Permalink
Browse files

integrating train 2011.08.25

  • Loading branch information...
2 parents 0a8a820 + 2f3fe55 commit aefe662a1017c727c3b49ec83110445d000fc39e @shane-tomlinson shane-tomlinson committed Sep 1, 2011
Showing with 4,993 additions and 437 deletions.
  1. +18 −0 ChangeLog
  2. +0 −2 DEPLOYMENT.md
  3. +5 −1 README.md
  4. +5 −1 browserid/app.js
  5. +8 −3 browserid/compress.sh
  6. +1 −1 browserid/lib/db.js
  7. +5 −1 browserid/lib/db_json.js
  8. +30 −28 browserid/lib/db_mysql.js
  9. +78 −0 browserid/lib/fake_verification.js
  10. +87 −45 browserid/lib/wsapi.js
  11. +5 −0 browserid/static/css/style.css
  12. +2 −6 browserid/static/dialog/controllers/addemail_controller.js
  13. +9 −8 browserid/static/dialog/controllers/authenticate_controller.js
  14. +1 −4 browserid/static/dialog/controllers/checkregistration_controller.js
  15. +2 −9 browserid/static/dialog/controllers/createaccount_controller.js
  16. +20 −67 browserid/static/dialog/controllers/dialog_controller.js
  17. +2 −7 browserid/static/dialog/controllers/forgotpassword_controller.js
  18. +18 −1 browserid/static/dialog/controllers/page_controller.js
  19. +1 −0 browserid/static/dialog/dialog.js
  20. +3 −3 browserid/static/dialog/qunit.html
  21. +344 −0 browserid/static/dialog/resources/browserid-identities.js
  22. +156 −44 browserid/static/dialog/resources/browserid-network.js
  23. +260 −0 browserid/static/dialog/test/qunit/browserid-identities_functional_test.js
  24. +460 −0 browserid/static/dialog/test/qunit/browserid-identities_unit_test.js
  25. +150 −0 browserid/static/dialog/test/qunit/browserid-network_test.js
  26. +8 −3 browserid/static/dialog/test/qunit/qunit.js
  27. +225 −0 browserid/static/funcunit/qunit/qunit.css
  28. +1,448 −0 browserid/static/funcunit/qunit/qunit.js
  29. +53 −73 browserid/static/js/browserid.js
  30. +11 −115 browserid/tests/lib/wsapi.js
  31. +123 −0 browserid/tests/set-key-wsapi-test.js
  32. +156 −0 browserid/tests/sync-emails-wsapi-test.js
  33. +3 −0 browserid/views/layout.ejs
  34. +7 −10 browserid/views/prove.ejs
  35. 0 {browserid/lib → libs}/secrets.js
  36. +165 −0 libs/wsapi_client.js
  37. +2 −1 package.json
  38. +61 −0 performance/README.md
  39. +144 −0 performance/lib/add_email.js
  40. +55 −0 performance/lib/include_only.js
  41. +139 −0 performance/lib/reauth.js
  42. +47 −0 performance/lib/reset_pass.js
  43. +47 −0 performance/lib/signin.js
  44. +130 −0 performance/lib/signup.js
  45. +31 −0 performance/lib/test.js
  46. +134 −0 performance/lib/user_db.js
  47. +305 −0 performance/run.js
  48. +16 −0 run.js
  49. +10 −3 scripts/merge_train.sh
  50. +3 −1 verifier/app.js
View
@@ -1,3 +1,21 @@
+train-2011.08.25:
+ * created command line load generation tool and performance analysis work: #125
+ * beginning unit/functional tests for front end: #183
+ * front end refactor to facilitate unit/functional tests and UX iteration: #183
+ * error messages are shown on front end: #184
+ * users must now verify account ownership before attempting a key sync.
+ * manage page date format: #191
+ * manage page button only displayed if user is currently authenticated: #195
+ * manage page emails are synced on page open: #181
+ * wsapi_client created for clients needing programatic access to wsapi.
+ * harden set_key against duplicate keys.
+ * fix new email addresses added not being synced on client: #199
+ * upgrade to bcrypt 0.2.4.
+ * minify include.js by default: #206
+ * more than one email address can be added per dialog lifespan: #215
+ * verifyier no longer verifies assertions issued by another server.
+ * (2011.08.31) no error message displayed if you try to authenticate with an invalid u/p: #222
+
train-2011.08.18:
* upon clickthrough of the email link, don't have the browser window close itself: #162
* passwords must be between 8 and 80 chars: #155
View
@@ -140,8 +140,6 @@ post update hook, annotated to help you follow along:
rm -rf /home/browserid/code.old
mv /home/browserid/code{,.old}
mv $NEWCODE /home/browserid/code
- ln -s /home/browserid/var_browserid /home/browserid/code/browserid/var
- ln -s /home/browserid/var_verifier /home/browserid/code/verifier/var
echo "fixing permissions"
find /home/browserid/code -exec chgrp www-data {} \; > /dev/null 2>&1
View
@@ -29,7 +29,11 @@ Here's the software you'll need installed:
## Testing
-Unit tests are under `browserid/tests/`, and you should run them often. Like before committing code.
+Unit tests can be run by invoking `test.sh` at the top level, and you
+should run them often. Like before committing code. To fully test
+the code you should install mysql and have a well permissions `test`
+user (can create and drop databases). If you don't have mysql installed,
+code testing is still possible (it just uses a little json database).
## Development model
View
@@ -42,7 +42,7 @@ httputils = require('./lib/httputils.js'),
webfinger = require('./lib/webfinger.js'),
sessions = require('connect-cookie-session'),
express = require('express'),
-secrets = require('./lib/secrets.js'),
+secrets = require('../libs/secrets.js'),
db = require('./lib/db.js'),
configuration = require('../libs/configuration.js'),
substitution = require('../libs/substitute.js');
@@ -252,3 +252,7 @@ exports.setup = function(server) {
// add the actual URL handlers other than static
router(server);
}
+
+exports.shutdown = function() {
+ db.close();
+};
View
@@ -12,15 +12,20 @@ if [ ! -x "$JAVA" ]; then
exit 1
fi
+YUI_LOCATION='../../static/steal/build/scripts/yui.jar'
+echo ''
+echo '****Compressing include.js****'
+echo ''
-YUI_LOCATION='../../static/steal/build/scripts/yui.jar'
+cd static
+mv include.js include.orig.js
+$UGLIFY -nc include.orig.js > include.js
echo ''
echo '****Building dialog HTML, CSS, and JS****'
echo ''
-cd static
steal/js dialog/scripts/build.js
cd dialog
@@ -33,7 +38,7 @@ echo ''
cd ../js
# re-minimize everything together
-cat jquery-1.6.2.min.js ../dialog/resources/underscore-min.js browserid.js > lib.js
+cat jquery-1.6.2.min.js ../dialog/resources/underscore-min.js ../dialog/resources/browserid-network.js ../dialog/resources/browserid-identities.js ../dialog/resources/storage.js browserid.js > lib.js
$UGLIFY < lib.js > lib.min.js
cd ../css
View
@@ -78,7 +78,7 @@ exports.open = function(cfg, cb) {
exports.close = function(cb) {
driver.close(function(err) {
ready = false;
- cb(err);
+ if (cb) cb(err);
});
};
@@ -41,7 +41,7 @@
const
path = require('path'),
fs = require('fs'),
-secrets = require('./secrets'),
+secrets = require('../../libs/secrets'),
jsel = require('JSONSelect'),
logger = require('../../libs/logging.js').logger,
configuration = require('../../libs/configuration.js'),
@@ -179,6 +179,10 @@ exports.addKeyToEmail = function(existing_email, email, pubkey, cb) {
}
var m = jsel.match("object:has(.address:val(" + ESC(email) + ")) > .keys", db[userID].emails);
+
+ if (jsel.match(".key:val(" + ESC(pubkey) + ")", m).length > 0) {
+ return cb("cannot set a key that is already known");
+ }
var kobj = {
key: pubkey,
@@ -62,7 +62,7 @@
const
mysql = require('mysql'),
-secrets = require('./secrets'),
+secrets = require('../../libs/secrets'),
logger = require('../../libs/logging.js').logger;
var client = undefined;
@@ -282,38 +282,40 @@ exports.emailsBelongToSameAccount = function(lhs, rhs, cb) {
function addKeyToEmailRecord(emailId, pubkey, cb) {
client.query(
- // XXX: 2 weeks is wrong, but then so is keypairs.
- "INSERT INTO pubkey(email, content, expiry) VALUES(?, ?, DATE_ADD(NOW(), INTERVAL 2 WEEK))",
+ "SELECT COUNT(*) AS n FROM pubkey WHERE email = ? AND content = ?",
[ emailId, pubkey ],
- function(err, info) {
- if (err) logUnexpectedError(err);
- // smash null into undefined.
- cb(err ? err : undefined);
+ function(err, rows) {
+ if (err) {
+ logUnexpectedError(err);
+ return cb(err);
+ }
+ if (rows[0].n > 0) {
+ return cb("cannot set a key that is already known");
+ }
+
+ client.query(
+ // XXX: 2 weeks is wrong, but then so is keypairs.
+ "INSERT INTO pubkey(email, content, expiry) VALUES(?, ?, DATE_ADD(NOW(), INTERVAL 2 WEEK))",
+ [ emailId, pubkey ],
+ function(err, info) {
+ if (err) logUnexpectedError(err);
+ // smash null into undefined.
+ cb(err ? err : undefined);
+ });
});
}
exports.addKeyToEmail = function(existing_email, email, pubkey, cb) {
- // this function will NOT add a new email address to a user record. The only
- // way that happens is when a verification secret is provided to us. Limiting
- // the code paths that result in us concluding that a user owns an email address
- // is a Good Thing.
- exports.emailsBelongToSameAccount(existing_email, email, function(ok) {
- if (!ok) {
- cb("authenticated user doesn't have permission to add a public key to " + email);
- return;
- }
-
- // now we know that the user has permission to add a key.
- client.query(
- "SELECT id FROM email WHERE address = ?", [ email ],
- function(err, rows) {
- if (err) { logUnexpectedError(err); cb(err); }
- else if (rows.length === 0) cb("cannot find email address: " + email);
- else {
- addKeyToEmailRecord(rows[0].id, pubkey, cb);
- }
- });
- });
+ // now we know that the user has permission to add a key.
+ client.query(
+ "SELECT id FROM email WHERE address = ?", [ email ],
+ function(err, rows) {
+ if (err) { logUnexpectedError(err); cb(err); }
+ else if (rows.length === 0) cb("cannot find email address: " + email);
+ else {
+ addKeyToEmailRecord(rows[0].id, pubkey, cb);
+ }
+ });
}
exports.stageEmail = function(existing_email, new_email, pubkey, cb) {
@@ -0,0 +1,78 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Mozilla BrowserID.
+ *
+ * The Initial Developer of the Original Code is Mozilla.
+ * Portions created by the Initial Developer are Copyright (C) 2011
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * Lloyd Hilaiel <lloyd@hilaiel.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* This little module will, when included, hook the email verification system
+ * and instead of sending emails will make verification tokens available
+ * via the WSAPI. This is *highly* insecure and should only be used when
+ * testing (performance or otherwise).
+ */
+
+const
+email = require('./email.js'),
+configuration = require('../../libs/configuration.js'),
+url = require('url');
+
+// a paranoid check of the configuration. This module should only
+// be included when in a testing environment
+var c = configuration.get('env');
+if (!/^test_/.test(c)) {
+ console.log("FATAL ERROR: you're using fake verification in a configuration that you shouldn't");
+ console.log("stop including fake_verification.js. it's not safe here.");
+ process.exit(1);
+} else {
+ console.log("HEAR YE: Fake verfication enabled, aceess via /wsapi/fake_verification?email=foo@bar.com");
+}
+
+// we store outstanding tokens in memory, folks.
+var tokens = { };
+
+// set up an interceptor
+email.setInterceptor(function(email, site, secret) {
+ tokens[email] = secret;
+});
+
+exports.addVerificationWSAPI = function(app) {
+ app.get('/wsapi/fake_verification', function(req, res) {
+ var email = url.parse(req.url, true).query['email'];
+ if (tokens.hasOwnProperty(email)) {
+ res.write(tokens[email]);
+ delete tokens[email];
+ } else {
+ res.writeHead(400, {"Content-Type": "text/plain"});
+ }
+ res.end();
+ });
+};
Oops, something went wrong.

0 comments on commit aefe662

Please sign in to comment.