default indieauth profile entry to https if scheme not specified

[squeep-authentication-module] / lib / session-manager.js

diff --git a/lib/session-manager.js b/lib/session-manager.js
index bd08eef26e7cc44d11473b53bfcd3a8a1e2f6e4f..a0bea6a94ce46ae4ec785f8fdabd796b7d8ab881 100644 (file)
--- a/lib/session-manager.js
+++ b/lib/session-manager.js
@@ -124,9 +124,11 @@ class SessionManager {
     }
 
     // Otherwise, carry on with IndieAuth handshake.
-    let me, session, authorizationEndpoint;
+    let me, meAutoScheme, session, authorizationEndpoint;
     try {
       me = new URL(ctx.parsedBody['me']);
+      meAutoScheme = !!ctx.parsedBody['me_auto_scheme'];
+
     } catch (e) {
       this.logger.debug(_scope, 'failed to parse supplied profile url', { ctx });
       ctx.errors.push(`Unable to understand '${ctx.parsedBody['me']}' as a profile URL.`);
@@ -134,7 +136,14 @@ class SessionManager {
 
     if (this.options.authenticator.authnEnabled.includes('indieAuth')
     &&  me) {
-      const profile = await this.indieAuthCommunication.fetchProfile(me);
+      let profile;
+      profile = await this.indieAuthCommunication.fetchProfile(me);
+      if ((!profile || !profile.metadata)
+      &&  meAutoScheme) {
+        this.logger.debug(_scope, 'trying http fallback', { ctx });
+        me.protocol = 'http';
+        profile = await this.indieAuthCommunication.fetchProfile(me);
+      }
       if (!profile || !profile.metadata) {
         this.logger.debug(_scope, 'failed to find any profile information at url', { ctx });
         ctx.errors.push(`No profile information was found at '${me}'.`);