liamcurry / passport-steam Goto Github PK

View Code? Open in Web Editor NEW

339.0 23.0 102.0 293 KB

Steam (OpenID) authentication strategy for Passport and Node.js.

License: MIT License

Makefile 6.68% JavaScript 93.32%

steam openid passport node

passport-steam's Introduction

Passport-Steam

Passport strategy for authenticating with Steam using OpenID 2.0.

Installation

$ npm install --save passport-steam

Usage

Configure Strategy

The Steam authentication strategy authenticates users using a steam account, which is also an OpenID 2.0 identifier. The strategy requires a validate callback, which accepts this identifier and calls done providing a user. Additionally, options can be supplied to specify a return URL and realm.

passport.use(new SteamStrategy({
    returnURL: 'http://localhost:3000/auth/steam/return',
    realm: 'http://localhost:3000/',
    apiKey: 'your steam API key'
  },
  function(identifier, profile, done) {
    User.findByOpenID({ openId: identifier }, function (err, user) {
      return done(err, user);
    });
  }
));

A Steam API key can be obtained at http://steamcommunity.com/dev/apikey. However if you wish not to use an API key, you can include profile: false into the SteamStrategy object, which will disable the fetching of user data.

Authenticate Requests

Use passport.authenticate(), specifying the 'steam' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/steam',
  passport.authenticate('steam'),
  function(req, res) {
    // The request will be redirected to Steam for authentication, so
    // this function will not be called.
  });

app.get('/auth/steam/return',
  passport.authenticate('steam', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Examples

Basic example using Express

For a complete, working example, refer to the signon example or follow the steps below. Do not forget to add your API key.

To run the example, you can perform the following from the command line:

Clone the repository

git clone https://github.com/liamcurry/passport-steam.git
Go into the repository

cd passport-steam
Download the required dependencies

npm install
Edit examples/signon/app.js with your favorite text editor

Update the localhost parameter and add your API key in this block within examples/signon/app.js

returnURL: 'http://localhost:3000/auth/steam/return',
    realm: 'http://localhost:3000/',
    apiKey: 'Your API key here'

Save your changes to examples/signon/app.js
Start the example
```
npm run example
```
Go to the address you put in realm in your browser.

Basic example using Express with Router

For a complete, working example, refer to the signon example or follow the steps below. Do not forget to add your API key.

To run the example, you can perform the following from the command line:

Clone the repository

git clone https://github.com/liamcurry/passport-steam.git
Go into the repository

cd passport-steam
Download the required dependencies

npm install
Edit examples/signon/app-router.js with your favorite text editor

Update the localhost parameter and add your API key in this block within examples/signon/app-router.js

returnURL: 'http://localhost:3000/auth/steam/return',
    realm: 'http://localhost:3000/',
    apiKey: 'Your API key here'

Save your changes to examples/signon/app-router.js
Start the example
```
npm run example-router
```
Go to the address you put in realm in your browser.

Tests

If you would like to contribute, please provide accompanying tests with AVA

$ npm install -g ava
$ ava

Contributors

License

(The MIT License)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

passport-steam's People

Contributors

Stargazers

Watchers

Forkers

uncommonavenue mikebyrd devaio webartistse tmarciszewski jstty tje paralin kchung arumry improbable-io magsmagnoli romeldris icarobatista bobbumman meitinglei nisthar adaptivedev goegaming mshi bkrow newblt123 xavierchn welps stenleegunz connormcf msturges ragnardanneskjold sherpic korzhyk sezeryldz nexib kalexan8 raphaelaugustin ma1mun m-samoht unrealenginer florianbellazouz geckolml theemp slava-viktorov senior22 arechii filezgaetan openuserjs savyparchman gurkengewuerz kuznetsov-kd blickyer hoishin waylaidwanderer prih switz meepen demipixel jurk797 trentmillar xvampirx kewaiigamer bitswamp-projects citizenfx dilame mistertakaashi yusangchan ajssh game-corner tonydung2011 mbr001 sahmmie h0neycake forkkit masterscott metzz1 adrienjarretier brunofivver xcit1zen vulgarnykarlson thinhly95 southyyy enderady rory-hr djobbo officialstrike timvn excedd danieldspx shenprime codingpowerx sharkmantr oshibuki alexhype17 vojinpavlovic zirxi zaraki31 elektroklaus grubersjoe axotion cdraper033 coderaldrich

passport-steam's Issues

How to integrate passport-steam's express-router with react-router?

I just found this repo and this is exactly what I was looking for, the thing is that I'm not sure what is the best way to organise react-router and express-router. I'm not that well familiar with node yet, so any suggestion will help.

At the moment I'm looking to integrate passport-steam with create-react-app.

Thanks

OpenID Registration

Hello! Im building an eSports CSGO team manager and i wish to implement OpenID so players, managers and coach can signin. I was wondering if OpenID is implemented, anyone with Steam can signin into my system, and it needs to be restrict to the people listed above. Can OpenID provide some registration or restriction so only registered people can signin? Thanks in advance and sorry for my English.

State, sessions and cookies are not avaible in `returnURL`

I am trying to save persistent data in order to send it back to user once the authorization has succeeded. I am trying to achieve this using sessions (koa-session), cookies (implemented by default in Koa.js) and in Passport.js state. None of those works.

I am not sure though, if it is a problem with koa-passport or passport itself. It looks like one of those modules is blocking cookies/sessions at one point.

Client      ->      Server      ->      Provider      ->      Server      ->      Client
                       ^                                         ^
             (A) /api/auth/steam/               (B) /api/auth/steam/callback/

Cookies are set in (A) (and they are available there even in subsequent requests). However, those are undefined in (B).

Server configuration/middlewares:

import Koa from "koa";
import session from "koa-session";
import convert from "koa-convert";
import parser from "koa-bodyparser";
import passport from "koa-passport";

app = new Koa();
app.keys = [ … ];

app.use(convert(parser()));
app.use(session(app));
app.use(passport.initialize());
app.use(passport.session());

Strategy:

Note that the cookies and the session are not available here in the ctx even if passReqToCallback is set to true. ctx.state also doesn't contain ctx.query.connectionID (see routes below).

passport.use(new SteamStrategy({
    returnURL: "http://localhost:8000/api/auth/steam/callback",
    realm: "http://localhost:8000/",
    apiKey: "…",
    state: true,
    passReqToCallback: true
}, (ctx, identifier, profile, done) => {
    Users.findOrCreate({ … })
      .then(user => …)
      .catch(err =>  …);
}));

Routes:

router.get("/api/auth/steam", (ctx, next)  => {
    let n = ctx.session.views || 0;
    let m = parseInt(ctx.cookies.get("views")) || 0;

    ctx.session.views = ++n;
    ctx.cookies.set("views", ++m);

    // Works correctly, displays `n+1, m+1` and this number persist after each refresh
    console.log(ctx.session.views, ctx.cookies.get("views"));

    return passport.authenticate("steam", {
        session: false,
        state: ctx.query.connectionID
    })(ctx, next);
});

router.get("/api/auth/steam/callback", (ctx, next) => {
    // Displays `undefined undefined`
    console.log(ctx.session.views, ctx.cookies.get("views"));

    return passport.authenticate("steam", {
        session: false,
        state: true
    }, …)( ctx, next );
});

When I am requesting /api/auth/steam (A) it outputs n+1 and m+1 correctly, so cookies and sessions are set. However, those are undefined in returnURL (B).

I am not sure if passport-steam is regenerating sessions/refreshing cookies or something in the returnURL (B), but it should not be the case as I've disabled sessions by myself ({ session: false }). Any thought why those cookies/sessions/states are not avaible in another route (returnURL)?

Error: Unknown authentication strategy

Error: Unknown authentication strategy "steam_en"

Any ideas how i can fix that?
versions:
"passport": "^0.2.2",
"passport-steam": "^0.1.6",

30 days ago this code was working fine

The apiKey was written in code.But but i want to let the gamer to get their apikey and complete the auth.

[Question]How make it work with Handlebars?

I made the code and it sending me an error
`router.get('/', function(req, res) {
res.render('index', { user: req.user }, { title: 'Express' });
});

router.get('/tos', function(req, res) {
res.render('tos', { user: req.user }, { title: 'Terms of Service' });
});`

<img src='{{user.photos[2].value}}' alt="Avatar Image" /> <span>{{user.displayName}}</span>

Error
`C:\Users\VladG\Desktop\Tutorials\Express Web\CSGOGamble\node_modules\express-handlebars\lib\utils.js:18
callback(reason);
^

TypeError: callback is not a function
at Immediate. (C:\Users\VladG\Desktop\Tutorials\Express Web\CSGOGamble\node_modules\express-handlebars\lib\utils.js:18:13)
at runCallback (timers.js:672:20)
at tryOnImmediate (timers.js:645:5)
at processImmediate [as _immediateCallback] (timers.js:617:5)`

Can you help me?

Hi,

I wanna install passport-steam on heroku, but I cant do it, I tried but when access the address, the page show me "Application error", Can you help me?

profile defaults to true

strategy.js, line 44:

options.profile =  (options.profile === undefined) ? true : options.profile;

Steam doesn't send any profile information, but this line forces passport-openid to call the verify callback with (result.claimedIdentifier, profile, verified), ignoring arity.

InternalOpenIDError: Failed to verify assertion

Steam is very slow last time, even when connecting Steam client can take upto 25 seconds and loading inventory sometimes result in a ETIMEDOUT.

Changed my IP and DNS.
Receiving the following errors:

Failed to verify assertion
Failed to discover OP endpoint URL

Node version: 4.6.2
Using latest passport-steam version.

I am using the following code:

app.get("/login", passport.authenticate("steam", {failureRedirect: "/"}), () => {});

app.get("/login/return", (req, res, next) => { req.url = req.originalUrl; next(); }, passport.authenticate("steam", { failureRedirect: "/" }), (req, res) => { res.redirect("/"); });

Doesn't validate realm on return

This library (or one of its dependencies) does not validate the openid realm. If I login to another third party site via steam, they can log in to my site using the secret.

Let me know if this is upstream and I'll gladly pass it along. If it is upon me to validate the realm, it would be very helpful if you can provide an example.

Thanks!

Bump package version

Hi, can you please bump the version and publish it to npm?

Thanks 🐱

Steam web API key in js file?

Hi there. I'm new to all this, so maybe I'm interpreting it wrong, but it seems I have to pass my Steam web API key as a parameter in JavaScript to make the "Sign in through Steam" stuff work? If that's the case, isn't it harmful to just put the API key in a JavaScript file, where all users can easily access it?

Setting this whole strategy up

I've been trying to set this strategy up for 3 whole days now, but I can't get it to work. The signon example is not helping me, because it doesn't include a database. I have problems with User.findByOpenID and serializeUser & deserializeUser.

User.findByOpenID:
I get an error saying "User is not defined". What exactly do I have to define?

serializeUser & deserializeUser:
In the signon example the comment says "To support persistent login sessions, Passport needs to be able to serialize users into and deserialize users out of the session. Typically, this will be as simple as storing the user ID when serializing, and finding the user by ID when deserializing. However, since this example does not have a database of user records, the complete Steam profile is serialized and deserialized.

I don't understand what I have to do exactly at this point. I have searched for days but I couldn't find some explanation on how to store the userID when serializing and finding the user by ID when deserializing.

And I know that this isn't an issue with passport-steam, but I just can't get this to work and don't know a better place to ask.. So please don't close this issue

Passport does not want to authenticate

Hello all,
I have been faced to this problem for 5 hours now, no way to make it work.

This is my first time using this library or even OpenID and Passport, so it might be a rookie mistake. I have been scouring the Internet did not find anything.

Here's my code:

(module.exports = exports = (function (options) {

	const _ = require("underscore");

	options = _.extend({
		port: process.env.PORT || 3000,
		env: "prod",
		secret: "Craig Sager"
	}, options);

	const winston 		= require('winston');
	options.winston	= winston;
	winston.level		= options.env;
	winston.add(winston.transports.File, { filename: 'output.log' });

	const express		= require("express");
	const bodyParser 	= require("body-parser");
	const session 		= require('express-session');
	const routes		= require("./routes")(options);

	// Passport
	const passport 	  = require('passport');
	const SteamStrategy = require('passport-steam').Strategy;

	passport.serializeUser(function (user, done) {
		done(null, user);
	});

	passport.deserializeUser(function (obj, done) {
		done(null, obj);
	});

	passport.use(new SteamStrategy({
		returnURL: 'http://localhost:3000/auth/return',
		realm: 'http://localhost:3000/',
		apiKey: options.apiKey
	},
		function (identifier, profile, done) {
			process.nextTick(function () {

				profile.identifier = identifier;
				return done(null, profile);
			});
		}
	));

	const app = express();

	app.set('views', __dirname + '/views');
	app.set('view engine', 'ejs');

	winston.log("debug", "Loaded dependencies");

	app.use(session({
		secret: options.secret,
		resave: true,
		saveUninitialized: true
	}));

	app.use(bodyParser.json());
	app.use(bodyParser.urlencoded({
		extended: true
	}));

	app.use(passport.initialize());
	app.use(passport.session());

	// Static content
	app.use(express.static(__dirname + '/../public'));
	winston.log("debug", "static files served");

	// Routes
	app.use("/", routes);
	winston.log("debug", "express routes loaded");

	return {
		// Connect to the database and start the server
		start() {
			app.listen(options.port);
			winston.info("Server started on port: " + options.port);
		}
	};
});

And the routes:

module.exports = exports = (function (options) {

	const express 	= require("express");
	const router	= express.Router();
	const passport 	= require("passport");

	router.get('/logout', function (req, res) {
		req.logout();
		res.redirect('/');
	});

	router.get('/', passport.authenticate('steam', { failureRedirect: '/' }), (req, res) => res.redirect("/"));

	router.get('/return',
		// Issue #37 - Workaround for Express router module stripping the full url, causing assertion to fail 
		function (req, res, next) {
			req.url = req.originalUrl;
			next();
		},
		passport.authenticate('steam', { failureRedirect: '/' }),
		function (req, res) {
			res.redirect('/');
		});

	return router;
});

Everything seems to go fine from a user perspective, but on the server, req.user === undefined and req.isAuthenticated() === false every time, even after loggin in. I tried to stay as close as possible to the example (that was perfectly working), removed all the unnecessary code, but never got it to work.

Thanks for the help!

InternalOpenIDError: Failed to verify assertion

I have been using this 'passport-steam' 2 month ago well, localhost and online Server.

today morning, I found this error in 'localhost'

$ npm run example

> [email protected] example C:\Users\TESTER\Documents\passport-steam-master
> node examples/signon/app.js

InternalOpenIDError: Failed to verify assertion
    at C:\Users\TESTER\Documents\passport-steam-master\node_modules\passport-openid\lib\passport-openid\strategy.js:184:36
    at C:\Users\TESTER\Documents\passport-steam-master\node_modules\openid\openid.js:981:12
    at C:\Users\TESTER\Documents\passport-steam-master\node_modules\openid\openid.js:1105:16
    at C:\Users\TESTER\Documents\passport-steam-master\node_modules\openid\openid.js:1212:14
    at Request._callback (C:\Users\TESTER\Documents\passport-steam-master\node_modules\openid\openid.js:242:7)
    at self.callback (C:\Users\TESTER\Documents\passport-steam-master\node_modules\request\request.js:188:22)
    at emitOne (events.js:96:13)
    at Request.emit (events.js:188:7)
    at Request.onRequestError (C:\Users\TESTER\Documents\passport-steam-master\node_modules\request\request.js:884:8)
    at emitOne (events.js:96:13)

'passport-steam' just run in online server, but 'localhost' is not.

I Don't know what happened.
and This Test Code is Clean Code 'passport-steam'
I just pull code, and edit 'api-key' , and npm run example..

Somebody can help solve this issue?

and my test enviroment

$ node -v
v6.11.3
package.js
"dependencies": {
"passport-openid": "^0.4.0",
"steam-web": "0.4.0"
},
"devDependencies": {
"ava": "^0.10.0",
"ejs": "^2.4.2",
"express": "^4.14.0",
"express-session": "^1.13.0",
"passport": "^0.3.2"
},

Failed to discover OP endpoint URL

Using the recommended code

passport.use(new SteamStrategy({
    returnURL: 'http://mysite.com/auth/steam/return',
    realm: 'http://mysite.com/',
    apiKey: 'my key'
  },
etc.

app.use('/auth/steam',
  passport.authenticate('steam', { successRedirect: '/',
    failureRedirect: '/error' })
  );

app.use('/auth/steam/return',
  passport.authenticate('steam', {failureRedirect: '/404' }),
    function(req, res) {
      res.redirect('/');
    }
  );

Error: Failed to discover OP endpoint URL (message: No providers found for the given identifier)

Occasionally the site will progress past this stage however, resulting in the next error:

Failed to verify assertion (message: No OpenID provider was discovered for the asserted claimed identifier)

I tried the solution in #27 but I couldn't get it to work. Has anyone gained any further understanding on this issue?

To add to this, this has been working in my app for 8 months or so, none of the code has been changed.

[question] Redirect after login

Hello,
its possible todo redirect to site where we clicked login button?
Like i have 2 sites and one passport-steam with one url to api and i want to redirect to site where user click login button.

Typings

It's possible to have index.d.ts or a npm package @types/passport-steam?

Thanks a lot

I get an error when authorizing Steam

Failed to verify assertion (message: Invalid signature)
    at /var/apps/node_modules/passport-steam/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36
    at /var/apps/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:981:12
    at /var/apps/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:1105:16
    at /var/apps/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:1223:16
    at Request._callback (/var/apps/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:244:7)
    at Request.self.callback (/var/apps/node_modules/request/request.js:188:22)
    at emitTwo (events.js:87:13)
    at Request.emit (events.js:172:7)
    at Request.<anonymous> (/var/apps/node_modules/request/request.js:1171:10)
    at emitOne (events.js:77:13)

Another issue regarding invalid assertion

I've looked through all the old issues with this involving this error, and have seen all the fixes people have gone over, but have not been able to fix this for myself.

At the moment, this is the error I'm getting...

Error
    at /Users/Shared/workspace/test/passport-steam/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36
    at /Users/Shared/workspace/test/passport-steam/node_modules/openid/openid.js:981:12
    at /Users/Shared/workspace/test/passport-steam/node_modules/openid/openid.js:1105:16
    at /Users/Shared/workspace/test/passport-steam/node_modules/openid/openid.js:1212:14
    at Request._callback (/Users/Shared/workspace/test/passport-steam/node_modules/openid/openid.js:242:7)
    at self.callback (/Users/Shared/workspace/test/passport-steam/node_modules/request/request.js:186:22)
    at emitOne (events.js:115:13)
    at Request.emit (events.js:210:7)
    at Request.onRequestError (/Users/Shared/workspace/test/passport-steam/node_modules/request/request.js:878:8)
    at emitOne (events.js:115:13)

When I change up the failure response to show the error message, I get a more fine-tuned error: 'InternalOpenIDError: Failed to verify assertion'

The main issue thread that was opened for this was closed last July, and none of the fixes listed in there have helped me resolve this, and I need this for a project I'm doing.

If anyone at all has a resolution to this, please help.

The primary code used is below:

app.js

/**
 * Basic example demonstrating passport-steam usage within Express framework
 */
var express = require('express')
  , passport = require('passport')
  , util = require('util')
  , session = require('express-session')
  , SteamStrategy = require('../../').Strategy;

// Passport session setup.
//   To support persistent login sessions, Passport needs to be able to
//   serialize users into and deserialize users out of the session.  Typically,
//   this will be as simple as storing the user ID when serializing, and finding
//   the user by ID when deserializing.  However, since this example does not
//   have a database of user records, the complete Steam profile is serialized
//   and deserialized.
passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

// Use the SteamStrategy within Passport.
//   Strategies in passport require a `validate` function, which accept
//   credentials (in this case, an OpenID identifier and profile), and invoke a
//   callback with a user object.
passport.use(new SteamStrategy({
    returnURL: 'http://localhost:3000/auth/steam/return',
    realm: 'http://localhost:3000/',
    apiKey: 'xxxxxxxxxxxxxxxxxxx'
  },
  function(identifier, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {

      // To keep the example simple, the user's Steam profile is returned to
      // represent the logged-in user.  In a typical application, you would want
      // to associate the Steam account with a user record in your database,
      // and return that user instead.
      profile.identifier = identifier;
      return done(null, profile);
    });
  }
));

var app = express();

// configure Express
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');

app.use(session({
    secret: 'your secret',
    name: 'name of session id',
    resave: true,
    saveUninitialized: true}));

// Initialize Passport!  Also use passport.session() middleware, to support
// persistent login sessions (recommended).
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static(__dirname + '/../../public'));

app.get('/', function(req, res){
  res.render('index', { user: req.user });
});

app.get('/account', ensureAuthenticated, function(req, res){
  res.render('account', { user: req.user });
});

app.get('/logout', function(req, res){
  req.logout();
  res.redirect('/');
});

// GET /auth/steam
//   Use passport.authenticate() as route middleware to authenticate the
//   request.  The first step in Steam authentication will involve redirecting
//   the user to steamcommunity.com.  After authenticating, Steam will redirect the
//   user back to this application at /auth/steam/return
app.get('/auth/steam',
  passport.authenticate('steam', { failureRedirect: '/' }),
  function(req, res) {
    res.redirect('/');
  });

// GET /auth/steam/return
//   Use passport.authenticate() as route middleware to authenticate the
//   request.  If authentication fails, the user will be redirected back to the
//   login page.  Otherwise, the primary route function function will be called,
//   which, in this example, will redirect the user to the home page.
app.get('/auth/steam/return',
  passport.authenticate('steam', { failureRedirect: '/' }),
  function(req, res) {
    res.redirect('/');
  });

app.listen(3000);

// Simple route middleware to ensure user is authenticated.
//   Use this route middleware on any resource that needs to be protected.  If
//   the request is authenticated (typically via a persistent login session),
//   the request will proceed.  Otherwise, the user will be redirected to the
//   login page.
function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) { return next(); }
  res.redirect('/');
}

Update steam-web dependence

Today I have exception

SyntaxError: Unexpected token <
  at Object.parse (native)
  at IncomingMessage.<anonymous> (/srv/csgo/node_modules/passport-steam/node_modules/steam-web/lib/steam.js:210:44)
  at IncomingMessage.emit (events.js:129:20)
  at _stream_readable.js:908:16
  at process._tickCallback (node.js:355:11)

In steam-web v.0.2.4 this issue has been fixed, you need to update version of this package

InternalOpenIDError: Failed to verify assertion

Error that i am getting:
InternalOpenIDError: Failed to verify assertion 0|gate | at /var/apps/node_modules/passport-steam/node_modules/passport-openid-node6support/lib/passport-openid/strategy.js:184:36 0|gate | at /var/apps/node_modules/passport-steam/node_modules/passport-openid-node6support/node_modules/openid/openid.js:1020:12 0|gate | at /var/apps/node_modules/passport-steam/node_modules/passport-openid-node6support/node_modules/openid/openid.js:1190:16 0|gate | at /var/apps/node_modules/passport-steam/node_modules/passport-openid-node6support/node_modules/openid/openid.js:1297:14 0|gate | at Request._callback (/var/apps/node_modules/passport-steam/node_modules/passport-openid-node6support/node_modules/openid/openid.js:243:7) 0|gate | at self.callback (/var/apps/node_modules/request/request.js:186:22) 0|gate | at Request.emit (events.js:107:17) 0|gate | at Request.onRequestError (/var/apps/node_modules/request/request.js:845:8) 0|gate | at ClientRequest.emit (events.js:107:17) 0|gate | at TLSSocket.socketErrorListener (_http_client.js:271:9)

node -v:
v0.12.17

I know my node version is old, but thats cuz i tried different ones to check maybe if its version issue.

passport v0.3.2
passport-openid-node6support v1.0.0
passport-steam v1.0.7
express v4.14.0

My code for authentication and save login data:

var app = express();

app.enable('trust proxy', 1);

app.listen(80);

app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');

app.use(session({ proxy: true, secret: CONFIG.express.secret, name: CONFIG.express.name, resave: false, saveUninitialized: false, cookie: { httpOnly: true } }));

app.use(function(req, res, next){
	res.locals.currentUrl = '//' + req.hostname + req.url;
	res.locals.date = new Date().getTime();
	res.locals.user = req.user;
	next();
});

app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, done) {
    done(null, user);
});

passport.deserializeUser(function(obj, done) {
    done(null, obj);
});

passport.use(new SteamStrategy({
        returnURL : CONFIG.website+'/auth/steam/return',
        realm : CONFIG.website,
        apiKey : CONFIG.apikey,
		profile : true
    }, function(identifier, profile, done) {
		process.nextTick(function () {
			profile.identifier = identifier;
			return done(null, profile);
		});
        //profile.identifier = identifier;
        //return done(null, profile);
    }
));

app.get('/logout', function(req, res){
	delete network.players[req.user._json.steamid];
    req.logout();
    res.redirect('/');
});

app.get('/auth/steam', passport.authenticate('steam'), function(req, res) {
    //res.redirect('/');
});

function use_orginalurl(req, res, next){
    req.url = req.originalUrl;
    next();
}

app.get('/auth/steam/return', passport.authenticate('steam', { failureRedirect: '/' }), function(req, res) {
    console.log(req.user._json.steamid + ' authenticated');
    network.players[req.user._json.steamid] = { steamid : 0, authenticated : true, id : 0, user : 0, inventory : { items : {} } };
	console.log('authenticated = '+network.authenticated(req.user._json.steamid));
    network.players[req.user._json.steamid].user = req.user._json;
    mysqlConnection.query('SELECT * FROM users WHERE steamid = \''+req.user._json.steamid+'\'', function(err, row, results){
        if(err) {
            if(err.code === 'PROTOCOL_CONNECTION_LOST' || err.code === 'ECONNRESET'){
                handleDisconnect();
            }
            console.log('mysql error: ' + err);
        }
        if(row && row.length > 0){
            console.log('old user');
            mysqlConnection.query('UPDATE users SET name = \''+removescript(removequots(req.user._json.personaname))+'\', img = \''+req.user._json.avatarfull+'\' WHERE steamid =\''+req.user._json.steamid+'\'', function(err, rows, fields) {
                if(err) {
                    console.log('mysql error: ' + err);
                    if(err.code === 'PROTOCOL_CONNECTION_LOST' || err.code === 'ECONNRESET'){
                        handleDisconnect();
                    }
                } else {
                    res.redirect('/');
                }
            });
        } else {
            console.log('new user');
            mysqlConnection.query('INSERT INTO users (`steamid`, `name`, `img`) VALUES (\''+req.user._json.steamid+'\', \''+removescript(removequots(req.user._json.personaname))+'\', \''+req.user._json.avatarfull+'\')', function(err, rows, fields) {
                if(err) {
                    console.log('mysql error: ' + err);
                    if(err.code === 'PROTOCOL_CONNECTION_LOST' || err.code === 'ECONNRESET'){
                        handleDisconnect();
                    }
                } else {
                    res.redirect('/');
                }
            });
        } 
    });
});

Please help.

JWT instead of sessions

I wonder if there's a way to implement JWT along with passport-stream strategy. Is there an example of how to use passport-steam with JSON Web Token instead of traditional sessions?

I'll try to implement it by myself just by disableing sessions and creating a token manually, but I know there are some problems with OAuth which needs sessions to work correctly. Not sure if it is the case with Steam though.

InternalOpenIDError: Failed to verify assertion

Hello,

I've been running in this issue all day, and I still don't know totally how to fix it.

I've got this error with this module, both on node 4.4 and node 6.0

InternalOpenIDError: Failed to verify assertion
    at D:\Projects\csgo\node_modules\passport-steam\node_modules\passport-openid-node6support\lib\passport-openid\strate
gy.js:184:36
    at Object.openid.verifyAssertion (D:\Projects\csgo\node_modules\passport-steam\node_modules\passport-openid-node6sup
port\node_modules\openid\openid.js:916:14)
    at openid.RelyingParty.verifyAssertion (D:\Projects\csgo\node_modules\passport-steam\node_modules\passport-openid-no
de6support\node_modules\openid\openid.js:65:10)

So naturally I digged in the source code, and changed this line:

  , OpenIDStrategy = require('passport-openid-node6support').Strategy

to:

  , OpenIDStrategy = require('passport-openid').Strategy

This resolved the issue on node 4.4, but got an error on node 6.0 (that's why that modules is created i guess):

error: An uncaught exception has taken place! TypeError: params.hasOwnProperty is not a function
    at _checkSignatureUsingProvider (D:\Projects\csgo\node_modules\passport-openid\node_modules\openid\openid.js:1148:15
)
    at _checkSignature (D:\Projects\csgo\node_modules\passport-openid\node_modules\openid\openid.js:1083:5)
    at _verifyAssertionAgainstProviders (D:\Projects\csgo\node_modules\passport-openid\node_modules\openid\openid.js:104
7:12)

Anyone has fixed that first issue? There where some discussions with the same issue, but nothing fixed that for me (relevant: #27 ). These are part of my code:

passport.use(new SteamStrategy({
        returnURL: 'http://**snap**/api/auth/return',
        realm: 'http://**snap**',
        apiKey: config.get('apiKey'),
        stateless: true
    },
    function(identifier, profile, done) {
        console.log(identifier); //Logging output
        console.log(profile);
        profile.identifier = identifier;
        return done(null, profile);
    }
));

router.route('/')
    .get(passport.authenticate('steam'));

router.route('/return')
    .get(passport.authenticate('steam', { failureRedirect: '/' }),
        function (req, res) {
            console.log(req.user);
            res.redirect('/');
        }
    );

Error: InternalOpenIDError: Failed to verify assertion

Hi,

I'm getting this error and I cannot seem to work out why, I'm using MySQL for my database if that's any use.

InternalOpenIDError: Failed to verify assertion at /home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/lib/passport-openid/strategy.js:184:36 at /home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:927:12 at /home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:1051:16 at /home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:1169:16 at Request._callback (/home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/openid.js:190:7) at Request.self.callback (/home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/node_modules/request/request.js:198:22) at emitTwo (events.js:87:13) at Request.emit (events.js:172:7) at Request. (/home/admin/csgo_raptor/node_modules/passport-steam/node_modules/passport-openid/node_modules/openid/node_modules/request/request.js:1035:10) at emitOne (events.js:82:20)

Error: connect ETIMEDOUT

It seems like sometimes when I login, it throws this:

Error: connect ETIMEDOUT
    at exports._errnoException (util.js:746:11)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:983:19)

It loads the OpenAuth steam login, and then it will take forever to login, then it will throw that timed out error. It does not return me back to my website!

What is going on?

It only started happening recently.

Maybe Request is throwing the error?

request/request#636

Q/A with the users

To all users of passport-steam. I'd like to open this issue to take feedback and suggestions from the users. If you would like to make a suggestion please use the following template:

Suggestion

Name:
Reason:
Example use case:

All feedback is kindly accepted, and after we gather a nice amount me and @welps will work on getting a beta branch out.

Thanks, all :)

Link in readme is wrong

The link in the readme should go to http://steamcommunity.com or failing that http://steampowered.com

InternalOpenIDError: Failed to verify assertion

Morning,

I've read all issues about this topic and none of them help me to solve this problem.

Somebody can help solve this issue?

Heres my code:

Server.js

passport.use(new SteamStrategy({
  returnURL: 'http://localhost:3000/auth/steam/response';
  realm: 'http://localhost:3000/',
  apiKey: 'XXXXXXXXXXXX'
},
  function (identifier, profile, done) {
    process.nextTick(function () {
      profile.identifier = identifier;
      return done(null, profile);
    });
  }
));

const auth = require('./server/routes/auth');
app.use('/auth', auth);

Auth.js

const express = require('express');
const router = express.Router();
var passport = require('passport');

router.get('/steam',
  passport.authenticate('steam', { failureRedirect: '/' }),
  function (req, res) {
    res.redirect('/');
  });

router.get('/steam/response',
  passport.authenticate('steam', { failureRedirect: '/' }),
  function (req, res) {
    res.redirect('/');
  });

module.exports = router;

error:

openidError: { message: 'Invalid assertion response from provider' } }

Any help will be appreciated, thanks in advance

InternalOpenIDError: Failed to verify assertion

"express": "^4.14.0",
"express-session": "^1.14.1",
"passport": "^0.3.2",
"passport-local": "^1.0.0",
"passport-steam": "^1.0.7"

node v6.9.1

InternalOpenIDError: Failed to verify assertion at /home/thohoh/Desktop/app/server/node_modules/passport-openid-node6support/lib/passport-openid/strategy.js:184:36

Suddenly noticed that it doesn't work anymore. Not sure when it happened.

Any thoughts?

Cannot read property 'steamid' of undefined

Hello,
im getting sometimes this error:

[Error] TypeError: Cannot read property 'steamid' of undefined
    at steam.getPlayerSummaries.callback (/home/pr/node_modules/passport-steam/lib/passport-steam/strategy.js:28:39)
    at IncomingMessage.<anonymous> (/home/pr/node_modules/steam-web/lib/steam.js:484:7)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)
    at IncomingMessage.EventEmitter.emit (/home/pr/node_modules/sc-domain/index.js:12:31)
    at endReadableNT (_stream_readable.js:926:12)
    at _combinedTickCallback (internal/process/next_tick.js:74:11)
    at process._tickCallback (internal/process/next_tick.js:98:9)

Any fix?

Unknown authentication strategy "steam"

I'm currently receiving this error when I try to visit my steam auth route.

Unknown authentication strategy "steam"

Error: Unknown authentication strategy "steam"
    at attempt (/home/sean/projects/{redacted}/node_modules/passport/lib/middleware/authenticate.js:173:37)
    at authenticate (/home/sean/projects/{redacted}/node_modules/passport/lib/middleware/authenticate.js:349:7)
    at Layer.handle [as handle_request] (/home/sean/projects/{redacted}/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/sean/projects/{redacted}/node_modules/express/lib/router/route.js:131:13)
    at Route.dispatch (/home/sean/projects/{redacted}/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/sean/projects/{redacted}/node_modules/express/lib/router/layer.js:95:5)
    at /home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:277:22
    at Function.process_params (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:330:12)
    at next (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:271:10)
    at Function.handle (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:176:3)
    at router (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:46:12)
    at Layer.handle [as handle_request] (/home/sean/projects/{redacted}/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:312:13)
    at /home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:280:7
    at Function.process_params (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:330:12)
    at next (/home/sean/projects/{redacted}/node_modules/express/lib/router/index.js:271:10)

Here is my code as well.

// index.js

var express = require('express');
var router = express.Router();
var passport = require('passport');

router.get('/', function(req, res, next) {
  res.render('index');
});

router.get('/logout', function(req, res) {
  req.logout();
  res.redirect('/');
});

// Steam
router.get('/auth',
  passport.authenticate('steam', {failureRedirect: '/'}),
  function(req, res) {
    res.redirect('/');
  });

router.get('/auth/return',
  passport.authenticate('steam', {failureRedirect: '/'}),
  function(req, res) {
    res.redirect('/');
  });

module.exports = router;

// app.js

var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var session = require('express-session');
var mongoose = require('mongoose');
var config = require('./config');
var passport = require('passport');
var SteamStrategy = require('passport-steam').Strategy;

mongoose.connect(`mongodb://${config.mongodb.host}/${config.mongodb.database}`);

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(user, done) {
  done(null, user);
});

console.log(config.steam, SteamStrategy);

passport.use(new SteamStrategy(config.steam), function(id, profile, done) {
  process.nextTick(function() {
    console.log(profile, id);
    profile.id = id;

    return done(null, profile);
  });
});

var routes = require('./routes/index');
var users = require('./routes/users');

var app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'jade');

// uncomment after placing your favicon in /public
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(require('node-sass-middleware')({
  src: path.join(__dirname, 'public'),
  dest: path.join(__dirname, 'public'),
  indentedSyntax: false,
  sourceMap: true
}));
app.use(session(config.session));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static(path.join(__dirname, 'public')));

app.use('/', routes);
app.use('/users', users);

// catch 404 and forward to error handler
app.use(function(req, res, next) {
  var err = new Error('Not Found');
  err.status = 404;
  next(err);
});

// error handlers

// development error handler
// will print stacktrace
if (app.get('env') === 'development') {
  app.use(function(err, req, res, next) {
    res.status(err.status || 500);
    res.render('error', {
      message: err.message,
      error: err
    });
  });
}

// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
  res.status(err.status || 500);
  res.render('error', {
    message: err.message,
    error: {}
  });
});


module.exports = app;

And my package.json dependencies

// package.json
{
  "dependencies": {
    "body-parser": "~1.15.1",
    "cookie-parser": "~1.4.3",
    "debug": "~2.2.0",
    "express": "~4.13.4",
    "express-session": "^1.14.0",
    "jade": "~1.11.0",
    "mongoose": "^4.5.8",
    "morgan": "~1.7.0",
    "node-sass-middleware": "0.8.0",
    "passport": "^0.3.2",
    "passport-steam": "^1.0.5",
    "rc": "^1.1.6",
    "serve-favicon": "~2.3.0"
  }
}

Random crash

Not quite sure why it happens.

/Users/username/project/node_modules/passport-steam/lib/passport-steam/strategy.js:62
            _json: result.response.players[0],
                         ^
TypeError: Cannot read property 'response' of undefined
  at steam.getPlayerSummaries.callback (/Users/username/project/node_modules/passport-steam/lib/passport-steam/strategy.js:62:26)
  at ClientRequest.<anonymous> (/Users/username/project/node_modules/passport-steam/node_modules/steam-web/lib/steam.js:257:5)
  at ClientRequest.emit (events.js:107:17)
  at Socket.socketErrorListener (_http_client.js:272:9)
  at Socket.emit (events.js:107:17)
  at net.js:451:14
  at process._tickDomainCallback (node.js:381:11)

Unknown authentication strategy "steam"

routes/auth


module.exports = function (passport) {
  const SteamStrategy = require('passport-steam').Strategy;

  const config = require('../config').steam;

  const User = require('../models/User');

  passport.serializeUser(function (user, done) {
    done(null, user);
  });

  passport.deserializeUser(function (user, done) {
    done(null, user);
  });

  passport.use(new SteamStrategy({
    returnURL: 'http://localhost:3000/auth/steam/return',
    realm: 'http://localhost:3000/',
    apiKey: config.apiKey
  },
  function(identifier, profile, done) {
    console.log(profile);

    User.findOne({ steamId: identifier }, function (err, user) {
      if (err) {
        done(err);
      }

      if (!user) {
        const newUser = new User({
          username: profile.username || profile.displayName,
          avatar: profile.photos[0].value,
          facebookId: profile.id
        });

        newUser.save()
        .then(() => {
          done(null, user);
        })
        .catch(error => {
          done(error);
        });
      } else {
        done(null, user);
      }
    });
  }
));
};

app.js

app.use('/auth', auth);

app.use(passport.initialize());
app.use(passport.session());

I did everything according to the documentation, but something wrong.

[question] mobile auth?

Hi everyone,

new to node.js and stuff. Really appreciate the project.
Do you guys know whether I can use this up front or do I need this mobile authentication secure code stuff for users to login in correctly (in the eyes of volvo)?

If I'm planning on doing a private website, they wouldn't mind that much, right?

Anyways, sorry if this is not a real issue ticket.

Regards,

Aaron

Response is timing out

Started happening out of nowhere - not sure why.

console.log(err, result)

{ [Error: connect ETIMEDOUT] code: 'ETIMEDOUT', errno: 'ETIMEDOUT', syscall: 'connect' } undefined
/Users/user/dir/node_modules/passport-steam/lib/passport-steam/strategy.js:63
            _json: result.response.players[0],

Add travis continuous integration deployment for NPM

Continuing from #17.

Adding https://travis-ci.org would allow automated deployment to NPM, along with continuous testing.

Version on npm is outdated.

The stateless fix is necessary for passport-steam to run, but it hasn't been pushed to npm yet. It'd be good to do this at some point in the near future.

Why am I getting Cannot set property 'user' of undefined?

Not sure why I am getting this error

I have my session initialized and everything, any information would be great thanks.

NPM install not getting last version

Using "latest" on package.json or running nom-install passport-steam does not give me the latest version with account information.

Persistent state though sessions/cookies

Passport Steam forces the strategy to be stateless. I wonder if there's a way to save persistent data (for example. though sessions/cookies/state)?

I need to save a token from the user before he requests authorization, and return it to him after the authorization has succeeded. I've already tried to save it in sessions, cookies, but its look like those are overwritten in the auth/steam/callback and I can't acces those no more.

InternalOpenIDError: Failed to verify assertion

Im getting this error randomly and I cant seem to find the cause...

result.response.players is empty

Same issue as here: #9

(...)\node_modules\passport-steam\lib\passport-steam\strategy.js:58
            id: result.response.players[0].steamid,
                                          ^
TypeError: Cannot read property 'steamid' of undefined
    at steam.getPlayerSummaries.callback ( (...)\node_modules\passport-steam\lib\passport-steam\strategy.js:66:43)
    at IncomingMessage.<anonymous> ( (...)\node_modules\passport-steam\node_modules\steam-web\lib\steam.js:218:7)
    at IncomingMessage.EventEmitter.emit (events.js:117:20)
    at _stream_readable.js:920:16
    at process._tickDomainCallback (node.js:459:13)

Everything looks okay in response, identifier and profile - except:

result: { response: { players: [] } }

What am I missing?

Usage with AngularJS

I'm trying to use this for authentication, but I don't think it's usable with AngularJS or is it? I'm getting the CORS error which make sens, because my frontend isn't being redirected. It is not being redirected because it's calling my server /auth/steam

$http.get('/auth/steam').then(...

Should I copy the long url that steam provides (like csgolounge.com does in the sign in button)?

Edit

Returning to different URLs

How do i redirect user to different URLs depending on some parameter?

For example:
User is on landing page and clicks sign in and then returns to regular index page, but at the same time if he wanted to access settings page when not logged in, after he logs in he will be redirected back on settings page.

Is there any way to make it work?

P.S. I dont wanna use anything like setting up cookies on what page he was and then reading it after he signed in and redirecting him on that page.

Cannot read property 'steamid' of undefined

/node_modules/passport-steam/lib/passport-steam/strategy.js:58
            id: result.response.players[0].steamid,
                                          ^
TypeError: Cannot read property 'steamid' of undefined
    at steam.getPlayerSummaries.callback (/node_modules/passport-steam/lib/passport-steam/strategy.js:58:43)
    at IncomingMessage.<anonymous> (/node_modules/passport-steam/node_modules/steam-web/lib/steam.js:218:7)
    at IncomingMessage.emit (events.js:117:20)
    at _stream_readable.js:943:16
    at process._tickCallback (node.js:419:13)

[question] Help with storing

Is there any easy way to store this in a mongo database (using mongoose)?

With passport-local-mongoose there are several easy ways of achieving this, I was wondering if there was an easy way here aswell?

Integrating passport-steam with koajs

I have changed the example passport-steam from an express based app to a koa based app. In the express version everything worked very well but when I changed the framework to koa, after I returned from the openid provider back to my app, even though the returnUrl was right, my app instantly got a 404 status. Can passport-steam along with koa-passport be used with koa.js?

Not validating source of callback

There currently is an exploit that uses the fact that surprisingly many applications are not validating the source of the identity. It's pretty easy to fake a request to the url /auth/steam/return in the example you have provided. I'm not claiming this is an issue in passport.js or in passport-steam package. It how ever has been a problem for multiple sites not implementing it properly and I know bug bounties have been payed in the range of tens of thousands of dollars.

As a fix I would suggest you at least update the example to contain a way to verify the source of the provided identity. Better way might be preventing fetching the identity from other servers than steam, since this passport.js strategy is specific to steam.

Not currently using passport.js for anything and am not in any way an expert, so I can't tell you how to do it. I tested one example I was provided and I was able to "fix" the exploit by checking that identifier in function(identifier, profile, done) { has http://steamcommunity.com or https://steamcommunity.com instead of something else. I don't know if identity can be faked or not, but it did at least block the malicious url I was given as an example. How ever, as I said, I don't really know the inner workings of passport.js or openid so I can't say if this is enough to detect malicious user.

liamcurry / passport-steam Goto Github PK

passport-steam's Introduction

Passport-Steam

Installation

Usage

Configure Strategy

Authenticate Requests

Examples

Basic example using Express

Basic example using Express with Router

Tests

Contributors

License

passport-steam's People

Contributors

Stargazers

Watchers

Forkers

passport-steam's Issues

Server configuration/middlewares:

Strategy:

Routes:

Suggestion

Recommend Projects

Recommend Topics

Recommend Org