Skip to content
This repository
branch: dev
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

executable file 128 lines (108 sloc) 3.767 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
#!/usr/bin/env node

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

const
https = require('https'),
und = require('underscore'),
urlp = require('url'),
util = require('util'),
fs = require('fs');

const logging = require('../lib/logging/logging.js');
logging.enableConsoleLogging();

const primary = require('../lib/primary');


if (process.argv.length < 3) {
  console.log('Checks to see if a domain has a proper declaration of support as a browserid primary');
  console.log('Usage:', process.argv[1], '<domain>', '[CA cert file path]');
  process.exit(1);
}
var domain = process.argv[2];

// allow passing in a particular CA cert to use
var caPath = process.argv[3];
if (caPath) {
  var cas = [fs.readFileSync(caPath)];
  https.globalAgent.options.ca = cas;
}

primary.checkSupport(domain, function(err, r) {
  if (err || r.publicKey === null) {
    if (err) {
      process.stderr.write("error: " + err + "\n");
    }
    process.exit(1);
  }

  console.log('Primary domain:\t\t', domain);
  console.log('Authoritative Domain:\t', r.authoritativeDomain);
  console.log('Authentication URL:\t', r.urls.auth);
  console.log('Provisioning URL:\t', r.urls.prov);
  console.log('Public Key:\t\t', JSON.stringify(r.publicKey, null, " "));

  var authopts = {
      xframe: false
  };
  getResource('auth', r.urls.auth, authopts, function () {
    getResource('prov', r.urls.prov, {
      xframe: true
    });
  });

});

/**
* Retrieve one of their urls and examine aspects of it for issues
*/
function getResource(mode, url, opts, cb) {
  var path = urlp.parse(url).path;
  var r = https.request({
    host: domain,
    path: path,
    method: 'GET'
  });

  r.on('error', function (e) {
    console.log("ERROR: ", e.message);
  });

  r.on('response', function (resp) {
    var body = "";
    if (resp.statusCode !== 200) {
      console.log("ERROR: HTTP status code=", resp.statusCode, url);
      return;
    }
    if (opts.xframe === true) {
      verifyResponseHeaders(resp, url);
    }
    resp.setEncoding('utf8');

    resp.on('data', function (chunk) {
      body += chunk;
    });

    resp.on('end', function() {
      var includes = {
        'auth': 'authentication_api.js',
        'prov': 'provisioning_api.js'
      };

      var foundRefs = 0;

      if (body.indexOf('https://login.dev.anosrep.org/' + includes[mode]) !== -1) {
        console.log(util.format('WARNING: Detected dev %s on %s', includes[mode], url));
      } else if (body.indexOf('https://login.anosrep.org/' + includes[mode]) !== -1) {
        console.log(util.format('WARNING: Detected staging %s on %s', includes[mode], url));
      } else if (body.indexOf('https://login.persona.org/' + includes[mode]) !== -1) {
        console.log(util.format('Detected production %s on %s', includes[mode], url));
      } else if (body.indexOf(includes[mode]) !== -1) {
        console.log(util.format('WARNING: Unknown %s detected on %s', includes[mode], url));
      } else {
        console.log(util.format('WARNING: Unable to detect required script, %, on %s', includes[mode], url));
      }
      if (cb) {
          cb();
      }
    });
  });
  r.end();
}

/**
* Verify response headers do not contain X-Frame-Options header.
*/
function verifyResponseHeaders(resp, url) {
  var xframe = und.filter(Object.keys(resp.headers), function (header) {
    return header.toLowerCase() === 'x-frame-options';
  });
  if (xframe.length === 1) {
    console.log("ERROR: X-Frame-Options=", resp.headers[xframe[0]], ", BrowserID will not be able to communicate with your site." +
        " Suppress X-Frame-Options for ", url);
  }
}
Something went wrong with that request. Please try again.