From 5f1246d58b307631ef562a6eb7ec9712ac3581ae Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Wed, 14 Mar 2012 23:51:17 -0600
Subject: [PATCH] when certifying secondary certs and the user has not
confirmed their ownership of the given computer, certify with a short
validity period
---
bin/keysigner | 5 ++---
lib/http_forward.js | 6 ++++--
lib/validate.js | 2 +-
lib/wsapi/cert_key.js | 2 +-
resources/static/shared/network.js | 3 ++-
resources/static/shared/xhr.js | 4 +++-
6 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/bin/keysigner b/bin/keysigner
index b2002a722..316083aab 100755
--- a/bin/keysigner
+++ b/bin/keysigner
@@ -75,14 +75,13 @@ try {
process.exit(1);
}
-
// and our single function
-app.post('/wsapi/cert_key', validate(["email", "pubkey"]), function(req, resp) {
+app.post('/wsapi/cert_key', validate(["email", "pubkey", "ephemeral"]), function(req, resp) {
var startTime = new Date();
cc.enqueue({
pubkey: req.body.pubkey,
email: req.body.email,
- validityPeriod: config.get('certificate_validity_ms'),
+ validityPeriod: (req.body.ephemeral ? config.get('ephemeral_session_duration_ms') : config.get('certificate_validity_ms')),
hostname: HOSTNAME
}, function (err, r) {
var reqTime = new Date - startTime;
diff --git a/lib/http_forward.js b/lib/http_forward.js
index cb4396a4b..5277aa956 100644
--- a/lib/http_forward.js
+++ b/lib/http_forward.js
@@ -67,12 +67,14 @@ module.exports = function(dest, req, res, cb) {
// forward header
if (req.headers['accept-language']) {
- preq.setHeader('Accept-Language', req.headers['accept-language']);
+ preq.setHeader('Accept-Language', req.headers['accept-language']);
}
// if the body has already been parsed, we'll write it
if (req.body) {
- var data = querystring.stringify(req.body);
+ var data;
+ if (req.headers['content-type'].indexOf('application/json') === 0) data = JSON.stringify(req.body);
+ else data = querystring.stringify(req.body);
preq.setHeader('content-length', data.length);
preq.write(data);
preq.end();
diff --git a/lib/validate.js b/lib/validate.js
index ebe808dd3..b9f6d4dbc 100644
--- a/lib/validate.js
+++ b/lib/validate.js
@@ -27,7 +27,7 @@ module.exports = function (params) {
try {
params.forEach(function(k) {
- if (!params_in_request || !params_in_request.hasOwnProperty(k) || typeof params_in_request[k] !== 'string') {
+ if (!params_in_request || !params_in_request.hasOwnProperty(k)) {
throw k;
}
});
diff --git a/lib/wsapi/cert_key.js b/lib/wsapi/cert_key.js
index 9b642eb34..777d61223 100644
--- a/lib/wsapi/cert_key.js
+++ b/lib/wsapi/cert_key.js
@@ -14,7 +14,7 @@ wsapi = require('../wsapi.js');
exports.method = 'post';
exports.writes_db = false;
exports.authed = 'password';
-exports.args = ['email','pubkey'];
+exports.args = ['email','pubkey','ephemeral'];
exports.i18n = false;
exports.process = function(req, res) {
diff --git a/resources/static/shared/network.js b/resources/static/shared/network.js
index 013a36d61..2ec036d39 100644
--- a/resources/static/shared/network.js
+++ b/resources/static/shared/network.js
@@ -498,7 +498,8 @@ BrowserID.Network = (function() {
url: "/wsapi/cert_key",
data: {
email: email,
- pubkey: pubkey.serialize()
+ pubkey: pubkey.serialize(),
+ ephemeral: storage.usersComputer.confirmed(email) ?
},
success: onComplete,
error: onFailure
diff --git a/resources/static/shared/xhr.js b/resources/static/shared/xhr.js
index c174b1896..5c22abb88 100644
--- a/resources/static/shared/xhr.js
+++ b/resources/static/shared/xhr.js
@@ -136,7 +136,9 @@ BrowserID.XHR = (function() {
var req = _.extend(options, {
type: "POST",
- data: data,
+ data: JSON.stringify(data),
+ contentType: 'application/json',
+ processData: false,
defer_success: true
});
request(req);
--
GitLab