turingmachine · November 26, 2019 16:42
diff --git a/openid.js b/openid.js
 const openidRelyingParty = new openid.RelyingParty(
  `${config.baseurl}/verify`,
  config.baseurl,
  true, // Use stateless verification
  false, // Strict mode
  [
    new openid.AttributeExchange({
      'https://login.migros.ch/ax/legal/TNB_MYMIGROS': 'required',
      'https://login.migros.ch/ax/contact/email': 'optional',
      'https://login.migros.ch/ax/person/guid': 'required',
      'https://login.migros.ch/ax/person/gender': 'required',
      'https://login.migros.ch/ax/namePerson/first': 'required',
      'https://login.migros.ch/ax/namePerson/last': 'required',
      'https://login.migros.ch/ax/contact/postalAddress/home': 'optional',
      'https://login.migros.ch/ax/contact/postalCode/home': 'optional',
      'https://login.migros.ch/ax/contact/mconnect/postalAddressAddOn/home':
        'optional',
      'https://login.migros.ch/ax/contact/city/home': 'optional',
      'https://login.migros.ch/ax/contact/phone/cell': 'required',
    }),
  ]
 )

 app.get('/login', async (req, res) => {
      await openidRelyingParty.authenticate(
        config.openidIdentifier,
        false,
        async (error, authUrl) => {
          if (error) {
            Raven.captureException(error)
            res.send('Authentication failed: ' + error.message)
          } else if (!authUrl) {
            res.send('Authentication failed')
          } else {
            await new Promise(resolve => req.session.save(() => resolve()))
            res.redirect(302, authUrl)
          }
        }
      )
    })

    app.post('/verify', async (req, res) => {
      await openidRelyingParty.verifyAssertion(req, async (error, result) => {
        if (error || !result.authenticated) {
          console.log(error)
          Raven.captureException(error)
          req.session.authenticated = false
          await new Promise(resolve => req.session.save(() => resolve()))
          return res.send(
            `Failure : <pre>${JSON.stringify(error, null, 2)}</pre>`
          )
        }
        
        const [user, created] = await models.Users.findOrCreate({
          where: {
            MConnectGUID: result['https://login.migros.ch/ax/person/guid'],
          },
        })

        await user.update({
          gender: result['https://login.migros.ch/ax/person/gender'],
          firstName: result['https://login.migros.ch/ax/namePerson/first'],
          lastName: result['https://login.migros.ch/ax/namePerson/last'],
          email: result['https://login.migros.ch/ax/contact/email'],
          mobile: result['https://login.migros.ch/ax/contact/phone/cell'],
          testUser,
        })

        await user.reload()

        req.session.authenticated = true

        await new Promise(resolve => req.session.save(() => resolve()))
        res.redirect('/shop')
      })
    })
	const openidRelyingParty = new openid.RelyingParty(
	`${config.baseurl}/verify`,
	config.baseurl,
	true, // Use stateless verification
	false, // Strict mode
	[
	new openid.AttributeExchange({
	'https://login.migros.ch/ax/legal/TNB_MYMIGROS': 'required',
	'https://login.migros.ch/ax/contact/email': 'optional',
	'https://login.migros.ch/ax/person/guid': 'required',
	'https://login.migros.ch/ax/person/gender': 'required',
	'https://login.migros.ch/ax/namePerson/first': 'required',
	'https://login.migros.ch/ax/namePerson/last': 'required',
	'https://login.migros.ch/ax/contact/postalAddress/home': 'optional',
	'https://login.migros.ch/ax/contact/postalCode/home': 'optional',
	'https://login.migros.ch/ax/contact/mconnect/postalAddressAddOn/home':
	'optional',
	'https://login.migros.ch/ax/contact/city/home': 'optional',
	'https://login.migros.ch/ax/contact/phone/cell': 'required',
	}),
	]
	)

	app.get('/login', async (req, res) => {
	await openidRelyingParty.authenticate(
	config.openidIdentifier,
	false,
	async (error, authUrl) => {
	if (error) {
	Raven.captureException(error)
	res.send('Authentication failed: ' + error.message)
	} else if (!authUrl) {
	res.send('Authentication failed')
	} else {
	await new Promise(resolve => req.session.save(() => resolve()))
	res.redirect(302, authUrl)
	}
	}
	)
	})

	app.post('/verify', async (req, res) => {
	await openidRelyingParty.verifyAssertion(req, async (error, result) => {
	if (error \|\| !result.authenticated) {
	console.log(error)
	Raven.captureException(error)
	req.session.authenticated = false
	await new Promise(resolve => req.session.save(() => resolve()))
	return res.send(
	`Failure : <pre>${JSON.stringify(error, null, 2)}</pre>`
	)
	}

	const [user, created] = await models.Users.findOrCreate({
	where: {
	MConnectGUID: result['https://login.migros.ch/ax/person/guid'],
	},
	})

	await user.update({
	gender: result['https://login.migros.ch/ax/person/gender'],
	firstName: result['https://login.migros.ch/ax/namePerson/first'],
	lastName: result['https://login.migros.ch/ax/namePerson/last'],
	email: result['https://login.migros.ch/ax/contact/email'],
	mobile: result['https://login.migros.ch/ax/contact/phone/cell'],
	testUser,
	})

	await user.reload()

	req.session.authenticated = true

	await new Promise(resolve => req.session.save(() => resolve()))
	res.redirect('/shop')
	})
	})