added black theme and fixed main css matrix.js (not needed)

This commit is contained in:
BankaiNoJutsu 2018-12-18 07:47:07 +01:00
parent 6bd9d04eb9
commit dedd712039
274 changed files with 18976 additions and 2 deletions

View File

@ -131,6 +131,30 @@ module.exports = function (grunt) {
src: '**',
dest: `${buildDir}/server/src/public_html/js/`
},
black_resources: {
expand: true,
cwd: 'themes/black/server/src/resources',
src: '**',
dest: `${buildDir}/server/src/resources/`
},
black_views: {
expand: true,
cwd: 'themes/black/server/src/views',
src: '**',
dest: `${buildDir}/server/src/views/`
},
black_images: {
expand: true,
cwd: 'themes/black/client/src/img',
src: '**',
dest: `${buildDir}/server/src/public_html/img/`
},
black_thirdparties: {
expand: true,
cwd: 'themes/black/client/src/thirdparties',
src: '**',
dest: `${buildDir}/server/src/public_html/js/`
},
schema: {
src: schemaDir,
dest: `${buildDir}/${schemaDir}`
@ -206,6 +230,10 @@ module.exports = function (grunt) {
src: ['themes/matrix/client/src/css/*.css'],
dest: `${buildDir}/server/src/public_html/css/authelia.css`
},
black_css: {
src: ['themes/black/client/src/css/*.css'],
dest: `${buildDir}/server/src/public_html/css/authelia.css`
},
},
cssmin: {
target: {
@ -243,10 +271,13 @@ module.exports = function (grunt) {
grunt.registerTask('copy-resources-matrix', ['copy:matrix_resources', 'copy:matrix_views', 'copy:matrix_images', 'copy:matrix_thirdparties', 'concat:matrix_css']);
grunt.registerTask('copy-resources-black', ['copy:black_resources', 'copy:black_views', 'copy:black_images', 'copy:black_thirdparties', 'concat:black_css']);
grunt.registerTask('build-client', ['compile-client', 'browserify']);
grunt.registerTask('build-server-main', ['compile-server', 'copy-resources-main', 'generate-config-schema']);
grunt.registerTask('build-server-matrix', ['compile-server', 'copy-resources-matrix', 'generate-config-schema']);
grunt.registerTask('build-server-black', ['compile-server', 'copy-resources-black', 'generate-config-schema']);
grunt.registerTask('build', ['build-client', 'build-server-'+target]);
grunt.registerTask('build-dist', ['clean', 'build', 'run:minify', 'cssmin', 'run:include-minified-script']);

View File

@ -0,0 +1,4 @@
[Dolphin]
Timestamp=2018,12,17,20,56,41
Version=3
ViewMode=1

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,77 @@
body {
/*background-image: url("//*img//*LargeTriangles.svg");*/
/*background-image: url("//*img//*RandomizedPattern.svg");*/
/*background-image: url("//*img//*background.svg");*/
background-color:#000000;*/
}
canvas{
position:absolute;
top:0;
left:0;
}
.authelia-brand {
font-weight: bold;
font-style: italic;
color: #ffffff
}
.poweredby-block {
margin: 0px 30px;
margin-top: 10px;
padding-top: 15px;
border-top: 1px solid rgba(0, 0, 0, 0.15);
}
.poweredby {
font-size: 0.7em;
color: white;
}
/* notifications */
.notification {
padding: 10px;
margin: 15px 0px;
border-radius: 6px;
display: none;
position: absolute;
}
.notification img {
width: 24px;
margin-right: 10px;
}
.notification i,
.notification span {
display:table-cell;
vertical-align:middle;
}
.info {
border: 1px solid #9cb1ff;
background-color: rgb(192, 220, 255);
}
.success {
border: 1px solid #65ec7c;
background-color: rgb(163, 255, 157);
}
.error {
border: 1px solid #ffa3a3;
background-color: rgb(255, 175, 175);
}
.warning {
border: 1px solid #ffd743;
background-color: rgb(255, 230, 143);
}
.bottom-right-links {
text-align: right;
margin-top: 10px;
font-size: 0.8em;
color: white;
}
.header {
background-color: #000000;
color: white;
margin: 0px;
}
.body {
padding: 10px;
}
h1 {
font-size: 25px;
}

View File

@ -0,0 +1,136 @@
.form-signin
{
margin: 0 auto;
}
.form-signin .form-signin-heading, .form-signin .checkbox
{
margin-bottom: 10px;
}
.form-signin .checkbox
{
font-weight: normal;
}
.form-signin .form-control
{
position: relative;
font-size: 16px;
height: auto;
padding: 10px;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
.form-signin .form-control:focus
{
z-index: 2;
}
.form-signin input[type="text"]
{
margin-bottom: -1px;
border-bottom-left-radius: 0;
border-bottom-right-radius: 0;
}
.form-signin input[type="password"]
{
/* margin-bottom: 10px; */
border-top-left-radius: 0;
border-top-right-radius: 0;
}
.account-wall
{
border: 1px solid #000;
margin-top: 20px;
padding-bottom: 20px;
background-color: #000000;
-moz-box-shadow: 0px 2px 2px rgba(0, 0, 0, 1);
-webkit-box-shadow: 0px 2px 2px rgba(0, 0, 0, 1);
box-shadow: 0px 2px 2px rgba(0, 0, 0, 1);
}
.account-wall h1
{
margin-bottom: 15px;
margin-top: 15px;
font-weight: 800;
display: block;
text-align: center;
}
.account-wall h3
{
display: block;
text-align: center;
}
.account-wall p
{
text-align: center;
margin: 10px;
color: white;
}
.account-wall .form-inputs
{
margin-bottom: 10px;
border-color: #b20c0c;
}
.account-wall hr {
border-color: #c5c5c5;
}
.header-img
{
width: 96px;
height: 96px;
margin: 0 auto 10px;
display: block;
-moz-border-radius: 50%;
-webkit-border-radius: 50%;
border-radius: 50%;
}
.link
{
margin-top: 10px;
color: white;
}
.btn-primary.totp
{
background-color: rgb(102, 135, 162);
}
.btn-primary.u2f
{
background-color: rgb(83, 149, 204);
}
.u2f-token {
text-align: center;
}
.u2f-token img {
width: 70px;
}
.keep-me-logged-in {
margin-top: 10px;
font-size: 0.8em;
color: white;
}
.keep-me-logged-in input[type=checkbox] {
transform: scale(0.8);
margin: 0;
margin-right: 4px;
}
.keep-me-logged-in label {
font-weight: 300;
}
.keep-me-logged-in input,
.keep-me-logged-in label {
display: inline-block;
margin-bottom: 0; /* I added this after I posted my reply */
vertical-align: middle; /* Fixes any weird issues in Firefox and IE */
}

View File

@ -0,0 +1,12 @@
.error-401 .header-img {
border-radius: 0%;
}
.error-403 .header-img {
border-radius: 0%;
}
.error-404 .header-img {
border-radius: 0%;
}

View File

@ -0,0 +1,4 @@
.password-reset-form .header-img {
border-radius: 0%;
}

View File

@ -0,0 +1,4 @@
.password-reset-request .header-img {
border-radius: 0%;
}

View File

@ -0,0 +1,22 @@
.totp-register #secret {
background-color: white;
font-size: 0.9em;
font-weight: bold;
padding: 5px;
border: 1px solid #c7c7c7;
word-wrap: break-word;
}
.totp-register #qrcode img {
margin: 10px auto;
}
.totp-register .need-google-authenticator {
text-align: center;
margin-top: 20px;
}
.totp-register .store-badges {
margin-top: 5px;
}
.totp-register .store-badge {
width: 110px;
height: 30px;
}

View File

@ -0,0 +1,5 @@
.u2f-register img {
display: block;
margin: 20px auto;
}

View File

@ -0,0 +1 @@
<svg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='100' height='50' viewBox='0 0 100 50'><rect fill='#000000' width='50' height='25'/><defs><rect stroke='#000000' stroke-width='0.5' width='1' height='1' id='s'/><pattern id='a' width='2' height='2' patternUnits='userSpaceOnUse'><g stroke='#000000' stroke-width='0.5'><rect fill='#050505' width='1' height='1'/><rect fill='#000000' width='1' height='1' x='1' y='1'/><rect fill='#0a0a0a' width='1' height='1' y='1'/><rect fill='#0f0f0f' width='1' height='1' x='1'/></g></pattern><pattern id='b' width='5' height='11' patternUnits='userSpaceOnUse'><g fill='#141414'><use xlink:href='#s' x='2' y='0'/><use xlink:href='#s' x='4' y='1'/><use xlink:href='#s' x='1' y='2'/><use xlink:href='#s' x='2' y='4'/><use xlink:href='#s' x='4' y='6'/><use xlink:href='#s' x='0' y='8'/><use xlink:href='#s' x='3' y='9'/></g></pattern><pattern id='c' width='7' height='7' patternUnits='userSpaceOnUse'><g fill='#1a1a1a'><use xlink:href='#s' x='1' y='1'/><use xlink:href='#s' x='3' y='4'/><use xlink:href='#s' x='5' y='6'/><use xlink:href='#s' x='0' y='3'/></g></pattern><pattern id='d' width='11' height='5' patternUnits='userSpaceOnUse'><g fill='#000000'><use xlink:href='#s' x='1' y='1'/><use xlink:href='#s' x='6' y='3'/><use xlink:href='#s' x='8' y='2'/><use xlink:href='#s' x='3' y='0'/><use xlink:href='#s' x='0' y='3'/></g><g fill='#1f1f1f'><use xlink:href='#s' x='8' y='3'/><use xlink:href='#s' x='4' y='2'/><use xlink:href='#s' x='5' y='4'/><use xlink:href='#s' x='10' y='0'/></g></pattern><pattern id='e' width='47' height='23' patternUnits='userSpaceOnUse'><g fill='#000000'><use xlink:href='#s' x='2' y='5'/><use xlink:href='#s' x='23' y='13'/><use xlink:href='#s' x='4' y='18'/><use xlink:href='#s' x='35' y='9'/></g></pattern><pattern id='f' width='61' height='31' patternUnits='userSpaceOnUse'><g fill='#000000'><use xlink:href='#s' x='16' y='0'/><use xlink:href='#s' x='13' y='22'/><use xlink:href='#s' x='44' y='15'/><use xlink:href='#s' x='12' y='11'/></g></pattern></defs><rect fill='url(#a)' width='100' height='50'/><rect fill='url(#b)' width='100' height='50'/><rect fill='url(#c)' width='100' height='50'/><rect fill='url(#d)' width='100' height='50'/><rect fill='url(#e)' width='100' height='50'/><rect fill='url(#f)' width='100' height='50'/></svg>

Binary file not shown.

After

Width:  |  Height:  |  Size: 587 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.5 KiB

View File

@ -0,0 +1,4 @@
[Dolphin]
Timestamp=2018,12,17,20,57,35
Version=3
ViewMode=1

Binary file not shown.

After

Width:  |  Height:  |  Size: 863 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 732 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 931 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 580 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.0 KiB

View File

@ -0,0 +1,4 @@
[Dolphin]
Timestamp=2018,12,17,20,57,25
Version=3
ViewMode=1

View File

@ -0,0 +1,129 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="US_UK_Download_on_the" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
x="0px" y="0px" width="135px" height="40px" viewBox="0 0 135 40" enable-background="new 0 0 135 40" xml:space="preserve">
<g>
<path fill="#A6A6A6" d="M130.197,40H4.729C2.122,40,0,37.872,0,35.267V4.726C0,2.12,2.122,0,4.729,0h125.468
C132.803,0,135,2.12,135,4.726v30.541C135,37.872,132.803,40,130.197,40L130.197,40z"/>
<path d="M134.032,35.268c0,2.116-1.714,3.83-3.834,3.83H4.729c-2.119,0-3.839-1.714-3.839-3.83V4.725
c0-2.115,1.72-3.835,3.839-3.835h125.468c2.121,0,3.834,1.72,3.834,3.835L134.032,35.268L134.032,35.268z"/>
<g>
<g>
<path fill="#FFFFFF" d="M30.128,19.784c-0.029-3.223,2.639-4.791,2.761-4.864c-1.511-2.203-3.853-2.504-4.676-2.528
c-1.967-0.207-3.875,1.177-4.877,1.177c-1.022,0-2.565-1.157-4.228-1.123c-2.14,0.033-4.142,1.272-5.24,3.196
c-2.266,3.923-0.576,9.688,1.595,12.859c1.086,1.553,2.355,3.287,4.016,3.226c1.625-0.067,2.232-1.036,4.193-1.036
c1.943,0,2.513,1.036,4.207,0.997c1.744-0.028,2.842-1.56,3.89-3.127c1.255-1.78,1.759-3.533,1.779-3.623
C33.507,24.924,30.161,23.647,30.128,19.784z"/>
<path fill="#FFFFFF" d="M26.928,10.306c0.874-1.093,1.472-2.58,1.306-4.089c-1.265,0.056-2.847,0.875-3.758,1.944
c-0.806,0.942-1.526,2.486-1.34,3.938C24.557,12.205,26.016,11.382,26.928,10.306z"/>
</g>
</g>
<g>
<path fill="#FFFFFF" d="M53.645,31.504h-2.271l-1.244-3.909h-4.324l-1.185,3.909h-2.211l4.284-13.308h2.646L53.645,31.504z
M49.755,25.955L48.63,22.48c-0.119-0.355-0.342-1.191-0.671-2.507h-0.04c-0.131,0.566-0.342,1.402-0.632,2.507l-1.105,3.475
H49.755z"/>
<path fill="#FFFFFF" d="M64.662,26.588c0,1.632-0.441,2.922-1.323,3.869c-0.79,0.843-1.771,1.264-2.942,1.264
c-1.264,0-2.172-0.454-2.725-1.362h-0.04v5.055h-2.132V25.067c0-1.026-0.027-2.079-0.079-3.159h1.875l0.119,1.521h0.04
c0.711-1.146,1.79-1.718,3.238-1.718c1.132,0,2.077,0.447,2.833,1.342C64.284,23.949,64.662,25.127,64.662,26.588z M62.49,26.666
c0-0.934-0.21-1.704-0.632-2.31c-0.461-0.632-1.08-0.948-1.856-0.948c-0.526,0-1.004,0.176-1.431,0.523
c-0.428,0.35-0.708,0.807-0.839,1.373c-0.066,0.264-0.099,0.48-0.099,0.65v1.6c0,0.698,0.214,1.287,0.642,1.768
s0.984,0.721,1.668,0.721c0.803,0,1.428-0.31,1.875-0.928C62.266,28.496,62.49,27.68,62.49,26.666z"/>
<path fill="#FFFFFF" d="M75.699,26.588c0,1.632-0.441,2.922-1.324,3.869c-0.789,0.843-1.77,1.264-2.941,1.264
c-1.264,0-2.172-0.454-2.724-1.362H68.67v5.055h-2.132V25.067c0-1.026-0.027-2.079-0.079-3.159h1.875l0.119,1.521h0.04
c0.71-1.146,1.789-1.718,3.238-1.718c1.131,0,2.076,0.447,2.834,1.342C75.32,23.949,75.699,25.127,75.699,26.588z M73.527,26.666
c0-0.934-0.211-1.704-0.633-2.31c-0.461-0.632-1.078-0.948-1.855-0.948c-0.527,0-1.004,0.176-1.432,0.523
c-0.428,0.35-0.707,0.807-0.838,1.373c-0.065,0.264-0.099,0.48-0.099,0.65v1.6c0,0.698,0.214,1.287,0.64,1.768
c0.428,0.48,0.984,0.721,1.67,0.721c0.803,0,1.428-0.31,1.875-0.928C73.303,28.496,73.527,27.68,73.527,26.666z"/>
<path fill="#FFFFFF" d="M88.039,27.772c0,1.132-0.393,2.053-1.182,2.764c-0.867,0.777-2.074,1.165-3.625,1.165
c-1.432,0-2.58-0.276-3.449-0.829l0.494-1.777c0.936,0.566,1.963,0.85,3.082,0.85c0.803,0,1.428-0.182,1.877-0.544
c0.447-0.362,0.67-0.848,0.67-1.454c0-0.54-0.184-0.995-0.553-1.364c-0.367-0.369-0.98-0.712-1.836-1.029
c-2.33-0.869-3.494-2.142-3.494-3.816c0-1.094,0.408-1.991,1.225-2.689c0.814-0.699,1.9-1.048,3.258-1.048
c1.211,0,2.217,0.211,3.02,0.632l-0.533,1.738c-0.75-0.408-1.598-0.612-2.547-0.612c-0.75,0-1.336,0.185-1.756,0.553
c-0.355,0.329-0.533,0.73-0.533,1.205c0,0.526,0.203,0.961,0.611,1.303c0.355,0.316,1,0.658,1.936,1.027
c1.145,0.461,1.986,1,2.527,1.618C87.77,26.081,88.039,26.852,88.039,27.772z"/>
<path fill="#FFFFFF" d="M95.088,23.508h-2.35v4.659c0,1.185,0.414,1.777,1.244,1.777c0.381,0,0.697-0.033,0.947-0.099l0.059,1.619
c-0.42,0.157-0.973,0.236-1.658,0.236c-0.842,0-1.5-0.257-1.975-0.77c-0.473-0.514-0.711-1.376-0.711-2.587v-4.837h-1.4v-1.6h1.4
v-1.757l2.094-0.632v2.389h2.35V23.508z"/>
<path fill="#FFFFFF" d="M105.691,26.627c0,1.475-0.422,2.686-1.264,3.633c-0.883,0.975-2.055,1.461-3.516,1.461
c-1.408,0-2.529-0.467-3.365-1.401s-1.254-2.113-1.254-3.534c0-1.487,0.43-2.705,1.293-3.652c0.861-0.948,2.023-1.422,3.484-1.422
c1.408,0,2.541,0.467,3.396,1.402C105.283,24.021,105.691,25.192,105.691,26.627z M103.479,26.696
c0-0.885-0.189-1.644-0.572-2.277c-0.447-0.766-1.086-1.148-1.914-1.148c-0.857,0-1.508,0.383-1.955,1.148
c-0.383,0.634-0.572,1.405-0.572,2.317c0,0.885,0.189,1.644,0.572,2.276c0.461,0.766,1.105,1.148,1.936,1.148
c0.814,0,1.453-0.39,1.914-1.168C103.281,28.347,103.479,27.58,103.479,26.696z"/>
<path fill="#FFFFFF" d="M112.621,23.783c-0.211-0.039-0.436-0.059-0.672-0.059c-0.75,0-1.33,0.283-1.738,0.85
c-0.355,0.5-0.533,1.132-0.533,1.895v5.035h-2.131l0.02-6.574c0-1.106-0.027-2.113-0.08-3.021h1.857l0.078,1.836h0.059
c0.225-0.631,0.58-1.139,1.066-1.52c0.475-0.343,0.988-0.514,1.541-0.514c0.197,0,0.375,0.014,0.533,0.039V23.783z"/>
<path fill="#FFFFFF" d="M122.156,26.252c0,0.382-0.025,0.704-0.078,0.967h-6.396c0.025,0.948,0.334,1.673,0.928,2.173
c0.539,0.447,1.236,0.671,2.092,0.671c0.947,0,1.811-0.151,2.588-0.454l0.334,1.48c-0.908,0.396-1.98,0.593-3.217,0.593
c-1.488,0-2.656-0.438-3.506-1.313c-0.848-0.875-1.273-2.05-1.273-3.524c0-1.447,0.395-2.652,1.186-3.613
c0.828-1.026,1.947-1.539,3.355-1.539c1.383,0,2.43,0.513,3.141,1.539C121.873,24.047,122.156,25.055,122.156,26.252z
M120.123,25.699c0.014-0.632-0.125-1.178-0.414-1.639c-0.369-0.593-0.936-0.889-1.699-0.889c-0.697,0-1.264,0.289-1.697,0.869
c-0.355,0.461-0.566,1.014-0.631,1.658H120.123z"/>
</g>
<g>
<g>
<path fill="#FFFFFF" d="M49.05,10.009c0,1.177-0.353,2.063-1.058,2.658c-0.653,0.549-1.581,0.824-2.783,0.824
c-0.596,0-1.106-0.026-1.533-0.078V6.982c0.557-0.09,1.157-0.136,1.805-0.136c1.145,0,2.008,0.249,2.59,0.747
C48.723,8.156,49.05,8.961,49.05,10.009z M47.945,10.038c0-0.763-0.202-1.348-0.606-1.756c-0.404-0.407-0.994-0.611-1.771-0.611
c-0.33,0-0.611,0.022-0.844,0.068v4.889c0.129,0.02,0.365,0.029,0.708,0.029c0.802,0,1.421-0.223,1.857-0.669
S47.945,10.892,47.945,10.038z"/>
<path fill="#FFFFFF" d="M54.909,11.037c0,0.725-0.207,1.319-0.621,1.785c-0.434,0.479-1.009,0.718-1.727,0.718
c-0.692,0-1.243-0.229-1.654-0.689c-0.41-0.459-0.615-1.038-0.615-1.736c0-0.73,0.211-1.329,0.635-1.794s0.994-0.698,1.712-0.698
c0.692,0,1.248,0.229,1.669,0.688C54.708,9.757,54.909,10.333,54.909,11.037z M53.822,11.071c0-0.435-0.094-0.808-0.281-1.119
c-0.22-0.376-0.533-0.564-0.94-0.564c-0.421,0-0.741,0.188-0.961,0.564c-0.188,0.311-0.281,0.69-0.281,1.138
c0,0.435,0.094,0.808,0.281,1.119c0.227,0.376,0.543,0.564,0.951,0.564c0.4,0,0.714-0.191,0.94-0.574
C53.725,11.882,53.822,11.506,53.822,11.071z"/>
<path fill="#FFFFFF" d="M62.765,8.719l-1.475,4.714h-0.96l-0.611-2.047c-0.155-0.511-0.281-1.019-0.379-1.523h-0.019
c-0.091,0.518-0.217,1.025-0.379,1.523l-0.649,2.047h-0.971l-1.387-4.714h1.077l0.533,2.241c0.129,0.53,0.235,1.035,0.32,1.513
h0.019c0.078-0.394,0.207-0.896,0.389-1.503l0.669-2.25h0.854l0.641,2.202c0.155,0.537,0.281,1.054,0.378,1.552h0.029
c0.071-0.485,0.178-1.002,0.32-1.552l0.572-2.202H62.765z"/>
<path fill="#FFFFFF" d="M68.198,13.433H67.15v-2.7c0-0.832-0.316-1.248-0.95-1.248c-0.311,0-0.562,0.114-0.757,0.343
c-0.193,0.229-0.291,0.499-0.291,0.808v2.796h-1.048v-3.366c0-0.414-0.013-0.863-0.038-1.349h0.921l0.049,0.737h0.029
c0.122-0.229,0.304-0.418,0.543-0.569c0.284-0.176,0.602-0.265,0.95-0.265c0.44,0,0.806,0.142,1.097,0.427
c0.362,0.349,0.543,0.87,0.543,1.562V13.433z"/>
<path fill="#FFFFFF" d="M71.088,13.433h-1.047V6.556h1.047V13.433z"/>
<path fill="#FFFFFF" d="M77.258,11.037c0,0.725-0.207,1.319-0.621,1.785c-0.434,0.479-1.01,0.718-1.727,0.718
c-0.693,0-1.244-0.229-1.654-0.689c-0.41-0.459-0.615-1.038-0.615-1.736c0-0.73,0.211-1.329,0.635-1.794s0.994-0.698,1.711-0.698
c0.693,0,1.248,0.229,1.67,0.688C77.057,9.757,77.258,10.333,77.258,11.037z M76.17,11.071c0-0.435-0.094-0.808-0.281-1.119
c-0.219-0.376-0.533-0.564-0.939-0.564c-0.422,0-0.742,0.188-0.961,0.564c-0.188,0.311-0.281,0.69-0.281,1.138
c0,0.435,0.094,0.808,0.281,1.119c0.227,0.376,0.543,0.564,0.951,0.564c0.4,0,0.713-0.191,0.939-0.574
C76.074,11.882,76.17,11.506,76.17,11.071z"/>
<path fill="#FFFFFF" d="M82.33,13.433h-0.941l-0.078-0.543h-0.029c-0.322,0.433-0.781,0.65-1.377,0.65
c-0.445,0-0.805-0.143-1.076-0.427c-0.246-0.258-0.369-0.579-0.369-0.96c0-0.576,0.24-1.015,0.723-1.319
c0.482-0.304,1.16-0.453,2.033-0.446V10.3c0-0.621-0.326-0.931-0.979-0.931c-0.465,0-0.875,0.117-1.229,0.349l-0.213-0.688
c0.438-0.271,0.979-0.407,1.617-0.407c1.232,0,1.85,0.65,1.85,1.95v1.736C82.262,12.78,82.285,13.155,82.33,13.433z
M81.242,11.813v-0.727c-1.156-0.02-1.734,0.297-1.734,0.95c0,0.246,0.066,0.43,0.201,0.553c0.135,0.123,0.307,0.184,0.512,0.184
c0.23,0,0.445-0.073,0.641-0.218c0.197-0.146,0.318-0.331,0.363-0.558C81.236,11.946,81.242,11.884,81.242,11.813z"/>
<path fill="#FFFFFF" d="M88.285,13.433h-0.93l-0.049-0.757h-0.029c-0.297,0.576-0.803,0.864-1.514,0.864
c-0.568,0-1.041-0.223-1.416-0.669s-0.562-1.025-0.562-1.736c0-0.763,0.203-1.381,0.611-1.853c0.395-0.44,0.879-0.66,1.455-0.66
c0.633,0,1.076,0.213,1.328,0.64h0.02V6.556h1.049v5.607C88.248,12.622,88.26,13.045,88.285,13.433z M87.199,11.445v-0.786
c0-0.136-0.01-0.246-0.029-0.33c-0.059-0.252-0.186-0.464-0.379-0.635c-0.195-0.171-0.43-0.257-0.701-0.257
c-0.391,0-0.697,0.155-0.922,0.466c-0.223,0.311-0.336,0.708-0.336,1.193c0,0.466,0.107,0.844,0.322,1.135
c0.227,0.31,0.533,0.465,0.916,0.465c0.344,0,0.619-0.129,0.828-0.388C87.1,12.069,87.199,11.781,87.199,11.445z"/>
<path fill="#FFFFFF" d="M97.248,11.037c0,0.725-0.207,1.319-0.621,1.785c-0.434,0.479-1.008,0.718-1.727,0.718
c-0.691,0-1.242-0.229-1.654-0.689c-0.41-0.459-0.615-1.038-0.615-1.736c0-0.73,0.211-1.329,0.635-1.794s0.994-0.698,1.713-0.698
c0.691,0,1.248,0.229,1.668,0.688C97.047,9.757,97.248,10.333,97.248,11.037z M96.162,11.071c0-0.435-0.094-0.808-0.281-1.119
c-0.221-0.376-0.533-0.564-0.941-0.564c-0.42,0-0.74,0.188-0.961,0.564c-0.188,0.311-0.281,0.69-0.281,1.138
c0,0.435,0.094,0.808,0.281,1.119c0.227,0.376,0.543,0.564,0.951,0.564c0.4,0,0.715-0.191,0.941-0.574
C96.064,11.882,96.162,11.506,96.162,11.071z"/>
<path fill="#FFFFFF" d="M102.883,13.433h-1.047v-2.7c0-0.832-0.316-1.248-0.951-1.248c-0.311,0-0.562,0.114-0.756,0.343
s-0.291,0.499-0.291,0.808v2.796h-1.049v-3.366c0-0.414-0.012-0.863-0.037-1.349h0.92l0.049,0.737h0.029
c0.123-0.229,0.305-0.418,0.543-0.569c0.285-0.176,0.602-0.265,0.951-0.265c0.439,0,0.805,0.142,1.096,0.427
c0.363,0.349,0.543,0.87,0.543,1.562V13.433z"/>
<path fill="#FFFFFF" d="M109.936,9.504h-1.154v2.29c0,0.582,0.205,0.873,0.611,0.873c0.188,0,0.344-0.016,0.467-0.049
l0.027,0.795c-0.207,0.078-0.479,0.117-0.814,0.117c-0.414,0-0.736-0.126-0.969-0.378c-0.234-0.252-0.35-0.676-0.35-1.271V9.504
h-0.689V8.719h0.689V7.855l1.027-0.31v1.173h1.154V9.504z"/>
<path fill="#FFFFFF" d="M115.484,13.433h-1.049v-2.68c0-0.845-0.316-1.268-0.949-1.268c-0.486,0-0.818,0.245-1,0.735
c-0.031,0.103-0.049,0.229-0.049,0.377v2.835h-1.047V6.556h1.047v2.841h0.02c0.33-0.517,0.803-0.775,1.416-0.775
c0.434,0,0.793,0.142,1.078,0.427c0.355,0.355,0.533,0.883,0.533,1.581V13.433z"/>
<path fill="#FFFFFF" d="M121.207,10.853c0,0.188-0.014,0.346-0.039,0.475h-3.143c0.014,0.466,0.164,0.821,0.455,1.067
c0.266,0.22,0.609,0.33,1.029,0.33c0.465,0,0.889-0.074,1.271-0.223l0.164,0.728c-0.447,0.194-0.973,0.291-1.582,0.291
c-0.73,0-1.305-0.215-1.721-0.645c-0.418-0.43-0.625-1.007-0.625-1.731c0-0.711,0.193-1.303,0.582-1.775
c0.406-0.504,0.955-0.756,1.648-0.756c0.678,0,1.193,0.252,1.541,0.756C121.068,9.77,121.207,10.265,121.207,10.853z
M120.207,10.582c0.008-0.311-0.061-0.579-0.203-0.805c-0.182-0.291-0.459-0.437-0.834-0.437c-0.342,0-0.621,0.142-0.834,0.427
c-0.174,0.227-0.277,0.498-0.311,0.815H120.207z"/>
</g>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 12 KiB

View File

@ -0,0 +1,429 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
id="svg2"
version="1.1"
inkscape:version="0.91 r13725"
xml:space="preserve"
width="135.71649"
height="40.018951"
viewBox="0 0 135.71649 40.018951"
sodipodi:docname="google-play-badge.svg"><metadata
id="metadata8"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
id="defs6"><linearGradient
x1="31.7997"
y1="183.2903"
x2="15.0173"
y2="166.5079"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
spreadMethod="pad"
id="linearGradient50"><stop
style="stop-opacity:1;stop-color:#00a0ff"
offset="0"
id="stop52" /><stop
style="stop-opacity:1;stop-color:#00a1ff"
offset="0.0066"
id="stop54" /><stop
style="stop-opacity:1;stop-color:#00beff"
offset="0.2601"
id="stop56" /><stop
style="stop-opacity:1;stop-color:#00d2ff"
offset="0.5122"
id="stop58" /><stop
style="stop-opacity:1;stop-color:#00dfff"
offset="0.7604"
id="stop60" /><stop
style="stop-opacity:1;stop-color:#00e3ff"
offset="1"
id="stop62" /></linearGradient><linearGradient
x1="43.8344"
y1="171.9986"
x2="19.637501"
y2="171.9986"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
spreadMethod="pad"
id="linearGradient68"><stop
style="stop-opacity:1;stop-color:#ffe000"
offset="0"
id="stop70" /><stop
style="stop-opacity:1;stop-color:#ffbd00"
offset="0.4087"
id="stop72" /><stop
style="stop-opacity:1;stop-color:#ffa500"
offset="0.7754"
id="stop74" /><stop
style="stop-opacity:1;stop-color:#ff9c00"
offset="1"
id="stop76" /></linearGradient><linearGradient
x1="34.827"
y1="169.7039"
x2="12.0687"
y2="146.9456"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
spreadMethod="pad"
id="linearGradient82"><stop
style="stop-opacity:1;stop-color:#ff3a44"
offset="0"
id="stop84" /><stop
style="stop-opacity:1;stop-color:#c31162"
offset="1"
id="stop86" /></linearGradient><linearGradient
x1="17.2973"
y1="191.82381"
x2="27.4599"
y2="181.6613"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.8,0,0,-0.8,0,161.6)"
spreadMethod="pad"
id="linearGradient92"><stop
style="stop-opacity:1;stop-color:#32a071"
offset="0"
id="stop94" /><stop
style="stop-opacity:1;stop-color:#2da771"
offset="0.0685"
id="stop96" /><stop
style="stop-opacity:1;stop-color:#15cf74"
offset="0.4762"
id="stop98" /><stop
style="stop-opacity:1;stop-color:#06e775"
offset="0.8009"
id="stop100" /><stop
style="stop-opacity:1;stop-color:#00f076"
offset="1"
id="stop102" /></linearGradient><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath110"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path112"
inkscape:connector-curvature="0" /></clipPath><mask
maskUnits="userSpaceOnUse"
x="0"
y="0"
width="1"
height="1"
id="mask114"><g
id="g116"><g
clip-path="url(#clipPath110)"
id="g118"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:#000000;fill-opacity:0.2;fill-rule:nonzero;stroke:none"
id="path120"
inkscape:connector-curvature="0" /></g></g></mask><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath126"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path128"
inkscape:connector-curvature="0" /></clipPath><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath130"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path132"
inkscape:connector-curvature="0" /></clipPath><pattern
patternTransform="matrix(1,0,0,-1,0,48)"
patternUnits="userSpaceOnUse"
x="0"
y="0"
width="124"
height="48"
id="pattern134"><g
id="g136" /><g
id="g138"><g
clip-path="url(#clipPath130)"
id="g140"><g
id="g142"><path
d="M 29.625,20.695 18.012,14.098 C 17.363,13.727 16.781,13.754 16.406,14.09 l -0.058,-0.063 0.058,-0.058 c 0.375,-0.336 0.957,-0.36 1.606,0.011 l 11.687,6.641 -0.074,0.074 z"
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path144" /></g></g></g></pattern><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath158"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path160"
inkscape:connector-curvature="0" /></clipPath><mask
maskUnits="userSpaceOnUse"
x="0"
y="0"
width="1"
height="1"
id="mask162"><g
id="g164"><g
clip-path="url(#clipPath158)"
id="g166"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:#000000;fill-opacity:0.12000002;fill-rule:nonzero;stroke:none"
id="path168"
inkscape:connector-curvature="0" /></g></g></mask><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath174"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path176"
inkscape:connector-curvature="0" /></clipPath><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath178"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path180"
inkscape:connector-curvature="0" /></clipPath><pattern
patternTransform="matrix(1,0,0,-1,0,48)"
patternUnits="userSpaceOnUse"
x="0"
y="0"
width="124"
height="48"
id="pattern182"><g
id="g184" /><g
id="g186"><g
clip-path="url(#clipPath178)"
id="g188"><g
id="g190"><path
d="m 16.348,14.145 c -0.235,0.246 -0.371,0.628 -0.371,1.125 l 0,-0.118 c 0,-0.496 0.136,-0.879 0.371,-1.125 l 0.058,0.063 -0.058,0.055 z"
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path192" /></g></g></g></pattern><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath206"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path208"
inkscape:connector-curvature="0" /></clipPath><mask
maskUnits="userSpaceOnUse"
x="0"
y="0"
width="1"
height="1"
id="mask210"><g
id="g212"><g
clip-path="url(#clipPath206)"
id="g214"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:#000000;fill-opacity:0.12000002;fill-rule:nonzero;stroke:none"
id="path216"
inkscape:connector-curvature="0" /></g></g></mask><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath222"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path224"
inkscape:connector-curvature="0" /></clipPath><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath226"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path228"
inkscape:connector-curvature="0" /></clipPath><pattern
patternTransform="matrix(1,0,0,-1,0,48)"
patternUnits="userSpaceOnUse"
x="0"
y="0"
width="124"
height="48"
id="pattern230"><g
id="g232" /><g
id="g234"><g
clip-path="url(#clipPath226)"
id="g236"><g
id="g238"><path
d="m 33.613,22.961 -3.988,-2.266 0.074,-0.074 3.914,2.223 c 0.559,0.316 0.836,0.734 0.836,1.156 -0.047,-0.379 -0.332,-0.75 -0.836,-1.039 z"
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path240" /></g></g></g></pattern><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath254"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path256"
inkscape:connector-curvature="0" /></clipPath><mask
maskUnits="userSpaceOnUse"
x="0"
y="0"
width="1"
height="1"
id="mask258"><g
id="g260"><g
clip-path="url(#clipPath254)"
id="g262"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:#000000;fill-opacity:0.25;fill-rule:nonzero;stroke:none"
id="path264"
inkscape:connector-curvature="0" /></g></g></mask><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath270"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path272"
inkscape:connector-curvature="0" /></clipPath><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath274"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
id="path276"
inkscape:connector-curvature="0" /></clipPath><pattern
patternTransform="matrix(1,0,0,-1,0,48)"
patternUnits="userSpaceOnUse"
x="0"
y="0"
width="124"
height="48"
id="pattern278"><g
id="g280" /><g
id="g282"><g
clip-path="url(#clipPath274)"
id="g284"><g
id="g286"><path
d="m 18.012,33.902 15.601,-8.863 c 0.508,-0.289 0.789,-0.66 0.836,-1.039 0,0.418 -0.277,0.836 -0.836,1.156 L 18.012,34.02 c -1.117,0.632 -2.035,0.105 -2.035,-1.176 l 0,-0.114 c 0,1.278 0.918,1.805 2.035,1.172 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path288" /></g></g></g></pattern></defs><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1366"
inkscape:window-height="705"
id="namedview4"
showgrid="false"
inkscape:zoom="7.6276974"
inkscape:cx="93.965168"
inkscape:cy="29.61582"
inkscape:window-x="-8"
inkscape:window-y="-8"
inkscape:window-maximized="1"
inkscape:current-layer="g10" /><g
id="g10"
inkscape:groupmode="layer"
inkscape:label="google-play-badge"
transform="matrix(1.25,0,0,-1.25,-9.4247625,49.85025)"><g
id="g12"
transform="matrix(1.0023923,0,0,0.99072975,-0.29664807,0)"><path
d="M 112,8 12,8 C 9.801,8 8,9.801 8,12 l 0,24 c 0,2.199 1.801,4 4,4 l 100,0 c 2.199,0 4,-1.801 4,-4 l 0,-24 c 0,-2.199 -1.801,-4 -4,-4 z"
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path14"
inkscape:connector-curvature="0" /><path
d="m 112,39.359 c 1.852,0 3.359,-1.507 3.359,-3.359 l 0,-24 c 0,-1.852 -1.507,-3.359 -3.359,-3.359 l -100,0 c -1.852,0 -3.359,1.507 -3.359,3.359 l 0,24 c 0,1.852 1.507,3.359 3.359,3.359 l 100,0 M 112,40 12,40 C 9.801,40 8,38.199 8,36 L 8,12 C 8,9.801 9.801,8 12,8 l 100,0 c 2.199,0 4,1.801 4,4 l 0,24 c 0,2.199 -1.801,4 -4,4 z"
style="fill:#a6a6a6;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path16"
inkscape:connector-curvature="0" /><g
id="g18"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 45.934,16.195 c 0,0.668 -0.2,1.203 -0.594,1.602 -0.453,0.473 -1.043,0.711 -1.766,0.711 -0.691,0 -1.281,-0.242 -1.765,-0.719 -0.485,-0.484 -0.727,-1.078 -0.727,-1.789 0,-0.711 0.242,-1.305 0.727,-1.785 0.484,-0.481 1.074,-0.723 1.765,-0.723 0.344,0 0.672,0.071 0.985,0.203 0.312,0.133 0.566,0.313 0.75,0.535 l -0.418,0.422 c -0.321,-0.379 -0.758,-0.566 -1.317,-0.566 -0.504,0 -0.941,0.176 -1.312,0.531 -0.367,0.356 -0.551,0.817 -0.551,1.383 0,0.566 0.184,1.031 0.551,1.387 0.371,0.351 0.808,0.531 1.312,0.531 0.535,0 0.985,-0.18 1.34,-0.535 0.234,-0.235 0.367,-0.559 0.402,-0.973 l -1.742,0 0,-0.578 2.324,0 c 0.028,0.125 0.036,0.246 0.036,0.363 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path20"
inkscape:connector-curvature="0" /></g><g
id="g22"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 49.621,14.191 -2.183,0 0,1.52 1.968,0 0,0.578 -1.968,0 0,1.52 2.183,0 0,0.589 -2.801,0 0,-4.796 2.801,0 0,0.589 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path24"
inkscape:connector-curvature="0" /></g><g
id="g26"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 52.223,18.398 -0.618,0 0,-4.207 -1.339,0 0,-0.589 3.297,0 0,0.589 -1.34,0 0,4.207 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path28"
inkscape:connector-curvature="0" /></g><g
id="g30"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 55.949,18.398 0,-4.796 0.617,0 0,4.796 -0.617,0 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path32"
inkscape:connector-curvature="0" /></g><g
id="g34"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 59.301,18.398 -0.613,0 0,-4.207 -1.344,0 0,-0.589 3.301,0 0,0.589 -1.344,0 0,4.207 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path36"
inkscape:connector-curvature="0" /></g><g
id="g38"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 66.887,17.781 c -0.473,0.485 -1.059,0.727 -1.758,0.727 -0.703,0 -1.289,-0.242 -1.762,-0.727 C 62.895,17.297 62.66,16.703 62.66,16 c 0,-0.703 0.235,-1.297 0.707,-1.781 0.473,-0.485 1.059,-0.727 1.762,-0.727 0.695,0 1.281,0.242 1.754,0.731 0.476,0.488 0.711,1.078 0.711,1.777 0,0.703 -0.235,1.297 -0.707,1.781 z m -3.063,-0.402 c 0.356,0.359 0.789,0.539 1.305,0.539 0.512,0 0.949,-0.18 1.301,-0.539 0.355,-0.359 0.535,-0.82 0.535,-1.379 0,-0.559 -0.18,-1.02 -0.535,-1.379 -0.352,-0.359 -0.789,-0.539 -1.301,-0.539 -0.516,0 -0.949,0.18 -1.305,0.539 -0.355,0.359 -0.535,0.82 -0.535,1.379 0,0.559 0.18,1.02 0.535,1.379 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path40"
inkscape:connector-curvature="0" /></g><g
id="g42"
transform="matrix(1,0,0,-1,0,48)"><path
d="m 68.461,18.398 0,-4.796 0.75,0 2.332,3.73 0.027,0 -0.027,-0.922 0,-2.808 0.617,0 0,4.796 -0.644,0 -2.442,-3.914 -0.027,0 0.027,0.926 0,2.988 -0.613,0 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#ffffff;stroke-width:0.16;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path44"
inkscape:connector-curvature="0" /></g><path
d="m 62.508,22.598 c -1.879,0 -3.414,-1.43 -3.414,-3.403 0,-1.957 1.535,-3.402 3.414,-3.402 1.883,0 3.418,1.445 3.418,3.402 0,1.973 -1.535,3.403 -3.418,3.403 z m 0,-5.465 c -1.031,0 -1.918,0.851 -1.918,2.062 0,1.227 0.887,2.063 1.918,2.063 1.031,0 1.922,-0.836 1.922,-2.063 0,-1.211 -0.891,-2.062 -1.922,-2.062 z m -7.449,5.465 c -1.883,0 -3.414,-1.43 -3.414,-3.403 0,-1.957 1.531,-3.402 3.414,-3.402 1.882,0 3.414,1.445 3.414,3.402 0,1.973 -1.532,3.403 -3.414,3.403 z m 0,-5.465 c -1.032,0 -1.922,0.851 -1.922,2.062 0,1.227 0.89,2.063 1.922,2.063 1.031,0 1.918,-0.836 1.918,-2.063 0,-1.211 -0.887,-2.062 -1.918,-2.062 z m -8.864,4.422 0,-1.446 3.453,0 c -0.101,-0.808 -0.371,-1.402 -0.785,-1.816 -0.504,-0.5 -1.289,-1.055 -2.668,-1.055 -2.125,0 -3.789,1.715 -3.789,3.84 0,2.125 1.664,3.84 3.789,3.84 1.149,0 1.985,-0.449 2.602,-1.031 l 1.019,1.019 c -0.863,0.824 -2.011,1.457 -3.621,1.457 -2.914,0 -5.363,-2.371 -5.363,-5.285 0,-2.914 2.449,-5.285 5.363,-5.285 1.575,0 2.758,0.516 3.688,1.484 0.953,0.953 1.25,2.293 1.25,3.375 0,0.336 -0.028,0.645 -0.078,0.903 l -4.86,0 z m 36.246,-1.121 c -0.281,0.761 -1.148,2.164 -2.914,2.164 -1.75,0 -3.207,-1.379 -3.207,-3.403 0,-1.906 1.442,-3.402 3.375,-3.402 1.563,0 2.465,0.953 2.836,1.508 l -1.16,0.773 c -0.387,-0.566 -0.914,-0.941 -1.676,-0.941 -0.757,0 -1.3,0.347 -1.648,1.031 l 4.551,1.883 -0.157,0.387 z m -4.64,-1.133 c -0.039,1.312 1.019,1.984 1.777,1.984 0.594,0 1.098,-0.297 1.266,-0.722 L 77.801,19.301 Z M 74.102,16 l 1.496,0 0,10 -1.496,0 0,-10 z m -2.45,5.84 -0.05,0 c -0.336,0.398 -0.977,0.758 -1.789,0.758 -1.704,0 -3.262,-1.496 -3.262,-3.414 0,-1.907 1.558,-3.391 3.262,-3.391 0.812,0 1.453,0.363 1.789,0.773 l 0.05,0 0,-0.488 c 0,-1.301 -0.695,-2 -1.816,-2 -0.914,0 -1.481,0.66 -1.715,1.215 L 66.82,14.75 c 0.375,-0.902 1.368,-2.012 3.016,-2.012 1.754,0 3.234,1.032 3.234,3.543 l 0,6.11 -1.418,0 0,-0.551 z m -1.711,-4.707 c -1.031,0 -1.894,0.863 -1.894,2.051 0,1.199 0.863,2.074 1.894,2.074 1.016,0 1.817,-0.875 1.817,-2.074 0,-1.188 -0.801,-2.051 -1.817,-2.051 z M 89.445,26 l -3.578,0 0,-10 1.492,0 0,3.789 2.086,0 c 1.657,0 3.282,1.199 3.282,3.106 0,1.906 -1.629,3.105 -3.282,3.105 z m 0.039,-4.82 -2.125,0 0,3.429 2.125,0 c 1.114,0 1.75,-0.925 1.75,-1.714 0,-0.774 -0.636,-1.715 -1.75,-1.715 z m 9.223,1.437 c -1.078,0 -2.199,-0.476 -2.66,-1.531 l 1.324,-0.555 c 0.285,0.555 0.809,0.735 1.363,0.735 0.774,0 1.559,-0.465 1.571,-1.286 l 0,-0.105 c -0.27,0.156 -0.848,0.387 -1.559,0.387 -1.426,0 -2.879,-0.785 -2.879,-2.25 0,-1.34 1.168,-2.203 2.481,-2.203 1.004,0 1.558,0.453 1.906,0.98 l 0.051,0 0,-0.773 1.441,0 0,3.836 c 0,1.773 -1.324,2.765 -3.039,2.765 z m -0.18,-5.48 c -0.488,0 -1.168,0.242 -1.168,0.847 0,0.774 0.848,1.071 1.582,1.071 0.657,0 0.965,-0.145 1.364,-0.336 -0.117,-0.926 -0.914,-1.582 -1.778,-1.582 z m 8.469,5.261 -1.715,-4.335 -0.051,0 -1.773,4.335 -1.609,0 2.664,-6.058 -1.52,-3.371 1.559,0 4.105,9.429 -1.66,0 z M 93.547,16 l 1.496,0 0,10 -1.496,0 0,-10 z"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path46"
inkscape:connector-curvature="0" /><g
id="g48"><path
d="M 16.348,33.969 C 16.113,33.723 15.977,33.34 15.977,32.844 l 0,-17.692 c 0,-0.496 0.136,-0.879 0.371,-1.125 l 0.058,-0.054 9.914,9.91 0,0.234 -9.914,9.91 -0.058,-0.058 z"
style="fill:url(#linearGradient50);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path64"
inkscape:connector-curvature="0" /></g><g
id="g66"><path
d="m 29.621,20.578 -3.301,3.305 0,0.234 3.305,3.305 0.074,-0.043 3.914,-2.227 c 1.117,-0.632 1.117,-1.672 0,-2.308 l -3.914,-2.223 -0.078,-0.043 z"
style="fill:url(#linearGradient68);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path78"
inkscape:connector-curvature="0" /></g><g
id="g80"><path
d="M 29.699,20.621 26.32,24 16.348,14.027 c 0.371,-0.39 0.976,-0.437 1.664,-0.047 l 11.687,6.641"
style="fill:url(#linearGradient82);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path88"
inkscape:connector-curvature="0" /></g><g
id="g90"><path
d="M 29.699,27.379 18.012,34.02 c -0.688,0.386 -1.293,0.339 -1.664,-0.051 L 26.32,24 l 3.379,3.379 z"
style="fill:url(#linearGradient92);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path104"
inkscape:connector-curvature="0" /></g><g
id="g106"><g
id="g108" /><g
id="g122"
mask="url(#mask114)"><g
id="g124" /><g
id="g146"><g
clip-path="url(#clipPath126)"
id="g148"><g
id="g150"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:url(#pattern134);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path152"
inkscape:connector-curvature="0" /></g></g></g></g></g><g
id="g154"><g
id="g156" /><g
id="g170"
mask="url(#mask162)"><g
id="g172" /><g
id="g194"><g
clip-path="url(#clipPath174)"
id="g196"><g
id="g198"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:url(#pattern182);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path200"
inkscape:connector-curvature="0" /></g></g></g></g></g><g
id="g202"><g
id="g204" /><g
id="g218"
mask="url(#mask210)"><g
id="g220" /><g
id="g242"><g
clip-path="url(#clipPath222)"
id="g244"><g
id="g246"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:url(#pattern230);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path248"
inkscape:connector-curvature="0" /></g></g></g></g></g><g
id="g250"><g
id="g252" /><g
id="g266"
mask="url(#mask258)"><g
id="g268" /><g
id="g290"><g
clip-path="url(#clipPath270)"
id="g292"><g
id="g294"><path
d="M 0,0 124,0 124,48 0,48 0,0 Z"
style="fill:url(#pattern278);fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path296"
inkscape:connector-curvature="0" /></g></g></g></g></g></g></g></svg>

After

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.9 KiB

View File

@ -0,0 +1,34 @@
import FirstFactorValidator = require("./lib/firstfactor/FirstFactorValidator");
import FirstFactor from "./lib/firstfactor/index";
import SecondFactor from "./lib/secondfactor/index";
import TOTPRegister from "./lib/totp-register/totp-register";
import U2fRegister from "./lib/u2f-register/u2f-register";
import ResetPasswordRequest from "./lib/reset-password/reset-password-request";
import ResetPasswordForm from "./lib/reset-password/reset-password-form";
import jslogger = require("js-logger");
import jQuery = require("jquery");
import Endpoints = require("../../shared/api");
jslogger.useDefaults();
jslogger.setLevel(jslogger.INFO);
(function () {
(<any>window).jQuery = jQuery;
require("bootstrap");
jQuery('[data-toggle="tooltip"]').tooltip();
if (window.location.pathname == Endpoints.FIRST_FACTOR_GET)
FirstFactor(window, jQuery, FirstFactorValidator, jslogger);
else if (window.location.pathname == Endpoints.SECOND_FACTOR_GET)
SecondFactor(window, jQuery, (global as any).u2f);
else if (window.location.pathname == Endpoints.SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET)
TOTPRegister(window, jQuery);
else if (window.location.pathname == Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET)
U2fRegister(window, jQuery, (global as any).u2f);
else if (window.location.pathname == Endpoints.RESET_PASSWORD_IDENTITY_FINISH_GET)
ResetPasswordForm(window, jQuery);
else if (window.location.pathname == Endpoints.RESET_PASSWORD_REQUEST_GET)
ResetPasswordRequest(window, jQuery);
})();

View File

@ -0,0 +1,14 @@
import BluebirdPromise = require("bluebird");
export default function ($: JQueryStatic, url: string, data: Object, fn: any,
dataType: string): BluebirdPromise<any> {
return new BluebirdPromise<any>((resolve, reject) => {
$.get(url, {}, undefined, dataType)
.done((data: any) => {
resolve(data);
})
.fail((xhr: JQueryXHR, textStatus: string) => {
reject(textStatus);
});
});
}

View File

@ -0,0 +1,14 @@
declare type Handler = () => void;
export interface Handlers {
onFadedIn: Handler;
onFadedOut: Handler;
}
export interface INotifier {
success(msg: string, handlers?: Handlers): void;
error(msg: string, handlers?: Handlers): void;
warning(msg: string, handlers?: Handlers): void;
info(msg: string, handlers?: Handlers): void;
}

View File

@ -0,0 +1,83 @@
import util = require("util");
import { INotifier, Handlers } from "./INotifier";
class NotificationEvent {
private element: JQuery;
private message: string;
private statusType: string;
private timeoutId: any;
constructor(element: JQuery, msg: string, statusType: string) {
this.message = msg;
this.statusType = statusType;
this.element = element;
}
private clearNotification() {
this.element.removeClass(this.statusType);
this.element.html("");
}
start(handlers?: Handlers) {
const that = this;
const FADE_TIME = 500;
const html = util.format('<i><img src="/img/notifications/%s.png" alt="status %s"/></i>\
<span>%s</span>', this.statusType, this.statusType, this.message);
this.element.html(html);
this.element.addClass(this.statusType);
this.element.fadeIn(FADE_TIME, function () {
if (handlers)
handlers.onFadedIn();
});
this.timeoutId = setTimeout(function () {
that.element.fadeOut(FADE_TIME, function () {
that.clearNotification();
if (handlers)
handlers.onFadedOut();
});
}, 4000);
}
interrupt() {
this.clearNotification();
this.element.hide();
clearTimeout(this.timeoutId);
}
}
export class Notifier implements INotifier {
private element: JQuery;
private onGoingEvent: NotificationEvent;
constructor(selector: string, $: JQueryStatic) {
this.element = $(selector);
this.onGoingEvent = undefined;
}
private displayAndFadeout(msg: string, statusType: string, handlers?: Handlers): void {
if (this.onGoingEvent)
this.onGoingEvent.interrupt();
this.onGoingEvent = new NotificationEvent(this.element, msg, statusType);
this.onGoingEvent.start(handlers);
}
success(msg: string, handlers?: Handlers) {
this.displayAndFadeout(msg, "success", handlers);
}
error(msg: string, handlers?: Handlers) {
this.displayAndFadeout(msg, "error", handlers);
}
warning(msg: string, handlers?: Handlers) {
this.displayAndFadeout(msg, "warning", handlers);
}
info(msg: string, handlers?: Handlers) {
this.displayAndFadeout(msg, "info", handlers);
}
}

View File

@ -0,0 +1,12 @@
export class QueryParametersRetriever {
static get(name: string, url?: string): string {
if (!url) url = window.location.href;
name = name.replace(/[\[\]]/g, "\\$&");
const regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
results = regex.exec(url);
if (!results) return undefined;
if (!results[2]) return "";
return decodeURIComponent(results[2].replace(/\+/g, " "));
}
}

View File

@ -0,0 +1,10 @@
import { BelongToDomain } from "../../../shared/BelongToDomain";
export function SafeRedirect(url: string, cb: () => void): void {
const domain = window.location.hostname.split(".").slice(-2).join(".");
if (url.startsWith("/") || BelongToDomain(url, domain)) {
window.location.href = url;
return;
}
cb();
}

View File

@ -0,0 +1,46 @@
import BluebirdPromise = require("bluebird");
import Endpoints = require("../../../../shared/api");
import Constants = require("../../../../shared/constants");
import Util = require("util");
import UserMessages = require("../../../../shared/UserMessages");
export function validate(username: string, password: string,
keepMeLoggedIn: boolean, redirectUrl: string, $: JQueryStatic)
: BluebirdPromise<string> {
return new BluebirdPromise<string>(function (resolve, reject) {
let url: string;
if (redirectUrl != undefined) {
const redirectParam = Util.format("%s=%s", Constants.REDIRECT_QUERY_PARAM, redirectUrl);
url = Util.format("%s?%s", Endpoints.FIRST_FACTOR_POST, redirectParam);
}
else {
url = Util.format("%s", Endpoints.FIRST_FACTOR_POST);
}
const data: any = {
username: username,
password: password,
};
if (keepMeLoggedIn) {
data.keepMeLoggedIn = "true";
}
$.ajax({
method: "POST",
url: url,
data: data
})
.done(function (body: any) {
if (body && body.error) {
reject(new Error(body.error));
return;
}
resolve(body.redirect);
})
.fail(function (xhr: JQueryXHR, textStatus: string) {
reject(new Error(UserMessages.AUTHENTICATION_FAILED));
});
});
}

View File

@ -0,0 +1,5 @@
export const USERNAME_FIELD_ID = "#username";
export const PASSWORD_FIELD_ID = "#password";
export const SIGN_IN_BUTTON_ID = "#signin";
export const KEEP_ME_LOGGED_IN_ID = "#keep_me_logged_in";

View File

@ -0,0 +1,49 @@
import FirstFactorValidator = require("./FirstFactorValidator");
import JSLogger = require("js-logger");
import UISelectors = require("./UISelectors");
import { Notifier } from "../Notifier";
import { QueryParametersRetriever } from "../QueryParametersRetriever";
import Constants = require("../../../../shared/constants");
import Endpoints = require("../../../../shared/api");
import UserMessages = require("../../../../shared/UserMessages");
import { SafeRedirect } from "../SafeRedirect";
export default function (window: Window, $: JQueryStatic,
firstFactorValidator: typeof FirstFactorValidator, jslogger: typeof JSLogger) {
const notifier = new Notifier(".notification", $);
function onFormSubmitted() {
const username: string = $(UISelectors.USERNAME_FIELD_ID).val() as string;
const password: string = $(UISelectors.PASSWORD_FIELD_ID).val() as string;
const keepMeLoggedIn: boolean = $(UISelectors.KEEP_ME_LOGGED_IN_ID).is(":checked");
$("form").css("opacity", 0.5);
$("input,button").attr("disabled", "true");
$(UISelectors.SIGN_IN_BUTTON_ID).text("Please wait...");
const redirectUrl = QueryParametersRetriever.get(Constants.REDIRECT_QUERY_PARAM);
firstFactorValidator.validate(username, password, keepMeLoggedIn, redirectUrl, $)
.then(onFirstFactorSuccess, onFirstFactorFailure);
return false;
}
function onFirstFactorSuccess(redirectUrl: string) {
SafeRedirect(redirectUrl, () => {
notifier.error("Cannot redirect to an external domain.");
});
}
function onFirstFactorFailure(err: Error) {
$("input,button").removeAttr("disabled");
$("form").css("opacity", 1);
notifier.error(UserMessages.AUTHENTICATION_FAILED);
$(UISelectors.PASSWORD_FIELD_ID).select();
$(UISelectors.SIGN_IN_BUTTON_ID).text("Sign in");
}
$(window.document).ready(function () {
$("form").on("submit", onFormSubmitted);
});
}

View File

@ -0,0 +1,2 @@
export const FORM_SELECTOR = ".form-signin";

View File

@ -0,0 +1,57 @@
import BluebirdPromise = require("bluebird");
import Endpoints = require("../../../../shared/api");
import UserMessages = require("../../../../shared/UserMessages");
import Constants = require("./constants");
import { Notifier } from "../Notifier";
export default function (window: Window, $: JQueryStatic) {
const notifier = new Notifier(".notification", $);
function modifyPassword(newPassword: string) {
return new BluebirdPromise(function (resolve, reject) {
$.post(Endpoints.RESET_PASSWORD_FORM_POST, {
password: newPassword,
})
.done(function (body: any) {
if (body && body.error) {
reject(new Error(body.error));
return;
}
resolve(body);
})
.fail(function (xhr, status) {
reject(status);
});
});
}
function onFormSubmitted() {
const password1 = $("#password1").val() as string;
const password2 = $("#password2").val() as string;
if (!password1 || !password2) {
notifier.warning(UserMessages.MISSING_PASSWORD);
return false;
}
if (password1 != password2) {
notifier.warning(UserMessages.DIFFERENT_PASSWORDS);
return false;
}
modifyPassword(password1)
.then(function () {
window.location.href = Endpoints.FIRST_FACTOR_GET;
})
.error(function () {
notifier.error(UserMessages.RESET_PASSWORD_FAILED);
});
return false;
}
$(document).ready(function () {
$(Constants.FORM_SELECTOR).on("submit", onFormSubmitted);
});
}

View File

@ -0,0 +1,56 @@
import BluebirdPromise = require("bluebird");
import Endpoints = require("../../../../shared/api");
import UserMessages = require("../../../../shared/UserMessages");
import Constants = require("./constants");
import jslogger = require("js-logger");
import { Notifier } from "../Notifier";
export default function (window: Window, $: JQueryStatic) {
const notifier = new Notifier(".notification", $);
function requestPasswordReset(username: string) {
return new BluebirdPromise(function (resolve, reject) {
$.get(Endpoints.RESET_PASSWORD_IDENTITY_START_GET, {
userid: username,
})
.done(function (body: any) {
if (body && body.error) {
reject(new Error(body.error));
return;
}
resolve();
})
.fail(function (xhr: JQueryXHR, textStatus: string) {
reject(new Error(textStatus));
});
});
}
function onFormSubmitted() {
const username = $("#username").val() as string;
if (!username) {
notifier.warning(UserMessages.MISSING_USERNAME);
return;
}
requestPasswordReset(username)
.then(function () {
notifier.success(UserMessages.MAIL_SENT);
setTimeout(function () {
window.location.replace(Endpoints.FIRST_FACTOR_GET);
}, 1000);
})
.error(function () {
notifier.error(UserMessages.MAIL_NOT_SENT);
});
return false;
}
$(document).ready(function () {
$(Constants.FORM_SELECTOR).on("submit", onFormSubmitted);
});
}

View File

@ -0,0 +1,28 @@
import BluebirdPromise = require("bluebird");
import Endpoints = require("../../../../shared/api");
import { RedirectionMessage } from "../../../../shared/RedirectionMessage";
import { ErrorMessage } from "../../../../shared/ErrorMessage";
export function validate(token: string, $: JQueryStatic): BluebirdPromise<string> {
return new BluebirdPromise<string>(function (resolve, reject) {
$.ajax({
url: Endpoints.SECOND_FACTOR_TOTP_POST,
data: {
token: token,
},
method: "POST",
dataType: "json"
} as JQueryAjaxSettings)
.done(function (body: RedirectionMessage | ErrorMessage) {
if (body && "error" in body) {
reject(new Error((body as ErrorMessage).error));
return;
}
resolve((body as RedirectionMessage).redirect);
})
.fail(function (xhr: JQueryXHR, textStatus: string) {
reject(new Error(textStatus));
});
});
}

View File

@ -0,0 +1,42 @@
import U2f = require("u2f");
import U2fApi from "u2f-api";
import BluebirdPromise = require("bluebird");
import Endpoints = require("../../../../shared/api");
import UserMessages = require("../../../../shared/UserMessages");
import { INotifier } from "../INotifier";
import { RedirectionMessage } from "../../../../shared/RedirectionMessage";
import { ErrorMessage } from "../../../../shared/ErrorMessage";
import GetPromised from "../GetPromised";
function finishU2fAuthentication(responseData: U2fApi.SignResponse,
$: JQueryStatic): BluebirdPromise<string> {
return new BluebirdPromise<string>(function (resolve, reject) {
$.ajax({
url: Endpoints.SECOND_FACTOR_U2F_SIGN_POST,
data: responseData,
method: "POST",
dataType: "json"
} as JQueryAjaxSettings)
.done(function (body: RedirectionMessage | ErrorMessage) {
if (body && "error" in body) {
reject(new Error((body as ErrorMessage).error));
return;
}
resolve((body as RedirectionMessage).redirect);
})
.fail(function (xhr: JQueryXHR, textStatus: string) {
reject(new Error(textStatus));
});
});
}
export function validate($: JQueryStatic): BluebirdPromise<string> {
return GetPromised($, Endpoints.SECOND_FACTOR_U2F_SIGN_REQUEST_GET, {},
undefined, "json")
.then(function (signRequest: U2f.Request) {
return U2fApi.sign(signRequest, 60);
})
.then(function (signResponse: U2fApi.SignResponse) {
return finishU2fAuthentication(signResponse, $);
});
}

View File

@ -0,0 +1,3 @@
export const TOTP_FORM_SELECTOR = ".form-signin.totp";
export const TOTP_TOKEN_SELECTOR = ".form-signin #token";

View File

@ -0,0 +1,59 @@
import TOTPValidator = require("./TOTPValidator");
import U2FValidator = require("./U2FValidator");
import ClientConstants = require("./constants");
import { Notifier } from "../Notifier";
import { QueryParametersRetriever } from "../QueryParametersRetriever";
import UserMessages = require("../../../../shared/UserMessages");
import SharedConstants = require("../../../../shared/constants");
import { SafeRedirect } from "../SafeRedirect";
export default function (window: Window, $: JQueryStatic) {
const notifier = new Notifier(".notification", $);
function onAuthenticationSuccess(serverRedirectUrl: string) {
const queryRedirectUrl = QueryParametersRetriever.get(SharedConstants.REDIRECT_QUERY_PARAM);
if (queryRedirectUrl) {
SafeRedirect(queryRedirectUrl, () => {
notifier.error(UserMessages.CANNOT_REDIRECT_TO_EXTERNAL_DOMAIN);
});
} else if (serverRedirectUrl) {
SafeRedirect(serverRedirectUrl, () => {
notifier.error(UserMessages.CANNOT_REDIRECT_TO_EXTERNAL_DOMAIN);
});
} else {
notifier.success(UserMessages.AUTHENTICATION_SUCCEEDED);
}
}
function onSecondFactorTotpSuccess(redirectUrl: string) {
onAuthenticationSuccess(redirectUrl);
}
function onSecondFactorTotpFailure(err: Error) {
notifier.error(UserMessages.AUTHENTICATION_TOTP_FAILED);
}
function onU2fAuthenticationSuccess(redirectUrl: string) {
onAuthenticationSuccess(redirectUrl);
}
function onU2fAuthenticationFailure() {
// TODO(clems4ever): we should not display this error message until a device
// is registered.
// notifier.error(UserMessages.AUTHENTICATION_U2F_FAILED);
}
function onTOTPFormSubmitted(): boolean {
const token = $(ClientConstants.TOTP_TOKEN_SELECTOR).val() as string;
TOTPValidator.validate(token, $)
.then(onSecondFactorTotpSuccess)
.catch(onSecondFactorTotpFailure);
return false;
}
$(window.document).ready(function () {
$(ClientConstants.TOTP_FORM_SELECTOR).on("submit", onTOTPFormSubmitted);
U2FValidator.validate($)
.then(onU2fAuthenticationSuccess, onU2fAuthenticationFailure);
});
}

View File

@ -0,0 +1,11 @@
import jslogger = require("js-logger");
import UISelector = require("./ui-selector");
export default function(window: Window, $: JQueryStatic) {
jslogger.debug("Creating QRCode from OTPAuth url");
const qrcode = $(UISelector.QRCODE_ID_SELECTOR);
const val = qrcode.text();
qrcode.empty();
new (window as any).QRCode(qrcode.get(0), val);
}

View File

@ -0,0 +1,2 @@
export const QRCODE_ID_SELECTOR = "#qrcode";

View File

@ -0,0 +1,56 @@
import BluebirdPromise = require("bluebird");
import U2f = require("u2f");
import * as U2fApi from "u2f-api";
import { Notifier } from "../Notifier";
import GetPromised from "../GetPromised";
import Endpoints = require("../../../../shared/api");
import UserMessages = require("../../../../shared/UserMessages");
import { RedirectionMessage } from "../../../../shared/RedirectionMessage";
import { ErrorMessage } from "../../../../shared/ErrorMessage";
import { SafeRedirect } from "../SafeRedirect";
export default function (window: Window, $: JQueryStatic) {
const notifier = new Notifier(".notification", $);
function checkRegistration(regResponse: U2fApi.RegisterResponse): BluebirdPromise<string> {
return new BluebirdPromise<string>(function (resolve, reject) {
$.post(Endpoints.SECOND_FACTOR_U2F_REGISTER_POST, regResponse, undefined, "json")
.done((body: RedirectionMessage | ErrorMessage) => {
if (body && "error" in body) {
reject(new Error((body as ErrorMessage).error));
return;
}
resolve((body as RedirectionMessage).redirect);
})
.fail((xhr, status) => {
reject(new Error("Failed to register device."));
});
});
}
function requestRegistration(): BluebirdPromise<string> {
return GetPromised($, Endpoints.SECOND_FACTOR_U2F_REGISTER_REQUEST_GET, {},
undefined, "json")
.then((registrationRequest: U2f.Request) => {
return U2fApi.register(registrationRequest, [], 60);
})
.then((res) => checkRegistration(res));
}
function onRegisterFailure(err: Error) {
notifier.error(UserMessages.REGISTRATION_U2F_FAILED);
}
$(document).ready(function () {
requestRegistration()
.then((redirectionUrl: string) => {
SafeRedirect(redirectionUrl, () => {
notifier.error(UserMessages.CANNOT_REDIRECT_TO_EXTERNAL_DOMAIN);
});
})
.catch((err) => {
onRegisterFailure(err);
});
});
}

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,749 @@
//Copyright 2014-2015 Google Inc. All rights reserved.
//Use of this source code is governed by a BSD-style
//license that can be found in the LICENSE file or at
//https://developers.google.com/open-source/licenses/bsd
/**
* @fileoverview The U2F api.
*/
'use strict';
/**
* Namespace for the U2F api.
* @type {Object}
*/
var u2f = u2f || {};
/**
* FIDO U2F Javascript API Version
* @number
*/
var js_api_version;
/**
* The U2F extension id
* @const {string}
*/
// The Chrome packaged app extension ID.
// Uncomment this if you want to deploy a server instance that uses
// the package Chrome app and does not require installing the U2F Chrome extension.
u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd';
// The U2F Chrome extension ID.
// Uncomment this if you want to deploy a server instance that uses
// the U2F Chrome extension to authenticate.
// u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne';
/**
* Message types for messsages to/from the extension
* @const
* @enum {string}
*/
u2f.MessageTypes = {
'U2F_REGISTER_REQUEST': 'u2f_register_request',
'U2F_REGISTER_RESPONSE': 'u2f_register_response',
'U2F_SIGN_REQUEST': 'u2f_sign_request',
'U2F_SIGN_RESPONSE': 'u2f_sign_response',
'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request',
'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response'
};
/**
* Response status codes
* @const
* @enum {number}
*/
u2f.ErrorCodes = {
'OK': 0,
'OTHER_ERROR': 1,
'BAD_REQUEST': 2,
'CONFIGURATION_UNSUPPORTED': 3,
'DEVICE_INELIGIBLE': 4,
'TIMEOUT': 5
};
/**
* A message for registration requests
* @typedef {{
* type: u2f.MessageTypes,
* appId: ?string,
* timeoutSeconds: ?number,
* requestId: ?number
* }}
*/
u2f.U2fRequest;
/**
* A message for registration responses
* @typedef {{
* type: u2f.MessageTypes,
* responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse),
* requestId: ?number
* }}
*/
u2f.U2fResponse;
/**
* An error object for responses
* @typedef {{
* errorCode: u2f.ErrorCodes,
* errorMessage: ?string
* }}
*/
u2f.Error;
/**
* Data object for a single sign request.
* @typedef {enum {BLUETOOTH_RADIO, BLUETOOTH_LOW_ENERGY, USB, NFC}}
*/
u2f.Transport;
/**
* Data object for a single sign request.
* @typedef {Array<u2f.Transport>}
*/
u2f.Transports;
/**
* Data object for a single sign request.
* @typedef {{
* version: string,
* challenge: string,
* keyHandle: string,
* appId: string
* }}
*/
u2f.SignRequest;
/**
* Data object for a sign response.
* @typedef {{
* keyHandle: string,
* signatureData: string,
* clientData: string
* }}
*/
u2f.SignResponse;
/**
* Data object for a registration request.
* @typedef {{
* version: string,
* challenge: string
* }}
*/
u2f.RegisterRequest;
/**
* Data object for a registration response.
* @typedef {{
* version: string,
* keyHandle: string,
* transports: Transports,
* appId: string
* }}
*/
u2f.RegisterResponse;
/**
* Data object for a registered key.
* @typedef {{
* version: string,
* keyHandle: string,
* transports: ?Transports,
* appId: ?string
* }}
*/
u2f.RegisteredKey;
/**
* Data object for a get API register response.
* @typedef {{
* js_api_version: number
* }}
*/
u2f.GetJsApiVersionResponse;
//Low level MessagePort API support
/**
* Sets up a MessagePort to the U2F extension using the
* available mechanisms.
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
*/
u2f.getMessagePort = function(callback) {
if (typeof chrome != 'undefined' && chrome.runtime) {
// The actual message here does not matter, but we need to get a reply
// for the callback to run. Thus, send an empty signature request
// in order to get a failure response.
var msg = {
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
signRequests: []
};
chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() {
if (!chrome.runtime.lastError) {
// We are on a whitelisted origin and can talk directly
// with the extension.
u2f.getChromeRuntimePort_(callback);
} else {
// chrome.runtime was available, but we couldn't message
// the extension directly, use iframe
u2f.getIframePort_(callback);
}
});
} else if (u2f.isAndroidChrome_()) {
u2f.getAuthenticatorPort_(callback);
} else if (u2f.isIosChrome_()) {
u2f.getIosPort_(callback);
} else {
// chrome.runtime was not available at all, which is normal
// when this origin doesn't have access to any extensions.
u2f.getIframePort_(callback);
}
};
/**
* Detect chrome running on android based on the browser's useragent.
* @private
*/
u2f.isAndroidChrome_ = function() {
var userAgent = navigator.userAgent;
return userAgent.indexOf('Chrome') != -1 &&
userAgent.indexOf('Android') != -1;
};
/**
* Detect chrome running on iOS based on the browser's platform.
* @private
*/
u2f.isIosChrome_ = function() {
return ["iPhone", "iPad", "iPod"].indexOf(navigator.platform) > -1;
};
/**
* Connects directly to the extension via chrome.runtime.connect.
* @param {function(u2f.WrappedChromeRuntimePort_)} callback
* @private
*/
u2f.getChromeRuntimePort_ = function(callback) {
var port = chrome.runtime.connect(u2f.EXTENSION_ID,
{'includeTlsChannelId': true});
setTimeout(function() {
callback(new u2f.WrappedChromeRuntimePort_(port));
}, 0);
};
/**
* Return a 'port' abstraction to the Authenticator app.
* @param {function(u2f.WrappedAuthenticatorPort_)} callback
* @private
*/
u2f.getAuthenticatorPort_ = function(callback) {
setTimeout(function() {
callback(new u2f.WrappedAuthenticatorPort_());
}, 0);
};
/**
* Return a 'port' abstraction to the iOS client app.
* @param {function(u2f.WrappedIosPort_)} callback
* @private
*/
u2f.getIosPort_ = function(callback) {
setTimeout(function() {
callback(new u2f.WrappedIosPort_());
}, 0);
};
/**
* A wrapper for chrome.runtime.Port that is compatible with MessagePort.
* @param {Port} port
* @constructor
* @private
*/
u2f.WrappedChromeRuntimePort_ = function(port) {
this.port_ = port;
};
/**
* Format and return a sign request compliant with the JS API version supported by the extension.
* @param {Array<u2f.SignRequest>} signRequests
* @param {number} timeoutSeconds
* @param {number} reqId
* @return {Object}
*/
u2f.formatSignRequest_ =
function(appId, challenge, registeredKeys, timeoutSeconds, reqId) {
if (js_api_version === undefined || js_api_version < 1.1) {
// Adapt request to the 1.0 JS API
var signRequests = [];
for (var i = 0; i < registeredKeys.length; i++) {
signRequests[i] = {
version: registeredKeys[i].version,
challenge: challenge,
keyHandle: registeredKeys[i].keyHandle,
appId: appId
};
}
return {
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
signRequests: signRequests,
timeoutSeconds: timeoutSeconds,
requestId: reqId
};
}
// JS 1.1 API
return {
type: u2f.MessageTypes.U2F_SIGN_REQUEST,
appId: appId,
challenge: challenge,
registeredKeys: registeredKeys,
timeoutSeconds: timeoutSeconds,
requestId: reqId
};
};
/**
* Format and return a register request compliant with the JS API version supported by the extension..
* @param {Array<u2f.SignRequest>} signRequests
* @param {Array<u2f.RegisterRequest>} signRequests
* @param {number} timeoutSeconds
* @param {number} reqId
* @return {Object}
*/
u2f.formatRegisterRequest_ =
function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) {
if (js_api_version === undefined || js_api_version < 1.1) {
// Adapt request to the 1.0 JS API
for (var i = 0; i < registerRequests.length; i++) {
registerRequests[i].appId = appId;
}
var signRequests = [];
for (var i = 0; i < registeredKeys.length; i++) {
signRequests[i] = {
version: registeredKeys[i].version,
challenge: registerRequests[0],
keyHandle: registeredKeys[i].keyHandle,
appId: appId
};
}
return {
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
signRequests: signRequests,
registerRequests: registerRequests,
timeoutSeconds: timeoutSeconds,
requestId: reqId
};
}
// JS 1.1 API
return {
type: u2f.MessageTypes.U2F_REGISTER_REQUEST,
appId: appId,
registerRequests: registerRequests,
registeredKeys: registeredKeys,
timeoutSeconds: timeoutSeconds,
requestId: reqId
};
};
/**
* Posts a message on the underlying channel.
* @param {Object} message
*/
u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) {
this.port_.postMessage(message);
};
/**
* Emulates the HTML 5 addEventListener interface. Works only for the
* onmessage event, which is hooked up to the chrome.runtime.Port.onMessage.
* @param {string} eventName
* @param {function({data: Object})} handler
*/
u2f.WrappedChromeRuntimePort_.prototype.addEventListener =
function(eventName, handler) {
var name = eventName.toLowerCase();
if (name == 'message' || name == 'onmessage') {
this.port_.onMessage.addListener(function(message) {
// Emulate a minimal MessageEvent object
handler({'data': message});
});
} else {
console.error('WrappedChromeRuntimePort only supports onMessage');
}
};
/**
* Wrap the Authenticator app with a MessagePort interface.
* @constructor
* @private
*/
u2f.WrappedAuthenticatorPort_ = function() {
this.requestId_ = -1;
this.requestObject_ = null;
}
/**
* Launch the Authenticator intent.
* @param {Object} message
*/
u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) {
var intentUrl =
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ +
';S.request=' + encodeURIComponent(JSON.stringify(message)) +
';end';
document.location = intentUrl;
};
/**
* Tells what type of port this is.
* @return {String} port type
*/
u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() {
return "WrappedAuthenticatorPort_";
};
/**
* Emulates the HTML 5 addEventListener interface.
* @param {string} eventName
* @param {function({data: Object})} handler
*/
u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) {
var name = eventName.toLowerCase();
if (name == 'message') {
var self = this;
/* Register a callback to that executes when
* chrome injects the response. */
window.addEventListener(
'message', self.onRequestUpdate_.bind(self, handler), false);
} else {
console.error('WrappedAuthenticatorPort only supports message');
}
};
/**
* Callback invoked when a response is received from the Authenticator.
* @param function({data: Object}) callback
* @param {Object} message message Object
*/
u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ =
function(callback, message) {
var messageObject = JSON.parse(message.data);
var intentUrl = messageObject['intentURL'];
var errorCode = messageObject['errorCode'];
var responseObject = null;
if (messageObject.hasOwnProperty('data')) {
responseObject = /** @type {Object} */ (
JSON.parse(messageObject['data']));
}
callback({'data': responseObject});
};
/**
* Base URL for intents to Authenticator.
* @const
* @private
*/
u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ =
'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE';
/**
* Wrap the iOS client app with a MessagePort interface.
* @constructor
* @private
*/
u2f.WrappedIosPort_ = function() {};
/**
* Launch the iOS client app request
* @param {Object} message
*/
u2f.WrappedIosPort_.prototype.postMessage = function(message) {
var str = JSON.stringify(message);
var url = "u2f://auth?" + encodeURI(str);
location.replace(url);
};
/**
* Tells what type of port this is.
* @return {String} port type
*/
u2f.WrappedIosPort_.prototype.getPortType = function() {
return "WrappedIosPort_";
};
/**
* Emulates the HTML 5 addEventListener interface.
* @param {string} eventName
* @param {function({data: Object})} handler
*/
u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) {
var name = eventName.toLowerCase();
if (name !== 'message') {
console.error('WrappedIosPort only supports message');
}
};
/**
* Sets up an embedded trampoline iframe, sourced from the extension.
* @param {function(MessagePort)} callback
* @private
*/
u2f.getIframePort_ = function(callback) {
// Create the iframe
var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
var iframe = document.createElement('iframe');
iframe.src = iframeOrigin + '/u2f-comms.html';
iframe.setAttribute('style', 'display:none');
document.body.appendChild(iframe);
var channel = new MessageChannel();
var ready = function(message) {
if (message.data == 'ready') {
channel.port1.removeEventListener('message', ready);
callback(channel.port1);
} else {
console.error('First event on iframe port was not "ready"');
}
};
channel.port1.addEventListener('message', ready);
channel.port1.start();
iframe.addEventListener('load', function() {
// Deliver the port to the iframe and initialize
iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
});
};
//High-level JS API
/**
* Default extension response timeout in seconds.
* @const
*/
u2f.EXTENSION_TIMEOUT_SEC = 30;
/**
* A singleton instance for a MessagePort to the extension.
* @type {MessagePort|u2f.WrappedChromeRuntimePort_}
* @private
*/
u2f.port_ = null;
/**
* Callbacks waiting for a port
* @type {Array<function((MessagePort|u2f.WrappedChromeRuntimePort_))>}
* @private
*/
u2f.waitingForPort_ = [];
/**
* A counter for requestIds.
* @type {number}
* @private
*/
u2f.reqCounter_ = 0;
/**
* A map from requestIds to client callbacks
* @type {Object.<number,(function((u2f.Error|u2f.RegisterResponse))
* |function((u2f.Error|u2f.SignResponse)))>}
* @private
*/
u2f.callbackMap_ = {};
/**
* Creates or retrieves the MessagePort singleton to use.
* @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback
* @private
*/
u2f.getPortSingleton_ = function(callback) {
if (u2f.port_) {
callback(u2f.port_);
} else {
if (u2f.waitingForPort_.length == 0) {
u2f.getMessagePort(function(port) {
u2f.port_ = port;
u2f.port_.addEventListener('message',
/** @type {function(Event)} */ (u2f.responseHandler_));
// Careful, here be async callbacks. Maybe.
while (u2f.waitingForPort_.length)
u2f.waitingForPort_.shift()(u2f.port_);
});
}
u2f.waitingForPort_.push(callback);
}
};
/**
* Handles response messages from the extension.
* @param {MessageEvent.<u2f.Response>} message
* @private
*/
u2f.responseHandler_ = function(message) {
var response = message.data;
var reqId = response['requestId'];
if (!reqId || !u2f.callbackMap_[reqId]) {
console.error('Unknown or missing requestId in response.');
return;
}
var cb = u2f.callbackMap_[reqId];
delete u2f.callbackMap_[reqId];
cb(response['responseData']);
};
/**
* Dispatches an array of sign requests to available U2F tokens.
* If the JS API version supported by the extension is unknown, it first sends a
* message to the extension to find out the supported API version and then it sends
* the sign request.
* @param {string=} appId
* @param {string=} challenge
* @param {Array<u2f.RegisteredKey>} registeredKeys
* @param {function((u2f.Error|u2f.SignResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
if (js_api_version === undefined) {
// Send a message to get the extension to JS API version, then send the actual sign request.
u2f.getApiVersion(
function (response) {
js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version'];
console.log("Extension JS API Version: ", js_api_version);
u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
});
} else {
// We know the JS API version. Send the actual sign request in the supported API version.
u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds);
}
};
/**
* Dispatches an array of sign requests to available U2F tokens.
* @param {string=} appId
* @param {string=} challenge
* @param {Array<u2f.RegisteredKey>} registeredKeys
* @param {function((u2f.Error|u2f.SignResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) {
u2f.getPortSingleton_(function(port) {
var reqId = ++u2f.reqCounter_;
u2f.callbackMap_[reqId] = callback;
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId);
port.postMessage(req);
});
};
/**
* Dispatches register requests to available U2F tokens. An array of sign
* requests identifies already registered tokens.
* If the JS API version supported by the extension is unknown, it first sends a
* message to the extension to find out the supported API version and then it sends
* the register request.
* @param {string=} appId
* @param {Array<u2f.RegisterRequest>} registerRequests
* @param {Array<u2f.RegisteredKey>} registeredKeys
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
if (js_api_version === undefined) {
// Send a message to get the extension to JS API version, then send the actual register request.
u2f.getApiVersion(
function (response) {
js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version'];
console.log("Extension JS API Version: ", js_api_version);
u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
callback, opt_timeoutSeconds);
});
} else {
// We know the JS API version. Send the actual register request in the supported API version.
u2f.sendRegisterRequest(appId, registerRequests, registeredKeys,
callback, opt_timeoutSeconds);
}
};
/**
* Dispatches register requests to available U2F tokens. An array of sign
* requests identifies already registered tokens.
* @param {string=} appId
* @param {Array<u2f.RegisterRequest>} registerRequests
* @param {Array<u2f.RegisteredKey>} registeredKeys
* @param {function((u2f.Error|u2f.RegisterResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) {
u2f.getPortSingleton_(function(port) {
var reqId = ++u2f.reqCounter_;
u2f.callbackMap_[reqId] = callback;
var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ?
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC);
var req = u2f.formatRegisterRequest_(
appId, registeredKeys, registerRequests, timeoutSeconds, reqId);
port.postMessage(req);
});
};
/**
* Dispatches a message to the extension to find out the supported
* JS API version.
* If the user is on a mobile phone and is thus using Google Authenticator instead
* of the Chrome extension, don't send the request and simply return 0.
* @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback
* @param {number=} opt_timeoutSeconds
*/
u2f.getApiVersion = function(callback, opt_timeoutSeconds) {
u2f.getPortSingleton_(function(port) {
// If we are using Android Google Authenticator or iOS client app,
// do not fire an intent to ask which JS API version to use.
if (port.getPortType) {
var apiVersion;
switch (port.getPortType()) {
case 'WrappedIosPort_':
case 'WrappedAuthenticatorPort_':
apiVersion = 1.1;
break;
default:
apiVersion = 0;
break;
}
callback({ 'js_api_version': apiVersion });
return;
}
var reqId = ++u2f.reqCounter_;
u2f.callbackMap_[reqId] = callback;
var req = {
type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST,
timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ?
opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC),
requestId: reqId
};
port.postMessage(req);
});
};

View File

@ -0,0 +1,71 @@
import Assert = require("assert");
import Sinon = require("sinon");
import JQueryMock = require("./mocks/jquery");
import { Notifier } from "../src/lib/Notifier";
describe("test notifier", function() {
const SELECTOR = "dummy-selector";
const MESSAGE = "This is a message";
let jqueryMock: { jquery: JQueryMock.JQueryMock, element: JQueryMock.JQueryElementsMock };
let clock: any;
beforeEach(function() {
jqueryMock = JQueryMock.JQueryMock();
clock = Sinon.useFakeTimers();
});
afterEach(function() {
clock.restore();
});
function should_fade_in_and_out_on_notification(notificationType: string): void {
const delayReturn = {
fadeOut: Sinon.stub()
};
jqueryMock.element.fadeIn.yields();
function onFadedInCallback() {
Assert(jqueryMock.element.fadeIn.calledOnce);
Assert(jqueryMock.element.addClass.calledWith(notificationType));
Assert(!jqueryMock.element.removeClass.calledWith(notificationType));
clock.tick(10 * 1000);
}
function onFadedOutCallback() {
Assert(jqueryMock.element.removeClass.calledWith(notificationType));
Assert(jqueryMock.element.fadeOut.calledOnce);
}
const notifier = new Notifier(SELECTOR, jqueryMock.jquery as any);
// Call the method by its name... Bad but allows code reuse.
(notifier as any)[notificationType](MESSAGE, {
onFadedIn: onFadedInCallback,
onFadedOut: onFadedOutCallback
});
clock.tick(510);
Assert(jqueryMock.element.fadeIn.calledOnce);
}
it("should fade in and fade out an error message", function() {
should_fade_in_and_out_on_notification("error");
});
it("should fade in and fade out an info message", function() {
should_fade_in_and_out_on_notification("info");
});
it("should fade in and fade out an warning message", function() {
should_fade_in_and_out_on_notification("warning");
});
it("should fade in and fade out an success message", function() {
should_fade_in_and_out_on_notification("success");
});
});

View File

@ -0,0 +1,44 @@
import FirstFactorValidator = require("../../src/lib/firstfactor/FirstFactorValidator");
import JQueryMock = require("../mocks/jquery");
import BluebirdPromise = require("bluebird");
import Assert = require("assert");
describe("test FirstFactorValidator", function () {
it("should validate first factor successfully", () => {
const postPromise = JQueryMock.JQueryDeferredMock();
postPromise.done.yields({ redirect: "http://redirect" });
postPromise.done.returns(postPromise);
const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise);
return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any);
});
function should_fail_first_factor_validation(errorMessage: string) {
const xhr = {
status: 401
};
const postPromise = JQueryMock.JQueryDeferredMock();
postPromise.fail.yields(xhr, errorMessage);
postPromise.done.returns(postPromise);
const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise);
return FirstFactorValidator.validate("username", "password", "http://redirect", jqueryMock.jquery as any)
.then(function () {
return BluebirdPromise.reject(new Error("First factor validation successfully finished while it should have not."));
}, function (err: Error) {
Assert.equal(errorMessage, err.message);
return BluebirdPromise.resolve();
});
}
describe("should fail first factor validation", () => {
it("should fail with error", () => {
return should_fail_first_factor_validation("Authentication failed. Please check your credentials.");
});
});
});

View File

@ -0,0 +1,33 @@
import Sinon = require("sinon");
import { INotifier } from "../../src/lib/INotifier";
export class NotifierStub implements INotifier {
successStub: Sinon.SinonStub;
errorStub: Sinon.SinonStub;
warnStub: Sinon.SinonStub;
infoStub: Sinon.SinonStub;
constructor() {
this.successStub = Sinon.stub();
this.errorStub = Sinon.stub();
this.warnStub = Sinon.stub();
this.infoStub = Sinon.stub();
}
success(msg: string) {
this.successStub();
}
error(msg: string) {
this.errorStub();
}
warning(msg: string) {
this.warnStub();
}
info(msg: string) {
this.infoStub();
}
}

View File

@ -0,0 +1,59 @@
import sinon = require("sinon");
import jquery = require("jquery");
export interface JQueryMock extends sinon.SinonStub {
get: sinon.SinonStub;
post: sinon.SinonStub;
ajax: sinon.SinonStub;
notify: sinon.SinonStub;
}
export interface JQueryElementsMock {
ready: sinon.SinonStub;
show: sinon.SinonStub;
hide: sinon.SinonStub;
html: sinon.SinonStub;
addClass: sinon.SinonStub;
removeClass: sinon.SinonStub;
fadeIn: sinon.SinonStub;
fadeOut: sinon.SinonStub;
on: sinon.SinonStub;
}
export interface JQueryDeferredMock {
done: sinon.SinonStub;
fail: sinon.SinonStub;
}
export function JQueryMock(): { jquery: JQueryMock, element: JQueryElementsMock } {
const jquery = sinon.stub() as any;
const jqueryInstance: JQueryElementsMock = {
ready: sinon.stub(),
show: sinon.stub(),
hide: sinon.stub(),
html: sinon.stub(),
addClass: sinon.stub(),
removeClass: sinon.stub(),
fadeIn: sinon.stub(),
fadeOut: sinon.stub(),
on: sinon.stub()
};
jquery.ajax = sinon.stub();
jquery.get = sinon.stub();
jquery.post = sinon.stub();
jquery.notify = sinon.stub();
jquery.returns(jqueryInstance);
return {
jquery: jquery,
element: jqueryInstance
};
}
export function JQueryDeferredMock(): JQueryDeferredMock {
return {
done: sinon.stub(),
fail: sinon.stub()
};
}

View File

@ -0,0 +1,14 @@
import sinon = require("sinon");
export interface U2FApiMock {
sign: sinon.SinonStub;
register: sinon.SinonStub;
}
export function U2FApiMock(): U2FApiMock {
return {
sign: sinon.stub(),
register: sinon.stub()
};
}

View File

@ -0,0 +1,37 @@
import TOTPValidator = require("../../src/lib/secondfactor/TOTPValidator");
import JQueryMock = require("../mocks/jquery");
import BluebirdPromise = require("bluebird");
import Assert = require("assert");
describe("test TOTPValidator", function () {
it("should initiate an identity check successfully", () => {
const postPromise = JQueryMock.JQueryDeferredMock();
postPromise.done.yields({ redirect: "https://home.test.url" });
postPromise.done.returns(postPromise);
const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise);
return TOTPValidator.validate("totp_token", jqueryMock.jquery as any);
});
it("should fail validating TOTP token", () => {
const errorMessage = "Error while validating TOTP token";
const postPromise = JQueryMock.JQueryDeferredMock();
postPromise.fail.yields(undefined, errorMessage);
postPromise.done.returns(postPromise);
const jqueryMock = JQueryMock.JQueryMock();
jqueryMock.jquery.ajax.returns(postPromise);
return TOTPValidator.validate("totp_token", jqueryMock.jquery as any)
.then(function () {
return BluebirdPromise.reject(new Error("Registration successfully finished while it should have not."));
}, function (err: Error) {
Assert.equal(errorMessage, err.message);
return BluebirdPromise.resolve();
});
});
});

View File

@ -0,0 +1,31 @@
import sinon = require("sinon");
import assert = require("assert");
import UISelector = require("../../src/lib/totp-register/ui-selector");
import TOTPRegister = require("../../src/lib/totp-register/totp-register");
describe("test totp-register", function() {
let jqueryMock: any;
let windowMock: any;
before(function() {
jqueryMock = sinon.stub();
windowMock = {
QRCode: sinon.spy()
};
});
it("should create qrcode in page", function() {
const mock = {
text: sinon.stub(),
empty: sinon.stub(),
get: sinon.stub()
};
jqueryMock.withArgs(UISelector.QRCODE_ID_SELECTOR).returns(mock);
TOTPRegister.default(windowMock, jqueryMock);
assert(mock.text.calledOnce);
assert(mock.empty.calledOnce);
});
});

View File

@ -0,0 +1,24 @@
{
"compilerOptions": {
"module": "commonjs",
"target": "es6",
"moduleResolution": "node",
"noImplicitAny": true,
"sourceMap": true,
"removeComments": true,
"outDir": "../dist",
"baseUrl": ".",
"paths": {
"*": [
"./types/*",
"../shared/types/*"
]
}
},
"include": [
"src/**/*"
],
"exclude": [
"test/**/*"
]
}

View File

@ -0,0 +1,60 @@
{
"rules": {
"class-name": true,
"comment-format": [
true,
"check-space"
],
"indent": [
true,
"spaces"
],
"one-line": [
true,
"check-open-brace",
"check-whitespace"
],
"no-var-keyword": true,
"quotemark": [
true,
"double",
"avoid-escape"
],
"semicolon": [
true,
"always",
"ignore-bound-class-methods"
],
"whitespace": [
true,
"check-branch",
"check-decl",
"check-operator",
"check-module",
"check-separator",
"check-type"
],
"typedef-whitespace": [
true,
{
"call-signature": "nospace",
"index-signature": "nospace",
"parameter": "nospace",
"property-declaration": "nospace",
"variable-declaration": "nospace"
},
{
"call-signature": "onespace",
"index-signature": "onespace",
"parameter": "onespace",
"property-declaration": "onespace",
"variable-declaration": "onespace"
}
],
"no-internal-module": true,
"no-trailing-whitespace": true,
"no-null-keyword": true,
"prefer-const": true,
"jsdoc-format": true
}
}

View File

@ -0,0 +1,4 @@
[Dolphin]
Timestamp=2018,12,17,20,58,20
Version=3
ViewMode=1

View File

@ -0,0 +1,28 @@
#! /usr/bin/env node
import Server from "./lib/Server";
import { GlobalDependencies } from "../types/Dependencies";
import YAML = require("yamljs");
const configurationFilepath = process.argv[2];
if (!configurationFilepath) {
console.log("No config file has been provided.");
console.log("Usage: authelia <config>");
process.exit(0);
}
const yamlContent = YAML.load(configurationFilepath);
const deps: GlobalDependencies = {
u2f: require("u2f"),
ldapjs: require("ldapjs"),
session: require("express-session"),
winston: require("winston"),
speakeasy: require("speakeasy"),
nedb: require("nedb"),
ConnectRedis: require("connect-redis"),
Redis: require("redis")
};
const server = new Server(deps);
server.start(yamlContent, deps);

View File

@ -0,0 +1,4 @@
[Dolphin]
Timestamp=2018,12,17,20,59,13
Version=3
ViewMode=1

View File

@ -0,0 +1,45 @@
import express = require("express");
import U2f = require("u2f");
import BluebirdPromise = require("bluebird");
import { AuthenticationSession } from "../../types/AuthenticationSession";
import { IRequestLogger } from "./logging/IRequestLogger";
import { Level } from "./authentication/Level";
const INITIAL_AUTHENTICATION_SESSION: AuthenticationSession = {
keep_me_logged_in: false,
authentication_level: Level.NOT_AUTHENTICATED,
last_activity_datetime: undefined,
userid: undefined,
email: undefined,
groups: [],
register_request: undefined,
sign_request: undefined,
identity_check: undefined,
redirect: undefined
};
export class AuthenticationSessionHandler {
static reset(req: express.Request): void {
req.session.auth = Object.assign({}, INITIAL_AUTHENTICATION_SESSION, {});
// Initialize last activity with current time
req.session.auth.last_activity_datetime = new Date().getTime();
}
static get(req: express.Request, logger: IRequestLogger): AuthenticationSession {
if (!req.session) {
const errorMsg = "Something is wrong with session cookies. Please check Redis is running and Authelia can connect to it.";
logger.error(req, errorMsg);
throw new Error(errorMsg);
}
if (!req.session.auth) {
logger.debug(req, "Authentication session %s was undefined. Resetting.", req.sessionID);
AuthenticationSessionHandler.reset(req);
}
return req.session.auth;
}
}

View File

@ -0,0 +1,49 @@
import express = require("express");
import BluebirdPromise = require("bluebird");
import { IRequestLogger } from "./logging/IRequestLogger";
function replyWithError(req: express.Request, res: express.Response,
code: number, logger: IRequestLogger, body?: Object): (err: Error) => void {
return function (err: Error): void {
if (req.originalUrl.startsWith("/api/") || code == 200) {
logger.error(req, "Reply with error %d: %s", code, err.message);
logger.debug(req, "%s", err.stack);
res.status(code);
res.send(body);
}
else {
logger.error(req, "Redirect to error %d: %s", code, err.message);
logger.debug(req, "%s", err.stack);
res.redirect("/error/" + code);
}
};
}
export function redirectTo(redirectUrl: string, req: express.Request,
res: express.Response, logger: IRequestLogger) {
return function(err: Error) {
logger.error(req, "Error: %s", err.message);
logger.debug(req, "Redirecting to %s", redirectUrl);
res.redirect(redirectUrl);
};
}
export function replyWithError400(req: express.Request,
res: express.Response, logger: IRequestLogger) {
return replyWithError(req, res, 400, logger);
}
export function replyWithError401(req: express.Request,
res: express.Response, logger: IRequestLogger) {
return replyWithError(req, res, 401, logger);
}
export function replyWithError403(req: express.Request,
res: express.Response, logger: IRequestLogger) {
return replyWithError(req, res, 403, logger);
}
export function replyWithError200(req: express.Request,
res: express.Response, logger: IRequestLogger, message: string) {
return replyWithError(req, res, 200, logger, { error: message });
}

View File

@ -0,0 +1,88 @@
export class LdapSearchError extends Error {
constructor(message?: string) {
super(message);
this.name = "LdapSearchError";
(<any>Object).setPrototypeOf(this, LdapSearchError.prototype);
}
}
export class LdapBindError extends Error {
constructor(message?: string) {
super(message);
this.name = "LdapBindError";
(<any>Object).setPrototypeOf(this, LdapBindError.prototype);
}
}
export class LdapError extends Error {
constructor(message?: string) {
super(message);
this.name = "LdapError";
(<any>Object).setPrototypeOf(this, LdapError.prototype);
}
}
export class IdentityError extends Error {
constructor(message?: string) {
super(message);
this.name = "IdentityError";
(<any>Object).setPrototypeOf(this, IdentityError.prototype);
}
}
export class AccessDeniedError extends Error {
constructor(message?: string) {
super(message);
this.name = "AccessDeniedError";
(<any>Object).setPrototypeOf(this, AccessDeniedError.prototype);
}
}
export class AuthenticationRegulationError extends Error {
constructor(message?: string) {
super(message);
this.name = "AuthenticationRegulationError";
(<any>Object).setPrototypeOf(this, AuthenticationRegulationError.prototype);
}
}
export class InvalidTOTPError extends Error {
constructor(message?: string) {
super(message);
this.name = "InvalidTOTPError";
(<any>Object).setPrototypeOf(this, InvalidTOTPError.prototype);
}
}
export class NotAuthenticatedError extends Error {
constructor(message?: string) {
super(message);
this.name = "NotAuthenticatedError";
(<any>Object).setPrototypeOf(this, NotAuthenticatedError.prototype);
}
}
export class NotAuthorizedError extends Error {
constructor(message?: string) {
super(message);
this.name = "NotAuthanticatedError";
(<any>Object).setPrototypeOf(this, NotAuthorizedError.prototype);
}
}
export class FirstFactorValidationError extends Error {
constructor(message?: string) {
super(message);
this.name = "FirstFactorValidationError";
(<any>Object).setPrototypeOf(this, FirstFactorValidationError.prototype);
}
}
export class SecondFactorValidationError extends Error {
constructor(message?: string) {
super(message);
this.name = "SecondFactorValidationError";
(<any>Object).setPrototypeOf(this, FirstFactorValidationError.prototype);
}
}

View File

@ -0,0 +1,20 @@
import BluebirdPromise = require("bluebird");
import express = require("express");
import objectPath = require("object-path");
import Exceptions = require("./Exceptions");
import { AuthenticationSessionHandler } from "./AuthenticationSessionHandler";
import { IRequestLogger } from "./logging/IRequestLogger";
import { Level } from "./authentication/Level";
export function validate(req: express.Request, logger: IRequestLogger): BluebirdPromise<void> {
return new BluebirdPromise(function (resolve, reject) {
const authSession = AuthenticationSessionHandler.get(req, logger);
if (!authSession.userid || authSession.authentication_level < Level.ONE_FACTOR)
return reject(new Exceptions.FirstFactorValidationError(
"First factor has not been validated yet."));
resolve();
});
}

View File

@ -0,0 +1,176 @@
import sinon = require("sinon");
import IdentityValidator = require("./IdentityCheckMiddleware");
import { AuthenticationSessionHandler }
from "./AuthenticationSessionHandler";
import { AuthenticationSession } from "../../types/AuthenticationSession";
import { UserDataStore } from "./storage/UserDataStore";
import exceptions = require("./Exceptions");
import { ServerVariables } from "./ServerVariables";
import Assert = require("assert");
import express = require("express");
import BluebirdPromise = require("bluebird");
import ExpressMock = require("./stubs/express.spec");
import NotifierMock = require("./notifiers/NotifierStub.spec");
import { IdentityValidableStub } from "./IdentityValidableStub.spec";
import { RequestLoggerStub } from "./logging/RequestLoggerStub.spec";
import { ServerVariablesMock, ServerVariablesMockBuilder }
from "./ServerVariablesMockBuilder.spec";
import { PRE_VALIDATION_TEMPLATE }
from "./IdentityCheckPreValidationTemplate";
describe("IdentityCheckMiddleware", function () {
let req: ExpressMock.RequestMock;
let res: ExpressMock.ResponseMock;
let app: express.Application;
let app_get: sinon.SinonStub;
let app_post: sinon.SinonStub;
let identityValidable: IdentityValidableStub;
let mocks: ServerVariablesMock;
let vars: ServerVariables;
beforeEach(function () {
const s = ServerVariablesMockBuilder.build();
mocks = s.mocks;
vars = s.variables;
req = ExpressMock.RequestMock();
res = ExpressMock.ResponseMock();
req.headers = {};
req.originalUrl = "/non-api/xxx";
req.session = {};
req.query = {};
req.app = {};
identityValidable = new IdentityValidableStub();
mocks.notifier.notifyStub.returns(BluebirdPromise.resolve());
mocks.userDataStore.produceIdentityValidationTokenStub
.returns(BluebirdPromise.resolve());
mocks.userDataStore.consumeIdentityValidationTokenStub
.returns(BluebirdPromise.resolve({ userId: "user" }));
app = express();
app_get = sinon.stub(app, "get");
app_post = sinon.stub(app, "post");
});
afterEach(function () {
app_get.restore();
app_post.restore();
});
describe("test start GET", function () {
it("should redirect to error 401 if pre validation initialization \
throws a first factor error", function () {
identityValidable.preValidationInitStub.returns(BluebirdPromise.reject(
new exceptions.FirstFactorValidationError(
"Error during prevalidation")));
const callback = IdentityValidator.get_start_validation(
identityValidable, "/endpoint", vars);
return callback(req as any, res as any, undefined)
.then(() => {
Assert(res.redirect.calledWith("/error/401"));
});
});
// In that case we answer with 200 to avoid user enumeration.
it("should send 200 if email is missing in provided identity", function () {
const identity = { userid: "abc" };
identityValidable.preValidationInitStub
.returns(BluebirdPromise.resolve(identity));
const callback = IdentityValidator
.get_start_validation(identityValidable, "/endpoint", vars);
return callback(req as any, res as any, undefined)
.then(function () {
Assert(identityValidable.preValidationResponseStub.called);
});
});
// In that case we answer with 200 to avoid user enumeration.
it("should send 200 if userid is missing in provided identity",
function () {
const endpoint = "/protected";
const identity = { email: "abc@example.com" };
identityValidable.preValidationInitStub
.returns(BluebirdPromise.resolve(identity));
const callback = IdentityValidator
.get_start_validation(identityValidable, "/endpoint", vars);
return callback(req as any, res as any, undefined)
.then(function () {
Assert(identityValidable.preValidationResponseStub.called);
});
});
it("should issue a token, send an email and return 204", function () {
const endpoint = "/protected";
const identity = { userid: "user", email: "abc@example.com" };
req.get = sinon.stub().withArgs("Host").returns("localhost");
identityValidable.preValidationInitStub
.returns(BluebirdPromise.resolve(identity));
const callback = IdentityValidator
.get_start_validation(identityValidable, "/finish_endpoint", vars);
return callback(req as any, res as any, undefined)
.then(function () {
Assert(mocks.notifier.notifyStub.calledOnce);
Assert(mocks.userDataStore.produceIdentityValidationTokenStub
.calledOnce);
Assert.equal(mocks.userDataStore.produceIdentityValidationTokenStub
.getCall(0).args[0], "user");
Assert.equal(mocks.userDataStore.produceIdentityValidationTokenStub
.getCall(0).args[3], 240000);
});
});
});
describe("test finish GET", function () {
it("should send 401 if no identity_token is provided", () => {
const callback = IdentityValidator
.get_finish_validation(identityValidable, vars);
return callback(req as any, res as any, undefined)
.then(function () {
Assert(res.redirect.calledWith("/error/401"));
});
});
it("should call postValidation if identity_token is provided and still \
valid", function () {
req.query.identity_token = "token";
const callback = IdentityValidator
.get_finish_validation(identityValidable, vars);
return callback(req as any, res as any, undefined);
});
it("should return 401 if identity_token is provided but invalid",
function () {
req.query.identity_token = "token";
identityValidable.postValidationInitStub
.returns(BluebirdPromise.resolve());
mocks.userDataStore.consumeIdentityValidationTokenStub.reset();
mocks.userDataStore.consumeIdentityValidationTokenStub
.returns(BluebirdPromise.reject(new Error("Invalid token")));
const callback = IdentityValidator
.get_finish_validation(identityValidable, vars);
return callback(req as any, res as any, undefined)
.then(() => {
Assert(res.redirect.calledWith("/error/401"));
});
});
});
});

View File

@ -0,0 +1,138 @@
import objectPath = require("object-path");
import randomstring = require("randomstring");
import BluebirdPromise = require("bluebird");
import util = require("util");
import Exceptions = require("./Exceptions");
import fs = require("fs");
import ejs = require("ejs");
import { IUserDataStore } from "./storage/IUserDataStore";
import Express = require("express");
import ErrorReplies = require("./ErrorReplies");
import { AuthenticationSessionHandler } from "./AuthenticationSessionHandler";
import { AuthenticationSession } from "../../types/AuthenticationSession";
import { ServerVariables } from "./ServerVariables";
import { IdentityValidable } from "./IdentityValidable";
import Identity = require("../../types/Identity");
import { IdentityValidationDocument }
from "./storage/IdentityValidationDocument";
const filePath = __dirname + "/../resources/email-template.ejs";
const email_template = fs.readFileSync(filePath, "utf8");
function createAndSaveToken(userid: string, challenge: string,
userDataStore: IUserDataStore): BluebirdPromise<string> {
const five_minutes = 4 * 60 * 1000;
const token = randomstring.generate({ length: 64 });
const that = this;
return userDataStore.produceIdentityValidationToken(userid, token, challenge,
five_minutes)
.then(function () {
return BluebirdPromise.resolve(token);
});
}
function consumeToken(token: string, challenge: string,
userDataStore: IUserDataStore)
: BluebirdPromise<IdentityValidationDocument> {
return userDataStore.consumeIdentityValidationToken(token, challenge);
}
export function register(app: Express.Application,
pre_validation_endpoint: string,
post_validation_endpoint: string,
handler: IdentityValidable,
vars: ServerVariables) {
app.get(pre_validation_endpoint,
get_start_validation(handler, post_validation_endpoint, vars));
app.get(post_validation_endpoint,
get_finish_validation(handler, vars));
}
function checkIdentityToken(req: Express.Request, identityToken: string)
: BluebirdPromise<void> {
if (!identityToken)
return BluebirdPromise.reject(
new Exceptions.AccessDeniedError("No identity token provided"));
return BluebirdPromise.resolve();
}
export function get_finish_validation(handler: IdentityValidable,
vars: ServerVariables)
: Express.RequestHandler {
return function (req: Express.Request, res: Express.Response)
: BluebirdPromise<void> {
let authSession: AuthenticationSession;
const identityToken = objectPath.get<Express.Request, string>(
req, "query.identity_token");
vars.logger.debug(req, "Identity token provided is %s", identityToken);
return checkIdentityToken(req, identityToken)
.then(() => {
authSession = AuthenticationSessionHandler.get(req, vars.logger);
return handler.postValidationInit(req);
})
.then(() => {
return consumeToken(identityToken, handler.challenge(),
vars.userDataStore);
})
.then((doc: IdentityValidationDocument) => {
authSession.identity_check = {
challenge: handler.challenge(),
userid: doc.userId
};
handler.postValidationResponse(req, res);
return BluebirdPromise.resolve();
})
.catch(ErrorReplies.replyWithError401(req, res, vars.logger));
};
}
export function get_start_validation(handler: IdentityValidable,
postValidationEndpoint: string,
vars: ServerVariables)
: Express.RequestHandler {
return function (req: Express.Request, res: Express.Response)
: BluebirdPromise<void> {
let identity: Identity.Identity;
return handler.preValidationInit(req)
.then((id: Identity.Identity) => {
identity = id;
const email = identity.email;
const userid = identity.userid;
vars.logger.info(req, "Start identity validation of user \"%s\"",
userid);
if (!(email && userid))
return BluebirdPromise.reject(new Exceptions.IdentityError(
"Missing user id or email address"));
return createAndSaveToken(userid, handler.challenge(),
vars.userDataStore);
})
.then((token) => {
const host = req.get("Host");
const link_url = util.format("https://%s%s?identity_token=%s", host,
postValidationEndpoint, token);
vars.logger.info(req, "Notification sent to user \"%s\"",
identity.userid);
return vars.notifier.notify(identity.email, handler.mailSubject(),
link_url);
})
.then(() => {
handler.preValidationResponse(req, res);
return BluebirdPromise.resolve();
})
.catch(Exceptions.IdentityError, (err: Error) => {
handler.preValidationResponse(req, res);
return BluebirdPromise.resolve();
})
.catch(ErrorReplies.replyWithError401(req, res, vars.logger));
};
}

View File

@ -0,0 +1,3 @@
export const PRE_VALIDATION_TEMPLATE = "need-identity-validation";

View File

@ -0,0 +1,19 @@
import Bluebird = require("bluebird");
import Identity = require("../../types/Identity");
// IdentityValidator allows user to go through a identity validation process
// in two steps:
// - Request an operation to be performed (password reset, registration).
// - Confirm operation with email.
export interface IdentityValidable {
challenge(): string;
preValidationInit(req: Express.Request): Bluebird<Identity.Identity>;
postValidationInit(req: Express.Request): Bluebird<void>;
// Serves a page after identity check request
preValidationResponse(req: Express.Request, res: Express.Response): void;
// Serves the page if identity validated
postValidationResponse(req: Express.Request, res: Express.Response): void;
mailSubject(): string;
}

View File

@ -0,0 +1,52 @@
import Sinon = require("sinon");
import { IdentityValidable } from "./IdentityValidable";
import express = require("express");
import Bluebird = require("bluebird");
import { Identity } from "../../types/Identity";
export class IdentityValidableStub implements IdentityValidable {
challengeStub: Sinon.SinonStub;
preValidationInitStub: Sinon.SinonStub;
postValidationInitStub: Sinon.SinonStub;
preValidationResponseStub: Sinon.SinonStub;
postValidationResponseStub: Sinon.SinonStub;
mailSubjectStub: Sinon.SinonStub;
constructor() {
this.challengeStub = Sinon.stub();
this.preValidationInitStub = Sinon.stub();
this.postValidationInitStub = Sinon.stub();
this.preValidationResponseStub = Sinon.stub();
this.postValidationResponseStub = Sinon.stub();
this.mailSubjectStub = Sinon.stub();
}
challenge(): string {
return this.challengeStub();
}
preValidationInit(req: Express.Request): Bluebird<Identity> {
return this.preValidationInitStub(req);
}
postValidationInit(req: Express.Request): Bluebird<void> {
return this.postValidationInitStub(req);
}
preValidationResponse(req: Express.Request, res: Express.Response): void {
return this.preValidationResponseStub(req, res);
}
postValidationResponse(req: Express.Request, res: Express.Response): void {
return this.postValidationResponseStub(req, res);
}
mailSubject(): string {
return this.mailSubjectStub();
}
}

View File

@ -0,0 +1,81 @@
import Assert = require("assert");
import Sinon = require("sinon");
import nedb = require("nedb");
import express = require("express");
import winston = require("winston");
import speakeasy = require("speakeasy");
import u2f = require("u2f");
import session = require("express-session");
import { Configuration } from "./configuration/schema/Configuration";
import { GlobalDependencies } from "../../types/Dependencies";
import Server from "./Server";
import { LdapjsMock, LdapjsClientMock } from "./stubs/ldapjs.spec";
describe("Server", function () {
let deps: GlobalDependencies;
let sessionMock: Sinon.SinonSpy;
let ldapjsMock: LdapjsMock;
before(function () {
sessionMock = Sinon.spy(session);
ldapjsMock = new LdapjsMock();
deps = {
speakeasy: speakeasy,
u2f: u2f,
nedb: nedb,
winston: winston,
ldapjs: ldapjsMock as any,
session: sessionMock as any,
ConnectRedis: Sinon.spy(),
Redis: Sinon.spy() as any
};
});
it("should set cookie scope to domain set in the config", function () {
const config: Configuration = {
port: 8081,
session: {
domain: "example.com",
secret: "secret"
},
authentication_backend: {
ldap: {
url: "http://ldap",
user: "user",
password: "password",
base_dn: "dc=example,dc=com"
},
},
notifier: {
email: {
username: "user@example.com",
password: "password",
sender: "test@authelia.com",
service: "gmail"
}
},
regulation: {
max_retries: 3,
ban_time: 5 * 60,
find_time: 5 * 60
},
storage: {
local: {
in_memory: true
}
}
};
const server = new Server(deps);
server.start(config, deps)
.then(function () {
Assert(sessionMock.calledOnce);
Assert.equal(sessionMock.getCall(0).args[0].cookie.domain, "example.com");
server.stop();
});
});
});

View File

@ -0,0 +1,93 @@
import BluebirdPromise = require("bluebird");
import ObjectPath = require("object-path");
import { Configuration } from "./configuration/schema/Configuration";
import { GlobalDependencies } from "../../types/Dependencies";
import { UserDataStore } from "./storage/UserDataStore";
import { ConfigurationParser } from "./configuration/ConfigurationParser";
import { SessionConfigurationBuilder } from "./configuration/SessionConfigurationBuilder";
import { GlobalLogger } from "./logging/GlobalLogger";
import { RequestLogger } from "./logging/RequestLogger";
import { ServerVariables } from "./ServerVariables";
import { ServerVariablesInitializer } from "./ServerVariablesInitializer";
import { Configurator } from "./web_server/Configurator";
import * as Express from "express";
import * as Path from "path";
import * as http from "http";
function clone(obj: any) {
return JSON.parse(JSON.stringify(obj));
}
export default class Server {
private httpServer: http.Server;
private globalLogger: GlobalLogger;
private requestLogger: RequestLogger;
constructor(deps: GlobalDependencies) {
this.globalLogger = new GlobalLogger(deps.winston);
this.requestLogger = new RequestLogger(deps.winston);
}
private displayConfigurations(configuration: Configuration) {
const displayableConfiguration: Configuration = clone(configuration);
const STARS = "*****";
if (displayableConfiguration.authentication_backend.ldap) {
displayableConfiguration.authentication_backend.ldap.password = STARS;
}
displayableConfiguration.session.secret = STARS;
if (displayableConfiguration.notifier && displayableConfiguration.notifier.email)
displayableConfiguration.notifier.email.password = STARS;
if (displayableConfiguration.notifier && displayableConfiguration.notifier.smtp)
displayableConfiguration.notifier.smtp.password = STARS;
this.globalLogger.debug("User configuration is %s",
JSON.stringify(displayableConfiguration, undefined, 2));
}
private setup(config: Configuration, app: Express.Application, deps: GlobalDependencies): BluebirdPromise<void> {
const that = this;
return ServerVariablesInitializer.initialize(
config, this.globalLogger, this.requestLogger, deps)
.then(function (vars: ServerVariables) {
Configurator.configure(config, app, vars, deps);
return BluebirdPromise.resolve();
});
}
private startServer(app: Express.Application, port: number) {
const that = this;
that.globalLogger.info("Starting Authelia...");
return new BluebirdPromise<void>((resolve, reject) => {
this.httpServer = app.listen(port, function (err: string) {
that.globalLogger.info("Listening on port %d...", port);
resolve();
});
});
}
start(configuration: Configuration, deps: GlobalDependencies)
: BluebirdPromise<void> {
const that = this;
const app = Express();
const appConfiguration = ConfigurationParser.parse(configuration);
// by default the level of logs is info
deps.winston.level = appConfiguration.logs_level;
this.displayConfigurations(appConfiguration);
return this.setup(appConfiguration, app, deps)
.then(function () {
return that.startServer(app, appConfiguration.port);
});
}
stop() {
this.httpServer.close();
}
}

View File

@ -0,0 +1,21 @@
import { IRequestLogger } from "./logging/IRequestLogger";
import { ITotpHandler } from "./authentication/totp/ITotpHandler";
import { IU2fHandler } from "./authentication/u2f/IU2fHandler";
import { IUserDataStore } from "./storage/IUserDataStore";
import { INotifier } from "./notifiers/INotifier";
import { IRegulator } from "./regulation/IRegulator";
import { Configuration } from "./configuration/schema/Configuration";
import { IAuthorizer } from "./authorization/IAuthorizer";
import { IUsersDatabase } from "./authentication/backends/IUsersDatabase";
export interface ServerVariables {
logger: IRequestLogger;
usersDatabase: IUsersDatabase;
totpHandler: ITotpHandler;
u2f: IU2fHandler;
userDataStore: IUserDataStore;
notifier: INotifier;
regulator: IRegulator;
config: Configuration;
authorizer: IAuthorizer;
}

View File

@ -0,0 +1,116 @@
import winston = require("winston");
import BluebirdPromise = require("bluebird");
import U2F = require("u2f");
import Nodemailer = require("nodemailer");
import { IRequestLogger } from "./logging/IRequestLogger";
import { RequestLogger } from "./logging/RequestLogger";
import { TotpHandler } from "./authentication/totp/TotpHandler";
import { ITotpHandler } from "./authentication/totp/ITotpHandler";
import { NotifierFactory } from "./notifiers/NotifierFactory";
import { MailSenderBuilder } from "./notifiers/MailSenderBuilder";
import { LdapUsersDatabase } from "./authentication/backends/ldap/LdapUsersDatabase";
import { ConnectorFactory } from "./authentication/backends/ldap/connector/ConnectorFactory";
import { IUserDataStore } from "./storage/IUserDataStore";
import { UserDataStore } from "./storage/UserDataStore";
import { INotifier } from "./notifiers/INotifier";
import { Regulator } from "./regulation/Regulator";
import { IRegulator } from "./regulation/IRegulator";
import Configuration = require("./configuration/schema/Configuration");
import { CollectionFactoryFactory } from "./storage/CollectionFactoryFactory";
import { ICollectionFactory } from "./storage/ICollectionFactory";
import { MongoCollectionFactory } from "./storage/mongo/MongoCollectionFactory";
import { IMongoClient } from "./connectors/mongo/IMongoClient";
import { GlobalDependencies } from "../../types/Dependencies";
import { ServerVariables } from "./ServerVariables";
import { MongoClient } from "./connectors/mongo/MongoClient";
import { IGlobalLogger } from "./logging/IGlobalLogger";
import { SessionFactory } from "./authentication/backends/ldap/SessionFactory";
import { IUsersDatabase } from "./authentication/backends/IUsersDatabase";
import { FileUsersDatabase } from "./authentication/backends/file/FileUsersDatabase";
import { Authorizer } from "./authorization/Authorizer";
class UserDataStoreFactory {
static create(config: Configuration.Configuration, globalLogger: IGlobalLogger): BluebirdPromise<UserDataStore> {
if (config.storage.local) {
const nedbOptions: Nedb.DataStoreOptions = {
filename: config.storage.local.path,
inMemoryOnly: config.storage.local.in_memory
};
const collectionFactory = CollectionFactoryFactory.createNedb(nedbOptions);
return BluebirdPromise.resolve(new UserDataStore(collectionFactory));
}
else if (config.storage.mongo) {
const mongoClient = new MongoClient(
config.storage.mongo,
globalLogger);
const collectionFactory = CollectionFactoryFactory.createMongo(mongoClient);
return BluebirdPromise.resolve(new UserDataStore(collectionFactory));
}
return BluebirdPromise.reject(new Error("Storage backend incorrectly configured."));
}
}
export class ServerVariablesInitializer {
static createUsersDatabase(
config: Configuration.Configuration,
deps: GlobalDependencies)
: IUsersDatabase {
if (config.authentication_backend.ldap) {
const ldapConfig = config.authentication_backend.ldap;
return new LdapUsersDatabase(
new SessionFactory(
ldapConfig,
new ConnectorFactory(ldapConfig, deps.ldapjs),
deps.winston
),
ldapConfig
);
}
else if (config.authentication_backend.file) {
return new FileUsersDatabase(config.authentication_backend.file);
}
}
static initialize(
config: Configuration.Configuration,
globalLogger: IGlobalLogger,
requestLogger: IRequestLogger,
deps: GlobalDependencies)
: BluebirdPromise<ServerVariables> {
const mailSenderBuilder =
new MailSenderBuilder(Nodemailer);
const notifier = NotifierFactory.build(
config.notifier, mailSenderBuilder);
const authorizer = new Authorizer(config.access_control, deps.winston);
const totpHandler = new TotpHandler(deps.speakeasy);
const usersDatabase = this.createUsersDatabase(
config, deps);
return UserDataStoreFactory.create(config, globalLogger)
.then(function (userDataStore: UserDataStore) {
const regulator = new Regulator(userDataStore, config.regulation.max_retries,
config.regulation.find_time, config.regulation.ban_time);
const variables: ServerVariables = {
authorizer: authorizer,
config: config,
usersDatabase: usersDatabase,
logger: requestLogger,
notifier: notifier,
regulator: regulator,
totpHandler: totpHandler,
u2f: deps.u2f,
userDataStore: userDataStore
};
return BluebirdPromise.resolve(variables);
});
}
}

View File

@ -0,0 +1,87 @@
import { ServerVariables } from "./ServerVariables";
import { Configuration } from "./configuration/schema/Configuration";
import { IUsersDatabaseStub } from "./authentication/backends/IUsersDatabaseStub.spec";
import { AuthorizerStub } from "./authorization/AuthorizerStub.spec";
import { RequestLoggerStub } from "./logging/RequestLoggerStub.spec";
import { NotifierStub } from "./notifiers/NotifierStub.spec";
import { RegulatorStub } from "./regulation/RegulatorStub.spec";
import { TotpHandlerStub } from "./authentication/totp/TotpHandlerStub.spec";
import { UserDataStoreStub } from "./storage/UserDataStoreStub.spec";
import { U2fHandlerStub } from "./authentication/u2f/U2fHandlerStub.spec";
export interface ServerVariablesMock {
authorizer: AuthorizerStub;
config: Configuration;
usersDatabase: IUsersDatabaseStub;
logger: RequestLoggerStub;
notifier: NotifierStub;
regulator: RegulatorStub;
totpHandler: TotpHandlerStub;
userDataStore: UserDataStoreStub;
u2f: U2fHandlerStub;
}
export class ServerVariablesMockBuilder {
static build(enableLogging?: boolean): { variables: ServerVariables, mocks: ServerVariablesMock} {
const mocks: ServerVariablesMock = {
authorizer: new AuthorizerStub(),
config: {
access_control: {},
totp: {
issuer: "authelia.com"
},
authentication_backend: {
ldap: {
url: "ldap://ldap",
base_dn: "dc=example,dc=com",
user: "user",
password: "password",
mail_attribute: "mail",
additional_users_dn: "ou=users",
additional_groups_dn: "ou=groups",
users_filter: "cn={0}",
groups_filter: "member={dn}",
group_name_attribute: "cn"
},
},
logs_level: "debug",
notifier: {},
port: 8080,
regulation: {
ban_time: 50,
find_time: 50,
max_retries: 3
},
session: {
secret: "my_secret",
domain: "mydomain"
},
storage: {}
},
usersDatabase: new IUsersDatabaseStub(),
logger: new RequestLoggerStub(enableLogging),
notifier: new NotifierStub(),
regulator: new RegulatorStub(),
totpHandler: new TotpHandlerStub(),
userDataStore: new UserDataStoreStub(),
u2f: new U2fHandlerStub()
};
const vars: ServerVariables = {
authorizer: mocks.authorizer,
config: mocks.config,
usersDatabase: mocks.usersDatabase,
logger: mocks.logger,
notifier: mocks.notifier,
regulator: mocks.regulator,
totpHandler: mocks.totpHandler,
userDataStore: mocks.userDataStore,
u2f: mocks.u2f
};
return {
variables: vars,
mocks: mocks
};
}
}

View File

@ -0,0 +1,5 @@
export enum Level {
NOT_AUTHENTICATED = 0,
ONE_FACTOR = 1,
TWO_FACTOR = 2
}

View File

@ -0,0 +1,5 @@
export interface GroupsAndEmails {
groups: string[];
emails: string[];
}

View File

@ -0,0 +1,10 @@
import Bluebird = require("bluebird");
import { GroupsAndEmails } from "./GroupsAndEmails";
export interface IUsersDatabase {
checkUserPassword(username: string, password: string): Bluebird<GroupsAndEmails>;
getEmails(username: string): Bluebird<string[]>;
getGroups(username: string): Bluebird<string[]>;
updatePassword(username: string, newPassword: string): Bluebird<void>;
}

View File

@ -0,0 +1,35 @@
import Bluebird = require("bluebird");
import Sinon = require("sinon");
import { IUsersDatabase } from "./IUsersDatabase";
import { GroupsAndEmails } from "./GroupsAndEmails";
export class IUsersDatabaseStub implements IUsersDatabase {
checkUserPasswordStub: Sinon.SinonStub;
getEmailsStub: Sinon.SinonStub;
getGroupsStub: Sinon.SinonStub;
updatePasswordStub: Sinon.SinonStub;
constructor() {
this.checkUserPasswordStub = Sinon.stub();
this.getEmailsStub = Sinon.stub();
this.getGroupsStub = Sinon.stub();
this.updatePasswordStub = Sinon.stub();
}
checkUserPassword(username: string, password: string): Bluebird<GroupsAndEmails> {
return this.checkUserPasswordStub(username, password);
}
getEmails(username: string): Bluebird<string[]> {
return this.getEmailsStub(username);
}
getGroups(username: string): Bluebird<string[]> {
return this.getGroupsStub(username);
}
updatePassword(username: string, newPassword: string): Bluebird<void> {
return this.updatePasswordStub(username, newPassword);
}
}

View File

@ -0,0 +1,224 @@
import Assert = require("assert");
import Bluebird = require("bluebird");
import Fs = require("fs");
import Sinon = require("sinon");
import Tmp = require("tmp");
import { FileUsersDatabase } from "./FileUsersDatabase";
import { FileUsersDatabaseConfiguration } from "../../../configuration/schema/FileUsersDatabaseConfiguration";
import { HashGenerator } from "../../../utils/HashGenerator";
const GOOD_DATABASE = `
users:
john:
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: john.doe@authelia.com
groups:
- admins
- dev
harry:
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
emails: harry.potter@authelia.com
groups: []
`;
const BAD_HASH = `
users:
john:
password: "{CRYPT}$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: john.doe@authelia.com
groups:
- admins
- dev
`;
const NO_PASSWORD_DATABASE = `
users:
john:
email: john.doe@authelia.com
groups:
- admins
- dev
`;
const NO_EMAIL_DATABASE = `
users:
john:
password: "{CRYPT}$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
groups:
- admins
- dev
`;
const SINGLE_USER_DATABASE = `
users:
john:
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
email: john.doe@authelia.com
groups:
- admins
- dev
`
function createTmpFileFrom(yaml: string) {
const tmpFileAsync = Bluebird.promisify(Tmp.file);
return tmpFileAsync()
.then((path: string) => {
Fs.writeFileSync(path, yaml, "utf-8");
return Bluebird.resolve(path);
});
}
describe("authentication/backends/file/FileUsersDatabase", function() {
let configuration: FileUsersDatabaseConfiguration;
describe("checkUserPassword", () => {
describe("good config", () => {
beforeEach(() => {
return createTmpFileFrom(GOOD_DATABASE)
.then((path: string) => configuration = {
path: path
});
});
it("should succeed", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.checkUserPassword("john", "password")
.then((groupsAndEmails) => {
Assert.deepEqual(groupsAndEmails.groups, ["admins", "dev"]);
Assert.deepEqual(groupsAndEmails.emails, ["john.doe@authelia.com"]);
});
});
it("should fail when password is wrong", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.checkUserPassword("john", "bad_password")
.then(() => Bluebird.reject(new Error("should not be here.")))
.catch((err) => {
return Bluebird.resolve();
});
});
it("should fail when user does not exist", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.checkUserPassword("no_user", "password")
.then(() => Bluebird.reject(new Error("should not be here.")))
.catch((err) => {
return Bluebird.resolve();
});
});
});
describe("bad hash", () => {
beforeEach(() => {
return createTmpFileFrom(GOOD_DATABASE)
.then((path: string) => configuration = {
path: path
});
});
it("should fail when hash is wrong", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.checkUserPassword("john", "password")
.then(() => Bluebird.reject(new Error("should not be here.")))
.catch((err) => {
return Bluebird.resolve();
});
});
});
describe("no password", () => {
beforeEach(() => {
return createTmpFileFrom(NO_PASSWORD_DATABASE)
.then((path: string) => configuration = {
path: path
});
});
it("should fail", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.checkUserPassword("john", "password")
.then(() => Bluebird.reject(new Error("should not be here.")))
.catch((err) => {
return Bluebird.resolve();
});
});
});
});
describe("getEmails", () => {
describe("good config", () => {
beforeEach(() => {
return createTmpFileFrom(GOOD_DATABASE)
.then((path: string) => configuration = {
path: path
});
});
it("should succeed", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.getEmails("john")
.then((emails) => {
Assert.deepEqual(emails, ["john.doe@authelia.com"]);
});
});
it("should fail when user does not exist", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.getEmails("no_user")
.then(() => Bluebird.reject(new Error("should not be here.")))
.catch((err) => {
return Bluebird.resolve();
});
});
});
describe("no email provided", () => {
beforeEach(() => {
return createTmpFileFrom(NO_EMAIL_DATABASE)
.then((path: string) => configuration = {
path: path
});
});
it("should fail", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.getEmails("john")
.then(() => Bluebird.reject(new Error("should not be here.")))
.catch((err) => {
return Bluebird.resolve();
});
});
});
});
describe("updatePassword", () => {
beforeEach(() => {
return createTmpFileFrom(SINGLE_USER_DATABASE)
.then((path: string) => configuration = {
path: path
});
});
it("should succeed", () => {
const usersDatabase = new FileUsersDatabase(configuration);
const NEW_HASH = "{CRYPT}$6$rounds=500000$Qw6MhgADvLyYMEq9$ABCDEFGHIJKLMNOPQRSTUVWXYZ";
const stub = Sinon.stub(HashGenerator, "ssha512").returns(Bluebird.resolve(NEW_HASH));
return usersDatabase.updatePassword("john", "mypassword")
.then(() => {
const content = Fs.readFileSync(configuration.path, "utf-8");
const matches = content.match(/password: '(.+)'/);
Assert.equal(matches[1], NEW_HASH);
})
.finally(() => stub.restore());
});
it("should fail when user does not exist", () => {
const usersDatabase = new FileUsersDatabase(configuration);
return usersDatabase.updatePassword("bad_user", "mypassword")
.then(() => Bluebird.reject(new Error("should not be here")))
.catch(() => Bluebird.resolve());
});
});
});

View File

@ -0,0 +1,182 @@
import Bluebird = require("bluebird");
import Fs = require("fs");
import Yaml = require("yamljs");
import { FileUsersDatabaseConfiguration }
from "../../../configuration/schema/FileUsersDatabaseConfiguration";
import { GroupsAndEmails } from "../GroupsAndEmails";
import { IUsersDatabase } from "../IUsersDatabase";
import { HashGenerator } from "../../../utils/HashGenerator";
import { ReadWriteQueue } from "./ReadWriteQueue";
const loadAsync = Bluebird.promisify(Yaml.load);
export class FileUsersDatabase implements IUsersDatabase {
private configuration: FileUsersDatabaseConfiguration;
private queue: ReadWriteQueue;
constructor(configuration: FileUsersDatabaseConfiguration) {
this.configuration = configuration;
this.queue = new ReadWriteQueue(this.configuration.path);
}
/**
* Read database from file.
* It enqueues the read task so that it is scheduled
* between other reads and writes.
*/
private readDatabase(): Bluebird<any> {
return new Bluebird<string>((resolve, reject) => {
this.queue.read((err: Error, data: string) => {
if (err) {
reject(err);
return;
}
resolve(data);
this.queue.next();
});
})
.then((content) => {
const database = Yaml.parse(content);
if (!database) {
return Bluebird.reject(new Error("Unable to parse YAML file."));
}
return Bluebird.resolve(database);
});
}
/**
* Checks the user exists in the database.
*/
private checkUserExists(
database: any,
username: string)
: Bluebird<void> {
if (!(username in database.users)) {
return Bluebird.reject(
new Error(`User ${username} does not exist in database.`));
}
return Bluebird.resolve();
}
/**
* Check the password of a given user.
*/
private checkPassword(
database: any,
username: string,
password: string)
: Bluebird<void> {
const storedHash: string = database.users[username].password;
const matches = storedHash.match(/rounds=([0-9]+)\$([a-zA-z0-9]+)\$/);
if (!(matches && matches.length == 3)) {
return Bluebird.reject(new Error("Unable to detect the hash salt and rounds. " +
"Make sure the password is hashed with SSHA512."));
}
const rounds: number = parseInt(matches[1]);
const salt = matches[2];
return HashGenerator.ssha512(password, rounds, salt)
.then((hash: string) => {
if (hash !== storedHash) {
return Bluebird.reject(new Error("Wrong username/password."));
}
return Bluebird.resolve();
});
}
/**
* Retrieve email addresses of a given user.
*/
private retrieveEmails(
database: any,
username: string)
: Bluebird<string[]> {
if (!("email" in database.users[username])) {
return Bluebird.reject(
new Error(`User ${username} has no email address.`));
}
return Bluebird.resolve(
[database.users[username].email]);
}
private retrieveGroups(
database: any,
username: string)
: Bluebird<string[]> {
if (!("groups" in database.users[username])) {
return Bluebird.resolve([]);
}
return Bluebird.resolve(
database.users[username].groups);
}
private replacePassword(
database: any,
username: string,
newPassword: string)
: Bluebird<void> {
const that = this;
return HashGenerator.ssha512(newPassword)
.then((hash) => {
database.users[username].password = hash;
const str = Yaml.stringify(database, 4, 2);
return Bluebird.resolve(str);
})
.then((content: string) => {
return new Bluebird((resolve, reject) => {
that.queue.write(content, (err) => {
if (err) {
return reject(err);
}
resolve();
that.queue.next();
});
});
});
}
checkUserPassword(
username: string,
password: string)
: Bluebird<GroupsAndEmails> {
return this.readDatabase()
.then((database) => {
return this.checkUserExists(database, username)
.then(() => this.checkPassword(database, username, password))
.then(() => {
return Bluebird.join(
this.retrieveEmails(database, username),
this.retrieveGroups(database, username)
).spread((emails: string[], groups: string[]) => {
return { emails: emails, groups: groups };
});
});
});
}
getEmails(username: string): Bluebird<string[]> {
return this.readDatabase()
.then((database) => {
return this.checkUserExists(database, username)
.then(() => this.retrieveEmails(database, username));
});
}
getGroups(username: string): Bluebird<string[]> {
return this.readDatabase()
.then((database) => {
return this.checkUserExists(database, username)
.then(() => this.retrieveGroups(database, username));
});
}
updatePassword(username: string, newPassword: string): Bluebird<void> {
return this.readDatabase()
.then((database) => {
return this.checkUserExists(database, username)
.then(() => this.replacePassword(database, username, newPassword));
});
}
}

View File

@ -0,0 +1,60 @@
import Fs = require("fs");
type Callback = (err: Error, data?: string) => void;
type ContentAndCallback = [string, Callback] | [string, string, Callback];
/**
* WriteQueue is a queue synchronizing writes to a file.
*
* Example of use:
*
* queue.add(mycontent, (err) => {
* // do whatever you want here.
* queue.next();
* })
*/
export class ReadWriteQueue {
private filePath: string;
private queue: ContentAndCallback[];
constructor (filePath: string) {
this.queue = [];
this.filePath = filePath;
}
next () {
if (this.queue.length === 0)
return;
const task = this.queue[0];
if (task[0] == "write") {
Fs.writeFile(this.filePath, task[1], "utf-8", (err) => {
this.queue.shift();
const cb = task[2] as Callback;
cb(err);
});
}
else if (task[0] == "read") {
Fs.readFile(this.filePath, { encoding: "utf-8"} , (err, data) => {
this.queue.shift();
const cb = task[1] as Callback;
cb(err, data);
});
}
}
write (content: string, cb: Callback) {
this.queue.push(["write", content, cb]);
if (this.queue.length === 1) {
this.next();
}
}
read (cb: Callback) {
this.queue.push(["read", cb]);
if (this.queue.length === 1) {
this.next();
}
}
}

View File

@ -0,0 +1,12 @@
import BluebirdPromise = require("bluebird");
export interface ISession {
open(): BluebirdPromise<void>;
close(): BluebirdPromise<void>;
searchUserDn(username: string): BluebirdPromise<string>;
searchEmails(username: string): BluebirdPromise<string[]>;
searchGroups(username: string): BluebirdPromise<string[]>;
modifyPassword(username: string, newPassword: string): BluebirdPromise<void>;
}

View File

@ -0,0 +1,6 @@
import { ISession } from "./ISession";
export interface ISessionFactory {
create(userDN: string, password: string): ISession;
}

View File

@ -0,0 +1,386 @@
import Assert = require("assert");
import Bluebird = require("bluebird");
import { LdapUsersDatabase } from "./LdapUsersDatabase";
import { SessionFactoryStub } from "./SessionFactoryStub.spec";
import { SessionStub } from "./SessionStub.spec";
const ADMIN_USER_DN = "cn=admin,dc=example,dc=com";
const ADMIN_PASSWORD = "password";
describe("ldap/connector/LdapUsersDatabase", function() {
let sessionFactory: SessionFactoryStub;
let usersDatabase: LdapUsersDatabase;
const USERNAME = "user";
const PASSWORD = "pass";
const NEW_PASSWORD = "pass2";
const LDAP_CONFIG = {
url: "http://localhost:324",
additional_users_dn: "ou=users",
additional_groups_dn: "ou=groups",
base_dn: "dc=example,dc=com",
users_filter: "cn={0}",
groups_filter: "member={0}",
mail_attribute: "mail",
group_name_attribute: "cn",
user: ADMIN_USER_DN,
password: ADMIN_PASSWORD
};
beforeEach(function() {
sessionFactory = new SessionFactoryStub();
usersDatabase = new LdapUsersDatabase(sessionFactory, LDAP_CONFIG);
})
describe("checkUserPassword", function() {
it("should return groups and emails when user/password matches", function() {
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
const emails = ["email1", "email2"];
const groups = ["group1", "group2"];
const adminSession = new SessionStub();
const userSession = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
adminSession.openStub.returns(Bluebird.resolve());
adminSession.closeStub.returns(Bluebird.resolve());
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
adminSession.searchEmailsStub.withArgs(USERNAME).returns(Bluebird.resolve(emails));
adminSession.searchGroupsStub.withArgs(USERNAME).returns(Bluebird.resolve(groups));
userSession.openStub.returns(Bluebird.resolve());
userSession.closeStub.returns(Bluebird.resolve());
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
.then((groupsAndEmails) => {
Assert.deepEqual(groupsAndEmails.groups, groups);
Assert.deepEqual(groupsAndEmails.emails, emails);
})
});
it("should fail when username/password is wrong", function() {
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
const adminSession = new SessionStub();
const userSession = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
adminSession.openStub.returns(Bluebird.resolve());
adminSession.closeStub.returns(Bluebird.resolve());
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
userSession.openStub.returns(Bluebird.reject(new Error("Failed binding")));
userSession.closeStub.returns(Bluebird.resolve());
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(userSession.closeStub.called);
Assert(adminSession.closeStub.called);
return Bluebird.resolve();
})
});
it("should fail when admin binding fails", function() {
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
const adminSession = new SessionStub();
const userSession = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
adminSession.openStub.returns(Bluebird.reject(new Error("Failed binding")));
adminSession.closeStub.returns(Bluebird.resolve());
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(userSession.closeStub.notCalled);
Assert(adminSession.closeStub.called);
return Bluebird.resolve();
})
});
it("should fail when search for user dn fails", function() {
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
const adminSession = new SessionStub();
const userSession = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
adminSession.openStub.returns(Bluebird.resolve());
adminSession.closeStub.returns(Bluebird.resolve());
adminSession.searchUserDnStub.returns(Bluebird.reject(new Error("Failed searching user dn")));
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(userSession.closeStub.notCalled);
Assert(adminSession.closeStub.called);
return Bluebird.resolve();
})
});
it("should fail when groups retrieval fails", function() {
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
const emails = ["email1", "email2"];
const groups = ["group1", "group2"];
const adminSession = new SessionStub();
const userSession = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
adminSession.openStub.returns(Bluebird.resolve());
adminSession.closeStub.returns(Bluebird.resolve());
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
adminSession.searchEmailsStub.withArgs(USERNAME)
.returns(Bluebird.resolve(emails));
adminSession.searchGroupsStub.withArgs(USERNAME)
.returns(Bluebird.reject(new Error("Failed retrieving groups")));
userSession.openStub.returns(Bluebird.resolve());
userSession.closeStub.returns(Bluebird.resolve());
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
.then((groupsAndEmails) => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(userSession.closeStub.called);
Assert(adminSession.closeStub.called);
})
});
it("should fail when emails retrieval fails", function() {
const USER_DN = `cn=${USERNAME},dc=example,dc=com`;
const emails = ["email1", "email2"];
const groups = ["group1", "group2"];
const adminSession = new SessionStub();
const userSession = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(adminSession);
sessionFactory.createStub.withArgs(USER_DN, PASSWORD).returns(userSession);
adminSession.openStub.returns(Bluebird.resolve());
adminSession.closeStub.returns(Bluebird.resolve());
adminSession.searchUserDnStub.returns(Bluebird.resolve(USER_DN));
adminSession.searchEmailsStub.withArgs(USERNAME)
.returns(Bluebird.reject(new Error("Emails retrieval failed")));
adminSession.searchGroupsStub.withArgs(USERNAME)
.returns(Bluebird.resolve(groups));
userSession.openStub.returns(Bluebird.resolve());
userSession.closeStub.returns(Bluebird.resolve());
return usersDatabase.checkUserPassword(USERNAME, PASSWORD)
.then((groupsAndEmails) => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(userSession.closeStub.called);
Assert(adminSession.closeStub.called);
})
});
});
describe("getEmails", function() {
it("should succefully retrieves email", () => {
const emails = ["email1", "email2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.closeStub.returns(Bluebird.resolve());
session.searchEmailsStub.returns(Bluebird.resolve(emails));
return usersDatabase.getEmails(USERNAME)
.then((foundEmails) => {
Assert(session.closeStub.called);
Assert.deepEqual(foundEmails, emails);
})
});
it("should fail when binding fails", () => {
const emails = ["email1", "email2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.reject(new Error("Binding failed")));
return usersDatabase.getEmails(USERNAME)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(session.closeStub.called);
})
});
it("should fail when unbinding fails", () => {
const emails = ["email1", "email2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.searchEmailsStub.returns(Bluebird.resolve(emails));
session.closeStub.returns(Bluebird.reject(new Error("Unbinding failed")));
return usersDatabase.getEmails(USERNAME)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(session.closeStub.called);
})
});
it("should fail when search fails", () => {
const emails = ["email1", "email2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.searchEmailsStub.returns(Bluebird.reject(new Error("Search failed")));
session.closeStub.returns(Bluebird.resolve());
return usersDatabase.getEmails(USERNAME)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(session.closeStub.called);
})
});
});
describe("getGroups", function() {
it("should succefully retrieves groups", () => {
const groups = ["group1", "group2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.closeStub.returns(Bluebird.resolve());
session.searchGroupsStub.returns(Bluebird.resolve(groups));
return usersDatabase.getGroups(USERNAME)
.then((foundGroups) => {
Assert(session.closeStub.called);
Assert.deepEqual(foundGroups, groups);
})
});
it("should fail when binding fails", () => {
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.reject(new Error("Binding failed")));
return usersDatabase.getGroups(USERNAME)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(session.closeStub.called);
})
});
it("should fail when unbinding fails", () => {
const groups = ["group1", "group2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.searchGroupsStub.returns(Bluebird.resolve(groups));
session.closeStub.returns(Bluebird.reject(new Error("Unbinding failed")));
return usersDatabase.getGroups(USERNAME)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(session.closeStub.called);
})
});
it("should fail when search fails", () => {
const groups = ["group1", "group2"];
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.searchGroupsStub.returns(Bluebird.reject(new Error("Search failed")));
session.closeStub.returns(Bluebird.resolve());
return usersDatabase.getGroups(USERNAME)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch((err) => {
Assert(session.closeStub.called);
})
});
});
describe("updatePassword", function() {
it("should successfully update password", () => {
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.closeStub.returns(Bluebird.resolve());
session.modifyPasswordStub.returns(Bluebird.resolve());
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
.then(() => {
Assert(session.modifyPasswordStub.calledWith(USERNAME, NEW_PASSWORD));
Assert(session.closeStub.called);
})
});
it("should fail when binding fails", () => {
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.reject(new Error("Binding failed")));
session.closeStub.returns(Bluebird.resolve());
session.modifyPasswordStub.returns(Bluebird.resolve());
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch(() => {
Assert(session.closeStub.called);
})
});
it("should fail when update fails", () => {
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.closeStub.returns(Bluebird.reject(new Error("Update failed")));
session.modifyPasswordStub.returns(Bluebird.resolve());
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch(() => {
Assert(session.closeStub.called);
})
});
it("should fail when unbind fails", () => {
const session = new SessionStub();
sessionFactory.createStub.withArgs(ADMIN_USER_DN, ADMIN_PASSWORD).returns(session);
session.openStub.returns(Bluebird.resolve());
session.closeStub.returns(Bluebird.resolve());
session.modifyPasswordStub.returns(Bluebird.reject(new Error("Unbind failed")));
return usersDatabase.updatePassword(USERNAME, NEW_PASSWORD)
.then(() => Bluebird.reject(new Error("should not be here")))
.catch(() => {
Assert(session.closeStub.called);
})
});
});
});

View File

@ -0,0 +1,107 @@
import Bluebird = require("bluebird");
import { IUsersDatabase } from "../IUsersDatabase";
import { ISessionFactory } from "./ISessionFactory";
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
import { ISession } from "./ISession";
import { GroupsAndEmails } from "../GroupsAndEmails";
import Exceptions = require("../../../Exceptions");
type SessionCallback<T> = (session: ISession) => Bluebird<T>;
export class LdapUsersDatabase implements IUsersDatabase {
private sessionFactory: ISessionFactory;
private configuration: LdapConfiguration;
constructor(
sessionFactory: ISessionFactory,
configuration: LdapConfiguration) {
this.sessionFactory = sessionFactory;
this.configuration = configuration;
}
private withSession<T>(
username: string,
password: string,
cb: SessionCallback<T>): Bluebird<T> {
const session = this.sessionFactory.create(username, password);
return session.open()
.then(() => cb(session))
.finally(() => session.close());
}
checkUserPassword(username: string, password: string): Bluebird<GroupsAndEmails> {
const that = this;
function verifyUserPassword(userDN: string) {
return that.withSession<void>(
userDN,
password,
(session) => Bluebird.resolve()
);
}
function getInfo(session: ISession) {
return Bluebird.join(
session.searchGroups(username),
session.searchEmails(username)
)
.spread((groups: string[], emails: string[]) => {
return { groups: groups, emails: emails };
});
}
return that.withSession(
that.configuration.user,
that.configuration.password,
(session) => {
return session.searchUserDn(username)
.then(verifyUserPassword)
.then(() => getInfo(session));
})
.catch((err) =>
Bluebird.reject(new Exceptions.LdapError(err.message)));
}
getEmails(username: string): Bluebird<string[]> {
const that = this;
return that.withSession(
that.configuration.user,
that.configuration.password,
(session) => {
return session.searchEmails(username);
}
)
.catch((err) =>
Bluebird.reject(new Exceptions.LdapError("Failed during email retrieval: " + err.message))
);
}
getGroups(username: string): Bluebird<string[]> {
const that = this;
return that.withSession(
that.configuration.user,
that.configuration.password,
(session) => {
return session.searchGroups(username);
}
)
.catch((err) =>
Bluebird.reject(new Exceptions.LdapError("Failed during email retrieval: " + err.message))
);
}
updatePassword(username: string, newPassword: string): Bluebird<void> {
const that = this;
return that.withSession(
that.configuration.user,
that.configuration.password,
(session) => {
return session.modifyPassword(username, newPassword);
}
)
.catch(function (err: Error) {
return Bluebird.reject(
new Exceptions.LdapError(
"Error while updating password: " + err.message));
});
}
}

View File

@ -0,0 +1,76 @@
import BluebirdPromise = require("bluebird");
import { SessionStub } from "./SessionStub.spec";
import { SafeSession } from "./SafeSession";
describe("ldap/SanitizedClient", function () {
let client: SafeSession;
beforeEach(function () {
const clientStub = new SessionStub();
clientStub.searchUserDnStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.searchGroupsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.searchEmailsStub.onCall(0).returns(BluebirdPromise.resolve());
clientStub.modifyPasswordStub.onCall(0).returns(BluebirdPromise.resolve());
client = new SafeSession(clientStub);
});
describe("special chars are used", function () {
it("should fail when special chars are used in searchUserDn", function () {
// potential ldap injection";
return client.searchUserDn("cn=dummy_user,ou=groupgs")
.then(function () {
return BluebirdPromise.reject(new Error("Should not be here."));
}, function () {
return BluebirdPromise.resolve();
});
});
it("should fail when special chars are used in searchGroups", function () {
// potential ldap injection";
return client.searchGroups("cn=dummy_user,ou=groupgs")
.then(function () {
return BluebirdPromise.reject(new Error("Should not be here."));
}, function () {
return BluebirdPromise.resolve();
});
});
it("should fail when special chars are used in searchEmails", function () {
// potential ldap injection";
return client.searchEmails("cn=dummy_user,ou=groupgs")
.then(function () {
return BluebirdPromise.reject(new Error("Should not be here."));
}, function () {
return BluebirdPromise.resolve();
});
});
it("should fail when special chars are used in modifyPassword", function () {
// potential ldap injection";
return client.modifyPassword("cn=dummy_user,ou=groupgs", "abc")
.then(function () {
return BluebirdPromise.reject(new Error("Should not be here."));
}, function () {
return BluebirdPromise.resolve();
});
});
});
describe("no special chars are used", function() {
it("should succeed when no special chars are used in searchUserDn", function () {
return client.searchUserDn("dummy_user");
});
it("should succeed when no special chars are used in searchGroups", function () {
return client.searchGroups("dummy_user");
});
it("should succeed when no special chars are used in searchEmails", function () {
return client.searchEmails("dummy_user");
});
it("should succeed when no special chars are used in modifyPassword", function () {
return client.modifyPassword("dummy_user", "abc");
});
});
});

View File

@ -0,0 +1,62 @@
import BluebirdPromise = require("bluebird");
import { ISession } from "./ISession";
import { Sanitizer } from "./Sanitizer";
const SPECIAL_CHAR_USED_MESSAGE = "Special character used in LDAP query.";
export class SafeSession implements ISession {
private sesion: ISession;
constructor(sesion: ISession) {
this.sesion = sesion;
}
open(): BluebirdPromise<void> {
return this.sesion.open();
}
close(): BluebirdPromise<void> {
return this.sesion.close();
}
searchGroups(username: string): BluebirdPromise<string[]> {
try {
const sanitizedUsername = Sanitizer.sanitize(username);
return this.sesion.searchGroups(sanitizedUsername);
}
catch (e) {
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
searchUserDn(username: string): BluebirdPromise<string> {
try {
const sanitizedUsername = Sanitizer.sanitize(username);
return this.sesion.searchUserDn(sanitizedUsername);
}
catch (e) {
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
searchEmails(username: string): BluebirdPromise<string[]> {
try {
const sanitizedUsername = Sanitizer.sanitize(username);
return this.sesion.searchEmails(sanitizedUsername);
}
catch (e) {
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
modifyPassword(username: string, newPassword: string): BluebirdPromise<void> {
try {
const sanitizedUsername = Sanitizer.sanitize(username);
return this.sesion.modifyPassword(sanitizedUsername, newPassword);
}
catch (e) {
return BluebirdPromise.reject(new Error(SPECIAL_CHAR_USED_MESSAGE));
}
}
}

View File

@ -0,0 +1,25 @@
import Assert = require("assert");
import { Sanitizer } from "./Sanitizer";
describe("ldap/InputsSanitizer", function () {
it("should fail when special characters are used", function () {
Assert.throws(() => { Sanitizer.sanitize("ab,c"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a\\bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a'bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a#bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a+bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a<bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a>bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a;bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a\"bc"); }, Error);
Assert.throws(() => { Sanitizer.sanitize("a=bc"); }, Error);
});
it("should return original string", function () {
Assert.equal(Sanitizer.sanitize("abcdef"), "abcdef");
});
it("should trim", function () {
Assert.throws(() => { Sanitizer.sanitize(" abc "); }, Error);
});
});

View File

@ -0,0 +1,25 @@
// returns true for 1 or more matches, where 'a' is an array and 'b' is a search string or an array of multiple search strings
function contains(a: string, character: string) {
// string match
return a.indexOf(character) > -1;
}
function containsOneOf(s: string, characters: string[]) {
return characters
.map((character: string) => { return contains(s, character); })
.reduce((acc: boolean, current: boolean) => { return acc || current; }, false);
}
export class Sanitizer {
static sanitize(input: string): string {
const forbiddenChars = [",", "\\", "'", "#", "+", "<", ">", ";", "\"", "="];
if (containsOneOf(input, forbiddenChars))
throw new Error("Input containing unsafe characters.");
if (input != input.trim())
throw new Error("Input has unexpected spaces.");
return input;
}
}

View File

@ -0,0 +1,127 @@
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
import { Session } from "./Session";
import { ConnectorFactoryStub } from "./connector/ConnectorFactoryStub.spec";
import { ConnectorStub } from "./connector/ConnectorStub.spec";
import Sinon = require("sinon");
import BluebirdPromise = require("bluebird");
import Assert = require("assert");
import Winston = require("winston");
describe("ldap/Session", function () {
const USERNAME = "username";
const ADMIN_USER_DN = "cn=admin,dc=example,dc=com";
const ADMIN_PASSWORD = "password";
it("should replace {0} by username when searching for groups in LDAP", function () {
const options: LdapConfiguration = {
url: "ldap://ldap",
additional_users_dn: "ou=users",
additional_groups_dn: "ou=groups",
base_dn: "dc=example,dc=com",
users_filter: "cn={0}",
groups_filter: "member=cn={0},ou=users,dc=example,dc=com",
group_name_attribute: "cn",
mail_attribute: "mail",
user: "cn=admin,dc=example,dc=com",
password: "password"
};
const connectorStub = new ConnectorStub();
connectorStub.searchAsyncStub.returns(BluebirdPromise.resolve([{
cn: "group1"
}]));
const client = new Session(ADMIN_USER_DN, ADMIN_PASSWORD, options, connectorStub, Winston);
return client.searchGroups("user1")
.then(function () {
Assert.equal(connectorStub.searchAsyncStub.getCall(0).args[1].filter,
"member=cn=user1,ou=users,dc=example,dc=com");
});
});
it("should replace {dn} by user DN when searching for groups in LDAP", function () {
const USER_DN = "cn=user1,ou=users,dc=example,dc=com";
const options: LdapConfiguration = {
url: "ldap://ldap",
additional_users_dn: "ou=users",
additional_groups_dn: "ou=groups",
base_dn: "dc=example,dc=com",
users_filter: "cn={0}",
groups_filter: "member={dn}",
group_name_attribute: "cn",
mail_attribute: "mail",
user: "cn=admin,dc=example,dc=com",
password: "password"
};
const ldapClient = new ConnectorStub();
// Retrieve user DN
ldapClient.searchAsyncStub.withArgs("ou=users,dc=example,dc=com", {
scope: "sub",
sizeLimit: 1,
attributes: ["dn"],
filter: "cn=user1"
}).returns(BluebirdPromise.resolve([{
dn: USER_DN
}]));
// Retrieve groups
ldapClient.searchAsyncStub.withArgs("ou=groups,dc=example,dc=com", {
scope: "sub",
attributes: ["cn"],
filter: "member=" + USER_DN
}).returns(BluebirdPromise.resolve([{
cn: "group1"
}]));
const client = new Session(ADMIN_USER_DN, ADMIN_PASSWORD, options, ldapClient, Winston);
return client.searchGroups("user1")
.then(function (groups: string[]) {
Assert.deepEqual(groups, ["group1"]);
});
});
it("should retrieve mail from custom attribute", function () {
const USER_DN = "cn=user1,ou=users,dc=example,dc=com";
const options: LdapConfiguration = {
url: "ldap://ldap",
additional_users_dn: "ou=users",
additional_groups_dn: "ou=groups",
base_dn: "dc=example,dc=com",
users_filter: "cn={0}",
groups_filter: "member={dn}",
group_name_attribute: "cn",
mail_attribute: "custom_mail",
user: "cn=admin,dc=example,dc=com",
password: "password"
};
const connector = new ConnectorStub();
// Retrieve user DN
connector.searchAsyncStub.withArgs("ou=users,dc=example,dc=com", {
scope: "sub",
sizeLimit: 1,
attributes: ["dn"],
filter: "cn=user1"
}).returns(BluebirdPromise.resolve([{
dn: USER_DN
}]));
// Retrieve email
connector.searchAsyncStub.withArgs("cn=user1,ou=users,dc=example,dc=com", {
scope: "base",
sizeLimit: 1,
attributes: ["custom_mail"],
}).returns(BluebirdPromise.resolve([{
custom_mail: "user1@example.com"
}]));
const client = new Session(ADMIN_USER_DN, ADMIN_PASSWORD, options, connector, Winston);
return client.searchEmails("user1")
.then(function (emails: string[]) {
Assert.deepEqual(emails, ["user1@example.com"]);
});
});
});

View File

@ -0,0 +1,156 @@
import BluebirdPromise = require("bluebird");
import exceptions = require("../../../Exceptions");
import { EventEmitter } from "events";
import { ISession } from "./ISession";
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
import { Winston } from "../../../../../types/Dependencies";
import Util = require("util");
import { HashGenerator } from "../../../utils/HashGenerator";
import { IConnector } from "./connector/IConnector";
export class Session implements ISession {
private userDN: string;
private password: string;
private connector: IConnector;
private logger: Winston;
private options: LdapConfiguration;
private groupsSearchBase: string;
private usersSearchBase: string;
constructor(userDN: string, password: string, options: LdapConfiguration,
connector: IConnector, logger: Winston) {
this.options = options;
this.logger = logger;
this.userDN = userDN;
this.password = password;
this.connector = connector;
this.groupsSearchBase = (this.options.additional_groups_dn)
? Util.format("%s,%s", this.options.additional_groups_dn, this.options.base_dn)
: this.options.base_dn;
this.usersSearchBase = (this.options.additional_users_dn)
? Util.format("%s,%s", this.options.additional_users_dn, this.options.base_dn)
: this.options.base_dn;
}
open(): BluebirdPromise<void> {
this.logger.debug("LDAP: Bind user '%s'", this.userDN);
return this.connector.bindAsync(this.userDN, this.password)
.error(function (err: Error) {
return BluebirdPromise.reject(new exceptions.LdapBindError(err.message));
});
}
close(): BluebirdPromise<void> {
this.logger.debug("LDAP: Unbind user '%s'", this.userDN);
return this.connector.unbindAsync()
.error(function (err: Error) {
return BluebirdPromise.reject(new exceptions.LdapBindError(err.message));
});
}
private createGroupsFilter(userGroupsFilter: string, username: string): BluebirdPromise<string> {
if (userGroupsFilter.indexOf("{0}") > 0) {
return BluebirdPromise.resolve(userGroupsFilter.replace("{0}", username));
}
else if (userGroupsFilter.indexOf("{dn}") > 0) {
return this.searchUserDn(username)
.then(function (userDN: string) {
return BluebirdPromise.resolve(userGroupsFilter.replace("{dn}", userDN));
});
}
return BluebirdPromise.resolve(userGroupsFilter);
}
searchGroups(username: string): BluebirdPromise<string[]> {
const that = this;
return this.createGroupsFilter(this.options.groups_filter, username)
.then(function (groupsFilter: string) {
that.logger.debug("Computed groups filter is %s", groupsFilter);
const query = {
scope: "sub",
attributes: [that.options.group_name_attribute],
filter: groupsFilter
};
return that.connector.searchAsync(that.groupsSearchBase, query);
})
.then(function (docs: { cn: string }[]) {
const groups = docs.map((doc: any) => { return doc.cn; });
that.logger.debug("LDAP: groups of user %s are [%s]", username, groups.join(","));
return BluebirdPromise.resolve(groups);
});
}
searchUserDn(username: string): BluebirdPromise<string> {
const that = this;
const filter = this.options.users_filter.replace("{0}", username);
this.logger.debug("Computed users filter is %s", filter);
const query = {
scope: "sub",
sizeLimit: 1,
attributes: ["dn"],
filter: filter
};
that.logger.debug("LDAP: searching for user dn of %s", username);
return that.connector.searchAsync(this.usersSearchBase, query)
.then(function (users: { dn: string }[]) {
if (users.length > 0) {
that.logger.debug("LDAP: retrieved user dn is %s", users[0].dn);
return BluebirdPromise.resolve(users[0].dn);
}
return BluebirdPromise.reject(new Error(
Util.format("No user DN found for user '%s'", username)));
});
}
searchEmails(username: string): BluebirdPromise<string[]> {
const that = this;
const query = {
scope: "base",
sizeLimit: 1,
attributes: [this.options.mail_attribute]
};
return this.searchUserDn(username)
.then(function (userDN) {
return that.connector.searchAsync(userDN, query);
})
.then(function (docs: { [mail_attribute: string]: string }[]) {
const emails: string[] = docs
.filter((d) => { return typeof d[that.options.mail_attribute] === "string"; })
.map((d) => { return d[that.options.mail_attribute]; });
that.logger.debug("LDAP: emails of user '%s' are %s", username, emails);
return BluebirdPromise.resolve(emails);
})
.catch(function (err: Error) {
return BluebirdPromise.reject(new exceptions.LdapError("Error while searching emails. " + err.stack));
});
}
modifyPassword(username: string, newPassword: string): BluebirdPromise<void> {
const that = this;
this.logger.debug("LDAP: update password of user '%s'", username);
return this.searchUserDn(username)
.then(function (userDN: string) {
return BluebirdPromise.join(
HashGenerator.ssha512(newPassword),
BluebirdPromise.resolve(userDN));
})
.then(function (res: string[]) {
const change = {
operation: "replace",
modification: {
userPassword: res[0]
}
};
that.logger.debug("Password new='%s'", change.modification.userPassword);
return that.connector.modifyAsync(res[1], change);
})
.then(function () {
return that.connector.unbindAsync();
});
}
}

View File

@ -0,0 +1,37 @@
import Ldapjs = require("ldapjs");
import Winston = require("winston");
import { IConnectorFactory } from "./connector/IConnectorFactory";
import { ISessionFactory } from "./ISessionFactory";
import { ISession } from "./ISession";
import { LdapConfiguration } from "../../../configuration/schema/LdapConfiguration";
import { Session } from "./Session";
import { SafeSession } from "./SafeSession";
export class SessionFactory implements ISessionFactory {
private config: LdapConfiguration;
private connectorFactory: IConnectorFactory;
private logger: typeof Winston;
constructor(ldapConfiguration: LdapConfiguration,
connectorFactory: IConnectorFactory,
logger: typeof Winston) {
this.config = ldapConfiguration;
this.connectorFactory = connectorFactory;
this.logger = logger;
}
create(userDN: string, password: string): ISession {
const connector = this.connectorFactory.create();
return new SafeSession(
new Session(
userDN,
password,
this.config,
connector,
this.logger
)
);
}
}

View File

@ -0,0 +1,16 @@
import Sinon = require("sinon");
import { ISession } from "./ISession";
import { ISessionFactory } from "./ISessionFactory";
export class SessionFactoryStub implements ISessionFactory {
createStub: Sinon.SinonStub;
constructor() {
this.createStub = Sinon.stub();
}
create(userDN: string, password: string): ISession {
return this.createStub(userDN, password);
}
}

View File

@ -0,0 +1,46 @@
import Bluebird = require("bluebird");
import Sinon = require("sinon");
import { ISession } from "./ISession";
export class SessionStub implements ISession {
openStub: Sinon.SinonStub;
closeStub: Sinon.SinonStub;
searchUserDnStub: Sinon.SinonStub;
searchEmailsStub: Sinon.SinonStub;
searchGroupsStub: Sinon.SinonStub;
modifyPasswordStub: Sinon.SinonStub;
constructor() {
this.openStub = Sinon.stub();
this.closeStub = Sinon.stub();
this.searchUserDnStub = Sinon.stub();
this.searchEmailsStub = Sinon.stub();
this.searchGroupsStub = Sinon.stub();
this.modifyPasswordStub = Sinon.stub();
}
open(): Bluebird<void> {
return this.openStub();
}
close(): Bluebird<void> {
return this.closeStub();
}
searchUserDn(username: string): Bluebird<string> {
return this.searchUserDnStub(username);
}
searchEmails(username: string): Bluebird<string[]> {
return this.searchEmailsStub(username);
}
searchGroups(username: string): Bluebird<string[]> {
return this.searchGroupsStub(username);
}
modifyPassword(username: string, newPassword: string): Bluebird<void> {
return this.modifyPasswordStub(username, newPassword);
}
}

View File

@ -0,0 +1,69 @@
import LdapJs = require("ldapjs");
import EventEmitter = require("events");
import Bluebird = require("bluebird");
import { IConnector } from "./IConnector";
import Exceptions = require("../../../../Exceptions");
interface SearchEntry {
object: any;
}
export interface ClientAsync {
on(event: string, callback: (data?: any) => void): void;
bindAsync(username: string, password: string): Bluebird<void>;
unbindAsync(): Bluebird<void>;
searchAsync(base: string, query: LdapJs.SearchOptions): Bluebird<EventEmitter>;
modifyAsync(userdn: string, change: LdapJs.Change): Bluebird<void>;
}
export class Connector implements IConnector {
private client: ClientAsync;
constructor(url: string, ldapjs: typeof LdapJs) {
const ldapClient = ldapjs.createClient({
url: url,
reconnect: true
});
/*const clientLogger = (ldapClient as any).log;
if (clientLogger) {
clientLogger.level("trace");
}*/
this.client = Bluebird.promisifyAll(ldapClient) as any;
}
bindAsync(username: string, password: string): Bluebird<void> {
return this.client.bindAsync(username, password);
}
unbindAsync(): Bluebird<void> {
return this.client.unbindAsync();
}
searchAsync(base: string, query: any): Bluebird<any[]> {
const that = this;
return this.client.searchAsync(base, query)
.then(function (res: EventEmitter) {
const doc: SearchEntry[] = [];
return new Bluebird<any[]>((resolve, reject) => {
res.on("searchEntry", function (entry: SearchEntry) {
doc.push(entry.object);
});
res.on("error", function (err: Error) {
reject(new Exceptions.LdapSearchError(err.message));
});
res.on("end", function () {
resolve(doc);
});
});
})
.catch(function (err: Error) {
return Bluebird.reject(new Exceptions.LdapSearchError(err.message));
});
}
modifyAsync(dn: string, changeRequest: any): Bluebird<void> {
return this.client.modifyAsync(dn, changeRequest);
}
}

View File

@ -0,0 +1,18 @@
import { IConnector } from "./IConnector";
import { Connector } from "./Connector";
import { LdapConfiguration } from "../../../../configuration/schema/LdapConfiguration";
import { Ldapjs } from "Dependencies";
export class ConnectorFactory {
private configuration: LdapConfiguration;
private ldapjs: Ldapjs;
constructor(configuration: LdapConfiguration, ldapjs: Ldapjs) {
this.configuration = configuration;
this.ldapjs = ldapjs;
}
create(): IConnector {
return new Connector(this.configuration.url, this.ldapjs);
}
}

View File

@ -0,0 +1,17 @@
import BluebirdPromise = require("bluebird");
import Sinon = require("sinon");
import { IConnectorFactory } from "./IConnectorFactory";
import { IConnector } from "./IConnector";
export class ConnectorFactoryStub implements IConnectorFactory {
createStub: Sinon.SinonStub;
constructor() {
this.createStub = Sinon.stub();
}
create(): IConnector {
return this.createStub();
}
}

View File

@ -0,0 +1,34 @@
import BluebirdPromise = require("bluebird");
import Sinon = require("sinon");
import { IConnector } from "./IConnector";
export class ConnectorStub implements IConnector {
bindAsyncStub: Sinon.SinonStub;
unbindAsyncStub: Sinon.SinonStub;
searchAsyncStub: Sinon.SinonStub;
modifyAsyncStub: Sinon.SinonStub;
constructor() {
this.bindAsyncStub = Sinon.stub();
this.unbindAsyncStub = Sinon.stub();
this.searchAsyncStub = Sinon.stub();
this.modifyAsyncStub = Sinon.stub();
}
bindAsync(username: string, password: string): BluebirdPromise<void> {
return this.bindAsyncStub(username, password);
}
unbindAsync(): BluebirdPromise<void> {
return this.unbindAsyncStub();
}
searchAsync(base: string, query: any): BluebirdPromise<any[]> {
return this.searchAsyncStub(base, query);
}
modifyAsync(dn: string, changeRequest: any): BluebirdPromise<void> {
return this.modifyAsyncStub(dn, changeRequest);
}
}

Some files were not shown because too many files have changed in this diff Show More