Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
branch: dev
Fetching contributors…

Cannot retrieve contributors at this time

executable file 128 lines (108 sloc) 3.767 kB
#!/usr/bin/env node
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const
https = require('https'),
und = require('underscore'),
urlp = require('url'),
util = require('util'),
fs = require('fs');
const logging = require('../lib/logging/logging.js');
logging.enableConsoleLogging();
const primary = require('../lib/primary');
if (process.argv.length < 3) {
console.log('Checks to see if a domain has a proper declaration of support as a browserid primary');
console.log('Usage:', process.argv[1], '<domain>', '[CA cert file path]');
process.exit(1);
}
var domain = process.argv[2];
// allow passing in a particular CA cert to use
var caPath = process.argv[3];
if (caPath) {
var cas = [fs.readFileSync(caPath)];
https.globalAgent.options.ca = cas;
}
primary.checkSupport(domain, function(err, r) {
if (err || r.publicKey === null) {
if (err) {
process.stderr.write("error: " + err + "\n");
}
process.exit(1);
}
console.log('Primary domain:\t\t', domain);
console.log('Authoritative Domain:\t', r.authoritativeDomain);
console.log('Authentication URL:\t', r.urls.auth);
console.log('Provisioning URL:\t', r.urls.prov);
console.log('Public Key:\t\t', JSON.stringify(r.publicKey, null, " "));
var authopts = {
xframe: false
};
getResource('auth', r.urls.auth, authopts, function () {
getResource('prov', r.urls.prov, {
xframe: true
});
});
});
/**
* Retrieve one of their urls and examine aspects of it for issues
*/
function getResource(mode, url, opts, cb) {
var path = urlp.parse(url).path;
var r = https.request({
host: domain,
path: path,
method: 'GET'
});
r.on('error', function (e) {
console.log("ERROR: ", e.message);
});
r.on('response', function (resp) {
var body = "";
if (resp.statusCode !== 200) {
console.log("ERROR: HTTP status code=", resp.statusCode, url);
return;
}
if (opts.xframe === true) {
verifyResponseHeaders(resp, url);
}
resp.setEncoding('utf8');
resp.on('data', function (chunk) {
body += chunk;
});
resp.on('end', function() {
var includes = {
'auth': 'authentication_api.js',
'prov': 'provisioning_api.js'
};
var foundRefs = 0;
if (body.indexOf('https://login.dev.anosrep.org/' + includes[mode]) !== -1) {
console.log(util.format('WARNING: Detected dev %s on %s', includes[mode], url));
} else if (body.indexOf('https://login.anosrep.org/' + includes[mode]) !== -1) {
console.log(util.format('WARNING: Detected staging %s on %s', includes[mode], url));
} else if (body.indexOf('https://login.persona.org/' + includes[mode]) !== -1) {
console.log(util.format('Detected production %s on %s', includes[mode], url));
} else if (body.indexOf(includes[mode]) !== -1) {
console.log(util.format('WARNING: Unknown %s detected on %s', includes[mode], url));
} else {
console.log(util.format('WARNING: Unable to detect required script, %, on %s', includes[mode], url));
}
if (cb) {
cb();
}
});
});
r.end();
}
/**
* Verify response headers do not contain X-Frame-Options header.
*/
function verifyResponseHeaders(resp, url) {
var xframe = und.filter(Object.keys(resp.headers), function (header) {
return header.toLowerCase() === 'x-frame-options';
});
if (xframe.length === 1) {
console.log("ERROR: X-Frame-Options=", resp.headers[xframe[0]], ", BrowserID will not be able to communicate with your site." +
" Suppress X-Frame-Options for ", url);
}
}
Jump to Line
Something went wrong with that request. Please try again.