function Strategy(options, validate) {
options = options || {};
options.providerURL = options.providerURL || 'http://steamcommunity.com/openid';
options.profile = (options.profile === undefined) ? true : options.profile;
options.stateless = true; //Steam only works as a stateless OpenID
var originalPassReqToCallback = options.passReqToCallback;
options.passReqToCallback = true; //Request needs to be verified
function verify(req, identifier, profile, done) {
var validOpEndpoint = 'https://steamcommunity.com/openid/login';
var identifierRegex = /^http:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;
if(req.query['openid.op_endpoint'] !== validOpEndpoint ||
!identifierRegex.test(identifier)) {
return done(null, false, { message: 'Claimed identity is invalid.' });
}
var steamID = identifierRegex.exec(identifier)[0];
if(options.profile) {
getUserProfile(options.apiKey, steamID, function(err, profile) {
if(err) {
done(err);
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
});
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
}
OpenIDStrategy.call(this, options, verify);
this.name = 'steam';
this.stateless = options.stateless;
}n/a
function Strategy(options, validate) {
options = options || {};
options.providerURL = options.providerURL || 'http://steamcommunity.com/openid';
options.profile = (options.profile === undefined) ? true : options.profile;
options.stateless = true; //Steam only works as a stateless OpenID
var originalPassReqToCallback = options.passReqToCallback;
options.passReqToCallback = true; //Request needs to be verified
function verify(req, identifier, profile, done) {
var validOpEndpoint = 'https://steamcommunity.com/openid/login';
var identifierRegex = /^http:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;
if(req.query['openid.op_endpoint'] !== validOpEndpoint ||
!identifierRegex.test(identifier)) {
return done(null, false, { message: 'Claimed identity is invalid.' });
}
var steamID = identifierRegex.exec(identifier)[0];
if(options.profile) {
getUserProfile(options.apiKey, steamID, function(err, profile) {
if(err) {
done(err);
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
});
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
}
OpenIDStrategy.call(this, options, verify);
this.name = 'steam';
this.stateless = options.stateless;
}n/a
function Strategy(options, verify) {
if (!options.returnURL) throw new Error('OpenID authentication requires a returnURL option');
if (!verify) throw new Error('OpenID authentication strategy requires a verify callback');
passport.Strategy.call(this);
this.name = 'openid';
this._verify = verify;
this._profile = options.profile;
this._pape = options.pape;
this._passReqToCallback = options.passReqToCallback;
var extensions = [];
if (options.profile) {
var sreg = new openid.SimpleRegistration({
"fullname" : true,
"nickname" : true,
"email" : true,
"dob" : true,
"gender" : true,
"postcode" : true,
"country" : true,
"timezone" : true,
"language" : true
});
extensions.push(sreg);
}
if (options.profile) {
var ax = new openid.AttributeExchange({
"http://axschema.org/namePerson" : "required",
"http://axschema.org/namePerson/first": "required",
"http://axschema.org/namePerson/last": "required",
"http://axschema.org/contact/email": "required"
});
extensions.push(ax);
}
if (options.ui) {
// ui: { mode: 'popup', icon: true, lang: 'fr-FR' }
var ui = new openid.UserInterface(options.ui);
extensions.push(ui);
}
if (options.pape) {
var papeOptions = {};
if (options.pape.hasOwnProperty("maxAuthAge")) {
papeOptions.max_auth_age = options.pape.maxAuthAge;
}
if (options.pape.preferredAuthPolicies) {
if (typeof options.pape.preferredAuthPolicies === "string") {
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies;
} else if (Array.isArray(options.pape.preferredAuthPolicies)) {
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies.join(" ");
}
}
var pape = new openid.PAPE(papeOptions);
extensions.push(pape);
}
if (options.oauth) {
var oauthOptions = {};
oauthOptions.consumerKey = options.oauth.consumerKey;
oauthOptions.scope = options.oauth.scope;
var oauth = new openid.OAuthHybrid(oauthOptions);
extensions.push(oauth);
}
this._relyingParty = new openid.RelyingParty(
options.returnURL,
options.realm,
(options.stateless === undefined) ? false : options.stateless,
(options.secure === undefined) ? true : options.secure,
extensions);
this._providerURL = options.providerURL;
this._identifierField = options.identifierField || 'openid_identifier';
}n/a
function InternalOpenIDError(message, err) {
Error.call(this);
Error.captureStackTrace(this, arguments.callee);
this.name = 'InternalOpenIDError';
this.message = message;
this.openidError = err;
}n/a
function Strategy() {
}n/a
function Strategy(options, validate) {
options = options || {};
options.providerURL = options.providerURL || 'http://steamcommunity.com/openid';
options.profile = (options.profile === undefined) ? true : options.profile;
options.stateless = true; //Steam only works as a stateless OpenID
var originalPassReqToCallback = options.passReqToCallback;
options.passReqToCallback = true; //Request needs to be verified
function verify(req, identifier, profile, done) {
var validOpEndpoint = 'https://steamcommunity.com/openid/login';
var identifierRegex = /^http:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;
if(req.query['openid.op_endpoint'] !== validOpEndpoint ||
!identifierRegex.test(identifier)) {
return done(null, false, { message: 'Claimed identity is invalid.' });
}
var steamID = identifierRegex.exec(identifier)[0];
if(options.profile) {
getUserProfile(options.apiKey, steamID, function(err, profile) {
if(err) {
done(err);
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
});
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
}
OpenIDStrategy.call(this, options, verify);
this.name = 'steam';
this.stateless = options.stateless;
}n/a
function Strategy(options, verify) {
if (!options.returnURL) throw new Error('OpenID authentication requires a returnURL option');
if (!verify) throw new Error('OpenID authentication strategy requires a verify callback');
passport.Strategy.call(this);
this.name = 'openid';
this._verify = verify;
this._profile = options.profile;
this._pape = options.pape;
this._passReqToCallback = options.passReqToCallback;
var extensions = [];
if (options.profile) {
var sreg = new openid.SimpleRegistration({
"fullname" : true,
"nickname" : true,
"email" : true,
"dob" : true,
"gender" : true,
"postcode" : true,
"country" : true,
"timezone" : true,
"language" : true
});
extensions.push(sreg);
}
if (options.profile) {
var ax = new openid.AttributeExchange({
"http://axschema.org/namePerson" : "required",
"http://axschema.org/namePerson/first": "required",
"http://axschema.org/namePerson/last": "required",
"http://axschema.org/contact/email": "required"
});
extensions.push(ax);
}
if (options.ui) {
// ui: { mode: 'popup', icon: true, lang: 'fr-FR' }
var ui = new openid.UserInterface(options.ui);
extensions.push(ui);
}
if (options.pape) {
var papeOptions = {};
if (options.pape.hasOwnProperty("maxAuthAge")) {
papeOptions.max_auth_age = options.pape.maxAuthAge;
}
if (options.pape.preferredAuthPolicies) {
if (typeof options.pape.preferredAuthPolicies === "string") {
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies;
} else if (Array.isArray(options.pape.preferredAuthPolicies)) {
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies.join(" ");
}
}
var pape = new openid.PAPE(papeOptions);
extensions.push(pape);
}
if (options.oauth) {
var oauthOptions = {};
oauthOptions.consumerKey = options.oauth.consumerKey;
oauthOptions.scope = options.oauth.scope;
var oauth = new openid.OAuthHybrid(oauthOptions);
extensions.push(oauth);
}
this._relyingParty = new openid.RelyingParty(
options.returnURL,
options.realm,
(options.stateless === undefined) ? false : options.stateless,
(options.secure === undefined) ? true : options.secure,
extensions);
this._providerURL = options.providerURL;
this._identifierField = options.identifierField || 'openid_identifier';
}n/a
function Strategy() {
}n/a
function BadRequestError(message) {
Error.call(this);
Error.captureStackTrace(this, arguments.callee);
this.name = 'BadRequestError';
this.message = message || null;
}n/a
function InternalOpenIDError(message, err) {
Error.call(this);
Error.captureStackTrace(this, arguments.callee);
this.name = 'InternalOpenIDError';
this.message = message;
this.openidError = err;
}n/a
function Strategy(options, verify) {
if (!options.returnURL) throw new Error('OpenID authentication requires a returnURL option');
if (!verify) throw new Error('OpenID authentication strategy requires a verify callback');
passport.Strategy.call(this);
this.name = 'openid';
this._verify = verify;
this._profile = options.profile;
this._pape = options.pape;
this._passReqToCallback = options.passReqToCallback;
var extensions = [];
if (options.profile) {
var sreg = new openid.SimpleRegistration({
"fullname" : true,
"nickname" : true,
"email" : true,
"dob" : true,
"gender" : true,
"postcode" : true,
"country" : true,
"timezone" : true,
"language" : true
});
extensions.push(sreg);
}
if (options.profile) {
var ax = new openid.AttributeExchange({
"http://axschema.org/namePerson" : "required",
"http://axschema.org/namePerson/first": "required",
"http://axschema.org/namePerson/last": "required",
"http://axschema.org/contact/email": "required"
});
extensions.push(ax);
}
if (options.ui) {
// ui: { mode: 'popup', icon: true, lang: 'fr-FR' }
var ui = new openid.UserInterface(options.ui);
extensions.push(ui);
}
if (options.pape) {
var papeOptions = {};
if (options.pape.hasOwnProperty("maxAuthAge")) {
papeOptions.max_auth_age = options.pape.maxAuthAge;
}
if (options.pape.preferredAuthPolicies) {
if (typeof options.pape.preferredAuthPolicies === "string") {
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies;
} else if (Array.isArray(options.pape.preferredAuthPolicies)) {
papeOptions.preferred_auth_policies = options.pape.preferredAuthPolicies.join(" ");
}
}
var pape = new openid.PAPE(papeOptions);
extensions.push(pape);
}
if (options.oauth) {
var oauthOptions = {};
oauthOptions.consumerKey = options.oauth.consumerKey;
oauthOptions.scope = options.oauth.scope;
var oauth = new openid.OAuthHybrid(oauthOptions);
extensions.push(oauth);
}
this._relyingParty = new openid.RelyingParty(
options.returnURL,
options.realm,
(options.stateless === undefined) ? false : options.stateless,
(options.secure === undefined) ? true : options.secure,
extensions);
this._providerURL = options.providerURL;
this._identifierField = options.identifierField || 'openid_identifier';
}n/a
discover = function (fn) {
discoverers.push(fn);
}n/a
function InternalOpenIDError(message, err) {
Error.call(this);
Error.captureStackTrace(this, arguments.callee);
this.name = 'InternalOpenIDError';
this.message = message;
this.openidError = err;
}n/a
toString = function () {
var m = this.message;
if (this.openidError) {
if (this.openidError instanceof Error) {
m += ' (' + this.openidError + ')';
}
else if (this.openidError.message) {
m += ' (message: ' + this.openidError.message + ')';
}
}
return m;
}n/a
_parseOAuthExt = function (params) {
var oauth = {};
// parse OAuth parameters
if (params['request_token']) {
oauth.requestToken = params['request_token'];
}
return oauth;
}n/a
_parsePAPEExt = function (params) {
var pape = {};
// parse PAPE parameters
if (params['auth_policies']) {
pape.authPolicies = params['auth_policies'].split(' ');
}
if (params['auth_time']) {
pape.authTime = new Date(params['auth_time']);
}
return pape;
}n/a
_parseProfileExt = function (params) {
var profile = {};
// parse simple registration parameters
profile.displayName = params['fullname'];
profile.emails = [{ value: params['email'] }];
// parse attribute exchange parameters
profile.name = { familyName: params['lastname'],
givenName: params['firstname'] };
if (!profile.displayName) {
if (params['firstname'] && params['lastname']) {
profile.displayName = params['firstname'] + ' ' + params['lastname'];
}
}
if (!profile.emails) {
profile.emails = [{ value: params['email'] }];
}
return profile;
}n/a
authenticate = function (req) {
if (req.query && req.query['openid.mode']) {
// The request being authenticated contains an `openid.mode` parameter in
// the query portion of the URL. This indicates that the OpenID Provider
// is responding to a prior authentication request with either a positive or
// negative assertion. If a positive assertion is received, it will be
// verified according to the rules outlined in the OpenID 2.0 specification.
// NOTE: node-openid (0.3.1), which is used internally, will treat a cancel
// response as an error, setting `err` in the verifyAssertion
// callback. However, for consistency with Passport semantics, a
// cancel response should be treated as an authentication failure,
// rather than an exceptional error. As such, this condition is
// trapped and handled prior to being given to node-openid.
if (req.query['openid.mode'] === 'cancel') { return this.fail({ message: 'OpenID authentication canceled' }); }
var self = this;
this._relyingParty.verifyAssertion(req.url, function(err, result) {
if (err) { return self.error(new InternalOpenIDError('Failed to verify assertion', err)); }
if (!result.authenticated) { return self.error(new Error('OpenID authentication failed')); }
var profile = self._parseProfileExt(result);
var pape = self._parsePAPEExt(result);
var oauth = self._parseOAuthExt(result);
function verified(err, user, info) {
if (err) { return self.error(err); }
if (!user) { return self.fail(info); }
self.success(user, info);
}
var arity = self._verify.length;
if (self._passReqToCallback) {
if (arity == 6) {
self._verify(req, result.claimedIdentifier, profile, pape, oauth, verified);
} else if (arity == 5) {
self._verify(req, result.claimedIdentifier, profile, pape, verified);
} else if (arity == 4 || self._profile) {
// self._profile check covers the case where callback uses `arguments`
// and arity == 0
self._verify(req, result.claimedIdentifier, profile, verified);
} else {
self._verify(req, result.claimedIdentifier, verified);
}
} else {
if (arity == 5) {
self._verify(result.claimedIdentifier, profile, pape, oauth, verified);
} else if (arity == 4) {
self._verify(result.claimedIdentifier, profile, pape, verified);
} else if (arity == 3 || self._profile) {
// self._profile check covers the case where callback uses `arguments`
// and arity == 0
self._verify(result.claimedIdentifier, profile, verified);
} else {
self._verify(result.claimedIdentifier, verified);
}
}
});
} else {
// The request being authenticated is initiating OpenID authentication. By
// default, an `openid_identifier` parameter is expected as a parameter,
// typically input by a user into a form.
//
// During the process of initiating OpenID authentication, discovery will be
// performed to determine the endpoints used to authenticate with the user's
// OpenID provider. Optionally, and by default, an association will be
// established with the OpenID provider which is used to verify subsequent
// protocol messages and reduce round trips.
var identifier = undefined;
if (req.body && req.body[this._identifierField]) {
identifier = req.body[this._identifierField];
} else if (req.query && req.query[this._identifierField]) {
identifier = req.query[this._identifierField];
} else if (this._providerURL) {
identifier = this._providerURL;
}
if (!identifier) { return this.fail(new BadRequestError('Missing OpenID identifier')); }
var self = this;
this._relyingParty.authenticate(identifier, false, function(err, providerUrl) {
if (err || !providerUrl) { return self.error(new InternalOpenIDError('Failed to discover OP endpoin ......
));
```
A Steam API key can be obtained at http://steamcommunity.com/dev/apikey. However if you wish not to use an API key, you can include
`profile: false` into the SteamStrategy object, which will disable the fetching of user data.
#### Authenticate Requests
Use `passport.authenticate()`, specifying the `'steam'` strategy, to
authenticate requests.
For example, as route middleware in an [Express](http://expressjs.com/)
application:
```javascript
app.get('/auth/steam',
...loadAssociation = function (fn) {
// wrap to allow individual arguments to `done` callback. this seems more
// natural since these were individual arguments to the corresponding
// `saveAssociation` function.
openid.loadAssociation = function(handle, callback) {
fn(handle, function(err, provider, algorithm, secret) {
if (err) { return callback(err, null); }
var obj = {
provider: provider,
type: algorithm,
secret: secret
}
return callback(null, obj);
});
}
return this; // return this for chaining
}n/a
loadDiscoveredInfo = function (fn) {
openid.loadDiscoveredInformation = fn;
return this; // return this for chaining
}n/a
loadDiscoveredInformation = function (fn) {
openid.loadDiscoveredInformation = fn;
return this; // return this for chaining
}n/a
saveAssociation = function (fn) {
// wrap to make `handle` the first argument to `fn`. this order is more
// natural due to the fact that `handle` this is the "key" when subsequently
// loading the association.
openid.saveAssociation = function(provider, type, handle, secret, expiry, callback) {
fn(handle, provider, type, secret, expiry, callback)
}
return this; // return this for chaining
}n/a
saveDiscoveredInfo = function (fn) {
openid.saveDiscoveredInformation = fn;
return this; // return this for chaining
}n/a
saveDiscoveredInformation = function (fn) {
openid.saveDiscoveredInformation = fn;
return this; // return this for chaining
}n/a
function Strategy() {
}n/a
function Strategy() {
}n/a
authenticate = function (req, options) {
throw new Error('Strategy#authenticate must be overridden by subclass');
}...
));
```
A Steam API key can be obtained at http://steamcommunity.com/dev/apikey. However if you wish not to use an API key, you can include
`profile: false` into the SteamStrategy object, which will disable the fetching of user data.
#### Authenticate Requests
Use `passport.authenticate()`, specifying the `'steam'` strategy, to
authenticate requests.
For example, as route middleware in an [Express](http://expressjs.com/)
application:
```javascript
app.get('/auth/steam',
...