This repository has been archived by the owner on May 10, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 264
/
check_primary_support
executable file
·103 lines (93 loc) · 2.88 KB
/
check_primary_support
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#!/usr/bin/env node
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const
https = require('https'),
und = require('underscore'),
urlp = require('url'),
util = require('util'),
primary = require('../lib/primary'),
logging = require('../lib/logging.js');
logging.enableConsoleLogging();
if (process.argv.length !== 3) {
console.log('Checks to see if a domain has a proper declaration of support as a browserid primary');
console.log('Usage:', process.argv[1], '<domain>');
process.exit(1);
}
var domain = process.argv[2];
primary.checkSupport(domain, function(err, urls, publicKey) {
if (err || publicKey === null) {
if (err) {
process.stderr.write("error: " + err + "\n");
}
process.exit(1);
}
console.log('Primary domain: ', domain);
console.log('Public Key: ', publicKey);
var authopts = {
xframe: false
};
getResource('auth', urls.auth, urls, authopts, function () {
getResource('prov', urls.prov, urls, {
xframe: true
});
});
});
/**
* Retrieve one of their urls and examine aspects of it for issues
*/
function getResource(mode, url, urls, opts, cb) {
var path = urlp.parse(url).path;
var body = "",
r = https.request({
host: domain,
path: path,
method: 'GET'
}, checkResource(url, opts, body));
r.on('data', function (chunk) {
body += chunk;
});
r.on('error', function (e) {
console.log("ERROR: ", e.message);
});
r.on('close', function () {
var includes = {
'auth': '/authentication_api.js',
'prov': '/provisioning_api.js'
};
if (body.indexOf(util.format("https://browserid.org%s", includes[mode])) == -1 &&
body.indexOf(util.format("https://diresworb.org%s", includes[mode])) == -1 &&
body.indexOf(util.format("https://dev.diresworb.org%s", includes[mode])) == -1) {
console.log(util.format("WARNING: No https://browserid.org/%s script tag detected", includes[mode]));
}
if (cb) {
cb();
}
});
r.end();
};
/**
* Called once we have a response.
*
* Do the provisioning and signin resources look kosher?
*/
function checkResource (url, opts, body) {
return function (resp) {
// Their are no X-Frame options
if (resp.statusCode != 200) {
console.log("ERROR: HTTP status code=", resp.statusCode, url);
} else {
if (opts.xframe === true) {
var xframe = und.filter(Object.keys(resp.headers), function (header) {
return header.toLowerCase() == 'x-frame-options';
});
if (xframe.length == 1) {
console.log("ERROR: X-Frame-Options=", resp.headers[xframe[0]], ", BrowserID will not be able to communicate with your site." +
" Suppress X-Frame-Options for ", url);
}
}
resp.setEncoding('utf8');
}
};
};