init

.gitattributes

@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+*.sln    merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain

.gitignore

@@ -0,0 +1,218 @@
+#################
+## Eclipse
+#################
+
+*.pydevproject
+.project
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+
+#################
+## Visual Studio
+#################
+
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+
+[Dd]ebug/
+[Rr]elease/
+x64/
+build/
+[Bb]in/
+[Oo]bj/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+*_i.c
+*_p.c
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.log
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+.*crunch*.local.xml
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.Publish.xml
+*.pubxml
+
+# NuGet Packages Directory
+## TODO: If you have NuGet Package Restore enabled, uncomment the next line
+#packages/
+
+# Windows Azure Build Output
+csx
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.[Pp]ublish.xml
+*.pfx
+*.publishsettings
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+App_Data/*.mdf
+App_Data/*.ldf
+
+#############
+## Windows detritus
+#############
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Mac crap
+.DS_Store
+
+
+#############
+## Python
+#############
+
+*.py[co]
+
+# Packages
+*.egg
+*.egg-info
+dist/
+build/
+eggs/
+parts/
+var/
+sdist/
+develop-eggs/
+.installed.cfg
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+
+#Translations
+*.mo
+
+#Mr Developer
+.mr.developer.cfg
+
+sftp-config.json
+node_modules/

.npmignore

@@ -0,0 +1,2 @@
+sftp-config.json
+node_modules/

LICENSE

@@ -0,0 +1,8 @@
+Copyright (c) 2013-2014, psychobunny <psycho.bunny@hotmail.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,7 @@
+# NodeBB OAuth SSO
+
+NodeBB Plugin that allows users to login/register via any configured OAuth provider.
+
+## Installation
+
+    npm install nodebb-plugin-sso-oauth

library.js

@@ -0,0 +1,167 @@
+(function(module) {
+	"use strict";
+
+	var User = module.parent.require('./user'),
+		db = module.parent.require('../src/database'),
+		passport = module.parent.require('passport'),
+  		fs = module.parent.require('fs'),
+  		path = module.parent.require('path'),
+  		nconf = module.parent.require('nconf'),
+  		winston = module.parent.require('winston'),
+  		passportOAuth;
+  		
+  	if (meta.config['social:oauth:type'] === '2') {
+  		passportOAuth = require('passport-oauth').OAuth2Strategy;
+  	} else if (meta.config['social:oauth:type'] === '1') {
+  		passportOAuth = require('passport-oauth').OAuthStrategy;
+  	}
+
+	var constants = Object.freeze({
+		'name': "Generic OAuth",
+		'admin': {
+			'route': '/oauth',
+			'icon': 'fa-key'
+		}
+	});
+
+	var OAuth = {};
+
+	OAuth.getStrategy = function(strategies) {
+		var	oAuthKeys = ['social:oauth:reqTokenUrl', 'social:oauth:accessTokenUrl', 'social:oauth:authUrl', 'social:oauth:key', 'social:oauth:secret'],
+			oAuth2Keys = ['social:oauth2:authUrl', 'social:oauth2:tokenUrl', 'social:oauth2:id', 'social:oauth2:secret'],
+			configOk = oAuthKeys.every(function(key) {
+				return meta.config[key];
+			}) || oAuth2Keys.every(function(key) {
+				return meta.config[key];
+			}),
+			opts;
+
+		if (passportOAuth && configOk) {
+			if (meta.config['social:oauth:type'] === '1') {
+				opts = {
+					requestTokenURL: meta.config['social:oauth:reqTokenUrl'],
+					accessTokenURL: meta.config['social:oauth:accessTokenUrl'],
+					userAuthorizationURL: meta.config['social:oauth:authUrl'],
+					consumerKey: meta.config['social:oauth:key'],
+					consumerSecret: meta.config['social:oauth:secret'],
+					callbackURL: nconf.get('url') + '/auth/generic/callback'
+				};
+			} else if (meta.config['social:oauth:type'] === '2') {
+				opts = {
+					authorizationURL: meta.config['social:oauth2:authUrl'],
+					tokenURL: meta.config['social:oauth2:tokenUrl'],
+					clientID: meta.config['social:oauth2:id'],
+					clientSecret: meta.config['social:oauth2:secret'],
+					callbackURL: nconf.get('url') + '/auth/generic/callback'
+				};
+			}
+			passport.use('Generic OAuth', new passportOAuth(opts, function(token, secret, profile, done) {
+				console.log('this is the info I get back:', arguments);
+				process.exit();
+				OAuth.login(profile.id, profile.displayName, profile.emails[0].value, function(err, user) {
+					if (err) {
+						return done(err);
+					}
+					done(null, user);
+				});
+			}));
+
+			strategies.push({
+				name: 'Generic OAuth',
+				url: '/auth/oauth',
+				callbackURL: '/auth/generic/callback',
+				icon: 'check',
+				scope: meta.config['social:oauth:scope'].split(',')
+			});
+
+			return strategies;
+		} else {
+			winston.info('[plugins/sso-oauth] OAuth Disabled or misconfigured. Proceeding without Generic OAuth Login');
+			return strategies;
+		}
+	};
+
+	OAuth.login = function(oAuthid, handle, email, callback) {
+		OAuth.getUidByOAuthid(oAuthid, function(err, uid) {
+			if(err) {
+				return callback(err);
+			}
+
+			if (uid !== null) {
+				// Existing User
+				callback(null, {
+					uid: uid
+				});
+			} else {
+				// New User
+				var success = function(uid) {
+					// Save provider-specific information to the user
+					User.setUserField(uid, 'oAuthid', oAuthid);
+					db.setObjectField('oAuthid:uid', oAuthid, uid);
+					callback(null, {
+						uid: uid
+					});
+				};
+
+				User.getUidByEmail(email, function(err, uid) {
+					if(err) {
+						return callback(err);
+					}
+
+					if (!uid) {
+						User.create({username: handle, email: email}, function(err, uid) {
+							if(err) {
+								return callback(err);
+							}
+
+							success(uid);
+						});
+					} else {
+						success(uid); // Existing account -- merge
+					}
+				});
+			}
+		});
+	};
+
+	OAuth.getUidByOAuthid = function(oAuthid, callback) {
+		db.getObjectField('oauthid:uid', oAuthid, function(err, uid) {
+			if (err) {
+				return callback(err);
+			}
+			callback(null, uid);
+		});
+	};
+
+	OAuth.addMenuItem = function(custom_header) {
+		custom_header.authentication.push({
+			"route": constants.admin.route,
+			"icon": constants.admin.icon,
+			"name": constants.name
+		});
+
+		return custom_header;
+	}
+
+	OAuth.addAdminRoute = function(custom_routes, callback) {
+		fs.readFile(path.resolve(__dirname, './static/admin.tpl'), function (err, template) {
+			custom_routes.routes.push({
+				"route": constants.admin.route,
+				"method": "get",
+				"options": function(req, res, callback) {
+					callback({
+						req: req,
+						res: res,
+						route: constants.admin.route,
+						name: constants.name,
+						content: template
+					});
+				}
+			});
+
+			callback(null, custom_routes);
+		});
+	};
+
+	module.exports = OAuth;
+}(module));

package.json

@@ -0,0 +1,31 @@
+{
+  "name": "nodebb-plugin-sso-oauth",
+  "version": "0.1.0-1",
+  "description": "NodeBB Generic OAuth SSO",
+  "main": "library.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/julianlam/nodebb-plugin-sso-oauth"
+  },
+  "keywords": [
+    "nodebb",
+    "plugin",
+    "oauth",
+    "sso",
+    "single sign on",
+    "registration"
+  ],
+  "author": {
+    "name": "Julian Lam",
+    "email": "julian@nodebb.org"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/julianlam/nodebb-plugin-sso-oauth/issues"
+  },
+  "readme": "",
+  "readmeFilename": "README.md",
+  "dependencies": {
+    "passport-oauth": "~1.0.0"
+  }
+}

plugin.json

@@ -0,0 +1,19 @@
+{
+	"id": "nodebb-plugin-sso-oauth",
+	"name": "NodeBB OAuth SSO",
+	"description": "NodeBB Plugin that allows users to login/register via any configured OAuth provider.",
+	"url": "https://github.com/julianlam/nodebb-plugin-sso-oauth",
+	"library": "./library.js",
+	"hooks": [
+		{
+			"hook": "filter:auth.init", "method": "getStrategy", "callbacked": false
+		},
+		{
+			"hook": "filter:admin.header.build", "method": "addMenuItem", "callbacked": false
+		},
+		{
+			"hook": "filter:admin.create_routes", "method": "addAdminRoute", "callbacked": true
+		}
+	],
+	"staticDir": "./static"
+}

static/admin.tpl

@@ -0,0 +1,74 @@
+<h1><i class="fa fa-key"></i> Generic OAuth Authentication</h1>
+<hr />
+
+<form>
+	<div class="alert alert-warning">
+		<p>
+			Please refer to your OAuth provider&apos;s documentation for appropriate values. All fields are mandatory.
+		</p>
+		<br />
+		<select data-field="social:oauth:type" title="OAuth Strategy" class="form-control">
+			<option value="x">Disabled</option>
+			<option value="1">OAuth</option>
+			<option value="2">OAuth2</option>
+		</select>
+		<hr />
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:key" title="OAuth Key" class="form-control input-lg" placeholder="OAuth Key">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:secret" title="OAuth Secret" class="form-control" placeholder="OAuth Secret">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:reqTokenUrl" title="Token Request URL" class="form-control" placeholder="Token Request URL">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:accessTokenUrl" title="Access Token URL" class="form-control" placeholder="Access Token URL">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:authUrl" title="Authorization URL" class="form-control" placeholder="Authorization URL">
+		</div>
+
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:id" title="Client ID" class="form-control input-lg" placeholder="Client ID">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:secret" title="Client Secret" class="form-control" placeholder="Client Secret">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:authUrl" title="Authorization URL" class="form-control" placeholder="Authorization URL">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:tokenUrl" title="Token URL" class="form-control" placeholder="Token URL">
+		</div>
+
+		<div class="form-group">
+			<input type="text" data-field="social:oauth:scope" title="Comma-separated scope" class="form-control" placeholder="Comma-separated scope (e.g. &quot;user,email,address&quot;)">
+		</div>
+	</div>
+</form>
+
+<button class="btn btn-lg btn-primary" id="save">Save</button>
+
+<script>
+	require(['forum/admin/settings'], function(Settings) {
+		Settings.prepare(function() {
+			var	OAuthType = $('[data-field="social:oauth:type"]').val();
+			toggleFields(OAuthType);
+		});
+	});
+
+	var	toggleFields = function(value) {
+		if (value === '1') {
+			$('[data-strategy="2"]').hide();
+			$('[data-strategy="1"]').show();
+		} else if (value === '2') {
+			$('[data-strategy="1"]').hide();
+			$('[data-strategy="2"]').show();
+		}
+	}
+
+	$('[data-field="social:oauth:type"]').on('change', function() {
+		toggleFields(this.value);
+	})
+</script>