Merge pull request #346 from solid/auth-config

Andrei · Andrei · commit 75c18daad948 · 2016-05-11T16:11:52.000-04:00
Making authentication strategy an option
diff --git a/bin/lib/options.js b/bin/lib/options.js
@@ -26,9 +26,28 @@ module.exports = [
     name: 'webid',
     help: 'Enable WebID+TLS authentication (use `--no-webid` for HTTP instead of HTTPS)',
     flag: true,
-    question: 'Enable WebID-TLS authentication',
+    question: 'Enable WebID authentication',
     prompt: true
   },
+  {
+    name: 'auth',
+    help: 'Pick an authentication strategy for WebID: `tls` or `oidc`',
+    question: 'Select authentication strategy',
+    type: 'list',
+    choices: [
+      'WebID-TLS',
+      'WebID-OpenID Connect'
+    ],
+    prompt: true,
+    default: 'WebID-TLS',
+    filter: (value) => {
+      if (value === 'WebID-TLS') return 'tls'
+      if (value === 'WebID-OpenID Connect') return 'oidc'
+    },
+    when: (answers) => {
+      return answers.webid
+    }
+  },
   {
     name: 'useOwner',
     question: 'Do you already have a WebID?',
diff --git a/lib/create-app.js b/lib/create-app.js
@@ -95,7 +95,8 @@ function createApp (argv = {}) {
       store: ldp,
       suffixAcl: ldp.suffixAcl,
       settings: 'settings',
-      inbox: 'inbox'
+      inbox: 'inbox',
+      auth: ldp.auth
     })
     var needsOverwrite = function (req, res, next) {
       checkMasterAcl(req, function (found) {
diff --git a/lib/create-server.js b/lib/create-server.js
@@ -55,8 +55,11 @@ function createServer (argv) {
 
     var credentials = {
       key: key,
-      cert: cert,
-      requestCert: true
+      cert: cert
+    }
+
+    if (ldp.webid && ldp.auth === 'tls') {
+      credentials.requestCert = true
     }
 
     server = https.createServer(credentials, app)
diff --git a/lib/handlers/authentication.js b/lib/handlers/authentication.js
@@ -2,6 +2,7 @@ module.exports = handler
 
 var webid = require('webid/tls')
 var debug = require('../debug').authentication
+var error = require('../http-error')
 
 function handler (req, res, next) {
   var ldp = req.app.locals.ldp
@@ -27,27 +28,33 @@ function handler (req, res, next) {
     return next()
   }
 
-  var certificate = req.connection.getPeerCertificate()
-  // Certificate is empty? skip
-  if (certificate === null || Object.keys(certificate).length === 0) {
-    debug('No client certificate found in the request. Did the user click on a cert?')
-    setEmptySession(req)
-    return next()
-  }
-
-  // Verify webid
-  webid.verify(certificate, function (err, result) {
-    if (err) {
-      debug('Error processing certificate: ' + err.message)
+  if (ldp.auth === 'tls') {
+    var certificate = req.connection.getPeerCertificate()
+    // Certificate is empty? skip
+    if (certificate === null || Object.keys(certificate).length === 0) {
+      debug('No client certificate found in the request. Did the user click on a cert?')
       setEmptySession(req)
       return next()
     }
-    req.session.userId = result
-    req.session.identified = true
-    debug('Identified user: ' + req.session.userId)
-    res.set('User', req.session.userId)
-    return next()
-  })
+
+    // Verify webid
+    webid.verify(certificate, function (err, result) {
+      if (err) {
+        debug('Error processing certificate: ' + err.message)
+        setEmptySession(req)
+        return next()
+      }
+      req.session.userId = result
+      req.session.identified = true
+      debug('Identified user: ' + req.session.userId)
+      res.set('User', req.session.userId)
+      return next()
+    })
+  } else if (ldp.auth === 'oidc') {
+    return next(error(500, 'OIDC not implemented yet'))
+  } else {
+    return next(error(500, 'Authentication method not supported'))
+  }
 }
 
 function setEmptySession (req) {
diff --git a/lib/identity-provider.js b/lib/identity-provider.js
@@ -41,6 +41,7 @@ function IdentityProvider (options) {
   this.defaultContainers = options.defaultContainers || defaultContainers
   this.inbox = options.inbox
   this.settings = options.settings
+  this.auth = options.auth || 'tls'
 }
 
 // Generate the future webid from the options and the IdentityProvider Settings
@@ -580,7 +581,9 @@ IdentityProvider.prototype.middleware = function (corsSettings, firstUser) {
   }
 
   router.post('/new', parser, setFirstUser(firstUser), this.post.bind(this))
-  router.post('/cert', parser, this.newCert.bind(this))
+  if (this.auth === 'tls') {
+    router.post('/cert', parser, this.newCert.bind(this))
+  }
   router.all('/*', function (req, res) {
     var host = uriAbs(req)
     // TODO replace the hardcoded link with an arg
diff --git a/lib/ldp.js b/lib/ldp.js
@@ -65,6 +65,10 @@ function LDP (argv) {
     this.skin = true
   }
 
+  if (this.webid && !this.auth) {
+    this.auth = 'tls'
+  }
+
   if (this.proxy && this.proxy[0] !== '/') {
     this.proxy = '/' + this.proxy
   }

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,10 @@ function LDP (argv) {`
`65`	`65`	`this.skin = true`
`66`	`66`	`}`
`67`	`67`
	`68`	`+ if (this.webid && !this.auth) {`
	`69`	`+ this.auth = 'tls'`
	`70`	`+ }`
	`71`	`+`
`68`	`72`	`if (this.proxy && this.proxy[0] !== '/') {`
`69`	`73`	`this.proxy = '/' + this.proxy`
`70`	`74`	`}`