Remove WebID-TLS authentication code

Author: dmitrizagidulin

bin/lib/options.js

@@ -64,13 +64,11 @@ module.exports = [
     question: 'Select authentication strategy',
     type: 'list',
     choices: [
-      'WebID-OpenID Connect',
-      'WebID-TLS'
+      'WebID-OpenID Connect'
     ],
-    prompt: true,
+    prompt: false,
     default: 'WebID-OpenID Connect',
     filter: (value) => {
-      if (value === 'WebID-TLS') return 'tls'
       if (value === 'WebID-OpenID Connect') return 'oidc'
     },
     when: (answers) => {

lib/api/authn/index.js

@@ -18,6 +18,5 @@ function overrideWith (forceUserId) {
 
 module.exports = {
   oidc: require('./webid-oidc'),
-  tls: require('./webid-tls'),
   overrideWith
 }

lib/api/authn/webid-tls.js

@@ -3,6 +3,5 @@
 module.exports = {
   authn: require('./authn'),
   oidc: require('./authn/webid-oidc'),
-  tls: require('./authn/webid-tls'),
   accounts: require('./accounts/user-accounts')
 }

lib/api/index.js

@@ -175,10 +175,6 @@ function initAuthentication (argv, app) {
   let authMethod = argv.auth
 
   switch (authMethod) {
-    case 'tls':
-      // Enforce authentication with WebID-TLS on all LDP routes
-      app.use('/', API.tls.authenticate())
-      break
     case 'oidc':
       let oidc = OidcManager.fromServerConfig(argv)
       app.locals.oidc = oidc

lib/create-app.js

@@ -58,10 +58,6 @@ function createServer (argv, app) {
       cert: cert
     }
 
-    if (ldp.webid && ldp.auth === 'tls') {
-      credentials.requestCert = true
-    }
-
     server = https.createServer(credentials, app)
   }
 

lib/create-server.js

@@ -75,10 +75,6 @@ class LDP {
       this.skin = true
     }
 
-    if (this.webid && !this.auth) {
-      this.auth = 'tls'
-    }
-
     if (this.proxy && this.proxy[ 0 ] !== '/') {
       this.proxy = '/' + this.proxy
     }

lib/ldp.js

@@ -23,7 +23,7 @@ class AccountManager {
   /**
    * @constructor
    * @param [options={}] {Object}
-   * @param [options.authMethod] {string} Primary authentication method (e.g. 'tls')
+   * @param [options.authMethod] {string} Primary authentication method (e.g. 'oidc')
    * @param [options.emailService] {EmailService}
    * @param [options.tokenService] {TokenService}
    * @param [options.host] {SolidHost}

lib/models/account-manager.js

@@ -1,7 +1,6 @@
 'use strict'
 
 const AuthRequest = require('./auth-request')
-const WebIdTlsCertificate = require('../models/webid-tls-certificate')
 const debug = require('../debug').accounts
 
 /**
@@ -12,7 +11,7 @@ const debug = require('../debug').accounts
  * a command line, use the `AccountManager` class directly.
  *
  * This is an abstract class, subclasses are created (for example
- * `CreateTlsAccountRequest`) depending on which Authentication mode the server
+ * `CreateOidcAccountRequest`) depending on which Authentication mode the server
  * is running in.
  *
  * @class CreateAccountRequest
@@ -73,9 +72,6 @@ class CreateAccountRequest extends AuthRequest {
         options.password = req.body.password
         options.userStore = locals.oidc.users
         return new CreateOidcAccountRequest(options)
-      case 'tls':
-        options.spkac = req.body.spkac
-        return new CreateTlsAccountRequest(options)
       default:
         throw new TypeError('Unsupported authentication scheme')
     }
@@ -259,112 +255,5 @@ class CreateOidcAccountRequest extends CreateAccountRequest {
   }
 }
 
-/**
- * Models a Create Account request for a server using WebID-TLS as primary
- * authentication mode. Handles generating and saving a TLS certificate, etc.
- *
- * @class CreateTlsAccountRequest
- * @extends CreateAccountRequest
- */
-class CreateTlsAccountRequest extends CreateAccountRequest {
-  /**
-   * @constructor
-   *
-   * @param [options={}] {Object} See `CreateAccountRequest` constructor docstring
-   * @param [options.spkac] {string}
-   */
-  constructor (options = {}) {
-    super(options)
-    this.spkac = options.spkac
-    this.certificate = null
-  }
-
-  /**
-   * Generates a new X.509v3 RSA certificate (if `spkac` was passed in) and
-   * adds it to the user account. Used for storage in an agent's WebID
-   * Profile, for WebID-TLS authentication.
-   *
-   * @param userAccount {UserAccount}
-   * @param userAccount.webId {string} An agent's WebID URI
-   *
-   * @throws {Error} HTTP 400 error if errors were encountering during
-   *   certificate generation.
-   *
-   * @return {Promise<UserAccount>} Chainable
-   */
-  generateTlsCertificate (userAccount) {
-    if (!this.spkac) {
-      debug('Missing spkac param, not generating cert during account creation')
-      return Promise.resolve(userAccount)
-    }
-
-    return Promise.resolve()
-      .then(() => {
-        let host = this.accountManager.host
-        return WebIdTlsCertificate.fromSpkacPost(this.spkac, userAccount, host)
-          .generateCertificate()
-      })
-      .catch(err => {
-        err.status = 400
-        err.message = 'Error generating a certificate: ' + err.message
-        throw err
-      })
-      .then(certificate => {
-        debug('Generated a WebID-TLS certificate as part of account creation')
-        this.certificate = certificate
-        return userAccount
-      })
-  }
-
-  /**
-   * Generates a WebID-TLS certificate and saves it to the user's profile
-   * graph.
-   *
-   * @param userAccount {UserAccount}
-   *
-   * @return {Promise<UserAccount>} Chainable
-   */
-  saveCredentialsFor (userAccount) {
-    return this.generateTlsCertificate(userAccount)
-      .then(userAccount => {
-        if (this.certificate) {
-          return this.accountManager
-            .addCertKeyToProfile(this.certificate, userAccount)
-            .then(() => {
-              debug('Saved generated WebID-TLS certificate to profile')
-            })
-        } else {
-          debug('No certificate generated, no need to save to profile')
-        }
-      })
-      .then(() => {
-        return userAccount
-      })
-  }
-
-  /**
-   * Writes the generated TLS certificate to the http Response object.
-   *
-   * @param userAccount {UserAccount}
-   *
-   * @return {UserAccount} Chainable
-   */
-  sendResponse (userAccount) {
-    let res = this.response
-    res.set('User', userAccount.webId)
-    res.status(200)
-
-    if (this.certificate) {
-      res.set('Content-Type', 'application/x-x509-user-cert')
-      res.send(this.certificate.toDER())
-    } else {
-      res.end()
-    }
-
-    return userAccount
-  }
-}
-
 module.exports = CreateAccountRequest
 module.exports.CreateAccountRequest = CreateAccountRequest
-module.exports.CreateTlsAccountRequest = CreateTlsAccountRequest