mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

remove persona hook from main html file

This commit is contained in:
Jeff Bryner 2016-12-19 10:13:11 -08:00
Родитель e97d61d9dc
Коммит 68f9911e41
3 изменённых файлов: 70 добавлений и 58 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

17
meteor/app/client/mozdef.js
Просмотреть файл

@ -24,6 +24,12 @@ if (Meteor.isClient) {
Session.set('alertsrecordlimit',100); Session.set('alertsrecordlimit',100);
Session.set('attackerlimit','10'); Session.set('attackerlimit','10');
getAllPlugins(); getAllPlugins();
//assumes connection to an nginx/apache front end
//serving up an site handling authentication set via
//server side header
Meteor.loginViaHeader();
//see if we have a myo armband //see if we have a myo armband
try{ try{
myMyo = Myo; myMyo = Myo;
@ -363,6 +369,15 @@ if (Meteor.isClient) {
} }
}); });
//sample login function
Meteor.loginViaHeader = function(callback) {
//create a login request to pass to loginHandler
var loginRequest = {};
//send the login request
Accounts.callLoginMethod({
methodArguments: [loginRequest],
userCallback: callback
});
};
}; };

97
meteor/app/server/mozdef.js
Просмотреть файл

@ -10,9 +10,11 @@ Anthony Verez averez@mozilla.com
*/ */
if (Meteor.isServer) { if (Meteor.isServer) {
Meteor.startup(function () { Meteor.startup(function () {
console.log("MozDef starting") console.log("MozDef starting")
//important to set this for so persona can validate the source request
//important to set this so persona can validate the source request
//set to what the browser thinks you are coming from (i.e. localhost, or actual servername) //set to what the browser thinks you are coming from (i.e. localhost, or actual servername)
Meteor.absoluteUrl.defaultOptions.rootUrl = mozdef.rootURL + ':' + mozdef.port Meteor.absoluteUrl.defaultOptions.rootUrl = mozdef.rootURL + ':' + mozdef.port
@ -36,51 +38,58 @@ if (Meteor.isServer) {
mozdefsettings.insert({ key:'enableClientAccountCreation', mozdefsettings.insert({ key:'enableClientAccountCreation',
value : mozdef.enableClientAccountCreation || false}); value : mozdef.enableClientAccountCreation || false});
Accounts.config({
forbidClientAccountCreation: ! mozdef.enableClientAccountCreation, Accounts.registerLoginHandler("headerLogin",function(loginRequest) {
//there are multiple login handlers in meteor.
//a login request go through all these handlers to find it's login hander
//so in our login handler, we only consider login requests which are via a header
var self=this;
var sessionData = self.connection || (self._session ? self._session.sessionData : self._sessionData);
var session = Meteor.server.sessions[self.connection.id];
//ideally we would use a header unique to the installation like HTTP_OIDC_CLAIM_ID_TOKEN_EMAIL
//however sockJS whitelists only certain headers
// https://github.com/sockjs/sockjs-node/blob/8b03b3b1e7be14ee5746847f517029cb3ce30ca7/src/transport.coffee#L132
// choose one that is passed on and set it in your http server config:
var headerName='via';
console.log('connection headers',this.connection.httpHeaders);
console.log('target header:',this.connection.httpHeaders[headerName]);
//our authentication logic
//check for user email header
if(this.connection.httpHeaders[headerName] == undefined) {
console.log('refused login request due to missing http header')
return null;
}
console.log('handling login request',loginRequest);
//grab the email from the header
var userEmail = this.connection.httpHeaders[headerName];
//we create a user if needed, and get the userId
var userId = null;
var user = Meteor.users.findOne({profile:{email:userEmail}});
if(!user) {
console.log('creating user:',userEmail)
userId = Meteor.users.insert({
profile: { email: userEmail},
username: userEmail,
emails: [{address:userEmail , "verified": true}],
createdAt: new Date()
});
} else {
userId = user._id;
}
//generate login tokens
var stampedToken = Accounts._generateStampedLoginToken();
var hashStampedToken = Accounts._hashStampedToken(stampedToken);
//console.log(stampedToken,hashStampedToken);
//send loggedin user's user id
return {
userId: userId
}
}); });
Accounts.onCreateUser(function(options, user) {
console.log('creating user');
console.log(user);
//meteor doesn't store a readily accessible email address
//so lets create a common location for it
//as user.profile.email
user.profile = {};
if ( user.services.persona && user.services.persona.email ) {
//make an emails list so persona acts like every other service
user.emails=[{verified: true, address: user.services.persona.email}];
user.profile.email = user.services.persona.email;
console.log('User email is: ' + user.profile.email);
} else if (user.emails){
user.profile.email=user.emails[0].address;
}
//return the user object to be saved
//in Meteor.users
return user;
});
Accounts.onLogin(function(loginSuccess){
//fixup the user record on successful login
//if needed
//loginSuccess object has:
//type: 'persona'
//allowed: true/false
//methodArguments
//user (the same user object in onCreateUser)
//connection (id/close/onclose/clientAddress/httpHeaders)
user=loginSuccess.user
if (user.services.persona && !user.emails){
//make an emails list so persona acts like every other service
user.emails=[{verified: true, address: user.services.persona.email}];
user.profile.email = user.services.persona.email;
Meteor.users.update(user._id,
{$set: {emails:user.emails}});
//console.log('User email set to : ' + user.profile.email);
}
console.log('login success', user);
});
//update veris if missing: //update veris if missing:
console.log("checking the veris framework reference enumeration"); console.log("checking the veris framework reference enumeration");
console.log('tags: ' + veris.find().count()); console.log('tags: ' + veris.find().count());

14
meteor/mozdef.html
Просмотреть файл

@ -14,19 +14,7 @@ Anthony Verez averez@mozilla.com
<link href="/css/bootstrap.css" rel="stylesheet" > <link href="/css/bootstrap.css" rel="stylesheet" >
<link href="/css/mozdef.css" rel="stylesheet" media="screen,projection,tv"> <link href="/css/mozdef.css" rel="stylesheet" media="screen,projection,tv">
<link href="/css/dropdowns.css" rel="stylesheet" media="screen,projection,tv"> <link href="/css/dropdowns.css" rel="stylesheet" media="screen,projection,tv">
<!--persona login-->
<script>
(function() {
var t = document.createElement('script');
t.type = 'text/javascript';
t.async = true;
t.id = 'persona-lib';
t.src = '//login.persona.org/include.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(t, s);
})();
</script>
<title>mozdef::mozilla defense platform</title> <title>mozdef::mozilla defense platform</title>
</head> </head>
<body> <body>