From 9fd27ff2fc54fa0c0a1f4f3ab35864dcdf0c9628 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@designcreateplay.com>
Date: Wed, 29 Jan 2014 11:42:06 -0500
Subject: [PATCH] init

---
 .gitattributes   |  22 +++++
 .gitignore       | 218 +++++++++++++++++++++++++++++++++++++++++++++++
 .npmignore       |   2 +
 LICENSE          |   8 ++
 README.md        |   7 ++
 library.js       | 167 ++++++++++++++++++++++++++++++++++++
 package.json     |  31 +++++++
 plugin.json      |  19 +++++
 static/admin.tpl |  74 ++++++++++++++++
 9 files changed, 548 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 .npmignore
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 library.js
 create mode 100644 package.json
 create mode 100644 plugin.json
 create mode 100644 static/admin.tpl

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..412eeda
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+*.sln    merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d77e539
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,218 @@
+#################
+## Eclipse
+#################
+
+*.pydevproject
+.project
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+
+#################
+## Visual Studio
+#################
+
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+
+[Dd]ebug/
+[Rr]elease/
+x64/
+build/
+[Bb]in/
+[Oo]bj/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+*_i.c
+*_p.c
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.log
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+.*crunch*.local.xml
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.Publish.xml
+*.pubxml
+
+# NuGet Packages Directory
+## TODO: If you have NuGet Package Restore enabled, uncomment the next line
+#packages/
+
+# Windows Azure Build Output
+csx
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.[Pp]ublish.xml
+*.pfx
+*.publishsettings
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+App_Data/*.mdf
+App_Data/*.ldf
+
+#############
+## Windows detritus
+#############
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Mac crap
+.DS_Store
+
+
+#############
+## Python
+#############
+
+*.py[co]
+
+# Packages
+*.egg
+*.egg-info
+dist/
+build/
+eggs/
+parts/
+var/
+sdist/
+develop-eggs/
+.installed.cfg
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+
+#Translations
+*.mo
+
+#Mr Developer
+.mr.developer.cfg
+
+sftp-config.json
+node_modules/
diff --git a/.npmignore b/.npmignore
new file mode 100644
index 0000000..d913c17
--- /dev/null
+++ b/.npmignore
@@ -0,0 +1,2 @@
+sftp-config.json
+node_modules/
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..b86168b
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,8 @@
+Copyright (c) 2013-2014, psychobunny <psycho.bunny@hotmail.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5ba31ed
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+# NodeBB OAuth SSO
+
+NodeBB Plugin that allows users to login/register via any configured OAuth provider.
+
+## Installation
+
+    npm install nodebb-plugin-sso-oauth
\ No newline at end of file
diff --git a/library.js b/library.js
new file mode 100644
index 0000000..5372228
--- /dev/null
+++ b/library.js
@@ -0,0 +1,167 @@
+(function(module) {
+	"use strict";
+
+	var User = module.parent.require('./user'),
+		db = module.parent.require('../src/database'),
+		passport = module.parent.require('passport'),
+  		fs = module.parent.require('fs'),
+  		path = module.parent.require('path'),
+  		nconf = module.parent.require('nconf'),
+  		winston = module.parent.require('winston'),
+  		passportOAuth;
+  		
+  	if (meta.config['social:oauth:type'] === '2') {
+  		passportOAuth = require('passport-oauth').OAuth2Strategy;
+  	} else if (meta.config['social:oauth:type'] === '1') {
+  		passportOAuth = require('passport-oauth').OAuthStrategy;
+  	}
+
+	var constants = Object.freeze({
+		'name': "Generic OAuth",
+		'admin': {
+			'route': '/oauth',
+			'icon': 'fa-key'
+		}
+	});
+
+	var OAuth = {};
+
+	OAuth.getStrategy = function(strategies) {
+		var	oAuthKeys = ['social:oauth:reqTokenUrl', 'social:oauth:accessTokenUrl', 'social:oauth:authUrl', 'social:oauth:key', 'social:oauth:secret'],
+			oAuth2Keys = ['social:oauth2:authUrl', 'social:oauth2:tokenUrl', 'social:oauth2:id', 'social:oauth2:secret'],
+			configOk = oAuthKeys.every(function(key) {
+				return meta.config[key];
+			}) || oAuth2Keys.every(function(key) {
+				return meta.config[key];
+			}),
+			opts;
+
+		if (passportOAuth && configOk) {
+			if (meta.config['social:oauth:type'] === '1') {
+				opts = {
+					requestTokenURL: meta.config['social:oauth:reqTokenUrl'],
+					accessTokenURL: meta.config['social:oauth:accessTokenUrl'],
+					userAuthorizationURL: meta.config['social:oauth:authUrl'],
+					consumerKey: meta.config['social:oauth:key'],
+					consumerSecret: meta.config['social:oauth:secret'],
+					callbackURL: nconf.get('url') + '/auth/generic/callback'
+				};
+			} else if (meta.config['social:oauth:type'] === '2') {
+				opts = {
+					authorizationURL: meta.config['social:oauth2:authUrl'],
+					tokenURL: meta.config['social:oauth2:tokenUrl'],
+					clientID: meta.config['social:oauth2:id'],
+					clientSecret: meta.config['social:oauth2:secret'],
+					callbackURL: nconf.get('url') + '/auth/generic/callback'
+				};
+			}
+			passport.use('Generic OAuth', new passportOAuth(opts, function(token, secret, profile, done) {
+				console.log('this is the info I get back:', arguments);
+				process.exit();
+				OAuth.login(profile.id, profile.displayName, profile.emails[0].value, function(err, user) {
+					if (err) {
+						return done(err);
+					}
+					done(null, user);
+				});
+			}));
+
+			strategies.push({
+				name: 'Generic OAuth',
+				url: '/auth/oauth',
+				callbackURL: '/auth/generic/callback',
+				icon: 'check',
+				scope: meta.config['social:oauth:scope'].split(',')
+			});
+
+			return strategies;
+		} else {
+			winston.info('[plugins/sso-oauth] OAuth Disabled or misconfigured. Proceeding without Generic OAuth Login');
+			return strategies;
+		}
+	};
+
+	OAuth.login = function(oAuthid, handle, email, callback) {
+		OAuth.getUidByOAuthid(oAuthid, function(err, uid) {
+			if(err) {
+				return callback(err);
+			}
+
+			if (uid !== null) {
+				// Existing User
+				callback(null, {
+					uid: uid
+				});
+			} else {
+				// New User
+				var success = function(uid) {
+					// Save provider-specific information to the user
+					User.setUserField(uid, 'oAuthid', oAuthid);
+					db.setObjectField('oAuthid:uid', oAuthid, uid);
+					callback(null, {
+						uid: uid
+					});
+				};
+
+				User.getUidByEmail(email, function(err, uid) {
+					if(err) {
+						return callback(err);
+					}
+
+					if (!uid) {
+						User.create({username: handle, email: email}, function(err, uid) {
+							if(err) {
+								return callback(err);
+							}
+
+							success(uid);
+						});
+					} else {
+						success(uid); // Existing account -- merge
+					}
+				});
+			}
+		});
+	};
+
+	OAuth.getUidByOAuthid = function(oAuthid, callback) {
+		db.getObjectField('oauthid:uid', oAuthid, function(err, uid) {
+			if (err) {
+				return callback(err);
+			}
+			callback(null, uid);
+		});
+	};
+
+	OAuth.addMenuItem = function(custom_header) {
+		custom_header.authentication.push({
+			"route": constants.admin.route,
+			"icon": constants.admin.icon,
+			"name": constants.name
+		});
+
+		return custom_header;
+	}
+
+	OAuth.addAdminRoute = function(custom_routes, callback) {
+		fs.readFile(path.resolve(__dirname, './static/admin.tpl'), function (err, template) {
+			custom_routes.routes.push({
+				"route": constants.admin.route,
+				"method": "get",
+				"options": function(req, res, callback) {
+					callback({
+						req: req,
+						res: res,
+						route: constants.admin.route,
+						name: constants.name,
+						content: template
+					});
+				}
+			});
+
+			callback(null, custom_routes);
+		});
+	};
+
+	module.exports = OAuth;
+}(module));
\ No newline at end of file
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..d293dc7
--- /dev/null
+++ b/package.json
@@ -0,0 +1,31 @@
+{
+  "name": "nodebb-plugin-sso-oauth",
+  "version": "0.1.0-1",
+  "description": "NodeBB Generic OAuth SSO",
+  "main": "library.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/julianlam/nodebb-plugin-sso-oauth"
+  },
+  "keywords": [
+    "nodebb",
+    "plugin",
+    "oauth",
+    "sso",
+    "single sign on",
+    "registration"
+  ],
+  "author": {
+    "name": "Julian Lam",
+    "email": "julian@nodebb.org"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/julianlam/nodebb-plugin-sso-oauth/issues"
+  },
+  "readme": "",
+  "readmeFilename": "README.md",
+  "dependencies": {
+    "passport-oauth": "~1.0.0"
+  }
+}
diff --git a/plugin.json b/plugin.json
new file mode 100644
index 0000000..b2535cd
--- /dev/null
+++ b/plugin.json
@@ -0,0 +1,19 @@
+{
+	"id": "nodebb-plugin-sso-oauth",
+	"name": "NodeBB OAuth SSO",
+	"description": "NodeBB Plugin that allows users to login/register via any configured OAuth provider.",
+	"url": "https://github.com/julianlam/nodebb-plugin-sso-oauth",
+	"library": "./library.js",
+	"hooks": [
+		{
+			"hook": "filter:auth.init", "method": "getStrategy", "callbacked": false
+		},
+		{
+			"hook": "filter:admin.header.build", "method": "addMenuItem", "callbacked": false
+		},
+		{
+			"hook": "filter:admin.create_routes", "method": "addAdminRoute", "callbacked": true
+		}
+	],
+	"staticDir": "./static"
+}
\ No newline at end of file
diff --git a/static/admin.tpl b/static/admin.tpl
new file mode 100644
index 0000000..b56ef60
--- /dev/null
+++ b/static/admin.tpl
@@ -0,0 +1,74 @@
+<h1><i class="fa fa-key"></i> Generic OAuth Authentication</h1>
+<hr />
+
+<form>
+	<div class="alert alert-warning">
+		<p>
+			Please refer to your OAuth provider&apos;s documentation for appropriate values. All fields are mandatory.
+		</p>
+		<br />
+		<select data-field="social:oauth:type" title="OAuth Strategy" class="form-control">
+			<option value="x">Disabled</option>
+			<option value="1">OAuth</option>
+			<option value="2">OAuth2</option>
+		</select>
+		<hr />
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:key" title="OAuth Key" class="form-control input-lg" placeholder="OAuth Key">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:secret" title="OAuth Secret" class="form-control" placeholder="OAuth Secret">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:reqTokenUrl" title="Token Request URL" class="form-control" placeholder="Token Request URL">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:accessTokenUrl" title="Access Token URL" class="form-control" placeholder="Access Token URL">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="1" data-field="social:oauth:authUrl" title="Authorization URL" class="form-control" placeholder="Authorization URL">
+		</div>
+
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:id" title="Client ID" class="form-control input-lg" placeholder="Client ID">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:secret" title="Client Secret" class="form-control" placeholder="Client Secret">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:authUrl" title="Authorization URL" class="form-control" placeholder="Authorization URL">
+		</div>
+		<div class="form-group">
+			<input type="text" data-strategy="2" data-field="social:oauth2:tokenUrl" title="Token URL" class="form-control" placeholder="Token URL">
+		</div>
+
+		<div class="form-group">
+			<input type="text" data-field="social:oauth:scope" title="Comma-separated scope" class="form-control" placeholder="Comma-separated scope (e.g. &quot;user,email,address&quot;)">
+		</div>
+	</div>
+</form>
+
+<button class="btn btn-lg btn-primary" id="save">Save</button>
+
+<script>
+	require(['forum/admin/settings'], function(Settings) {
+		Settings.prepare(function() {
+			var	OAuthType = $('[data-field="social:oauth:type"]').val();
+			toggleFields(OAuthType);
+		});
+	});
+
+	var	toggleFields = function(value) {
+		if (value === '1') {
+			$('[data-strategy="2"]').hide();
+			$('[data-strategy="1"]').show();
+		} else if (value === '2') {
+			$('[data-strategy="1"]').hide();
+			$('[data-strategy="2"]').show();
+		}
+	}
+
+	$('[data-field="social:oauth:type"]').on('change', function() {
+		toggleFields(this.value);
+	})
+</script>
\ No newline at end of file