Merge pull request #226 from mozilla/issue-216-pin-flow-rebase

Issue 216 pin flow rebase

.awsbox.json

@@ -1,4 +1,7 @@
 {
+  "env": {
+    "CONFIG_FILES": "$HOME/code/server/config/aws.json,$HOME/config.json"
+  },
   "processes": [ "server/bin/bigtent" ],
   "hooks": {
     "postdeploy": "scripts/awsbox/post_deploy.js"

ChangeLog

@@ -0,0 +1,10 @@
+issue-216-pin-flow
+  * Branched off issue-178-stateless-account-linking
+  * Includes several relevant patches from master
+train-2013.04.23:
+  * Branched off of production (train-2013.01.17)
+  * Not a true train, but a production hotfix Issue #178
+  * (hotfix 2013.04.24) Use claimed email, not mismatched for email provider: #203
+
+train-2013.01.17:
+  * First release

docs/AWSBOX_DEPLOY.md

@@ -0,0 +1,27 @@
+# AWS Deployment with awsbox
+
+Make sure you have persona_secrets.
+
+    ./node_modules/.bin/awsbox -h
+
+## One time step
+
+    $ ssh app@yourvm.personatest.org
+    $ git clone https://github.com/mozilla/browserid-certifier.git
+    $ cd browserid-certifier
+    $ npm install
+    $ cp config/local.json-dist config/local.json
+    $ emacs config/local.json
+
+Change port to `8081`, change `issuer_hostname` to `yourvm.personatest.org`
+
+    $ mkdir var
+    $ cd var
+    $ ../node_modules/.bin/generate-keypair
+    $ CONFIG_FILES=/home/app/browserid-certifier/config/local.json nohup node bin/certifier > var/certifier.log &
+
+The certifier is now setup. Each time you `git push` the post deploy hook will fixup your public key.
+
+## Deploying...
+
+    $ git push yourvm HEAD:master

package.json

@@ -13,13 +13,14 @@
     "start": "node server/bin/bigtent"
   },
   "dependencies": {
-    "client-sessions": "0.0.5",
+    "client-sessions": "0.3.0",
     "connect-cachify": "0.0.11",
     "convict": "0.0.6",
     "ejs": "*",
     "express": "2.5.8",
     "i18n-abide": "0.0.8beta4",
     "jwcrypto": "0.4.2",
+    "nodemailer": "0.3.21",
     "passport": "0.1.8",
     "passport-google": "git://github.com/ozten/passport-google.git",
     "passport-windowslive": "git://github.com/ozten/passport-windowslive.git",
@@ -33,7 +34,7 @@
     "winston": "0.5.6"
   },
   "devDependencies": {
-    "awsbox": "0.3.3",
+    "awsbox": "0.4.4",
     "http-proxy": "0.8.1",
     "loady": "git://github.com/mozilla/loady.git",
     "vows": "0.5.13"

scripts/awsbox/post_deploy.js

@@ -1,22 +1,21 @@
 #!/usr/bin/env node
 
-var fs = require('fs');
-var config = '/home/app/local.json',
+var fs = require('fs'),
+    child_process = require('child_process');
+var config = '/home/app/config.json',
     devConfig = '/home/app/code/server/config/local.json';
 
-var reportError = function (err, fatal) {
+var reportError = function(err, fatal) {
   if (fatal === undefined) fatal = true;
   console.error(err);
   if (fatal) process.exit(1);
 };
-
 process.stdout.write('Deploying config and public key\n');
-
-fs.readFile(config, 'utf8', function (err, data) {
+fs.readFile(config, 'utf8', function(err, data) {
   if (err) {
       reportError(err);
   }
-  fs.writeFile(devConfig, data, 'utf8', function (err) {
+  fs.writeFile(devConfig, data, 'utf8', function(err) {
     if (err) {
       reportError(err);
     }
@@ -25,21 +24,30 @@ fs.readFile(config, 'utf8', function (err, data) {
           dir = '/home/app/code/server/var',
           devKey = dir + '/key.publickey';
 
-      fs.readFile(key, 'utf8', function (err, data) {
+      fs.readFile(key, 'utf8', function(err, data) {
         if (err) {
           reportError(err);
         }
-        fs.mkdir(dir, function (err) {
+        fs.mkdir(dir, function(err) {
           if (err) {
             reportError(err, false);
           }
-          fs.writeFile(devKey, data, 'utf8', function (err) {
+          fs.writeFile(devKey, data, 'utf8', function(err) {
             if (err) {
               reportError(err);
             }
             process.stdout.write('Updated ' + devKey + '\n');
+            process.stdout.write('Compressing CSS and JS\n');
+            var comp = child_process.spawn('/home/app/code/scripts/compress',
+                                               [], {cwd: '/home/app/code'});
+            comp.stdout.on('data', function(data) {
+              process.stdout.write(data);
+            });
+            comp.stderr.on('data', function(data) {
+              process.stdout.write('ERROR: ' + data);
+            });
+          });
         });
       });
-    });
   });
 });

scripts/browserid-bigtent.spec

@@ -1,8 +1,8 @@
 %define _rootdir /opt/bigtent
 
 Name:          browserid-bigtent
-Version:       0.2013.01.17
-Release:       17%{?dist}_%{svnrev}
+Version:       0.2013.04.23
+Release:       3%{?dist}_%{svnrev}
 Summary:       BrowserID BigTent server
 Packager:      Pete Fritchman <petef@mozilla.com>
 Group:         Development/Libraries

server/bin/bigtent

@@ -70,7 +70,7 @@ var sess_config = config.get('client_sessions');
 
 // BigTent must be deployed behind SSL.
 // Tell client-sessions everything will be alright
-app.use(function (req, res, next) {
+app.use(function(req, res, next) {
   req.connection.proxySecure = true;
   next();
 });
@@ -81,7 +81,21 @@ app.use(clientSessions({
   duration:   sess_config.duration,
   cookie: {
     secure: true,
-    httpOnly: true
+    httpOnly: true,
+    maxAge: sess_config.duration
+  }
+}));
+
+var pin_code_config = config.get('pin_code_sessions');
+
+app.use(clientSessions({
+  cookieName: pin_code_config.cookie_name,
+  secret:     pin_code_config.secret,
+  duration:   pin_code_config.duration,
+  cookie: {
+    secure: true,
+    httpOnly: true,
+    maxAge: pin_code_config.duration
   }
 }));
 

server/config/aws.json

@@ -0,0 +1,29 @@
+{
+  "browserid_server": "https://login.dev.anosrep.org",
+  "issuer": "issue216pinflow.personatest.org",
+  "certifier_host": "localhost", 
+  "certifier_port": 8081,
+  "client_sessions": {
+    "cookie_name": "session",
+    "secret": "YOU MUST CHANGE ME",
+    "duration": 86400000
+  },
+  "pin_code_sessions": {
+    "cookie_name": "pincodedb",
+    "secret": "YOU MUST CHANGE ME AND BE DIFFERENT",
+    "duration": 600000
+  },
+  "email_to_console": false,
+  "env": "development",
+  "use_https": false,
+  "domain_info": {
+    "yahoo.com": {
+      "strategy": "yahoo",
+      "providerName": "Yahoo",
+      "providerURL": "https://mail.yahoo.com"
+    }
+  },
+  "express_log_format": "tiny",
+  "supported_languages": ["en-US"],
+  "var_path": "/home/app/var"
+}

server/config/local.json-dist

@@ -3,10 +3,15 @@
   "certifier_host": "localhost",
   "certifier_port": 8000,
   "client_sessions": {
-    "cookie_name": "session_state",
+    "cookie_name": "session",
     "secret": "YOU MUST CHANGE ME",
     "duration": 86400000
   },
+  "pin_code_sessions": {
+    "cookie_name": "pincodedb",
+    "secret": "YOU MUST CHANGE ME AND BE DIFFERENT",
+    "duration": 600000
+  },
   "env": "development",
   "issuer": "localhost",
   "use_https": false,
@@ -30,5 +35,11 @@
   },
   "pub_key_ttl": 120,
   "pub_key_path": "var/key.publickey",
+  "smtp": {
+    "host": "smtp.socketlabs.com",
+    "user": "someuser",
+    "pass": "somepassword",
+    "port": 25
+  },
   "supported_languages": ["en-US", "it-CH", "db-LB"]
 }

server/config/test.json

@@ -1,10 +1,15 @@
 {
   "browserid_server": "http://127.0.0.1:10002",
   "client_sessions": {
-    "cookie_name": "session_state",
+    "cookie_name": "session",
     "secret": "YOU MUST CHANGE ME",
     "duration": 86400000
   },
+  "pin_code_sessions": {
+    "cookie_name": "pincodedb",
+    "secret": "YOU MUST CHANGE ME AND BE DIFFERENT",
+    "duration": 600000
+  },
   "domain_info": {
     "gmail.com": {
       "strategy": "google",

server/lib/configuration.js

@@ -21,10 +21,16 @@ var conf = module.exports = convict({
   certifier_host: 'string = "127.0.0.1"',
   certifier_port: "integer{1,65535} = 8080",
   client_sessions: {
-    cookie_name: 'string = "session_state"',
+    cookie_name: 'string = "session"',
     secret: 'string = "YOU MUST CHANGE ME"',
     duration: 'integer = '  + (24 * 60 * 60 * 1000) // 1 day
   },
+  pin_code_sessions: {
+    cookie_name: 'string = "pincodedb"',
+    secret: 'string = "YOU MUST CHANGE ME AND BE DIFFERENT"',
+    duration: 'integer = '  + (10 * 60 * 1000) // 10 minutes
+  },
+  pin_length: 'integer{1,100} = 6',
   default_lang: 'string = "en-US"',
   debug_lang: 'string = "it-CH"',
   disable_locale_check: {
@@ -86,7 +92,14 @@ var conf = module.exports = convict({
     client_secret: 'string = "NgepFX4ectJP-l-5XOymSqk4aLy7DJrE"'
   },
   pub_key_ttl: "integer = " + (6 * 60 * 60), // 6 hours
-  pub_key_path: 'string = "var/key.publickey"'
+  pub_key_path: 'string = "var/key.publickey"',
+  email_to_console: 'boolean = false',
+  smtp: {
+    host: 'string?',
+    user: 'string?',
+    pass: 'string?',
+    port: 'integer = 25'
+  }
 });
 
 // At the time this file is required, we'll determine the "process name" for this proc

server/lib/email.js

@@ -0,0 +1,97 @@
+/* this Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const _ = require('underscore'),
+config = require('./configuration.js'),
+ejs = require('ejs'),
+emailer = require('nodemailer'),
+fs = require('fs'),
+logger = require('./logging.js').logger,
+path = require('path'),
+statsd = require('./statsd'),
+url = require('url');
+
+/* if smtp parameters are configured, use them */
+try { var smtp_params = config.get('smtp'); } catch(e) {}
+if (smtp_params && smtp_params.host) {
+  emailer.SMTP = {
+    host: smtp_params.host,
+    port: smtp_params.port
+  };
+  logger.info("delivering email via SMTP host: " +  emailer.SMTP.host);
+  if (smtp_params.user) {
+    emailer.SMTP.use_authentication = true;
+    emailer.SMTP.user = smtp_params.user;
+    emailer.SMTP.pass = smtp_params.pass;
+
+    logger.info("authenticating to email host as " +  emailer.SMTP.user);
+  }
+}
+
+const TEMPLATE_PATH = path.join(__dirname, "..", "views", "email_templates");
+
+// The "gettext" function here is only used for static analysis.
+// A real, locale-aware gettext function is used when in doSend.
+var gettext = function(a) { return a; };
+var templates = {
+  "pin_verification": {
+    landing: 'pin_verification',
+    subject: gettext("Confirm email address for Persona"),
+    templatePath: path.join(TEMPLATE_PATH, 'pin_verification.ejs')
+  }
+};
+
+function withTemplate(email_type, cb) {
+  if (!templates[email_type]) {
+    cb(new Error("unknown email type: " + email_type));
+  } else if (templates[email_type].render) {
+    cb(null, templates[email_type].render);
+  } else {
+    fs.readFile(templates[email_type].templatePath, function(err, data) {
+      if (err) { throw err; }
+
+      var render = ejs.compile(data.toString());
+
+      templates[email_type].render = render;
+
+      cb(null, render);
+    });
+  }
+}
+
+//TODO send in localeContext
+function doSend(email_type, email, context, langContext) {
+  if (!templates[email_type]) {
+    throw new Error("unknown email type: " + email_type);
+  }
+
+  if (config.get('email_to_console')) {
+    console.log("\nVERIFICATION PIN:\n" + context.pin_code + "\n");
+  } else {
+    withTemplate(email_type, function(err, render) {
+      var templateArgs = _.extend({
+        gettext: langContext.gettext,
+        format: langContext.format
+      }, context);
+
+      var mailArgs = {
+        sender: "Persona <no-reply@persona.org>",
+        to: email,
+        subject: langContext.gettext(templates[email_type].subject),
+        text: render(templateArgs)
+      };
+
+      emailer.send_mail(mailArgs, function(err, response) {
+        if (err || !response) {
+          logger.error("error sending email to: " + email + " - " + err);
+          statsd.increment('email.' + email_type + '.sent.error');
+        }
+      });
+    });
+  }
+}
+
+exports.sendPinVerification = function(email, msgContext, langContext) {
+  doSend('pin_verification', email, msgContext, langContext);
+};