Implement Login via WebID-TLS cert local auth strategy

- Disable tls account creation

Author: dmitrizagidulin

config/defaults.js

@@ -2,6 +2,10 @@
 
 module.exports = {
   'auth': 'oidc',
+  'localAuth': {
+    'tls': true,
+    'password': true
+  },
   'configPath': './config',
   'dbPath': './.db',
   'port': 8443,

default-views/account/register-disabled.hbs

@@ -0,0 +1,4 @@
+<p>
+  Registering a new account is disabled for the WebID-TLS authentication method.
+  Please restart the server using another mode.
+</p>

default-views/account/register-form.hbs

@@ -0,0 +1,55 @@
+<form method="post" action="/api/accounts/new">
+  <div class="form-group">
+    {{#if error}}
+      <div class="row">
+        <div class="col-md-12">
+          <p class="text-danger"><strong>{{error}}</strong></p>
+        </div>
+      </div>
+    {{/if}}
+    <div class="row">
+      <div class="col-md-12">
+        <label for="username">Username:</label>
+        <input type="text" class="form-control" name="username" id="username" placeholder="alice" />
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-12">
+        <label for="password">Password:</label>
+        <input type="password" class="form-control" name="password" id="password" />
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-12">
+        <label for="name">Name:</label>
+        <input type="name" class="form-control" name="name" id="name" />
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-12">
+        <label for="email">Email:</label>
+        <input type="email" class="form-control" name="email" id="email" />
+      </div>
+    </div>
+    <input type="hidden" name="returnToUrl" value="{{returnToUrl}}" />
+  </div>
+
+  <div class="form-group">
+    <div class="row">
+      <div class="col-md-2">
+        <button type="submit" class="btn btn-primary" id="register">Register</button>
+
+        {{> auth/auth-hidden-fields}}
+      </div>
+
+      <div class="col-md-10">
+        <div>Already have an account?
+          <a class="btn btn-xs btn-default"
+             href="{{{loginUrl}}}">
+            Log In
+          </a>
+        </div>
+      </div>
+    </div>
+  </div>
+</form>

default-views/account/register.hbs

@@ -11,59 +11,11 @@
   <h4>Register</h4>
 </div>
 <div class="container">
-  <form method="post" action="/api/accounts/new">
-    <div class="form-group">
-      {{#if error}}
-        <div class="row">
-          <div class="col-md-12">
-            <p class="text-danger"><strong>{{error}}</strong></p>
-          </div>
-        </div>
-      {{/if}}
-      <div class="row">
-        <div class="col-md-12">
-          <label for="username">Username:</label>
-          <input type="text" class="form-control" name="username" id="username" placeholder="alice" />
-        </div>
-      </div>
-      <div class="row">
-        <div class="col-md-12">
-          <label for="password">Password:</label>
-          <input type="password" class="form-control" name="password" id="password" />
-        </div>
-      </div>
-      <div class="row">
-        <div class="col-md-12">
-          <label for="name">Name:</label>
-          <input type="name" class="form-control" name="name" id="name" />
-        </div>
-      </div>
-      <div class="row">
-        <div class="col-md-12">
-          <label for="email">Email:</label>
-          <input type="email" class="form-control" name="email" id="email" />
-        </div>
-      </div>
-      <input type="hidden" name="returnToUrl" value="{{returnToUrl}}" />
-    </div>
-
-    <div class="form-group">
-      <div class="row">
-        <div class="col-md-2">
-          <button type="submit" class="btn btn-primary" id="register">Register</button>
-        </div>
-
-        <div class="col-md-10">
-          <div>Already have an account?
-            <a class="btn btn-xs btn-default"
-               href="/login{{#if returnToUrl}}?returnToUrl={{{returnToUrl}}}{{/if}}">
-              Log In
-            </a>
-          </div>
-        </div>
-      </div>
-    </div>
-  </form>
+  {{#if registerDisabled}}
+    {{> account/register-disabled}}
+  {{else}}
+    {{> account/register-form}}
+  {{/if}}
 </div>
 </body>
 </html>

default-views/auth/auth-hidden-fields.hbs

@@ -0,0 +1,7 @@
+<input type="hidden" name="response_type" id="response_type" value="{{response_type}}" />
+<input type="hidden" name="display" id="display" value="{{display}}" />
+<input type="hidden" name="scope" id="scope" value="{{scope}}" />
+<input type="hidden" name="client_id" id="client_id" value="{{client_id}}" />
+<input type="hidden" name="redirect_uri" id="redirect_uri" value="{{redirect_uri}}" />
+<input type="hidden" name="state" id="state" value="{{state}}" />
+<input type="hidden" name="nonce" id="nonce" value="{{nonce}}" />

default-views/auth/login-tls.hbs

@@ -0,0 +1,10 @@
+<form method="post" action="/login/tls">
+  <div class="form-group">
+
+    <button type="submit" class="btn btn-primary" id="login-tls">
+      With Certificate (WebId-TLS)
+    </button>
+
+    {{> auth/auth-hidden-fields}}
+  </div>
+</form>

default-views/auth/username-password.hbs …t-views/auth/login-username-password.hbsdefault-views/auth/username-password.hbs renamed to default-views/auth/login-username-password.hbs default-views/auth/username-password.hbs renamed to default-views/auth/login-username-password.hbs

@@ -1,4 +1,4 @@
-<form method="post" action="/login">
+<form method="post" action="/login/password">
   <div class="form-group">
     <div class="row">
       <div class="col-md-12">
@@ -18,12 +18,6 @@
 
     <button type="submit" class="btn btn-primary" id="login">Log In</button>
 
-    <input type="hidden" name="response_type" id="response_type" value="{{response_type}}" />
-    <input type="hidden" name="display" id="display" value="{{display}}" />
-    <input type="hidden" name="scope" id="scope" value="{{scope}}" />
-    <input type="hidden" name="client_id" id="client_id" value="{{client_id}}" />
-    <input type="hidden" name="redirect_uri" id="redirect_uri" value="{{redirect_uri}}" />
-    <input type="hidden" name="state" id="state" value="{{state}}" />
-    <input type="hidden" name="nonce" id="nonce" value="{{nonce}}" />
+    {{> auth/auth-hidden-fields}}
   </div>
 </form>

default-views/auth/login.hbs

@@ -20,11 +20,15 @@
   {{/if}}
   <div class="row">
     <div class="col-md-5">
-      {{> auth/username-password}}
+      {{#if enablePassword}}
+        {{> auth/login-username-password}}
+      {{/if}}
     </div>
     <div class="col-md-1"><br /></div>
     <div class="col-md-6">
-      <a href="/login/tls" class="btn btn-primary">With Certificate (WebId-TLS)</a>
+      {{#if enableTls}}
+        {{> auth/login-tls}}
+      {{/if}}
     </div>
   </div>
 </div>
@@ -34,7 +38,7 @@
     <div class="col-md-4">
       <div>Don't have an account?
         <a class="btn btn-xs btn-default"
-           href="/register{{#if returnToUrl}}?returnToUrl={{{returnToUrl}}}{{/if}}">
+           href="{{{registerUrl}}}">
           Register
         </a>
       </div>
@@ -47,7 +51,6 @@
           Reset password
         </a>
       </div>
-      <div>{{> auth/test}}</div>
     </div>
   </div>
 </div>

lib/api/accounts/user-accounts.js

@@ -18,6 +18,7 @@ const AddCertificateRequest = require('../../requests/add-cert-request')
 function checkAccountExists (accountManager) {
   return (req, res, next) => {
     let accountUri = req.hostname
+
     accountManager.accountUriExists(accountUri)
       .then(found => {
         if (!found) {

lib/api/authn/webid-oidc.js

@@ -6,7 +6,7 @@
 const express = require('express')
 const bodyParser = require('body-parser').urlencoded({ extended: false })
 
-const { LoginByPasswordRequest } = require('../../requests/login-request')
+const { LoginRequest } = require('../../requests/login-request')
 
 const PasswordResetEmailRequest = require('../../requests/password-reset-email-request')
 const PasswordChangeRequest = require('../../requests/password-change-request')
@@ -33,8 +33,11 @@ function middleware (oidc) {
   router.get('/api/auth/select-provider', SelectProviderRequest.get)
   router.post('/api/auth/select-provider', bodyParser, SelectProviderRequest.post)
 
-  router.get(['/login', '/signin'], LoginByPasswordRequest.get)
-  router.post(['/login', '/signin'], bodyParser, LoginByPasswordRequest.post)
+  router.get(['/login', '/signin'], LoginRequest.get)
+
+  router.post('/login/password', bodyParser, LoginRequest.loginPassword)
+
+  router.post('/login/tls', bodyParser, LoginRequest.loginTls)
 
   router.get('/account/password/reset', PasswordResetEmailRequest.get)
   router.post('/account/password/reset', bodyParser, PasswordResetEmailRequest.post)