as any); - }); }); it("should return status code 401 when LDAP binding throws", function (done) { @@ -109,7 +107,7 @@ describe("test the first factor validation route", function () { done(); }); ldapMock.bind.returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials"))); - FirstFactor(req as any, res as any); + FirstFactorPost.default(req as any, res as any); }); it("should return status code 500 when LDAP search throws", function (done) { @@ -118,8 +116,8 @@ describe("test the first factor validation route", function () { done(); }); ldapMock.bind.returns(BluebirdPromise.resolve()); - ldapMock.get_emails.returns(BluebirdPromise.reject(new exceptions.LdapSeachError("error while retrieving emails"))); - FirstFactor(req as any, res as any); + ldapMock.get_emails.returns(BluebirdPromise.reject(new exceptions.LdapSearchError("error while retrieving emails"))); + FirstFactorPost.default(req as any, res as any); }); it("should return status code 403 when regulator rejects authentication", function (done) { @@ -132,7 +130,7 @@ describe("test the first factor validation route", function () { }); ldapMock.bind.returns(BluebirdPromise.resolve()); ldapMock.get_emails.returns(BluebirdPromise.resolve()); - FirstFactor(req as any, res as any); + FirstFactorPost.default(req as any, res as any); }); }); diff --git a/test/server/routes/password-reset/identity/PasswordResetHandler.test.ts b/test/server/routes/password-reset/identity/PasswordResetHandler.test.ts new file mode 100644 index 00000000..3b90b893 --- /dev/null +++ b/test/server/routes/password-reset/identity/PasswordResetHandler.test.ts @@ -0,0 +1,110 @@ + +import PasswordResetHandler from "../../../../../src/server/lib/routes/password-reset/identity/PasswordResetHandler"; +import LdapClient = require("../../../../../src/server/lib/LdapClient"); +import sinon = require("sinon"); +import winston = require("winston"); +import assert = require("assert"); +import BluebirdPromise = require("bluebird"); + +import ExpressMock = require("../../../mocks/express"); +import { LdapClientMock } from "../../../mocks/LdapClient"; +import { UserDataStore } from "../../../mocks/UserDataStore"; +import ServerVariablesMock = require("../../../mocks/ServerVariablesMock"); + +describe("test reset password identity check", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let user_data_store: UserDataStore; + let ldap_client: LdapClientMock; + let configuration: any; + + beforeEach(function () { + req = { + query: { + userid: "user" + }, + app: { + get: sinon.stub() + }, + session: { + auth_session: { + userid: "user", + email: "user@example.com", + first_factor: true, + second_factor: false + } + }, + headers: { + host: "localhost" + } + }; + + const options = { + inMemoryOnly: true + }; + + const mocks = ServerVariablesMock.mock(req.app); + + + user_data_store = UserDataStore(); + user_data_store.set_u2f_meta.returns(BluebirdPromise.resolve({})); + user_data_store.get_u2f_meta.returns(BluebirdPromise.resolve({})); + user_data_store.issue_identity_check_token.returns(BluebirdPromise.resolve({})); + user_data_store.consume_identity_check_token.returns(BluebirdPromise.resolve({})); + mocks.userDataStore = user_data_store; + + + configuration = { + ldap: { + base_dn: "dc=example,dc=com", + user_name_attribute: "cn" + } + }; + + mocks.logger = winston; + mocks.config = configuration; + + ldap_client = LdapClientMock(); + mocks.ldap = ldap_client; + + res = ExpressMock.ResponseMock(); + }); + + describe("test reset password identity pre check", () => { + it("should fail when no userid is provided", function () { + req.query.userid = undefined; + const handler = new PasswordResetHandler(); + return handler.preValidationInit(req as any) + .then(function () { return BluebirdPromise.reject("It should fail"); }) + .catch(function (err: Error) { + return BluebirdPromise.resolve(); + }); + }); + + it("should fail if ldap fail", function (done) { + ldap_client.get_emails.returns(BluebirdPromise.reject("Internal error")); + new PasswordResetHandler().preValidationInit(req as any) + .catch(function (err: Error) { + done(); + }); + }); + + it("should perform a search in ldap to find email address", function (done) { + configuration.ldap.user_name_attribute = "uid"; + ldap_client.get_emails.returns(BluebirdPromise.resolve([])); + new PasswordResetHandler().preValidationInit(req as any) + .then(function () { + assert.equal("user", ldap_client.get_emails.getCall(0).args[0]); + done(); + }); + }); + + it("should returns identity when ldap replies", function (done) { + ldap_client.get_emails.returns(BluebirdPromise.resolve(["test@example.com"])); + new PasswordResetHandler().preValidationInit(req as any) + .then(function () { + done(); + }); + }); + }); +}); diff --git a/test/server/routes/password-reset/post.test.ts b/test/server/routes/password-reset/post.test.ts new file mode 100644 index 00000000..9548998d --- /dev/null +++ b/test/server/routes/password-reset/post.test.ts @@ -0,0 +1,123 @@ + +import PasswordResetFormPost = require("../../../../src/server/lib/routes/password-reset/form/post"); +import LdapClient = require("../../../../src/server/lib/LdapClient"); +import AuthenticationSession = require("../../../../src/server/lib/AuthenticationSession"); +import sinon = require("sinon"); +import winston = require("winston"); +import assert = require("assert"); +import BluebirdPromise = require("bluebird"); + +import ExpressMock = require("../../mocks/express"); +import { LdapClientMock } from "../../mocks/LdapClient"; +import { UserDataStore } from "../../mocks/UserDataStore"; +import ServerVariablesMock = require("../../mocks/ServerVariablesMock"); + +describe("test reset password route", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let user_data_store: UserDataStore; + let ldap_client: LdapClientMock; + let configuration: any; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = { + body: { + userid: "user" + }, + app: { + get: sinon.stub() + }, + session: {}, + headers: { + host: "localhost" + } + }; + + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.email = "user@example.com"; + authSession.first_factor = true; + authSession.second_factor = false; + + const options = { + inMemoryOnly: true + }; + + const mocks = ServerVariablesMock.mock(req.app); + user_data_store = UserDataStore(); + user_data_store.set_u2f_meta.returns(BluebirdPromise.resolve({})); + user_data_store.get_u2f_meta.returns(BluebirdPromise.resolve({})); + user_data_store.issue_identity_check_token.returns(BluebirdPromise.resolve({})); + user_data_store.consume_identity_check_token.returns(BluebirdPromise.resolve({})); + mocks.userDataStore = user_data_store; + + + configuration = { + ldap: { + base_dn: "dc=example,dc=com", + user_name_attribute: "cn" + } + }; + + mocks.logger = winston; + mocks.config = configuration; + + ldap_client = LdapClientMock(); + mocks.ldap = ldap_client; + + res = ExpressMock.ResponseMock(); + }); + + describe("test reset password post", () => { + it("should update the password and reset auth_session for reauthentication", function () { + authSession.identity_check = { + userid: "user", + challenge: "reset-password" + }; + req.body = {}; + req.body.password = "new-password"; + + ldap_client.update_password.returns(BluebirdPromise.resolve()); + ldap_client.bind.returns(BluebirdPromise.resolve()); + return PasswordResetFormPost.default(req as any, res as any) + .then(function () { + const authSession = AuthenticationSession.get(req as any); + assert.equal(res.status.getCall(0).args[0], 204); + assert.equal(authSession.first_factor, false); + assert.equal(authSession.second_factor, false); + return BluebirdPromise.resolve(); + }); + }); + + it("should fail if identity_challenge does not exist", function (done) { + authSession.identity_check = { + userid: "user", + challenge: undefined + }; + res.send = sinon.spy(function () { + assert.equal(res.status.getCall(0).args[0], 403); + done(); + }); + PasswordResetFormPost.default(req as any, res as any); + }); + + it("should fail when ldap fails", function (done) { + authSession.identity_check = { + challenge: "reset-password", + userid: "user" + }; + req.body = {}; + req.body.password = "new-password"; + + ldap_client.bind.yields(undefined); + ldap_client.update_password.returns(BluebirdPromise.reject("Internal error with LDAP")); + res.send = sinon.spy(function () { + assert.equal(res.status.getCall(0).args[0], 500); + done(); + }); + PasswordResetFormPost.default(req as any, res as any); + }); + }); +}); diff --git a/test/server/routes/secondfactor/totp/register/RegistrationHandler.test.ts b/test/server/routes/secondfactor/totp/register/RegistrationHandler.test.ts new file mode 100644 index 00000000..e3f2cb89 --- /dev/null +++ b/test/server/routes/secondfactor/totp/register/RegistrationHandler.test.ts @@ -0,0 +1,90 @@ +import sinon = require("sinon"); +import winston = require("winston"); +import RegistrationHandler from "../../../../../../src/server/lib/routes/secondfactor/totp/identity/RegistrationHandler"; +import { Identity } from "../../../../../../src/types/Identity"; +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); +import assert = require("assert"); +import BluebirdPromise = require("bluebird"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); + +describe("test totp register", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + const registrationHandler: RegistrationHandler = new RegistrationHandler(); + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = ExpressMock.RequestMock(); + const mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + req.session = {}; + + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.email = "user@example.com"; + authSession.first_factor = true; + authSession.second_factor = false; + + req.headers = {}; + req.headers.host = "localhost"; + + const options = { + inMemoryOnly: true + }; + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.set_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.get_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.issue_identity_check_token = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.consume_identity_check_token = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.set_totp_secret = sinon.stub().returns(BluebirdPromise.resolve({})); + mocks.userDataStore = userDataStore; + + res = ExpressMock.ResponseMock(); + }); + + describe("test totp registration check", test_registration_check); + + function test_registration_check() { + it("should fail if first_factor has not been passed", function () { + authSession.first_factor = false; + return registrationHandler.preValidationInit(req as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function (err: Error) { + return BluebirdPromise.resolve(); + }); + }); + + it("should fail if userid is missing", function (done) { + authSession.first_factor = false; + authSession.userid = undefined; + + registrationHandler.preValidationInit(req as any) + .catch(function (err: Error) { + done(); + }); + }); + + it("should fail if email is missing", function (done) { + authSession.first_factor = false; + authSession.email = undefined; + + registrationHandler.preValidationInit(req as any) + .catch(function (err: Error) { + done(); + }); + }); + + it("should succeed if first factor passed, userid and email are provided", function (done) { + registrationHandler.preValidationInit(req as any) + .then(function (identity: Identity) { + done(); + }); + }); + } +}); diff --git a/test/server/routes/secondfactor/totp/sign/post.test.ts b/test/server/routes/secondfactor/totp/sign/post.test.ts new file mode 100644 index 00000000..d1259535 --- /dev/null +++ b/test/server/routes/secondfactor/totp/sign/post.test.ts @@ -0,0 +1,93 @@ + +import BluebirdPromise = require("bluebird"); +import sinon = require("sinon"); +import assert = require("assert"); +import winston = require("winston"); + +import exceptions = require("../../../../../../src/server/lib/Exceptions"); +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); +import SignPost = require("../../../../../../src/server/lib/routes/secondfactor/totp/sign/post"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import TOTPValidatorMock = require("../../../../mocks/TOTPValidator"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); + +describe("test totp route", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let totpValidator: TOTPValidatorMock.TOTPValidatorMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + const app_get = sinon.stub(); + req = { + app: { + }, + body: { + token: "abc" + }, + session: {} + }; + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.first_factor = true; + authSession.second_factor = false; + + const mocks = ServerVariablesMock.mock(req.app); + res = ExpressMock.ResponseMock(); + + const config = { totp_secret: "secret" }; + totpValidator = TOTPValidatorMock.TOTPValidatorMock(); + + userDataStore = UserDataStoreMock.UserDataStore(); + + const doc = { + userid: "user", + secret: { + base32: "ABCDEF" + } + }; + userDataStore.get_totp_secret.returns(BluebirdPromise.resolve(doc)); + + mocks.logger = winston; + mocks.totpValidator = totpValidator; + mocks.config = config; + mocks.userDataStore = userDataStore; + }); + + + it("should send status code 200 when totp is valid", function () { + totpValidator.validate.returns(BluebirdPromise.resolve("ok")); + return SignPost.default(req as any, res as any) + .then(function () { + assert.equal(true, authSession.second_factor); + return BluebirdPromise.resolve(); + }); + }); + + it("should send status code 401 when totp is not valid", function () { + totpValidator.validate.returns(BluebirdPromise.reject(new exceptions.InvalidTOTPError("Bad TOTP token"))); + SignPost.default(req as any, res as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function () { + assert.equal(false, authSession.second_factor); + assert.equal(401, res.status.getCall(0).args[0]); + return BluebirdPromise.resolve(); + }); + }); + + it("should send status code 401 when session has not been initiated", function () { + totpValidator.validate.returns(BluebirdPromise.resolve("abc")); + req.session = {}; + return SignPost.default(req as any, res as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function () { + assert.equal(401, res.status.getCall(0).args[0]); + return BluebirdPromise.resolve(); + }); + }); +}); + diff --git a/test/server/routes/secondfactor/u2f/identity/RegistrationHandler.test.ts b/test/server/routes/secondfactor/u2f/identity/RegistrationHandler.test.ts new file mode 100644 index 00000000..ba0db349 --- /dev/null +++ b/test/server/routes/secondfactor/u2f/identity/RegistrationHandler.test.ts @@ -0,0 +1,91 @@ +import sinon = require("sinon"); +import winston = require("winston"); +import assert = require("assert"); +import BluebirdPromise = require("bluebird"); + +import { Identity } from "../../../../../../src/types/Identity"; +import RegistrationHandler from "../../../../../../src/server/lib/routes/secondfactor/u2f/identity/RegistrationHandler"; +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); + +describe("test register handler", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = ExpressMock.RequestMock; + req.app = {}; + const mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + req.session = {}; + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.email = "user@example.com"; + authSession.first_factor = true; + authSession.second_factor = false; + req.headers = {}; + req.headers.host = "localhost"; + + const options = { + inMemoryOnly: true + }; + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.set_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.get_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.issue_identity_check_token = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.consume_identity_check_token = sinon.stub().returns(BluebirdPromise.resolve({})); + mocks.userDataStore = userDataStore; + + res = ExpressMock.ResponseMock(); + res.send = sinon.spy(); + res.json = sinon.spy(); + res.status = sinon.spy(); + }); + + describe("test u2f registration check", test_registration_check); + + function test_registration_check() { + it("should fail if first_factor has not been passed", function () { + authSession.first_factor = false; + return new RegistrationHandler().preValidationInit(req as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function (err: Error) { + return BluebirdPromise.resolve(); + }); + }); + + it("should fail if userid is missing", function (done) { + authSession.first_factor = false; + authSession.userid = undefined; + + new RegistrationHandler().preValidationInit(req as any) + .catch(function (err: Error) { + done(); + }); + }); + + it("should fail if email is missing", function (done) { + authSession.first_factor = false; + authSession.email = undefined; + + new RegistrationHandler().preValidationInit(req as any) + .catch(function (err: Error) { + done(); + }); + }); + + it("should succeed if first factor passed, userid and email are provided", function (done) { + new RegistrationHandler().preValidationInit(req as any) + .then(function (identity: Identity) { + done(); + }); + }); + } +}); diff --git a/test/server/routes/secondfactor/u2f/register/post.test.ts b/test/server/routes/secondfactor/u2f/register/post.test.ts new file mode 100644 index 00000000..a1d2f778 --- /dev/null +++ b/test/server/routes/secondfactor/u2f/register/post.test.ts @@ -0,0 +1,145 @@ + +import sinon = require("sinon"); +import BluebirdPromise = require("bluebird"); +import assert = require("assert"); +import U2FRegisterPost = require("../../../../../../src/server/lib/routes/secondfactor/u2f/register/post"); +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); +import winston = require("winston"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import U2FMock = require("../../../../mocks/u2f"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); +import U2f = require("u2f"); + +describe("test u2f routes: register", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let mocks: ServerVariablesMock.ServerVariablesMock; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = ExpressMock.RequestMock(); + req.app = {}; + mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + + req.session = {}; + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.first_factor = true; + authSession.second_factor = false; + authSession.identity_check = { + challenge: "u2f-register", + userid: "user" + }; + + req.headers = {}; + req.headers.host = "localhost"; + + const options = { + inMemoryOnly: true + }; + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.set_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.get_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + mocks.userDataStore = userDataStore; + + res = ExpressMock.ResponseMock(); + res.send = sinon.spy(); + res.json = sinon.spy(); + res.status = sinon.spy(); + }); + + describe("test registration", test_registration); + + + function test_registration() { + it("should save u2f meta and return status code 200", function () { + const expectedStatus = { + keyHandle: "keyHandle", + publicKey: "pbk", + certificate: "cert" + }; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.checkRegistration.returns(BluebirdPromise.resolve(expectedStatus)); + + authSession.register_request = { + appId: "app", + challenge: "challenge", + keyHandle: "key", + version: "U2F_V2" + }; + mocks.u2f = u2f_mock; + return U2FRegisterPost.default(req as any, res as any) + .then(function () { + assert.equal("user", userDataStore.set_u2f_meta.getCall(0).args[0]); + assert.equal(authSession.identity_check, undefined); + }); + }); + + it("should return unauthorized on finishRegistration error", function () { + const user_key_container = {}; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.checkRegistration.returns({ errorCode: 500 }); + + authSession.register_request = { + appId: "app", + challenge: "challenge", + keyHandle: "key", + version: "U2F_V2" + }; + mocks.u2f = u2f_mock; + return U2FRegisterPost.default(req as any, res as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function () { + assert.equal(500, res.status.getCall(0).args[0]); + return BluebirdPromise.resolve(); + }); + }); + + it("should return 403 when register_request is not provided", function () { + const user_key_container = {}; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.checkRegistration.returns(BluebirdPromise.resolve()); + + authSession.register_request = undefined; + mocks.u2f = u2f_mock; + return U2FRegisterPost.default(req as any, res as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function () { + assert.equal(403, res.status.getCall(0).args[0]); + return BluebirdPromise.resolve(); + }); + }); + + it("should return forbidden error when no auth request has been initiated", function () { + const user_key_container = {}; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.checkRegistration.returns(BluebirdPromise.resolve()); + + authSession.register_request = undefined; + mocks.u2f = u2f_mock; + return U2FRegisterPost.default(req as any, res as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function () { + assert.equal(403, res.status.getCall(0).args[0]); + return BluebirdPromise.resolve(); + }); + }); + + it("should return forbidden error when identity has not been verified", function () { + authSession.identity_check = undefined; + return U2FRegisterPost.default(req as any, res as any) + .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) + .catch(function () { + assert.equal(403, res.status.getCall(0).args[0]); + return BluebirdPromise.resolve(); + }); + }); + } +}); + diff --git a/test/server/routes/secondfactor/u2f/register_request/get.test.ts b/test/server/routes/secondfactor/u2f/register_request/get.test.ts new file mode 100644 index 00000000..1f5405a6 --- /dev/null +++ b/test/server/routes/secondfactor/u2f/register_request/get.test.ts @@ -0,0 +1,96 @@ + +import sinon = require("sinon"); +import BluebirdPromise = require("bluebird"); +import assert = require("assert"); +import U2FRegisterRequestGet = require("../../../../../../src/server/lib/routes/secondfactor/u2f/register_request/get"); +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); +import winston = require("winston"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import U2FMock = require("../../../../mocks/u2f"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); +import U2f = require("u2f"); + +describe("test u2f routes: register_request", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let mocks: ServerVariablesMock.ServerVariablesMock; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = ExpressMock.RequestMock(); + req.app = {}; + mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + req.session = {}; + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + + authSession.userid = "user"; + authSession.first_factor = true; + authSession.second_factor = false; + authSession.identity_check = { + challenge: "u2f-register", + userid: "user" + }; + + req.headers = {}; + req.headers.host = "localhost"; + + const options = { + inMemoryOnly: true + }; + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.set_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.get_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + mocks.userDataStore = userDataStore; + + res = ExpressMock.ResponseMock(); + res.send = sinon.spy(); + res.json = sinon.spy(); + res.status = sinon.spy(); + }); + + describe("test registration request", () => { + it("should send back the registration request and save it in the session", function () { + const expectedRequest = { + test: "abc" + }; + const user_key_container = {}; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.request.returns(BluebirdPromise.resolve(expectedRequest)); + + mocks.u2f = u2f_mock; + return U2FRegisterRequestGet.default(req as any, res as any) + .then(function () { + assert.deepEqual(expectedRequest, res.json.getCall(0).args[0]); + }); + }); + + it("should return internal error on registration request", function (done) { + res.send = sinon.spy(function (data: any) { + assert.equal(500, res.status.getCall(0).args[0]); + done(); + }); + const user_key_container = {}; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.request.returns(BluebirdPromise.reject("Internal error")); + + mocks.u2f = u2f_mock; + U2FRegisterRequestGet.default(req as any, res as any); + }); + + it("should return forbidden if identity has not been verified", function (done) { + res.send = sinon.spy(function (data: any) { + assert.equal(403, res.status.getCall(0).args[0]); + done(); + }); + authSession.identity_check = undefined; + U2FRegisterRequestGet.default(req as any, res as any); + }); + }); +}); + diff --git a/test/server/routes/secondfactor/u2f/sign/post.test.ts b/test/server/routes/secondfactor/u2f/sign/post.test.ts new file mode 100644 index 00000000..0308dfec --- /dev/null +++ b/test/server/routes/secondfactor/u2f/sign/post.test.ts @@ -0,0 +1,100 @@ + +import sinon = require("sinon"); +import BluebirdPromise = require("bluebird"); +import assert = require("assert"); +import U2FSignPost = require("../../../../../../src/server/lib/routes/secondfactor/u2f/sign/post"); +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); +import winston = require("winston"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); +import U2FMock = require("../../../../mocks/u2f"); +import U2f = require("u2f"); + +describe("test u2f routes: sign", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let mocks: ServerVariablesMock.ServerVariablesMock; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = ExpressMock.RequestMock(); + req.app = {}; + + mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + + req.session = {}; + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.first_factor = true; + authSession.second_factor = false; + authSession.identity_check = { + challenge: "u2f-register", + userid: "user" + }; + req.headers = {}; + req.headers.host = "localhost"; + + const options = { + inMemoryOnly: true + }; + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.set_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.get_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + mocks.userDataStore = userDataStore; + + res = ExpressMock.ResponseMock(); + res.send = sinon.spy(); + res.json = sinon.spy(); + res.status = sinon.spy(); + }); + + describe("test signing", () => { + it("should return status code 204", function () { + const expectedStatus = { + keyHandle: "keyHandle", + publicKey: "pbk", + certificate: "cert" + }; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.checkSignature.returns(expectedStatus); + + authSession.sign_request = { + appId: "app", + challenge: "challenge", + keyHandle: "key", + version: "U2F_V2" + }; + mocks.u2f = u2f_mock; + return U2FSignPost.default(req as any, res as any) + .then(function () { + assert(authSession.second_factor); + }); + }); + + it("should return unauthorized error on registration request internal error", function (done) { + res.send = sinon.spy(function (data: any) { + assert.equal(500, res.status.getCall(0).args[0]); + done(); + }); + + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.checkSignature.returns({ errorCode: 500 }); + + authSession.sign_request = { + appId: "app", + challenge: "challenge", + keyHandle: "key", + version: "U2F_V2" + }; + mocks.u2f = u2f_mock; + U2FSignPost.default(req as any, res as any); + }); + }); +}); + diff --git a/test/server/routes/secondfactor/u2f/sign_request/get.test.ts b/test/server/routes/secondfactor/u2f/sign_request/get.test.ts new file mode 100644 index 00000000..3ffc5dbb --- /dev/null +++ b/test/server/routes/secondfactor/u2f/sign_request/get.test.ts @@ -0,0 +1,83 @@ + +import sinon = require("sinon"); +import BluebirdPromise = require("bluebird"); +import assert = require("assert"); +import U2FSignRequestGet = require("../../../../../../src/server/lib/routes/secondfactor/u2f/sign_request/get"); +import AuthenticationSession = require("../../../../../../src/server/lib/AuthenticationSession"); +import winston = require("winston"); + +import ExpressMock = require("../../../../mocks/express"); +import UserDataStoreMock = require("../../../../mocks/UserDataStore"); +import ServerVariablesMock = require("../../../../mocks/ServerVariablesMock"); +import U2FMock = require("../../../../mocks/u2f"); +import U2f = require("u2f"); + +import { SignMessage } from "../../../../../../src/server/lib/routes/secondfactor/u2f/sign_request/SignMessage"; + +describe("test u2f routes: sign_request", function () { + let req: ExpressMock.RequestMock; + let res: ExpressMock.ResponseMock; + let userDataStore: UserDataStoreMock.UserDataStore; + let mocks: ServerVariablesMock.ServerVariablesMock; + let authSession: AuthenticationSession.AuthenticationSession; + + beforeEach(function () { + req = ExpressMock.RequestMock(); + req.app = {}; + + mocks = ServerVariablesMock.mock(req.app); + mocks.logger = winston; + + req.session = {}; + + AuthenticationSession.reset(req as any); + authSession = AuthenticationSession.get(req as any); + authSession.userid = "user"; + authSession.first_factor = true; + authSession.second_factor = false; + authSession.identity_check = { + challenge: "u2f-register", + userid: "user" + }; + + req.headers = {}; + req.headers.host = "localhost"; + + const options = { + inMemoryOnly: true + }; + + userDataStore = UserDataStoreMock.UserDataStore(); + userDataStore.set_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + userDataStore.get_u2f_meta = sinon.stub().returns(BluebirdPromise.resolve({})); + mocks.userDataStore = userDataStore; + + res = ExpressMock.ResponseMock(); + res.send = sinon.spy(); + res.json = sinon.spy(); + res.status = sinon.spy(); + }); + + describe("test signing request", test_signing_request); + + function test_signing_request() { + it("should send back the sign request and save it in the session", function () { + const expectedRequest: U2f.RegistrationResult = { + keyHandle: "keyHandle", + publicKey: "publicKey", + certificate: "Certificate", + successful: true + }; + const u2f_mock = U2FMock.U2FMock(); + u2f_mock.request.returns(expectedRequest); + + mocks.u2f = u2f_mock; + return U2FSignRequestGet.default(req as any, res as any) + .then(function () { + assert.deepEqual(expectedRequest, authSession.sign_request); + assert.deepEqual(expectedRequest, res.json.getCall(0).args[0].request); + }); + }); + } +}); + diff --git a/test/unitary/routes/AuthenticationValidator.test.ts b/test/server/routes/verify/get.test.ts similarity index 59% rename from test/unitary/routes/AuthenticationValidator.test.ts rename to test/server/routes/verify/get.test.ts index 014f7e15..3f93f0a3 100644 --- a/test/unitary/routes/AuthenticationValidator.test.ts +++ b/test/server/routes/verify/get.test.ts @@ -1,13 +1,17 @@ import assert = require("assert"); -import AuthenticationValidator = require("../../../src/lib/routes/AuthenticationValidator"); +import VerifyGet = require("../../../../src/server/lib/routes/verify/get"); +import AuthenticationSession = require("../../../../src/server/lib/AuthenticationSession"); + import sinon = require("sinon"); import winston = require("winston"); +import BluebirdPromise = require("bluebird"); import express = require("express"); -import ExpressMock = require("../mocks/express"); -import AccessControllerMock = require("../mocks/AccessController"); +import ExpressMock = require("../../mocks/express"); +import AccessControllerMock = require("../../mocks/AccessController"); +import ServerVariablesMock = require("../../mocks/ServerVariablesMock"); describe("test authentication token verification", function () { let req: ExpressMock.RequestMock; @@ -22,38 +26,31 @@ describe("test authentication token verification", function () { res = ExpressMock.ResponseMock(); req.headers = {}; req.headers.host = "secret.example.com"; - req.app.get = sinon.stub(); - req.app.get.withArgs("config").returns({}); - req.app.get.withArgs("logger").returns(winston); - req.app.get.withArgs("access controller").returns(accessController); + const mocks = ServerVariablesMock.mock(req.app); + mocks.config = {}; + mocks.logger = winston; + mocks.accessController = accessController; }); - interface AuthenticationSession { - first_factor?: boolean; - second_factor?: boolean; - userid?: string; - groups?: string[]; - } - it("should be already authenticated", function (done) { req.session = {}; - req.session.auth_session = { - first_factor: true, - second_factor: true, - userid: "myuser", - } as AuthenticationSession; + AuthenticationSession.reset(req as any); + const authSession = AuthenticationSession.get(req as any); + authSession.first_factor = true; + authSession.second_factor = true; + authSession.userid = "myuser"; res.send = sinon.spy(function () { assert.equal(204, res.status.getCall(0).args[0]); done(); }); - AuthenticationValidator(req as express.Request, res as any); + VerifyGet.default(req as express.Request, res as any); }); describe("given different cases of session", function () { - function test_session(auth_session: AuthenticationSession, status_code: number) { - return new Promise(function (resolve, reject) { + function test_session(auth_session: AuthenticationSession.AuthenticationSession, status_code: number) { + return new BluebirdPromise(function (resolve, reject) { req.session = {}; req.session.auth_session = auth_session; @@ -62,15 +59,15 @@ describe("test authentication token verification", function () { resolve(); }); - AuthenticationValidator(req as express.Request, res as any); + VerifyGet.default(req as express.Request, res as any); }); } - function test_unauthorized(auth_session: AuthenticationSession) { + function test_unauthorized(auth_session: AuthenticationSession.AuthenticationSession) { return test_session(auth_session, 401); } - function test_authorized(auth_session: AuthenticationSession) { + function test_authorized(auth_session: AuthenticationSession.AuthenticationSession) { return test_session(auth_session, 204); } @@ -78,45 +75,58 @@ describe("test authentication token verification", function () { return test_unauthorized({ userid: "user", first_factor: true, - second_factor: false + second_factor: false, + email: undefined, + groups: [], }); }); it("should not be authenticated when first factor is missing", function () { - return test_unauthorized({ first_factor: false, second_factor: true }); + return test_unauthorized({ + userid: "user", + first_factor: false, + second_factor: true, + email: undefined, + groups: [], + }); }); it("should not be authenticated when userid is missing", function () { return test_unauthorized({ + userid: undefined, first_factor: true, - second_factor: true, - groups: ["mygroup"], + second_factor: false, + email: undefined, + groups: [], }); }); it("should not be authenticated when first and second factor are missing", function () { - return test_unauthorized({ first_factor: false, second_factor: false }); + return test_unauthorized({ + userid: "user", + first_factor: false, + second_factor: false, + email: undefined, + groups: [], + }); }); it("should not be authenticated when session has not be initiated", function () { return test_unauthorized(undefined); }); - it("should not be authenticated when session is partially initialized", function () { - return test_unauthorized({ first_factor: true }); - }); - it("should not be authenticated when domain is not allowed for user", function () { req.headers.host = "test.example.com"; accessController.isDomainAllowedForUser.returns(false); accessController.isDomainAllowedForUser.withArgs("test.example.com", "user", ["group1", "group2"]).returns(true); - return test_authorized({ + return test_unauthorized({ first_factor: true, second_factor: true, userid: "user", - groups: ["group1", "group2"] + groups: ["group1", "group2"], + email: undefined }); }); }); diff --git a/test/unitary/server_config.test.ts b/test/server/server_config.test.ts similarity index 91% rename from test/unitary/server_config.test.ts rename to test/server/server_config.test.ts index 350d2d66..83570f02 100644 --- a/test/unitary/server_config.test.ts +++ b/test/server/server_config.test.ts @@ -5,13 +5,13 @@ import nedb = require("nedb"); import express = require("express"); import winston = require("winston"); import speakeasy = require("speakeasy"); -import u2f = require("authdog"); +import u2f = require("u2f"); import nodemailer = require("nodemailer"); import session = require("express-session"); -import { AppConfiguration, UserConfiguration } from "../../src/lib/Configuration"; +import { AppConfiguration, UserConfiguration } from "../../src/types/Configuration"; import { GlobalDependencies, Nodemailer } from "../../src/types/Dependencies"; -import Server from "../../src/lib/Server"; +import Server from "../../src/server/lib/Server"; describe("test server configuration", function () { diff --git a/test/unitary/user_data_store/authentication_audit.test.ts b/test/server/user_data_store/authentication_audit.test.ts similarity index 97% rename from test/unitary/user_data_store/authentication_audit.test.ts rename to test/server/user_data_store/authentication_audit.test.ts index 8a8be4df..c0037fd0 100644 --- a/test/unitary/user_data_store/authentication_audit.test.ts +++ b/test/server/user_data_store/authentication_audit.test.ts @@ -3,7 +3,7 @@ import * as assert from "assert"; import * as Promise from "bluebird"; import * as sinon from "sinon"; import * as MockDate from "mockdate"; -import UserDataStore from "../../../src/lib/UserDataStore"; +import UserDataStore from "../../../src/server/lib/UserDataStore"; import nedb = require("nedb"); describe("test user data store", function() { diff --git a/test/unitary/user_data_store/totp_secret.test.ts b/test/server/user_data_store/totp_secret.test.ts similarity index 96% rename from test/unitary/user_data_store/totp_secret.test.ts rename to test/server/user_data_store/totp_secret.test.ts index bd5223ac..08adcf6d 100644 --- a/test/unitary/user_data_store/totp_secret.test.ts +++ b/test/server/user_data_store/totp_secret.test.ts @@ -3,7 +3,7 @@ import * as assert from "assert"; import * as Promise from "bluebird"; import * as sinon from "sinon"; import * as MockDate from "mockdate"; -import UserDataStore from "../../../src/lib/UserDataStore"; +import UserDataStore from "../../../src/server/lib/UserDataStore"; import nedb = require("nedb"); describe("test user data store", function() { diff --git a/test/unitary/IdentityValidator.test.ts b/test/unitary/IdentityValidator.test.ts deleted file mode 100644 index c9def5d8..00000000 --- a/test/unitary/IdentityValidator.test.ts +++ /dev/null @@ -1,242 +0,0 @@ - -import sinon = require("sinon"); -import IdentityValidator = require("../../src/lib/IdentityValidator"); -import exceptions = require("../../src/lib/Exceptions"); -import assert = require("assert"); -import winston = require("winston"); -import Promise = require("bluebird"); -import express = require("express"); -import BluebirdPromise = require("bluebird"); - -import ExpressMock = require("./mocks/express"); -import UserDataStoreMock = require("./mocks/UserDataStore"); -import NotifierMock = require("./mocks/Notifier"); -import IdentityValidatorMock = require("./mocks/IdentityValidator"); - - -describe("test identity check process", function () { - let req: ExpressMock.RequestMock; - let res: ExpressMock.ResponseMock; - let userDataStore: UserDataStoreMock.UserDataStore; - let notifier: NotifierMock.NotifierMock; - let app: express.Application; - let app_get: sinon.SinonStub; - let app_post: sinon.SinonStub; - let identityValidable: IdentityValidatorMock.IdentityValidableMock; - - beforeEach(function () { - req = ExpressMock.RequestMock(); - res = ExpressMock.ResponseMock(); - - userDataStore = UserDataStoreMock.UserDataStore(); - userDataStore.issue_identity_check_token = sinon.stub(); - userDataStore.issue_identity_check_token.returns(Promise.resolve()); - userDataStore.consume_identity_check_token = sinon.stub(); - userDataStore.consume_identity_check_token.returns(Promise.resolve({ userid: "user" })); - - notifier = NotifierMock.NotifierMock(); - notifier.notify = sinon.stub().returns(Promise.resolve()); - - req.headers = {}; - req.session = {}; - req.session.auth_session = {}; - - req.query = {}; - req.app = {}; - req.app.get = sinon.stub(); - req.app.get.withArgs("logger").returns(winston); - req.app.get.withArgs("user data store").returns(userDataStore); - req.app.get.withArgs("notifier").returns(notifier); - - app = express(); - app_get = sinon.stub(app, "get"); - app_post = sinon.stub(app, "post"); - - identityValidable = IdentityValidatorMock.IdentityValidableMock(); - }); - - afterEach(function () { - app_get.restore(); - app_post.restore(); - }); - - it("should register a POST and GET endpoint", function () { - const endpoint = "/test"; - const icheck_interface = {}; - - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - assert(app_get.calledOnce); - assert(app_get.calledWith(endpoint)); - - assert(app_post.calledOnce); - assert(app_post.calledWith(endpoint)); - }); - - describe("test POST", test_post_handler); - describe("test GET", test_get_handler); - - function test_post_handler() { - it("should send 403 if pre check rejects", function (done) { - const endpoint = "/protected"; - - identityValidable.preValidation.returns(Promise.reject("No access")); - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 403); - done(); - }); - - const handler = app_post.getCall(0).args[1]; - handler(req, res); - }); - - it("should send 400 if email is missing in provided identity", function (done) { - const endpoint = "/protected"; - const identity = { userid: "abc" }; - - identityValidable.preValidation.returns(Promise.resolve(identity)); - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 400); - done(); - }); - - const handler = app_post.getCall(0).args[1]; - handler(req, res); - }); - - it("should send 400 if userid is missing in provided identity", function (done) { - const endpoint = "/protected"; - const identity = { email: "abc@example.com" }; - - identityValidable.preValidation.returns(Promise.resolve(identity)); - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 400); - done(); - }); - const handler = app_post.getCall(0).args[1]; - handler(req, res); - }); - - describe("should issue a token, send an email and return 204", () => { - function contains(str: string, pattern: string): boolean { - return str.indexOf(pattern) > -1; - } - - it("with x-original-uri", function(done) { - const endpoint = "/protected"; - const identity = { userid: "user", email: "abc@example.com" }; - req.headers.host = "localhost"; - req.headers["x-original-uri"] = "/auth/test"; - - identityValidable.preValidation.returns(Promise.resolve(identity)); - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 204); - assert(notifier.notify.calledOnce); - console.log(notifier.notify.getCall(0).args[2]); - assert(contains(notifier.notify.getCall(0).args[2], "https://localhost/auth/test?identity_token=")); - assert(userDataStore.issue_identity_check_token.calledOnce); - assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user"); - assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000); - done(); - }); - const handler = app_post.getCall(0).args[1]; - handler(req, res); - }); - - it("without x-original-uri", function(done) { - const endpoint = "/protected"; - const identity = { userid: "user", email: "abc@example.com" }; - req.headers.host = "localhost"; - - identityValidable.preValidation.returns(Promise.resolve(identity)); - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 204); - assert(notifier.notify.calledOnce); - assert(contains(notifier.notify.getCall(0).args[2], "https://localhost?identity_token=")); - assert(userDataStore.issue_identity_check_token.calledOnce); - assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user"); - assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000); - done(); - }); - const handler = app_post.getCall(0).args[1]; - handler(req, res); - }); - }); - } - - function test_get_handler() { - it("should send 403 if no identity_token is provided", function (done) { - const endpoint = "/protected"; - - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 403); - done(); - }); - const handler = app_get.getCall(0).args[1]; - handler(req, res); - }); - - it("should render template if identity_token is provided and still valid", function (done) { - req.query.identity_token = "token"; - const endpoint = "/protected"; - identityValidable.templateName.returns("template"); - - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.render = sinon.spy(function (template: string) { - assert.equal(template, "template"); - done(); - }); - const handler = app_get.getCall(0).args[1]; - handler(req, res); - }); - - it("should return 403 if identity_token is provided but invalid", function (done) { - req.query.identity_token = "token"; - const endpoint = "/protected"; - - identityValidable.templateName.returns("template"); - userDataStore.consume_identity_check_token - .returns(Promise.reject("Invalid token")); - - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.send = sinon.spy(function (template: string) { - assert.equal(res.status.getCall(0).args[0], 403); - done(); - }); - const handler = app_get.getCall(0).args[1]; - handler(req, res); - }); - - it("should set the identity_check session object even if session does not exist yet", function (done) { - req.query.identity_token = "token"; - const endpoint = "/protected"; - - req.session = {}; - identityValidable.templateName.returns("template"); - - IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston); - - res.render = sinon.spy(function (template: string) { - assert.equal(req.session.auth_session.identity_check.userid, "user"); - assert.equal(template, "template"); - done(); - }); - const handler = app_get.getCall(0).args[1]; - handler(req, res); - }); - } -}); diff --git a/test/unitary/mocks/authdog.ts b/test/unitary/mocks/authdog.ts deleted file mode 100644 index 843a9e7c..00000000 --- a/test/unitary/mocks/authdog.ts +++ /dev/null @@ -1,19 +0,0 @@ - -import sinon = require("sinon"); -import authdog = require("authdog"); - -export interface AuthdogMock { - startRegistration: sinon.SinonStub; - finishRegistration: sinon.SinonStub; - startAuthentication: sinon.SinonStub; - finishAuthentication: sinon.SinonStub; -} - -export function AuthdogMock(): AuthdogMock { - return { - startRegistration: sinon.stub(), - finishAuthentication: sinon.stub(), - startAuthentication: sinon.stub(), - finishRegistration: sinon.stub() - }; -} diff --git a/test/unitary/routes/DenyNotLogged.test.ts b/test/unitary/routes/DenyNotLogged.test.ts deleted file mode 100644 index 24678737..00000000 --- a/test/unitary/routes/DenyNotLogged.test.ts +++ /dev/null @@ -1,82 +0,0 @@ - -import sinon = require("sinon"); -import Promise = require("bluebird"); -import assert = require("assert"); -import express = require("express"); - -import ExpressMock = require("../mocks/express"); -import DenyNotLogged = require("../../../src/lib/routes/DenyNotLogged"); - -describe("test not logged", function () { - it("should return status code 403 when auth_session has not been previously created", function () { - return test_auth_session_not_created(); - }); - - it("should return status code 403 when auth_session has failed first factor", function () { - return test_auth_first_factor_not_validated(); - }); - - it("should return status code 204 when auth_session has succeeded first factor stage", function () { - return test_auth_with_first_factor_validated(); - }); -}); - -function test_auth_session_not_created() { - return new Promise(function (resolve, reject) { - const send = sinon.spy(resolve); - const status = sinon.spy(function (code: number) { - assert.equal(403, code); - }); - const req = ExpressMock.RequestMock(); - const res = ExpressMock.ResponseMock(); - req.session = {}; - res.send = send; - res.status = status; - - DenyNotLogged(reject)(req as any, res as any); - }); -} - -function test_auth_first_factor_not_validated() { - return new Promise(function (resolve, reject) { - const send = sinon.spy(resolve); - const status = sinon.spy(function (code: number) { - assert.equal(403, code); - }); - const req = { - session: { - auth_session: { - first_factor: false, - second_factor: false - } - } - }; - - const res = { - send: send, - status: status - }; - - DenyNotLogged(reject)(req as any, res as any); - }); -} - -function test_auth_with_first_factor_validated() { - return new Promise(function (resolve, reject) { - const req = { - session: { - auth_session: { - first_factor: true, - second_factor: false - } - } - }; - - const res = { - send: sinon.spy(), - status: sinon.spy() - }; - - DenyNotLogged(resolve)(req as any, res as any); - }); -} diff --git a/test/unitary/routes/PasswordReset.test.ts b/test/unitary/routes/PasswordReset.test.ts deleted file mode 100644 index cb1ec07d..00000000 --- a/test/unitary/routes/PasswordReset.test.ts +++ /dev/null @@ -1,151 +0,0 @@ - -import PasswordReset = require("../../../src/lib/routes/PasswordReset"); -import LdapClient = require("../../../src/lib/LdapClient"); -import sinon = require("sinon"); -import winston = require("winston"); -import assert = require("assert"); -import BluebirdPromise = require("bluebird"); - -import ExpressMock = require("../mocks/express"); -import { LdapClientMock } from "../mocks/LdapClient"; -import { UserDataStore } from "../mocks/UserDataStore"; - -describe("test reset password", function () { - let req: ExpressMock.RequestMock; - let res: ExpressMock.ResponseMock; - let user_data_store: UserDataStore; - let ldap_client: LdapClientMock; - let configuration: any; - - beforeEach(function () { - req = { - body: { - userid: "user" - }, - app: { - get: sinon.stub() - }, - session: { - auth_session: { - userid: "user", - email: "user@example.com", - first_factor: true, - second_factor: false - } - }, - headers: { - host: "localhost" - } - }; - - const options = { - inMemoryOnly: true - }; - - user_data_store = UserDataStore(); - user_data_store.set_u2f_meta.returns(Promise.resolve({})); - user_data_store.get_u2f_meta.returns(Promise.resolve({})); - user_data_store.issue_identity_check_token.returns(Promise.resolve({})); - user_data_store.consume_identity_check_token.returns(Promise.resolve({})); - req.app.get.withArgs("user data store").returns(user_data_store); - - - configuration = { - ldap: { - base_dn: "dc=example,dc=com", - user_name_attribute: "cn" - } - }; - - req.app.get.withArgs("logger").returns(winston); - req.app.get.withArgs("config").returns(configuration); - - ldap_client = LdapClientMock(); - req.app.get.withArgs("ldap").returns(ldap_client); - - res = ExpressMock.ResponseMock(); - }); - - describe("test reset password identity pre check", test_reset_password_check); - describe("test reset password post", test_reset_password_post); - - function test_reset_password_check() { - it("should fail when no userid is provided", function (done) { - req.body.userid = undefined; - PasswordReset.icheck_interface.preValidation(req as any) - .catch(function (err: Error) { - done(); - }); - }); - - it("should fail if ldap fail", function (done) { - ldap_client.get_emails.returns(BluebirdPromise.reject("Internal error")); - PasswordReset.icheck_interface.preValidation(req as any) - .catch(function (err: Error) { - done(); - }); - }); - - it("should perform a search in ldap to find email address", function (done) { - configuration.ldap.user_name_attribute = "uid"; - ldap_client.get_emails.returns(BluebirdPromise.resolve([])); - PasswordReset.icheck_interface.preValidation(req as any) - .then(function () { - assert.equal("user", ldap_client.get_emails.getCall(0).args[0]); - done(); - }); - }); - - it("should returns identity when ldap replies", function (done) { - ldap_client.get_emails.returns(BluebirdPromise.resolve(["test@example.com"])); - PasswordReset.icheck_interface.preValidation(req as any) - .then(function () { - done(); - }); - }); - } - - function test_reset_password_post() { - it("should update the password and reset auth_session for reauthentication", function (done) { - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.userid = "user"; - req.session.auth_session.identity_check.challenge = "reset-password"; - req.body = {}; - req.body.password = "new-password"; - - ldap_client.update_password.returns(BluebirdPromise.resolve()); - ldap_client.bind.returns(BluebirdPromise.resolve()); - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 204); - assert.equal(req.session.auth_session, undefined); - done(); - }); - PasswordReset.post(req as any, res as any); - }); - - it("should fail if identity_challenge does not exist", function (done) { - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.challenge = undefined; - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 403); - done(); - }); - PasswordReset.post(req as any, res as any); - }); - - it("should fail when ldap fails", function (done) { - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.challenge = "reset-password"; - req.body = {}; - req.body.password = "new-password"; - - ldap_client.bind.yields(undefined); - ldap_client.update_password.returns(BluebirdPromise.reject("Internal error with LDAP")); - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 500); - done(); - }); - PasswordReset.post(req as any, res as any); - }); - } -}); diff --git a/test/unitary/routes/TOTPAuthenticator.test.ts b/test/unitary/routes/TOTPAuthenticator.test.ts deleted file mode 100644 index eab66d67..00000000 --- a/test/unitary/routes/TOTPAuthenticator.test.ts +++ /dev/null @@ -1,90 +0,0 @@ - -import BluebirdPromise = require("bluebird"); -import sinon = require("sinon"); -import assert = require("assert"); -import winston = require("winston"); - -import exceptions = require("../../../src/lib/Exceptions"); -import TOTPAuthenticator = require("../../../src/lib/routes/TOTPAuthenticator"); - -import ExpressMock = require("../mocks/express"); -import UserDataStoreMock = require("../mocks/UserDataStore"); -import TOTPValidatorMock = require("../mocks/TOTPValidator"); - -describe("test totp route", function() { - let req: ExpressMock.RequestMock; - let res: ExpressMock.ResponseMock; - let totpValidator: TOTPValidatorMock.TOTPValidatorMock; - let userDataStore: UserDataStoreMock.UserDataStore; - - beforeEach(function() { - const app_get = sinon.stub(); - req = { - app: { - get: app_get - }, - body: { - token: "abc" - }, - session: { - auth_session: { - userid: "user", - first_factor: false, - second_factor: false - } - } - }; - res = ExpressMock.ResponseMock(); - - const config = { totp_secret: "secret" }; - totpValidator = TOTPValidatorMock.TOTPValidatorMock(); - - userDataStore = UserDataStoreMock.UserDataStore(); - - const doc = { - userid: "user", - secret: { - base32: "ABCDEF" - } - }; - userDataStore.get_totp_secret.returns(BluebirdPromise.resolve(doc)); - - app_get.withArgs("logger").returns(winston); - app_get.withArgs("totp validator").returns(totpValidator); - app_get.withArgs("config").returns(config); - app_get.withArgs("user data store").returns(userDataStore); - }); - - - it("should send status code 204 when totp is valid", function(done) { - totpValidator.validate.returns(Promise.resolve("ok")); - res.send = sinon.spy(function() { - // Second factor passed - assert.equal(true, req.session.auth_session.second_factor); - assert.equal(204, res.status.getCall(0).args[0]); - done(); - }); - TOTPAuthenticator(req as any, res as any); - }); - - it("should send status code 401 when totp is not valid", function(done) { - totpValidator.validate.returns(Promise.reject(new exceptions.InvalidTOTPError("Bad TOTP token"))); - res.send = sinon.spy(function() { - assert.equal(false, req.session.auth_session.second_factor); - assert.equal(401, res.status.getCall(0).args[0]); - done(); - }); - TOTPAuthenticator(req as any, res as any); - }); - - it("should send status code 401 when session has not been initiated", function(done) { - totpValidator.validate.returns(Promise.resolve("abc")); - res.send = sinon.spy(function() { - assert.equal(403, res.status.getCall(0).args[0]); - done(); - }); - req.session = {}; - TOTPAuthenticator(req as any, res as any); - }); -}); - diff --git a/test/unitary/routes/TOTPRegistration.test.ts b/test/unitary/routes/TOTPRegistration.test.ts deleted file mode 100644 index 4667b618..00000000 --- a/test/unitary/routes/TOTPRegistration.test.ts +++ /dev/null @@ -1,137 +0,0 @@ -import sinon = require("sinon"); -import winston = require("winston"); -import TOTPRegistration = require("../../../src/lib/routes/TOTPRegistration"); -import assert = require("assert"); -import BluebirdPromise = require("bluebird"); - -import ExpressMock = require("../mocks/express"); -import UserDataStoreMock = require("../mocks/UserDataStore"); - -describe("test totp register", function () { - let req: ExpressMock.RequestMock; - let res: ExpressMock.ResponseMock; - let userDataStore: UserDataStoreMock.UserDataStore; - - beforeEach(function () { - req = ExpressMock.RequestMock(); - req.app.get = sinon.stub(); - req.app.get.withArgs("logger").returns(winston); - req.session = {}; - req.session.auth_session = {}; - req.session.auth_session.userid = "user"; - req.session.auth_session.email = "user@example.com"; - req.session.auth_session.first_factor = true; - req.session.auth_session.second_factor = false; - req.headers = {}; - req.headers.host = "localhost"; - - const options = { - inMemoryOnly: true - }; - - userDataStore = UserDataStoreMock.UserDataStore(); - userDataStore.set_u2f_meta = sinon.stub().returns(Promise.resolve({})); - userDataStore.get_u2f_meta = sinon.stub().returns(Promise.resolve({})); - userDataStore.issue_identity_check_token = sinon.stub().returns(Promise.resolve({})); - userDataStore.consume_identity_check_token = sinon.stub().returns(Promise.resolve({})); - userDataStore.set_totp_secret = sinon.stub().returns(Promise.resolve({})); - req.app.get.withArgs("user data store").returns(userDataStore); - - res = ExpressMock.ResponseMock(); - }); - - describe("test totp registration check", test_registration_check); - describe("test totp post secret", test_post_secret); - - function test_registration_check() { - it("should fail if first_factor has not been passed", function (done) { - req.session.auth_session.first_factor = false; - TOTPRegistration.icheck_interface.preValidation(req as any) - .catch(function (err) { - done(); - }); - }); - - it("should fail if userid is missing", function (done) { - req.session.auth_session.first_factor = false; - req.session.auth_session.userid = undefined; - - TOTPRegistration.icheck_interface.preValidation(req as any) - .catch(function (err) { - done(); - }); - }); - - it("should fail if email is missing", function (done) { - req.session.auth_session.first_factor = false; - req.session.auth_session.email = undefined; - - TOTPRegistration.icheck_interface.preValidation(req as any) - .catch(function (err) { - done(); - }); - }); - - it("should succeed if first factor passed, userid and email are provided", function (done) { - TOTPRegistration.icheck_interface.preValidation(req as any) - .then(function (err) { - done(); - }); - }); - } - - function test_post_secret() { - it("should send the secret in json format", function (done) { - req.app.get.withArgs("totp generator").returns({ - generate: sinon.stub().returns({ otpauth_url: "abc" }) - }); - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.userid = "user"; - req.session.auth_session.identity_check.challenge = "totp-register"; - res.json = sinon.spy(function () { - done(); - }); - TOTPRegistration.post(req as any, res as any); - }); - - it("should clear the session for reauthentication", function (done) { - req.app.get.withArgs("totp generator").returns({ - generate: sinon.stub().returns({ otpauth_url: "abc" }) - }); - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.userid = "user"; - req.session.auth_session.identity_check.challenge = "totp-register"; - res.json = sinon.spy(function () { - assert.equal(req.session, undefined); - done(); - }); - TOTPRegistration.post(req as any, res as any); - }); - - it("should return 403 if the identity check challenge is not set", function (done) { - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.challenge = undefined; - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 403); - done(); - }); - TOTPRegistration.post(req as any, res as any); - }); - - it("should return 500 if db throws", function (done) { - req.app.get.withArgs("totp generator").returns({ - generate: sinon.stub().returns({ otpauth_url: "abc" }) - }); - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.userid = "user"; - req.session.auth_session.identity_check.challenge = "totp-register"; - userDataStore.set_totp_secret.returns(BluebirdPromise.reject("internal error")); - - res.send = sinon.spy(function () { - assert.equal(res.status.getCall(0).args[0], 500); - done(); - }); - TOTPRegistration.post(req as any, res as any); - }); - } -}); diff --git a/test/unitary/routes/U2FRegistration.test.ts b/test/unitary/routes/U2FRegistration.test.ts deleted file mode 100644 index a89faad3..00000000 --- a/test/unitary/routes/U2FRegistration.test.ts +++ /dev/null @@ -1,83 +0,0 @@ -import sinon = require("sinon"); -import winston = require("winston"); -import u2f_register = require("../../../src/lib/routes/U2FRegistration"); -import assert = require("assert"); - -import ExpressMock = require("../mocks/express"); -import UserDataStoreMock = require("../mocks/UserDataStore"); - -describe("test register handler", function() { - let req: ExpressMock.RequestMock; - let res: ExpressMock.ResponseMock; - let user_data_store: UserDataStoreMock.UserDataStore; - - beforeEach(function() { - req = ExpressMock.RequestMock; - req.app = {}; - req.app.get = sinon.stub(); - req.app.get.withArgs("logger").returns(winston); - req.session = {}; - req.session.auth_session = {}; - req.session.auth_session.userid = "user"; - req.session.auth_session.email = "user@example.com"; - req.session.auth_session.first_factor = true; - req.session.auth_session.second_factor = false; - req.headers = {}; - req.headers.host = "localhost"; - - const options = { - inMemoryOnly: true - }; - - user_data_store = UserDataStoreMock.UserDataStore(); - user_data_store.set_u2f_meta = sinon.stub().returns(Promise.resolve({})); - user_data_store.get_u2f_meta = sinon.stub().returns(Promise.resolve({})); - user_data_store.issue_identity_check_token = sinon.stub().returns(Promise.resolve({})); - user_data_store.consume_identity_check_token = sinon.stub().returns(Promise.resolve({})); - req.app.get.withArgs("user data store").returns(user_data_store); - - res = ExpressMock.ResponseMock(); - res.send = sinon.spy(); - res.json = sinon.spy(); - res.status = sinon.spy(); - }); - - describe("test u2f registration check", test_registration_check); - - function test_registration_check() { - it("should fail if first_factor has not been passed", function(done) { - req.session.auth_session.first_factor = false; - u2f_register.icheck_interface.preValidation(req as any) - .catch(function(err: Error) { - done(); - }); - }); - - it("should fail if userid is missing", function(done) { - req.session.auth_session.first_factor = false; - req.session.auth_session.userid = undefined; - - u2f_register.icheck_interface.preValidation(req as any) - .catch(function(err: Error) { - done(); - }); - }); - - it("should fail if email is missing", function(done) { - req.session.auth_session.first_factor = false; - req.session.auth_session.email = undefined; - - u2f_register.icheck_interface.preValidation(req as any) - .catch(function(err) { - done(); - }); - }); - - it("should succeed if first factor passed, userid and email are provided", function(done) { - u2f_register.icheck_interface.preValidation(req as any) - .then(function(err) { - done(); - }); - }); - } -}); diff --git a/test/unitary/routes/U2FRoutes.test.ts b/test/unitary/routes/U2FRoutes.test.ts deleted file mode 100644 index 5274351c..00000000 --- a/test/unitary/routes/U2FRoutes.test.ts +++ /dev/null @@ -1,278 +0,0 @@ - -import sinon = require("sinon"); -import Promise = require("bluebird"); -import assert = require("assert"); -import u2f = require("../../../src/lib/routes/U2FRoutes"); -import winston = require("winston"); - -import ExpressMock = require("../mocks/express"); -import UserDataStoreMock = require("../mocks/UserDataStore"); -import AuthdogMock = require("../mocks/authdog"); - -describe("test u2f routes", function () { - let req: ExpressMock.RequestMock; - let res: ExpressMock.ResponseMock; - let user_data_store: UserDataStoreMock.UserDataStore; - - beforeEach(function () { - req = ExpressMock.RequestMock(); - req.app = {}; - req.app.get = sinon.stub(); - req.app.get.withArgs("logger").returns(winston); - req.session = {}; - req.session.auth_session = {}; - req.session.auth_session.userid = "user"; - req.session.auth_session.first_factor = true; - req.session.auth_session.second_factor = false; - req.session.auth_session.identity_check = {}; - req.session.auth_session.identity_check.challenge = "u2f-register"; - req.session.auth_session.register_request = {}; - req.headers = {}; - req.headers.host = "localhost"; - - const options = { - inMemoryOnly: true - }; - - user_data_store = UserDataStoreMock.UserDataStore(); - user_data_store.set_u2f_meta = sinon.stub().returns(Promise.resolve({})); - user_data_store.get_u2f_meta = sinon.stub().returns(Promise.resolve({})); - req.app.get.withArgs("user data store").returns(user_data_store); - - res = ExpressMock.ResponseMock(); - res.send = sinon.spy(); - res.json = sinon.spy(); - res.status = sinon.spy(); - }); - - describe("test registration request", test_registration_request); - describe("test registration", test_registration); - describe("test signing request", test_signing_request); - describe("test signing", test_signing); - - function test_registration_request() { - it("should send back the registration request and save it in the session", function (done) { - const expectedRequest = { - test: "abc" - }; - res.json = sinon.spy(function (data: any) { - assert.equal(200, res.status.getCall(0).args[0]); - assert.deepEqual(expectedRequest, data); - done(); - }); - const user_key_container = {}; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.startRegistration.returns(Promise.resolve(expectedRequest)); - - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.register_request(req as any, res as any, undefined); - }); - - it("should return internal error on registration request", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(500, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = {}; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.startRegistration.returns(Promise.reject("Internal error")); - - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.register_request(req as any, res as any, undefined); - }); - - it("should return forbidden if identity has not been verified", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(403, res.status.getCall(0).args[0]); - done(); - }); - req.session.auth_session.identity_check = undefined; - u2f.register_request(req as any, res as any, undefined); - }); - } - - function test_registration() { - it("should save u2f meta and return status code 200", function (done) { - const expectedStatus = { - keyHandle: "keyHandle", - publicKey: "pbk", - certificate: "cert" - }; - res.send = sinon.spy(function (data: any) { - assert.equal("user", user_data_store.set_u2f_meta.getCall(0).args[0]); - assert.equal(req.session.auth_session.identity_check, undefined); - done(); - }); - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishRegistration.returns(Promise.resolve(expectedStatus)); - - req.session.auth_session.register_request = {}; - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.register(req as any, res as any, undefined); - }); - - it("should return unauthorized on finishRegistration error", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(500, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = {}; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishRegistration.returns(Promise.reject("Internal error")); - - req.session.auth_session.register_request = "abc"; - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.register(req as any, res as any, undefined); - }); - - it("should return 403 when register_request is not provided", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(403, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = {}; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishRegistration.returns(Promise.resolve()); - - req.session.auth_session.register_request = undefined; - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.register(req as any, res as any, undefined); - }); - - it("should return forbidden error when no auth request has been initiated", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(403, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = {}; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishRegistration.returns(Promise.resolve()); - - req.session.auth_session.register_request = undefined; - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.register(req as any, res as any, undefined); - }); - - it("should return forbidden error when identity has not been verified", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(403, res.status.getCall(0).args[0]); - done(); - }); - req.session.auth_session.identity_check = undefined; - u2f.register(req as any, res as any, undefined); - }); - } - - function test_signing_request() { - it("should send back the sign request and save it in the session", function (done) { - const expectedRequest = { - test: "abc" - }; - res.json = sinon.spy(function (data: any) { - assert.deepEqual(expectedRequest, req.session.auth_session.sign_request); - assert.equal(200, res.status.getCall(0).args[0]); - assert.deepEqual(expectedRequest, data); - done(); - }); - const user_key_container = { - user: {} - }; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.startAuthentication.returns(Promise.resolve(expectedRequest)); - - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.sign_request(req as any, res as any, undefined); - }); - - it("should return unauthorized error on registration request error", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(500, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = { - user: {} - }; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.startAuthentication.returns(Promise.reject("Internal error")); - - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.sign_request(req as any, res as any, undefined); - }); - - it("should send unauthorized error when no registration exists", function (done) { - const expectedRequest = { - test: "abc" - }; - res.send = sinon.spy(function (data: any) { - assert.equal(401, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = {}; // no entry means no registration - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.startAuthentication.returns(Promise.resolve(expectedRequest)); - - user_data_store.get_u2f_meta = sinon.stub().returns(Promise.resolve()); - - req.app.get = sinon.stub(); - req.app.get.withArgs("logger").returns(winston); - req.app.get.withArgs("user data store").returns(user_data_store); - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.sign_request(req as any, res as any, undefined); - }); - } - - function test_signing() { - it("should return status code 204", function (done) { - const user_key_container = { - user: {} - }; - const expectedStatus = { - keyHandle: "keyHandle", - publicKey: "pbk", - certificate: "cert" - }; - res.send = sinon.spy(function (data: any) { - assert(204, res.status.getCall(0).args[0]); - assert(req.session.auth_session.second_factor); - done(); - }); - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishAuthentication.returns(Promise.resolve(expectedStatus)); - - req.session.auth_session.sign_request = {}; - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.sign(req as any, res as any, undefined); - }); - - it("should return unauthorized error on registration request internal error", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(500, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = { - user: {} - }; - - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishAuthentication.returns(Promise.reject("Internal error")); - - req.session.auth_session.sign_request = {}; - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.sign(req as any, res as any, undefined); - }); - - it("should return unauthorized error when no sign request has been initiated", function (done) { - res.send = sinon.spy(function (data: any) { - assert.equal(401, res.status.getCall(0).args[0]); - done(); - }); - const user_key_container = {}; - const u2f_mock = AuthdogMock.AuthdogMock(); - u2f_mock.finishAuthentication.returns(Promise.resolve()); - - req.app.get.withArgs("u2f").returns(u2f_mock); - u2f.sign(req as any, res as any, undefined); - }); - } -}); - diff --git a/tsconfig.json b/tsconfig.json index 547417dd..f59e34c0 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -2,19 +2,20 @@ "compilerOptions": { "module": "commonjs", "target": "es6", - "noImplicitAny": true, "moduleResolution": "node", + "noImplicitAny": true, "sourceMap": true, + "removeComments": true, "outDir": "dist", "baseUrl": ".", "paths": { "*": [ - "src/types/*", - "node_modules/@types/*" + "./src/types/*", + "./node_modules/@types/*" ] } }, - "include": [ + "includes": [ "src/**/*", "test/**/*" ]