зеркало из https://github.com/mozilla/MozDef.git
remove persona hook from main html file
This commit is contained in:
Jeff Bryner
Родитель
e97d61d9dc
Коммит
68f9911e41
|
|
@ -24,6 +24,12 @@ if (Meteor.isClient) {
|
||||||
Session.set('alertsrecordlimit',100);
|
Session.set('alertsrecordlimit',100);
|
||||||
Session.set('attackerlimit','10');
|
Session.set('attackerlimit','10');
|
||||||
getAllPlugins();
|
getAllPlugins();
|
||||||
|
|
||||||
|
//assumes connection to an nginx/apache front end
|
||||||
|
//serving up an site handling authentication set via
|
||||||
|
//server side header
|
||||||
|
Meteor.loginViaHeader();
|
||||||
|
|
||||||
//see if we have a myo armband
|
//see if we have a myo armband
|
||||||
try{
|
try{
|
||||||
myMyo = Myo;
|
myMyo = Myo;
|
||||||
|
|
@ -363,6 +369,15 @@ if (Meteor.isClient) {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
//sample login function
|
||||||
|
Meteor.loginViaHeader = function(callback) {
|
||||||
|
//create a login request to pass to loginHandler
|
||||||
|
var loginRequest = {};
|
||||||
|
//send the login request
|
||||||
|
Accounts.callLoginMethod({
|
||||||
|
methodArguments: [loginRequest],
|
||||||
|
userCallback: callback
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -10,9 +10,11 @@ Anthony Verez averez@mozilla.com
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (Meteor.isServer) {
|
if (Meteor.isServer) {
|
||||||
|
|
||||||
Meteor.startup(function () {
|
Meteor.startup(function () {
|
||||||
console.log("MozDef starting")
|
console.log("MozDef starting")
|
||||||
//important to set this for so persona can validate the source request
|
|
||||||
|
//important to set this so persona can validate the source request
|
||||||
//set to what the browser thinks you are coming from (i.e. localhost, or actual servername)
|
//set to what the browser thinks you are coming from (i.e. localhost, or actual servername)
|
||||||
Meteor.absoluteUrl.defaultOptions.rootUrl = mozdef.rootURL + ':' + mozdef.port
|
Meteor.absoluteUrl.defaultOptions.rootUrl = mozdef.rootURL + ':' + mozdef.port
|
||||||
|
|
||||||
|
|
@ -36,49 +38,56 @@ if (Meteor.isServer) {
|
||||||
mozdefsettings.insert({ key:'enableClientAccountCreation',
|
mozdefsettings.insert({ key:'enableClientAccountCreation',
|
||||||
value : mozdef.enableClientAccountCreation || false});
|
value : mozdef.enableClientAccountCreation || false});
|
||||||
|
|
||||||
Accounts.config({
|
|
||||||
forbidClientAccountCreation: ! mozdef.enableClientAccountCreation,
|
|
||||||
});
|
|
||||||
|
|
||||||
Accounts.onCreateUser(function(options, user) {
|
Accounts.registerLoginHandler("headerLogin",function(loginRequest) {
|
||||||
console.log('creating user');
|
//there are multiple login handlers in meteor.
|
||||||
console.log(user);
|
//a login request go through all these handlers to find it's login hander
|
||||||
//meteor doesn't store a readily accessible email address
|
//so in our login handler, we only consider login requests which are via a header
|
||||||
//so lets create a common location for it
|
var self=this;
|
||||||
//as user.profile.email
|
var sessionData = self.connection || (self._session ? self._session.sessionData : self._sessionData);
|
||||||
user.profile = {};
|
var session = Meteor.server.sessions[self.connection.id];
|
||||||
if ( user.services.persona && user.services.persona.email ) {
|
//ideally we would use a header unique to the installation like HTTP_OIDC_CLAIM_ID_TOKEN_EMAIL
|
||||||
//make an emails list so persona acts like every other service
|
//however sockJS whitelists only certain headers
|
||||||
user.emails=[{verified: true, address: user.services.persona.email}];
|
// https://github.com/sockjs/sockjs-node/blob/8b03b3b1e7be14ee5746847f517029cb3ce30ca7/src/transport.coffee#L132
|
||||||
user.profile.email = user.services.persona.email;
|
// choose one that is passed on and set it in your http server config:
|
||||||
console.log('User email is: ' + user.profile.email);
|
var headerName='via';
|
||||||
} else if (user.emails){
|
|
||||||
user.profile.email=user.emails[0].address;
|
|
||||||
}
|
|
||||||
//return the user object to be saved
|
|
||||||
//in Meteor.users
|
|
||||||
return user;
|
|
||||||
});
|
|
||||||
|
|
||||||
Accounts.onLogin(function(loginSuccess){
|
console.log('connection headers',this.connection.httpHeaders);
|
||||||
//fixup the user record on successful login
|
console.log('target header:',this.connection.httpHeaders[headerName]);
|
||||||
//if needed
|
//our authentication logic
|
||||||
//loginSuccess object has:
|
//check for user email header
|
||||||
//type: 'persona'
|
if(this.connection.httpHeaders[headerName] == undefined) {
|
||||||
//allowed: true/false
|
console.log('refused login request due to missing http header')
|
||||||
//methodArguments
|
return null;
|
||||||
//user (the same user object in onCreateUser)
|
}
|
||||||
//connection (id/close/onclose/clientAddress/httpHeaders)
|
console.log('handling login request',loginRequest);
|
||||||
user=loginSuccess.user
|
|
||||||
if (user.services.persona && !user.emails){
|
//grab the email from the header
|
||||||
//make an emails list so persona acts like every other service
|
var userEmail = this.connection.httpHeaders[headerName];
|
||||||
user.emails=[{verified: true, address: user.services.persona.email}];
|
|
||||||
user.profile.email = user.services.persona.email;
|
//we create a user if needed, and get the userId
|
||||||
Meteor.users.update(user._id,
|
var userId = null;
|
||||||
{$set: {emails:user.emails}});
|
var user = Meteor.users.findOne({profile:{email:userEmail}});
|
||||||
//console.log('User email set to : ' + user.profile.email);
|
if(!user) {
|
||||||
|
console.log('creating user:',userEmail)
|
||||||
|
userId = Meteor.users.insert({
|
||||||
|
profile: { email: userEmail},
|
||||||
|
username: userEmail,
|
||||||
|
emails: [{address:userEmail , "verified": true}],
|
||||||
|
createdAt: new Date()
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
userId = user._id;
|
||||||
|
}
|
||||||
|
|
||||||
|
//generate login tokens
|
||||||
|
var stampedToken = Accounts._generateStampedLoginToken();
|
||||||
|
var hashStampedToken = Accounts._hashStampedToken(stampedToken);
|
||||||
|
//console.log(stampedToken,hashStampedToken);
|
||||||
|
//send loggedin user's user id
|
||||||
|
return {
|
||||||
|
userId: userId
|
||||||
}
|
}
|
||||||
console.log('login success', user);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
//update veris if missing:
|
//update veris if missing:
|
||||||
|
|
|
||||||
|
|
@ -15,18 +15,6 @@ Anthony Verez averez@mozilla.com
|
||||||
<link href="/css/mozdef.css" rel="stylesheet" media="screen,projection,tv">
|
<link href="/css/mozdef.css" rel="stylesheet" media="screen,projection,tv">
|
||||||
<link href="/css/dropdowns.css" rel="stylesheet" media="screen,projection,tv">
|
<link href="/css/dropdowns.css" rel="stylesheet" media="screen,projection,tv">
|
||||||
|
|
||||||
<!--persona login-->
|
|
||||||
<script>
|
|
||||||
(function() {
|
|
||||||
var t = document.createElement('script');
|
|
||||||
t.type = 'text/javascript';
|
|
||||||
t.async = true;
|
|
||||||
t.id = 'persona-lib';
|
|
||||||
t.src = '//login.persona.org/include.js';
|
|
||||||
var s = document.getElementsByTagName('script')[0];
|
|
||||||
s.parentNode.insertBefore(t, s);
|
|
||||||
})();
|
|
||||||
</script>
|
|
||||||
<title>mozdef::mozilla defense platform</title>
|
<title>mozdef::mozilla defense platform</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче