Notes on development. Hacking on provisioning

README.md

@@ -2,4 +2,22 @@
 
 This is a Node.js server which implements the Persona identity provider (IdP) protocol.
 It allows users to sign in to Firefox Accounts (aka PICL).
-It consumes the REST API which PICL provides.
+It consumes the REST API which PICL provides.
+
+## Development
+
+Issuer determines the hostname and the environment`PORT` variable the port.
+
+    PORT=3000 npm start
+
+The easiest way to develop, is to run a local browserid instance and `SHIMMED_PRIMARIES`:
+
+You have to save the `/.well-known/browserid` to the file system:
+
+    curl http://localhost:3030/.well-known/browserid > /tmp/fxwellknown
+
+And then start up browserid:
+
+    SHIMMED_PRIMARIES="dev.fxaccounts.mozilla.org|http://127.0.0.1:3030|/tmp/fxwellknown"  npm start
+
+Now you can type foo@dev.fxaccounts.mozilla.org in the test dialog at http://127.0.0.1:10001/. No DNS or `/etc/hosts` hacks are needed.

server/bin/firefox_account_bridge.js

@@ -12,8 +12,8 @@ const clientSessions = require('client-sessions'),
       config = require('../lib/configuration'),
       express = require('express'),
       nunjucks = require('nunjucks'),
-
-      urlparse = require('urlparse');
+      urlparse = require('urlparse'),
+      util = require('util');
 
 
 var app = express();
@@ -26,7 +26,7 @@ app.use(express.cookieParser());
 app.use(express.bodyParser());
 
 var isHttps = 'https' === urlparse(config.get('public_url')).scheme;
-console.log('public_url=', config.get('public_url'), urlparse(config.get('public_url')));
+
 // BigTent must be deployed behind SSL.
 // Tell client-sessions everything will be alright
 app.use(function(req, res, next) {
@@ -46,26 +46,44 @@ app.use(clientSessions({
   }
 }));
 
-console.log('Doing csrf');
 app.use(express.csrf());
 app.use(function(req, resp, next) {
   resp.locals({'csrf_token': req.session._csrf});
   next();
 });
-console.log('Setup routes');
+
 app.get('/.well-known/browserid', function(req, res) {
   res.setHeader('Content-Type', 'application/json');
   res.render('browserid.html');
 });
 
 app.get('/provision', function(req, res) {
-  res.send('Yo');
+  res.render('provision.html', {
+    browserid_server: config.get('browserid_server'),
+    provisioned: false
+  });
 });
 
 app.get('/authentication', function(req, res) {
-  console.log('Doing authentication');
-  res.send('Yo');
+  res.render('authentication.html');
 });
 
-app.listen(3000);
-console.log('Firefox Account Bridge listening at http://localhost:3000');
+if (config.get('use_https')) {
+  // Development only... Ops runs this behind nginx
+  port = 443;
+  app.listen(443);
+  app.on('error', function(e) {
+    if ('EACCES' == e.code) {
+      console.error('Permission Denied, maybe you should run this with sudo?');
+    } else if ('EADDRINUSE' == e.code) {
+      console.error('Unable to listen for connections, this service might already be running?');
+    }
+    throw e;
+  });
+  lstnUrl = util.format('https://%s', config.get('issuer'));
+} else {
+  port = process.env.PORT || 3030;
+  app.listen(port, '0.0.0.0');
+  lstnUrl = util.format('http://%s:%s', config.get('issuer'), port);
+}
+console.log('Firefox Account Bridge listening at', lstnUrl);

server/views/provision.html

@@ -1,7 +1,8 @@
-<script src="https://login.persona.org/provisioning_api.js"></script>
+<!DOCTYPE html>
+<script src="{{browserid_server}}/provisioning_api.js"></script>
 <script>
 navigator.id.beginProvisioning(function(email, certDuration) {
-  if (activeSessionFor(email)) {
+  {% if provisioned %}
     navigator.id.genKeyPair(function(publicKey) {
       generateServerSide(email, publicKey, certDuration, function (certificate) {
         // generateServerSide something you would write.
@@ -10,8 +11,8 @@ navigator.id.beginProvisioning(function(email, certDuration) {
         navigator.id.registerCertificate(certificate);
       });
     });
-  } else {
+  {% else %}
     navigator.id.raiseProvisioningFailure('user is not authenticated as target user');
-  }
+  {% endif %}
 });
 </script>