Skip to content

Restore WebID-TLS login in OIDC mode #650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RubenVerborgh merged 1 commit into from
Apr 22, 2018
Merged

Restore WebID-TLS login in OIDC mode #650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion default-views/auth/login-tls.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@
return response
})
.then(function(response) {
window.location.href = response.url
// TODO: redirect to proper location stored in hidden field redirect_uri
// depends on https://github.com/solid/node-solid-server/pull/648
// and https://github.com/solid/oidc-auth-manager/issues/17
window.location.href = '/'
})
})
</script>
17 changes: 15 additions & 2 deletions lib/requests/login-request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ class LoginRequest extends AuthRequest {
super(options)

this.authenticator = options.authenticator
this.authMethod = options.authMethod
}

/**
Expand All @@ -44,6 +45,7 @@ class LoginRequest extends AuthRequest {
*/
static fromParams (req, res, authMethod) {
let options = AuthRequest.requestOptions(req, res)
options.authMethod = authMethod

switch (authMethod) {
case PASSWORD_AUTH:
Expand Down Expand Up @@ -173,10 +175,21 @@ class LoginRequest extends AuthRequest {
* Redirects the Login request to continue on the OIDC auth workflow.
*/
redirectPostLogin (validUser) {
let uri = this.postLoginUrl(validUser)
// TODO: Make the kludge below unnecessary (e.g., by separating OIDC and TLS auth).
// If we have arrived here in the WebID-TLS case,
// this means the client has done an AJAX POST request to /login/tls.
// If the WebID is external, and we send out a redirect to that external URL,
// there is a risk that this external URL returns a non-2xx response.
// This in turn makes the AJAX call on the client fail,
// and its success code is not executed because of that failure.
// To prevent this, we just reply a 204 for external WebIDs.
if (this.authMethod === TLS_AUTH && validUser.externalWebId) {
debug('Login successful with WebID-TLS')
return this.response.header('User', validUser.webId).status(204).send()
}

let uri = this.postLoginUrl(validUser)
debug('Login successful, redirecting to ', uri)

this.response.redirect(uri)
}

Expand Down