Skip to content

Commit

Permalink
Merge pull request liamcurry#41 from scholtzm/verify-identifier
Browse files Browse the repository at this point in the history 
Verify identifier/request format
  • Loading branch information
@welps
welps authored Jun 25, 2016
2 parents 1f99252 + 5e22204 commit 7e8529f
Show file tree
Hide file tree
Showing 5 changed files with 71 additions and 39 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ app.get('/auth/steam/return',

## Examples

For a complete, working example, refer to the [signon example](https://github.com/liamcurry/passport-steam/tree/master/examples/signon).
For a complete, working example, refer to the [signon example](https://github.com/liamcurry/passport-steam/tree/master/examples/signon). Do not forget to add your API key.

## Tests

Expand Down
2 changes: 1 addition & 1 deletion examples/signon/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ var express = require('express')
, passport = require('passport')
, util = require('util')
, session = require('express-session')
, SteamStrategy = require('passport-steam').Strategy;
, SteamStrategy = require('../../').Strategy;

// Passport session setup.
// To support persistent login sessions, Passport needs to be able to
Expand Down
11 changes: 0 additions & 11 deletions examples/signon/package.json
View file

This file was deleted.

86 changes: 62 additions & 24 deletions lib/passport-steam/strategy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,41 @@ var util = require('util')
, OpenIDStrategy = require('passport-openid-node6support').Strategy
, SteamWebAPI = require('steam-web');

/**
* Retrieve user's Steam profile information.
*
* @param {String} key Steam WebAPI key.
* @param {String} steamID SteamID64.
* @return {Object} User's Steam profile.
*/
function getUserProfile(key, steamID, callback) {
var steam = new SteamWebAPI({ apiKey: key, format: 'json' });

steam.getPlayerSummaries({
steamids: [ steamID ],
callback: function(err, result) {
if(err) {
return callback(err);
}

var profile = {
provider: 'steam',
_json: result.response.players[0],
id: result.response.players[0].steamid,
displayName: result.response.players[0].personaname,
photos: [{
value: result.response.players[0].avatar
}, {
value: result.response.players[0].avatarmedium
}, {
value: result.response.players[0].avatarfull
}]
};

callback(null, profile);
}
});
}

/**
* `Strategy` constructor.
Expand Down Expand Up @@ -45,40 +80,43 @@ function Strategy(options, validate) {
options.profile = (options.profile === undefined) ? true : options.profile;
options.stateless = true; //Steam only works as a stateless OpenID

if(options.profile) {
var steam = new SteamWebAPI({ apiKey: options.apiKey, format: 'json' });
var originalPassReqToCallback = options.passReqToCallback;
options.passReqToCallback = true; //Request needs to be verified

function getUserProfile() {
var req = arguments[options.passReqToCallback ? 0 : undefined];
var identifier = arguments[options.passReqToCallback ? 1 : 0];
var profile = arguments[options.passReqToCallback ? 2 : 1];
var done = arguments[options.passReqToCallback ? 3 : 2];
function verify(req, identifier, profile, done) {
var validOpEndpoint = 'https://steamcommunity.com/openid/login';
var identifierRegex = /^http:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/;

steam.getPlayerSummaries({
steamids: [ identifier ],
callback: function(err, result) {
if (err) return done(err);
if(req.query['openid.op_endpoint'] !== validOpEndpoint ||
!identifierRegex.test(identifier)) {
return done(null, false, { message: 'Claimed identity is invalid.' });
}

profile = {
provider: 'steam',
_json: result.response.players[0],
id: result.response.players[0].steamid,
displayName: result.response.players[0].personaname,
photos: [ { value: result.response.players[0].avatar }, { value: result.response.players[0].avatarmedium }, { value: result.response.players[0].avatarfull } ]
};
var steamID = identifierRegex.exec(identifier)[0];

options.passReqToCallback ?
validate(req, identifier, profile, done):
if(options.profile) {
getUserProfile(options.apiKey, steamID, function(err, profile) {
if(err) {
done(err);
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}
});
} else {
if(originalPassReqToCallback) {
validate(req, identifier, profile, done);
} else {
validate(identifier, profile, done);
}
}

OpenIDStrategy.call(this, options, getUserProfile);
} else {
OpenIDStrategy.call(this, options, validate);
}

OpenIDStrategy.call(this, options, verify);

this.name = 'steam';
this.stateless = options.stateless;
}
Expand Down
9 changes: 7 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,15 @@
"steam-web": "~0.2.4"
},
"devDependencies": {
"ava": "^0.10.0"
"ava": "^0.10.0",
"ejs": "^2.4.2",
"express": "^4.14.0",
"express-session": "^1.13.0",
"passport": "^0.3.2"
},
"scripts": {
"test": "ava test/*.test.js"
"test": "ava test/*.test.js",
"example": "node examples/signon/app.js"
},
"engines": {
"node": ">= 0.4.0"
Expand Down

0 comments on commit 7e8529f

Please sign in to comment.