Laxing a bit on the endpoints you can visit on subdomains

Should be able to login and logout and keep tokens updated via endpoints on subdomain

Author: megoth

lib/api/authn/webid-oidc.js

@@ -67,29 +67,29 @@ function middleware (oidc) {
   const router = express.Router('/')
 
   // User-facing Authentication API
-  router.get(['/login', '/signin'], restrictToTopDomain, LoginRequest.get)
+  router.get(['/login', '/signin'], LoginRequest.get)
 
-  router.post('/login/password', restrictToTopDomain, bodyParser, LoginRequest.loginPassword)
+  router.post('/login/password', bodyParser, LoginRequest.loginPassword)
 
-  router.post('/login/tls', restrictToTopDomain, bodyParser, LoginRequest.loginTls)
+  router.post('/login/tls', bodyParser, LoginRequest.loginTls)
 
   router.get('/account/password/reset', restrictToTopDomain, PasswordResetEmailRequest.get)
   router.post('/account/password/reset', restrictToTopDomain, bodyParser, PasswordResetEmailRequest.post)
 
   router.get('/account/password/change', restrictToTopDomain, PasswordChangeRequest.get)
   router.post('/account/password/change', restrictToTopDomain, bodyParser, PasswordChangeRequest.post)
 
-  router.get('/.well-known/solid/logout/', restrictToTopDomain, (req, res) => res.redirect('/logout'))
+  router.get('/.well-known/solid/logout/', (req, res) => res.redirect('/logout'))
 
-  router.get('/goodbye', restrictToTopDomain, (req, res) => { res.render('auth/goodbye') })
+  router.get('/goodbye', (req, res) => { res.render('auth/goodbye') })
 
   // The relying party callback is called at the end of the OIDC signin process
-  router.get('/api/oidc/rp/:issuer_id', restrictToTopDomain, AuthCallbackRequest.get)
+  router.get('/api/oidc/rp/:issuer_id', AuthCallbackRequest.get)
 
   // Static assets related to authentication
   const authAssets = [
-    ['/.well-known/solid/login/', '../static/popup-redirect.html', false, true],
-    ['/common/', 'solid-auth-client/dist-popup/popup.html', true, true]
+    ['/.well-known/solid/login/', '../static/popup-redirect.html', false],
+    ['/common/', 'solid-auth-client/dist-popup/popup.html']
   ]
   authAssets.map(args => routeResolvedFile(router, ...args))
 

lib/utils.js

@@ -21,7 +21,6 @@ const url = require('url')
 const debug = require('./debug').fs
 const getSize = require('get-folder-size')
 var ns = require('solid-namespace')($rdf)
-const restrictToTopDomainHandler = require('./handlers/restrict-to-top-domain')
 
 /**
  * Returns a fully qualified URL from an Express.js Request object.
@@ -179,11 +178,10 @@ function stripLineEndings (obj) {
 /**
  * Adds a route that serves a static file from another Node module
  */
-function routeResolvedFile (router, path, file, appendFileName = true, restrictToTopDomain = false) {
+function routeResolvedFile (router, path, file, appendFileName = true) {
   const fullPath = appendFileName ? path + file.match(/[^/]+$/) : path
   const fullFile = require.resolve(file)
-  const restrictHandler = restrictToTopDomain ? restrictToTopDomainHandler : (req, res, next) => next()
-  router.get(fullPath, restrictHandler, (req, res) => res.sendFile(fullFile))
+  router.get(fullPath, (req, res) => res.sendFile(fullFile))
 }
 
 /**