• Jump To … +
    server.coffee src/actionknob.coffee src/autosem.coffee src/bitbucket_kba.coffee src/browserlog.coffee src/datareduction.coffee src/dci.coffee src/dciknob.coffee src/deeseeeye.coffee src/dnd.coffee src/doof.coffee src/formurla-mngr.coffee src/fractalpanel.coffee src/fractalpanel_test.coffee src/front.coffee src/ingestor.coffee src/kbabitbucket.coffee src/knobctrl.coffee src/lib_test.coffee src/nanoclock.coffee src/noodb.coffee src/noodbabstract.coffee src/noodbbrowser.coffee src/noodbbrowser_test.coffee src/noodbsec.coffee src/noorauth.coffee src/noorplugin.coffee src/noorquery.coffee src/noorvm.coffee src/noorwrite.coffee src/quadparser.coffee src/quadparsern3.coffee src/rbac.coffee src/reactor.coffee src/rebase.coffee src/rsrcidx.coffee src/sandboxactions.coffee src/screen_ctx.coffee src/spogi.coffee src/tabular_widget.coffee src/visctrl.coffee src/voicesknob.coffee src/whowhen.coffee src/xsd2native.coffee

  • noorauth.coffee

  • ¶ 
    NoorPlugin = require('./noorplugin').NoorPlugin
rebase = require("./rebase")
EmailLoginController = require("email-login/lib/email-login-ctlr").EmailLoginController
int_to_base = rebase.int_to_base
base_to_int = rebase.base_to_int
FROM_ADDRESS = process.env.FROM_ADDRESS or "do-not-reply@example.com"

class NoorAuth extends NoorPlugin
  constructor: ->
    super
    @email_login_ctlr = new EmailLoginController()
    @email_login_ctlr.log = @log
    @join_handler = @email_login_ctlr.join_handler
    @verification_handler = @email_login_ctlr.verification_handler
    @session_middleware = @email_login_ctlr.session_middleware
    @email_login_ctlr.delegate_to(this)
    @email_login_ctlr.environment = @app.settings.env
    @email_login_ctlr.server_uri = @noodb.server_uri
    @email_login_ctlr.from = FROM_ADDRESS
    @email_login_ctlr.get_server_uri_callback = @get_server_uri

  get_server_uri: (req, server_uri) =>
  • ¶

    Notes: expecting server_uri to look like: http://nooron.com/ or https://nooron.com/ or http://localhost:9998/ Returns: https://fqdn.of.virtualhost/ or http://localhost:9998/

        splits = server_uri.split(':')
  • ¶

    scheme = splits[0] # FIXME consider doing this rather than default https

        scheme = "https"
    if req.hostname.includes('localhost')
  • ¶

    This is appropriate for the Nooron VHost handling situation

          scheme = "http"
  • ¶

    OK this is a little hacky, but we will get the port from the @server_uri which has been passed in from the configuration This is complex because we have the dev environment we might be running in AND we have the whole virtualhost context too

        port = splits[2] or '80/'
    port = port.replace(/\//g, '') # remove trailing slashes from port
    if port is '80'
      port = ''
    else if port is '443'
      port = ''
      scheme = "https"
    else
      port = ':' + port
    return "#{scheme}://#{req.hostname}#{port}/"

  _resources_to_cache: [
      "isNewSessionForUserWithUri"
      "verifiedUsingToken"
      "verifiedFromIP"
      "joinAttemptFromIP"
    ]
  userNo_sessNo_regex: /nooron\:session\:([0-9A-Za-z]{1,7})\_([0-9A-Za-z]{1,5})/

  reqd: (req, res, next) =>
    if not req.session?
      @log.warning "a clever little monkey just tried #{req.path} without login"
      res.status(403)
      res.send("you must be logged in")
      return
    next()

  make_verification_token: (person_uri, ip) =>
    verification = @noodb.allege(
      person_uri
      @joinAttemptFromIP
      ip
      "nrn:auth_log"
    )
    return verification.i.key()

  was_previously_verifiedUsingToken: (person_uri) =>
    return @noodb.q(person_uri, @verifiedUsingToken).last()?

  get_real_verification_token: (a_maybe_token) =>
    verification_spogi = @noodb.by_id.getOnly(a_maybe_token)
    return verification_spogi? and verification_spogi.i.key() or undefined

  record_verification_of_person_uri_from_ip_using_token: (person_uri, ip, token) =>
    @noodb.allege(
      person_uri
      @verifiedFromIP
      [ip]
      "nrn:auth_log" # make this @_auth_log
    )
    @noodb.allege(
      person_uri
      @verifiedUsingToken
      "nrn:#{token}"
      "nrn:auth_log"
    )
    return

  is_verification_already_used: (person_uri, ip, token) =>
    return @noodb.q(person_uri, @verifiedUsingToken, "nrn:#{token}").all().length > 0

  get_next_session_token_for: (person_uri) => # fat arrow because delegated
    return @get_next_session_for(person_uri).s.key()

  get_latest_verification_token_for_person_uri: (person_uri) => # delegated so fat
    last_verification_spogi = @noodb.q(person_uri, @joinAttemptFromIP).last()
    return last_verification_spogi? and last_verification_spogi.i.key() or undefined

  get_prev_session_for: (person_uri) =>
  • ¶

    person_uri might be: mailto:bob@email.com tel:18005551212 social network page eg FB, G+, LI a person’s homepage or even a domain name

        prev_sess_ = @noodb.q(null, @isNewSessionForUserWithUri, person_uri).last()
    if prev_sess_?
      nooron_session_re = /nooron\:session\:([A-Za-z0-9]+)_([A-Za-z0-9]+)/ # TODO match base57
      prev_sess_uri = prev_sess_.s.key()
      match = prev_sess_uri.match(nooron_session_re)
      u = match[1]
      s = match[2]
      if match
        return {user_symbol: u, session_no: s, session_no_int: base_to_int(s)}
      else
        throw new Error " <#{prev_sess_uri}> failed to match" + nooron_session_re

  get_next_session_for: (person_uri) ->
    prev_sess = @get_prev_session_for(person_uri)
    @log.debug "get_next_session_for(#{person_uri}) prev_sess:",prev_sess
    new_sess = {}
    if not prev_sess?
      new_sess.user_symbol = @noodb.next_user_symbol()
      new_sess.session_no = 1
    else
      new_sess.user_symbol = prev_sess.user_symbol
      new_sess.session_no = int_to_base(prev_sess.session_no_int + 1)
    @log.debug "get_next_session_for(#{person_uri}) new_sess:",new_sess

    session_uri = "nooron:session:#{new_sess.user_symbol}_#{new_sess.session_no}"
    @noodb.allege(
      session_uri
      @isNewSessionForUserWithUri
      person_uri
      "nrn:auth_log"
    )

  get_msg_instead_of_permitting_verification: (person_uri) ->
    @log.info "get_msg_instead_of_permitting_verification(person_uri:#{person_uri})"
    if not person_uri.match(///(
      doctoreeevil@gmail.com|
      george@justlikeitsounds.com|
      ilyadorosh@gmail.com|
      jeromis@gmail.com|
      mariuszkreft@gmail.com|
      mbmurphy64@yahoo.ca|
      ms@diversus.me|
      smurp@smurp.com|
      tamsinb@gmail.com|
      wolfmaul@gmail.com|
      wolf.maul@ymail.com
      )$///)
      return "This is a closed beta and you'll be invited when there is room"
    return # no message for the user, in other words: let them get verification email

(exports ? this).NoorAuth = NoorAuth