pre async

routes/auth.js

@@ -0,0 +1,69 @@
+let express = require('express');
+let router = express.Router();
+let passport = require('passport');
+let directory = require('../directory.js');
+
+router.get('/selfservice/api', function (req, res) {
+    response = 'Hello World!<br>';
+    console.log('User:', req.user);
+    if (req.user) {
+      // Query Active Directory for user details
+      // username is the UPN
+      let username = req.user.username;
+      attributes = ['dn', 'memberOf'];
+      directory.queryUser(username, attributes, function(err, user) {
+        if (err) {
+          console.log('Error:', err);
+        }
+        else {
+          console.log('User:', user);
+          response += 'Username: ' + req.user.username + '<br>';
+          response += 'First Name: ' + req.user.first_name + '<br>';
+          response += 'Last Name: ' + req.user.last_name + '<br>';
+          usertype_str_map = ['Unknown', 'Student', 'Parent'];
+          response += 'User Type: ' + usertype_str_map[directory.getUserType(req, res)] + '<br>';
+          response += '<a href="/selfservice/api/logout">Logout</a>';
+          res.send(response);
+        }
+      });
+    }
+    else {
+      response += '<a href="/selfservice/api/login">Login</a>';
+      res.send(response);
+    }
+  });
+  
+  router.get('/selfservice/api/logout', function (req, res) {
+    req.logout();
+    res.redirect('/selfservice/api');
+  });
+  
+  router.get('/selfservice/api/login',
+    passport.authenticate('saml', { failureRedirect: '/selfservice/api', failureFlash: true }),
+    function (req, res) {
+      res.redirect(end);
+    }
+  );
+  
+  router.use(function(req, res, next) {
+    console.log('Received request:', req.method, req.url);
+    console.log('Data:', req.body);
+    next();
+  });
+  
+  router.post('/selfservice/api/login/postResponse',
+    passport.authenticate('saml', { failureRedirect: '/selfservice/api',successRedirect: '/selfservice/api', failureFlash: true }),
+    function (req, res) {
+      console.log('SAML authentication successful');
+      res.redirect('/selfservice');
+    }
+  );
+  
+  function validUser(req, res, next) {
+    if (!req.user) {
+      res.redirect('/api/login');
+    }
+    next();
+  }
+
+module.exports = router;

routes/ps_relation_parent.js

@@ -0,0 +1,87 @@
+// This file contains the routes for the the account linking process on the parent side.
+
+let express = require('express');
+let router = express.Router();
+let passport = require('passport');
+let database = require('../config/database.js');
+
+// Consume the pairing code
+// Return the student's UPN then delete the pairing code
+function consumePairingCode(pairing_code, callback) {
+    let sql = 'SELECT upn FROM ps_pairing_codes WHERE pairing_code = ?';
+    database.query(sql, pairing_code, function (err, result) {
+        if (err) {
+            console.log('Error:', err);
+            return callback(err, null);
+        } else {
+            if (result.length === 0) {
+                return callback(null, null);
+            } else {
+                let upn = result[0].upn;
+                let sql = 'DELETE FROM ps_pairing_codes WHERE pairing_code = ?';
+                database.query(sql, pairing_code, function (err, result) {
+                    if (err) {
+                        console.log('Error:', err);
+                    } else {
+                        console.log('Pairing code consumed');
+                    }
+                });
+                return callback(null, upn);
+            }
+        }
+    });
+}
+
+router.get('/parent/:parent_upn/add-student', function (req, res) {
+    if(!req.isAuthenticated()) {
+        return res.status(401).send('Unauthorized');
+    }
+    let parent_upn = req.params.parent_upn;
+    // Is the logged in user a parent with the same UPN as the one in the URL?
+    // If not, return a 403 Forbidden response
+    if (req.user.username !== parent_upn) {
+        return res.status(403).send('Forbidden, UPN mismatch');
+    }
+    // Consume the pairing code, if it return null, return a 404 Not Found response
+    // Don't update the parent's student list yet
+    // Note that we won't return the student's details in this route
+    // Just a success message
+    let pairing_code = req.query.pairing_code;
+    // Is the pairing code in the query string?
+    if (!pairing_code) {
+        return res.status(400).send('Bad Request, pairing_code missing');
+    }
+    let student_upn = '';
+    consumePairingCode(pairing_code, function (err, upn) {
+        if (err) {
+            return res.status(500).send('Internal Server Error');
+        }
+        if (upn === null) {
+            return res.status(404).send('Invalid pairing code');
+        }
+        student_upn = upn;
+        res.send('Student added');
+        // Set the LDAP attribute parent to the parent's UPN in the student's LDAP entry
+    });
+});
+
+router.get('/parent/:parent_upn', function (req, res) {
+    if(!req.isAuthenticated()) {
+        return res.status(401).send('Unauthorized');
+    }
+    let parent_upn = req.params.parent_upn;
+    // Is the logged in user a parent with the same UPN as the one in the URL?
+    // If not, return a 403 Forbidden response
+    if (req.user.username !== parent_upn) {
+        return res.status(403).send('Forbidden, UPN mismatch');
+    }
+    // Return the parent's details in the session in JSON format
+    allowedAttributes = ['username', 'first_name', 'last_name'];
+    let parent = {};
+    allowedAttributes.forEach(function (attribute) {
+        parent[attribute] = req.user[attribute];
+    });
+    res.json(parent);
+});
+
+module.exports = router;

routes/ps_relation_student.js

@@ -0,0 +1,63 @@
+// This file contains the routes for the the account linking process on the student side.
+
+let express = require('express');
+let router = express.Router();
+let passport = require('passport');
+let database = require('../config/database.js');
+let uuid = require('uuid');
+
+function storePairingCode(upn, pairing_code) {
+    // If a student-pairing_code pair already exists, update the pairing code
+    // Else, insert a new student-pairing_code pair
+    let sql = 'INSERT INTO ps_pairing_codes (upn, pairing_code) VALUES (?, ?) ON DUPLICATE KEY UPDATE pairing_code = ?';
+    let values = [upn, pairing_code, pairing_code];
+    database.query(sql, values, function (err, result) {
+        if (err) {
+            console.log('Error:', err);
+        } else {
+            console.log('Pairing code stored');
+        }
+    });
+}
+
+router.get('/student/:upn/pairing-code', function (req, res) {
+    if(!req.isAuthenticated()) {
+        return res.status(401).send('Unauthorized');
+    }
+    let upn = req.params.upn;
+    // Is the logged in user a student with the same UPN as the one in the URL?
+    // If not, return a 403 Forbidden response
+    if (req.user.username !== upn) {
+        console.log('UPN mismatch');
+        console.log('req.user.upn:', req.user.upn);
+        console.log('upn:', upn);
+        return res.status(403).send('Forbidden, UPN mismatch');
+    }
+    // Generate a uuid (v4) as the pairing code
+    let pairing_code = uuid.v4();
+    // Store the pairing code in the database
+    storePairingCode(upn, pairing_code);
+    // Return the pairing code
+    res.send(pairing_code);
+});
+
+router.get('/student/:upn', function (req, res) {
+    if(!req.isAuthenticated()) {
+        return res.status(401).send('Unauthorized');
+    }
+    let upn = req.params.upn;
+    // Is the logged in user a student with the same UPN as the one in the URL?
+    // If not, return a 403 Forbidden response
+    if (req.user.username !== upn) {
+        return res.status(403).send('Forbidden, UPN mismatch');
+    }
+    // Return the student's details in the response in JSON format
+    allowedAttributes = ['username', 'first_name', 'last_name'];
+    let student = {};
+    allowedAttributes.forEach(function (attribute) {
+        student[attribute] = req.user[attribute];
+    });
+    res.json(student);
+});
+
+module.exports = router;