nodebb-plugin-sso-oauth/library.js

(function(module) {
	"use strict";

	/*
		Welcome to the SSO OAuth plugin! If you're inspecting this code, you're probably looking to
		hook up NodeBB with your existing OAuth endpoint.

		Step 1: Fill in the "constants" section below with the requisite informaton. Either the "oauth"
				or "oauth2" section needs to be filled, depending on what you set "type" to.

		Step 2: Give it a whirl. If you see the congrats message, you're doing well so far!

		Step 3: Customise the `parseUserReturn` method to normalise your user route's data return into
				a format accepted by NodeBB. Instructions are provided there. (Line 137)

		Step 4: If all goes well, you'll be able to login/register via your OAuth endpoint credentials.
	*/

	var User = module.parent.require('./user'),
		Groups = module.parent.require('./groups'),
		meta = module.parent.require('./meta'),
		db = module.parent.require('../src/database'),
		passport = module.parent.require('passport'),
		fs = module.parent.require('fs'),
		path = module.parent.require('path'),
		nconf = module.parent.require('nconf'),
		winston = module.parent.require('winston'),
		async = module.parent.require('async'),

		constants = Object.freeze({
			type: '',	// Either 'oauth' or 'oauth2'
			name: '',	// Something unique to your OAuth provider in lowercase, like "github", or "nodebb"
			oauth: {
				requestTokenURL: '',
				accessTokenURL: '',
				userAuthorizationURL: '',
				consumerKey: '',
				consumerSecret: ''
			},
			oauth2: {
				authorizationURL: '',
				tokenURL: '',
				clientID: '',
				clientSecret: ''
			},
			userRoute: ''	// This is the address to your app's "user profile" API endpoint (expects JSON)
		}),
		configOk = false,
		OAuth = {}, passportOAuth, opts;

	if (!constants.name) {
		winston.error('[sso-oauth] Please specify a name for your OAuth provider (library.js:32)');
	} else if (!constants.type || (constants.type !== 'oauth' && constants.type !== 'oauth2')) {
		winston.error('[sso-oauth] Please specify an OAuth strategy to utilise (library.js:31)');
	} else if (!constants.userRoute) {
		winston.error('[sso-oauth] User Route required (library.js:31)');
	} else {
		configOk = true;
	}

	OAuth.getStrategy = function(strategies, callback) {
		if (configOk) {
			passportOAuth = require('passport-oauth')[constants.type === 'oauth' ? 'OAuthStrategy' : 'OAuth2Strategy'];

			if (constants.type === 'oauth') {
				// OAuth options
				opts = constants.oauth;
				opts.callbackURL = nconf.get('url') + '/auth/' + constants.name + '/callback';

				passportOAuth.Strategy.prototype.userProfile = function(token, secret, params, done) {
					this._oauth.get(constants.userRoute, token, secret, function(err, body, res) {
						if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }

						try {
							var json = JSON.parse(body);
							OAuth.parseUserReturn(json, function(err, profile) {
								if (err) return done(err);
								profile.provider = constants.name;
								done(null, profile);
							});
						} catch(e) {
							done(e);
						}
					});
				};
			} else if (constants.type === 'oauth2') {
				// OAuth 2 options
				opts = constants.oauth2;
				opts.callbackURL = nconf.get('url') + '/auth/' + constants.name + '/callback';

				passportOAuth.Strategy.prototype.userProfile = function(accessToken, done) {
					this._oauth2.get(constants.userRoute, accessToken, function(err, body, res) {
						if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }

						try {
							var json = JSON.parse(body);
							OAuth.parseUserReturn(json, function(err, profile) {
								if (err) return done(err);
								profile.provider = constants.name;
								done(null, profile);
							});
						} catch(e) {
							done(e);
						}
					});
				};
			}

			passport.use(constants.name, new passportOAuth(opts, function(token, secret, profile, done) {
				OAuth.login({
					oAuthid: profile.id,
					handle: profile.displayName,
					email: profile.emails[0].value,
					isAdmin: profile.isAdmin
				}, function(err, user) {
					if (err) {
						return done(err);
					}
					done(null, user);
				});
			}));

			strategies.push({
				name: constants.name,
				url: '/auth/' + constants.name,
				callbackURL: '/auth/' + constants.name + '/callback',
				icon: 'fa-check-square',
				scope: (constants.scope || '').split(',')
			});

			callback(null, strategies);
		} else {
			callback(new Error('OAuth Configuration is invalid'));
		}
	};

	OAuth.parseUserReturn = function(data, callback) {
		// Alter this section to include whatever data is necessary
		// NodeBB *requires* the following: id, displayName, emails.
		// Everything else is optional.

		// Find out what is available by uncommenting this line:
		// console.log(data);

		var profile = {};
		profile.id = data.id;
		profile.displayName = data.name;
		profile.emails = [{ value: data.email }];

		// Do you want to automatically make somebody an admin? This line might help you do that...
		// profile.isAdmin = data.isAdmin ? true : false;

		// Delete or comment out the next TWO (2) lines when you are ready to proceed
		process.stdout.write('===\nAt this point, you\'ll need to customise the above section to id, displayName, and emails into the "profile" object.\n===');
		return callback(new Error('Congrats! So far so good -- please see server log for details'));

		callback(null, profile);
	}

	OAuth.login = function(payload, callback) {
		OAuth.getUidByOAuthid(payload.oAuthid, function(err, uid) {
			if(err) {
				return callback(err);
			}

			if (uid !== null) {
				// Existing User
				callback(null, {
					uid: uid
				});
			} else {
				// New User
				var success = function(uid) {
					// Save provider-specific information to the user
					User.setUserField(uid, constants.name + 'Id', payload.oAuthid);
					db.setObjectField(constants.name + 'Id:uid', payload.oAuthid, uid);

					if (payload.isAdmin) {
						Groups.join('administrators', uid, function(err) {
							callback(null, {
								uid: uid
							});
						});
					} else {
						callback(null, {
							uid: uid
						});
					}
				};

				User.getUidByEmail(payload.email, function(err, uid) {
					if(err) {
						return callback(err);
					}

					if (!uid) {
						User.create({
							username: payload.handle,
							email: payload.email
						}, function(err, uid) {
							if(err) {
								return callback(err);
							}

							success(uid);
						});
					} else {
						success(uid); // Existing account -- merge
					}
				});
			}
		});
	};

	OAuth.getUidByOAuthid = function(oAuthid, callback) {
		db.getObjectField(constants.name + 'Id:uid', oAuthid, function(err, uid) {
			if (err) {
				return callback(err);
			}
			callback(null, uid);
		});
	};

	OAuth.deleteUserData = function(uid, callback) {
		async.waterfall([
			async.apply(User.getUserField, uid, constants.name + 'Id'),
			function(oAuthIdToDelete, next) {
				db.deleteObjectField(constants.name + 'Id:uid', oAuthIdToDelete, next);
			}
		], function(err) {
			if (err) {
				winston.error('[sso-oauth] Could not remove OAuthId data for uid ' + uid + '. Error: ' + err);
				return callback(err);
			}
			callback();
		});
	};

	module.exports = OAuth;
}(module));
init 2014-01-29 16:42:06 +00:00			`(function(module) {`
			`"use strict";`

beter intro message 2014-08-16 02:54:24 +00:00			`/*`
			`Welcome to the SSO OAuth plugin! If you're inspecting this code, you're probably looking to`
			`hook up NodeBB with your existing OAuth endpoint.`

			`Step 1: Fill in the "constants" section below with the requisite informaton. Either the "oauth"`
			`or "oauth2" section needs to be filled, depending on what you set "type" to.`

			`Step 2: Give it a whirl. If you see the congrats message, you're doing well so far!`

			Step 3: Customise the `parseUserReturn` method to normalise your user route's data return into
			`a format accepted by NodeBB. Instructions are provided there. (Line 137)`

			`Step 4: If all goes well, you'll be able to login/register via your OAuth endpoint credentials.`
			`*/`

init 2014-01-29 16:42:06 +00:00			`var User = module.parent.require('./user'),`
closed #4 2014-07-22 14:03:52 +00:00			`Groups = module.parent.require('./groups'),`
fixed missing meta require 2014-02-22 04:10:12 +00:00			`meta = module.parent.require('./meta'),`
init 2014-01-29 16:42:06 +00:00			`db = module.parent.require('../src/database'),`
			`passport = module.parent.require('passport'),`
random spaces mixed in... 2014-01-29 16:42:50 +00:00			`fs = module.parent.require('fs'),`
			`path = module.parent.require('path'),`
			`nconf = module.parent.require('nconf'),`
			`winston = module.parent.require('winston'),`
Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. 2014-07-10 07:22:44 +00:00			`async = module.parent.require('async'),`
random spaces mixed in... 2014-01-29 16:42:50 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`constants = Object.freeze({`
			`type: '', // Either 'oauth' or 'oauth2'`
			`name: '', // Something unique to your OAuth provider in lowercase, like "github", or "nodebb"`
			`oauth: {`
			`requestTokenURL: '',`
			`accessTokenURL: '',`
			`userAuthorizationURL: '',`
			`consumerKey: '',`
			`consumerSecret: ''`
			`},`
			`oauth2: {`
			`authorizationURL: '',`
			`tokenURL: '',`
			`clientID: '',`
			`clientSecret: ''`
bugfixes 2014-08-16 02:41:49 +00:00			`},`
beter intro message 2014-08-16 02:54:24 +00:00			`userRoute: '' // This is the address to your app's "user profile" API endpoint (expects JSON)`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`}),`
			`configOk = false,`
bugfixes 2014-08-16 02:41:49 +00:00			`OAuth = {}, passportOAuth, opts;`

			`if (!constants.name) {`
beter intro message 2014-08-16 02:54:24 +00:00			`winston.error('[sso-oauth] Please specify a name for your OAuth provider (library.js:32)');`
bugfixes 2014-08-16 02:41:49 +00:00			`} else if (!constants.type \|\| (constants.type !== 'oauth' && constants.type !== 'oauth2')) {`
beter intro message 2014-08-16 02:54:24 +00:00			`winston.error('[sso-oauth] Please specify an OAuth strategy to utilise (library.js:31)');`
bugfixes 2014-08-16 02:41:49 +00:00			`} else if (!constants.userRoute) {`
			`winston.error('[sso-oauth] User Route required (library.js:31)');`
			`} else {`
			`configOk = true;`
			`}`
reading userProfileUrl and processing 2014-02-04 17:09:46 +00:00
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00			`OAuth.getStrategy = function(strategies, callback) {`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`if (configOk) {`
			`passportOAuth = require('passport-oauth')[constants.type === 'oauth' ? 'OAuthStrategy' : 'OAuth2Strategy'];`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`if (constants.type === 'oauth') {`
			`// OAuth options`
			`opts = constants.oauth;`
bugfixes 2014-08-16 02:41:49 +00:00			`opts.callbackURL = nconf.get('url') + '/auth/' + constants.name + '/callback';`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`passportOAuth.Strategy.prototype.userProfile = function(token, secret, params, done) {`
bugfixes 2014-08-16 02:41:49 +00:00			`this._oauth.get(constants.userRoute, token, secret, function(err, body, res) {`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`try {`
			`var json = JSON.parse(body);`
more bugs 2014-08-16 02:48:52 +00:00			`OAuth.parseUserReturn(json, function(err, profile) {`
bugfixes 2014-08-16 02:41:49 +00:00			`if (err) return done(err);`
			`profile.provider = constants.name;`
			`done(null, profile);`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`});`
			`} catch(e) {`
			`done(e);`
			`}`
			`});`
			`};`
			`} else if (constants.type === 'oauth2') {`
			`// OAuth 2 options`
bugfixes 2014-08-16 02:41:49 +00:00			`opts = constants.oauth2;`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`opts.callbackURL = nconf.get('url') + '/auth/' + constants.name + '/callback';`

			`passportOAuth.Strategy.prototype.userProfile = function(accessToken, done) {`
bugfixes 2014-08-16 02:41:49 +00:00			`this._oauth2.get(constants.userRoute, accessToken, function(err, body, res) {`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }`

			`try {`
			`var json = JSON.parse(body);`
more bugs 2014-08-16 02:48:52 +00:00			`OAuth.parseUserReturn(json, function(err, profile) {`
bugfixes 2014-08-16 02:41:49 +00:00			`if (err) return done(err);`
			`profile.provider = constants.name;`
			`done(null, profile);`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`});`
			`} catch(e) {`
			`done(e);`
			`}`
			`});`
			`};`
			`}`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`passport.use(constants.name, new passportOAuth(opts, function(token, secret, profile, done) {`
			`OAuth.login({`
			`oAuthid: profile.id,`
			`handle: profile.displayName,`
			`email: profile.emails[0].value,`
			`isAdmin: profile.isAdmin`
			`}, function(err, user) {`
			`if (err) {`
			`return done(err);`
			`}`
			`done(null, user);`
			`});`
			`}));`

			`strategies.push({`
			`name: constants.name,`
			`url: '/auth/' + constants.name,`
			`callbackURL: '/auth/' + constants.name + '/callback',`
bugfixes 2014-08-16 02:41:49 +00:00			`icon: 'fa-check-square',`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`scope: (constants.scope \|\| '').split(',')`
			`});`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`callback(null, strategies);`
			`} else {`
			`callback(new Error('OAuth Configuration is invalid'));`
			`}`
			`};`
closed #4 2014-07-22 14:03:52 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`OAuth.parseUserReturn = function(data, callback) {`
			`// Alter this section to include whatever data is necessary`
			`// NodeBB requires the following: id, displayName, emails.`
			`// Everything else is optional.`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`// Find out what is available by uncommenting this line:`
			`// console.log(data);`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`var profile = {};`
			`profile.id = data.id;`
			`profile.displayName = data.name;`
			`profile.emails = [{ value: data.email }];`
reading userProfileUrl and processing 2014-02-04 17:09:46 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`// Do you want to automatically make somebody an admin? This line might help you do that...`
			`// profile.isAdmin = data.isAdmin ? true : false;`
updated sso-oauth plugin for 0.4.0 2014-03-19 00:04:18 +00:00
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`// Delete or comment out the next TWO (2) lines when you are ready to proceed`
			`process.stdout.write('===\nAt this point, you\'ll need to customise the above section to id, displayName, and emails into the "profile" object.\n===');`
bugfixes 2014-08-16 02:41:49 +00:00			`return callback(new Error('Congrats! So far so good -- please see server log for details'));`
init 2014-01-29 16:42:06 +00:00
bugfixes 2014-08-16 02:41:49 +00:00			`callback(null, profile);`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`}`
init 2014-01-29 16:42:06 +00:00
closed #4 2014-07-22 14:03:52 +00:00			`OAuth.login = function(payload, callback) {`
			`OAuth.getUidByOAuthid(payload.oAuthid, function(err, uid) {`
init 2014-01-29 16:42:06 +00:00			`if(err) {`
			`return callback(err);`
			`}`

			`if (uid !== null) {`
			`// Existing User`
			`callback(null, {`
			`uid: uid`
			`});`
			`} else {`
			`// New User`
			`var success = function(uid) {`
			`// Save provider-specific information to the user`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`User.setUserField(uid, constants.name + 'Id', payload.oAuthid);`
			`db.setObjectField(constants.name + 'Id:uid', payload.oAuthid, uid);`
closed #4 2014-07-22 14:03:52 +00:00
			`if (payload.isAdmin) {`
			`Groups.join('administrators', uid, function(err) {`
			`callback(null, {`
			`uid: uid`
			`});`
			`});`
			`} else {`
			`callback(null, {`
			`uid: uid`
			`});`
			`}`
init 2014-01-29 16:42:06 +00:00			`};`

closed #4 2014-07-22 14:03:52 +00:00			`User.getUidByEmail(payload.email, function(err, uid) {`
init 2014-01-29 16:42:06 +00:00			`if(err) {`
			`return callback(err);`
			`}`

			`if (!uid) {`
closed #4 2014-07-22 14:03:52 +00:00			`User.create({`
			`username: payload.handle,`
			`email: payload.email`
			`}, function(err, uid) {`
init 2014-01-29 16:42:06 +00:00			`if(err) {`
			`return callback(err);`
			`}`

			`success(uid);`
			`});`
			`} else {`
			`success(uid); // Existing account -- merge`
			`}`
			`});`
			`}`
			`});`
			`};`

			`OAuth.getUidByOAuthid = function(oAuthid, callback) {`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`db.getObjectField(constants.name + 'Id:uid', oAuthid, function(err, uid) {`
init 2014-01-29 16:42:06 +00:00			`if (err) {`
			`return callback(err);`
			`}`
			`callback(null, uid);`
			`});`
			`};`

Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. 2014-07-10 07:22:44 +00:00			`OAuth.deleteUserData = function(uid, callback) {`
			`async.waterfall([`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`async.apply(User.getUserField, uid, constants.name + 'Id'),`
Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. 2014-07-10 07:22:44 +00:00			`function(oAuthIdToDelete, next) {`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`db.deleteObjectField(constants.name + 'Id:uid', oAuthIdToDelete, next);`
Add OAuth.deleteUserData method Removes the user's oAuthId-to-uid mapping from Redis upon user deletion. This fixes an issue where OAuth services could not link to a user if a user account was deleted and then re-created. 2014-07-09 07:32:44 +00:00			`}`
Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. 2014-07-10 07:22:44 +00:00			`], function(err) {`
			`if (err) {`
simplifying the plugin a bit for new users 2014-08-16 02:21:03 +00:00			`winston.error('[sso-oauth] Could not remove OAuthId data for uid ' + uid + '. Error: ' + err);`
Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. 2014-07-10 07:22:44 +00:00			`return callback(err);`
Add OAuth.deleteUserData method Removes the user's oAuthId-to-uid mapping from Redis upon user deletion. This fixes an issue where OAuth services could not link to a user if a user account was deleted and then re-created. 2014-07-09 07:32:44 +00:00			`}`
Fix OAuth.deleteUserData to use filter hook The action:user.create hook in NodeBB was recently changed to filter.user:create, which allows the OAuth.deleteUserData method to remove OAuth data for the user more directly. 2014-07-10 07:22:44 +00:00			`callback();`
Add OAuth.deleteUserData method Removes the user's oAuthId-to-uid mapping from Redis upon user deletion. This fixes an issue where OAuth services could not link to a user if a user account was deleted and then re-created. 2014-07-09 07:32:44 +00:00			`});`
			`};`

init 2014-01-29 16:42:06 +00:00			`module.exports = OAuth;`
			`}(module));`