Compare commits

...

36 Commits

Author SHA1 Message Date
646f653368 Update library.js 2022-09-17 08:15:08 +00:00
20c1362858 Merge branch 'evert-master-patch-82943' into 'master'
new oauth2 server

See merge request IcyNetwork/nodebb-plugin-sso-oauth!1
2022-09-17 08:10:19 +00:00
23aaf61b70 new oauth2 server 2022-09-17 08:10:03 +00:00
1b15b4f3b7
new version 2019-09-06 19:03:42 +03:00
dependabot[bot]
37c3c04e86 Bump eslint-utils from 1.4.0 to 1.4.2
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/mysticatea/eslint-utils/releases)
- [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.4.0...v1.4.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-27 10:14:21 -04:00
Julian Lam
32e061cfe4 0.3.4 2019-07-15 11:21:07 -04:00
Julian Lam
68f3c84585 fix: bump dependencies 2019-07-15 11:21:06 -04:00
Julian Lam
b82a4cf4f9 fix: some additional style changes 2019-01-18 12:09:45 -05:00
Julian Lam
2840b0568e fix: updated readme to add email address for commissions 2019-01-17 16:51:44 -05:00
Julian Lam
9f6ab199de fix: linted library.js 2019-01-17 16:51:32 -05:00
Julian Lam
8c57b5c105 feat: added eslint, husky, lint-staged to development workflow 2019-01-17 16:41:52 -05:00
Julian Lam
0ebdabd79a
Merge pull request #21 from LudwikJaniuk/fix-delete
Fix deleteUser
2018-08-07 14:44:31 -04:00
Ludvig Janiuk
0de77d75b2 comment mistake 2018-08-02 11:41:24 +02:00
Ludvig Janiuk
8cfdd45de7 Whitelist filter. Fix #20 2018-08-02 11:38:15 +02:00
d4af131481
auto-assign profile pic 2017-09-07 00:06:17 +03:00
a632baf6cb
icynetify 2017-09-06 22:21:59 +03:00
Julian Lam
5e502244cc 0.3.3 2017-07-06 11:19:52 -04:00
Julian Lam
312321b79b closes #16 2017-07-06 11:19:51 -04:00
Julian Lam
03dc0d3ea4 0.3.2 2017-01-09 13:48:49 -05:00
Julian Lam
7b45882aec closes #14 2017-01-09 13:48:37 -05:00
Julian Lam
427dbe9890 changed line ref # 2016-10-25 16:22:14 -04:00
Julian Lam
1c60102bc3 0.3.1 2016-04-13 18:33:28 -04:00
Julian Lam
74ae8adace fixed location of onSuccessfulLogin call 2016-04-13 18:33:23 -04:00
Julian Lam
e301e6b8bf 0.3.0 2016-03-30 12:09:36 -04:00
Julian Lam
354850244b calling onSuccessfulLogin on successful login 2016-03-30 12:09:31 -04:00
Julian Lam
d1d9ab0cee 0.2.5 2015-08-27 15:31:24 -04:00
Julian Lam
f0cf6b82f3 updating compatibility string for 0.8.0 2015-08-27 15:31:22 -04:00
Julian Lam
81e2826ad0 0.2.4 2015-02-17 16:51:25 -05:00
Julian Lam
8cd170f8f7 instructing nbbpm to not index me 2015-02-17 16:51:20 -05:00
Julian Lam
3969ffc5a9 compatibility hash in package.json 2014-11-10 13:26:14 -05:00
Julian Lam
8779144d41 removing missing templates folder property in plugin.json, re: #8 2014-09-26 13:20:25 -04:00
Julian Lam
a1d495676d 0.2.2 2014-09-18 12:42:10 -04:00
Julian Lam
8ba28e2046 passing uid in through the user deletion filter 2014-09-18 12:41:59 -04:00
Julian Lam
7d4ea98b5f 0.2.1 2014-08-21 10:52:26 -04:00
Julian Lam
b320406dcc more keywords and removed unused template 2014-08-21 10:52:18 -04:00
Julian Lam
18af0afe2d Merge pull request #6 from julianlam/upstream
updated readme
2014-08-15 23:03:22 -04:00
9 changed files with 3367 additions and 172 deletions

137
.eslintrc Normal file
View File

@ -0,0 +1,137 @@
{
"extends": "airbnb-base",
"parserOptions": {
"sourceType": "script"
},
"rules": {
// Customized
"handle-callback-err": [ "error","^(e$|(e|(.*(_e|E)))rr)" ],
"comma-dangle": ["error", {
"arrays": "always-multiline",
"objects": "always-multiline",
"imports": "always-multiline",
"exports": "always-multiline",
"functions": "never"
}],
"no-empty": ["error", { "allowEmptyCatch": true }],
"no-underscore-dangle": "off",
"no-console": "off",
"no-mixed-operators": ["error", { "allowSamePrecedence": true }],
"strict": ["error", "global"],
"consistent-return": "off",
"func-names": "off",
"no-tabs": "off",
"indent": ["error", "tab"],
"no-eq-null": "off",
"camelcase": "off",
"no-new": "off",
"no-shadow": "off",
"no-use-before-define": ["error", "nofunc"],
"no-prototype-builtins": "off",
"new-cap": "off",
"no-plusplus": ["error", { "allowForLoopAfterthoughts": true }],
"object-curly-newline": "off",
"no-restricted-globals": "off",
"function-paren-newline": "off",
"import/no-unresolved": "error",
"quotes": ["error", "single", {
"avoidEscape": true,
"allowTemplateLiterals": true
}],
"no-else-return": [ "error", { "allowElseIf": true } ],
"operator-linebreak": [ "error", "after" ],
// ES6
"prefer-rest-params": "off",
"prefer-spread": "off",
"prefer-arrow-callback": "off",
"prefer-template": "off",
"no-var": "off",
"object-shorthand": "off",
"vars-on-top": "off",
"prefer-destructuring": "off",
// TODO
"import/no-extraneous-dependencies": "off",
"import/no-dynamic-require": "off",
"import/newline-after-import": "off",
"no-bitwise": "off",
"global-require": "off",
"max-len": "off",
"no-param-reassign": "off",
"no-restricted-syntax": "off",
"no-script-url": "off",
"default-case": "off",
"linebreak-style": "off",
// "no-multi-assign": "off",
// "one-var": "off",
// "no-undef": "off",
// "max-nested-callbacks": "off",
// "no-mixed-requires": "off",
// "brace-style": "off",
// "max-statements-per-line": "off",
// "no-unused-vars": "off",
// "no-mixed-spaces-and-tabs": "off",
// "no-useless-concat": "off",
// "require-jsdoc": "off",
// "eqeqeq": "off",
// "no-negated-condition": "off",
// "one-var-declaration-per-line": "off",
// "no-lonely-if": "off",
// "radix": "off",
// "no-else-return": "off",
// "no-useless-escape": "off",
// "block-scoped-var": "off",
// "operator-assignment": "off",
// "yoda": "off",
// "no-loop-func": "off",
// "no-void": "off",
// "valid-jsdoc": "off",
// "no-cond-assign": "off",
// "no-redeclare": "off",
// "no-unreachable": "off",
// "no-nested-ternary": "off",
// "operator-linebreak": "off",
// "guard-for-in": "off",
// "no-unneeded-ternary": "off",
// "no-sequences": "off",
// "no-extend-native": "off",
// "no-shadow-restricted-names": "off",
// "no-extra-boolean-cast": "off",
// "no-path-concat": "off",
// "no-unused-expressions": "off",
// "no-return-assign": "off",
// "no-restricted-modules": "off",
// "object-curly-spacing": "off",
// "indent": "off",
// "padded-blocks": "off",
// "eol-last": "off",
// "lines-around-directive": "off",
// "strict": "off",
// "comma-dangle": "off",
// "no-multi-spaces": "off",
// "quotes": "off",
// "keyword-spacing": "off",
// "no-mixed-operators": "off",
// "comma-spacing": "off",
// "no-trailing-spaces": "off",
// "key-spacing": "off",
// "no-multiple-empty-lines": "off",
// "spaced-comment": "off",
// "space-in-parens": "off",
// "block-spacing": "off",
// "quote-props": "off",
// "space-unary-ops": "off",
// "no-empty": "off",
// "dot-notation": "off",
// "func-call-spacing": "off",
// "array-bracket-spacing": "off",
// "object-property-newline": "off",
// "no-continue": "off",
// "no-extra-semi": "off",
// "no-spaced-func": "off",
// "no-useless-return": "off"
}
}

6
.gitignore vendored
View File

@ -216,3 +216,9 @@ pip-log.txt
sftp-config.json
node_modules/
####################
# JetBrains
####################
.idea

View File

@ -14,4 +14,6 @@ NodeBB Plugin that allows users to login/register via any configured OAuth provi
## Trouble?
The NodeBB team builds out SSO plugins for a nominal fee. [Reach out to us for a quote.](mailto:sales@nodebb.org)
Find us on [the community forums](http://community.nodebb.org)!

3
commitlint.config.js Normal file
View File

@ -0,0 +1,3 @@
'use strict';
module.exports = { extends: ['@commitlint/config-angular'] };

View File

@ -1,6 +1,6 @@
(function(module) {
"use strict";
'use strict';
(function (module) {
/*
Welcome to the SSO OAuth plugin! If you're inspecting this code, you're probably looking to
hook up NodeBB with your existing OAuth endpoint.
@ -11,42 +11,65 @@
Step 2: Give it a whirl. If you see the congrats message, you're doing well so far!
Step 3: Customise the `parseUserReturn` method to normalise your user route's data return into
a format accepted by NodeBB. Instructions are provided there. (Line 137)
a format accepted by NodeBB. Instructions are provided there. (Line 146)
Step 4: If all goes well, you'll be able to login/register via your OAuth endpoint credentials.
*/
var User = module.parent.require('./user'),
Groups = module.parent.require('./groups'),
meta = module.parent.require('./meta'),
db = module.parent.require('../src/database'),
passport = module.parent.require('passport'),
fs = module.parent.require('fs'),
path = module.parent.require('path'),
nconf = module.parent.require('nconf'),
winston = module.parent.require('winston'),
async = module.parent.require('async'),
const User = require.main.require('./src/user');
const Groups = require.main.require('./src/groups');
const db = require.main.require('./src/database');
const authenticationController = require.main.require('./src/controllers/authentication');
constants = Object.freeze({
type: '', // Either 'oauth' or 'oauth2'
name: '', // Something unique to your OAuth provider in lowercase, like "github", or "nodebb"
oauth: {
requestTokenURL: '',
accessTokenURL: '',
userAuthorizationURL: '',
consumerKey: '',
consumerSecret: ''
},
oauth2: {
authorizationURL: '',
tokenURL: '',
clientID: '',
clientSecret: ''
},
userRoute: '' // This is the address to your app's "user profile" API endpoint (expects JSON)
}),
configOk = false,
OAuth = {}, passportOAuth, opts;
const async = require('async');
const passport = module.parent.require('passport');
const nconf = module.parent.require('nconf');
const winston = module.parent.require('winston');
/**
* REMEMBER
* Never save your OAuth Key/Secret or OAuth2 ID/Secret pair in code! It could be published and leaked accidentally.
* Save it into your config.json file instead:
*
* {
* ...
* "oauth": {
* "id": "someoauthid",
* "secret": "youroauthsecret"
* }
* ...
* }
*
* ... or use environment variables instead:
*
* `OAUTH__ID=someoauthid OAUTH__SECRET=youroauthsecret node app.js`
*/
const constants = Object.freeze({
type: 'oauth2', // Either 'oauth' or 'oauth2'
name: 'icynet', // Something unique to your OAuth provider in lowercase, like "github", or "nodebb"
scope: 'email image privileges',
oauth: {
requestTokenURL: '',
accessTokenURL: '',
userAuthorizationURL: '',
consumerKey: nconf.get('oauth:key'), // don't change this line
consumerSecret: nconf.get('oauth:secret'), // don't change this line
},
oauth2: {
authorizationURL: 'https://secure.icynet.eu/oauth2/authorize',
tokenURL: 'https://secure.icynet.eu/oauth2/token',
clientID: nconf.get('oauth:id'),
clientSecret: nconf.get('oauth:secret'),
},
userRoute: 'https://api.icynet.eu/api/user'
})
const OAuth = {};
let configOk = false;
let passportOAuth;
let opts;
if (!constants.name) {
winston.error('[sso-oauth] Please specify a name for your OAuth provider (library.js:32)');
@ -58,7 +81,7 @@
configOk = true;
}
OAuth.getStrategy = function(strategies, callback) {
OAuth.getStrategy = function (strategies, callback) {
if (configOk) {
passportOAuth = require('passport-oauth')[constants.type === 'oauth' ? 'OAuthStrategy' : 'OAuth2Strategy'];
@ -67,18 +90,21 @@
opts = constants.oauth;
opts.callbackURL = nconf.get('url') + '/auth/' + constants.name + '/callback';
passportOAuth.Strategy.prototype.userProfile = function(token, secret, params, done) {
this._oauth.get(constants.userRoute, token, secret, function(err, body, res) {
if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }
passportOAuth.Strategy.prototype.userProfile = function (token, secret, params, done) {
this._oauth.get(constants.userRoute, token, secret, function (err, body/* , res */) {
if (err) {
return done(err);
}
try {
var json = JSON.parse(body);
OAuth.parseUserReturn(json, function(err, profile) {
OAuth.parseUserReturn(json, function (err, profile) {
if (err) return done(err);
profile.provider = constants.name;
done(null, profile);
});
} catch(e) {
} catch (e) {
done(e);
}
});
@ -88,34 +114,42 @@
opts = constants.oauth2;
opts.callbackURL = nconf.get('url') + '/auth/' + constants.name + '/callback';
passportOAuth.Strategy.prototype.userProfile = function(accessToken, done) {
this._oauth2.get(constants.userRoute, accessToken, function(err, body, res) {
if (err) { return done(new InternalOAuthError('failed to fetch user profile', err)); }
passportOAuth.Strategy.prototype.userProfile = function (accessToken, done) {
this._oauth2.get(constants.userRoute, accessToken, function (err, body/* , res */) {
if (err) {
return done(err);
}
try {
var json = JSON.parse(body);
OAuth.parseUserReturn(json, function(err, profile) {
OAuth.parseUserReturn(json, function (err, profile) {
if (err) return done(err);
profile.provider = constants.name;
done(null, profile);
});
} catch(e) {
} catch (e) {
done(e);
}
});
};
}
passport.use(constants.name, new passportOAuth(opts, function(token, secret, profile, done) {
opts.passReqToCallback = true;
passport.use(constants.name, new passportOAuth(opts, function (req, token, secret, profile, done) {
OAuth.login({
oAuthid: profile.id,
handle: profile.displayName,
email: profile.emails[0].value,
picture: profile.picture,
isAdmin: profile.isAdmin
}, function(err, user) {
if (err) {
return done(err);
}
authenticationController.onSuccessfulLogin(req, user.uid);
done(null, user);
});
}));
@ -125,7 +159,7 @@
url: '/auth/' + constants.name,
callbackURL: '/auth/' + constants.name + '/callback',
icon: 'fa-check-square',
scope: (constants.scope || '').split(',')
scope: (constants.scope || '').split(','),
});
callback(null, strategies);
@ -134,69 +168,59 @@
}
};
OAuth.parseUserReturn = function(data, callback) {
// Alter this section to include whatever data is necessary
// NodeBB *requires* the following: id, displayName, emails.
// Everything else is optional.
// Find out what is available by uncommenting this line:
// console.log(data);
OAuth.parseUserReturn = function (data, callback) {
var profile = {};
profile.id = data.id;
profile.displayName = data.name;
profile.id = data.uuid;
profile.displayName = data.display_name;
profile.emails = [{ value: data.email }];
profile.isAdmin = (data.privileges || []).includes('admin');
profile.picture = data.image;
// Do you want to automatically make somebody an admin? This line might help you do that...
// profile.isAdmin = data.isAdmin ? true : false;
// Delete or comment out the next TWO (2) lines when you are ready to proceed
process.stdout.write('===\nAt this point, you\'ll need to customise the above section to id, displayName, and emails into the "profile" object.\n===');
return callback(new Error('Congrats! So far so good -- please see server log for details'));
// eslint-disable-next-line
callback(null, profile);
}
};
OAuth.login = function(payload, callback) {
OAuth.getUidByOAuthid(payload.oAuthid, function(err, uid) {
if(err) {
OAuth.login = function (payload, callback) {
OAuth.getUidByOAuthid(payload.oAuthid, function (err, uid) {
if (err) {
return callback(err);
}
if (uid !== null) {
// Existing User
callback(null, {
uid: uid
uid: uid,
});
} else {
// New User
var success = function(uid) {
var success = function (uid) {
// Save provider-specific information to the user
User.setUserField(uid, constants.name + 'Id', payload.oAuthid);
db.setObjectField(constants.name + 'Id:uid', payload.oAuthid, uid);
if (payload.isAdmin) {
Groups.join('administrators', uid, function(err) {
callback(null, {
uid: uid
Groups.join('administrators', uid, function (err) {
callback(err, {
uid: uid,
});
});
} else {
callback(null, {
uid: uid
uid: uid,
});
}
};
User.getUidByEmail(payload.email, function(err, uid) {
if(err) {
User.getUidByEmail(payload.email, function (err, uid) {
if (err) {
return callback(err);
}
if (!uid) {
User.create({
username: payload.handle,
email: payload.email
email: payload.email,
picture: payload.picture
}, function(err, uid) {
if(err) {
return callback(err);
@ -212,8 +236,8 @@
});
};
OAuth.getUidByOAuthid = function(oAuthid, callback) {
db.getObjectField(constants.name + 'Id:uid', oAuthid, function(err, uid) {
OAuth.getUidByOAuthid = function (oAuthid, callback) {
db.getObjectField(constants.name + 'Id:uid', oAuthid, function (err, uid) {
if (err) {
return callback(err);
}
@ -221,20 +245,27 @@
});
};
OAuth.deleteUserData = function(uid, callback) {
OAuth.deleteUserData = function (data, callback) {
async.waterfall([
async.apply(User.getUserField, uid, constants.name + 'Id'),
function(oAuthIdToDelete, next) {
async.apply(User.getUserField, data.uid, constants.name + 'Id'),
function (oAuthIdToDelete, next) {
db.deleteObjectField(constants.name + 'Id:uid', oAuthIdToDelete, next);
}
], function(err) {
},
], function (err) {
if (err) {
winston.error('[sso-oauth] Could not remove OAuthId data for uid ' + uid + '. Error: ' + err);
winston.error('[sso-oauth] Could not remove OAuthId data for uid ' + data.uid + '. Error: ' + err);
return callback(err);
}
callback();
callback(null, data);
});
};
// If this filter is not there, the deleteUserData function will fail when getting the oauthId for deletion.
OAuth.whitelistFields = function (params, callback) {
params.whitelist.push(constants.name + 'Id');
callback(null, params);
};
module.exports = OAuth;
}(module));

View File

@ -1,6 +1,6 @@
{
"name": "nodebb-plugin-sso-oauth",
"version": "0.2.0",
"version": "0.3.4",
"description": "NodeBB Generic OAuth SSO",
"main": "library.js",
"repository": {
@ -11,8 +11,10 @@
"nodebb",
"plugin",
"oauth",
"oauth2",
"sso",
"single sign on",
"login",
"registration"
],
"author": {
@ -26,6 +28,32 @@
"readme": "",
"readmeFilename": "README.md",
"dependencies": {
"async": "^2",
"passport-oauth": "~1.0.0"
},
"nbbpm": {
"compatibility": "^1.0.1",
"index": false
},
"devDependencies": {
"@commitlint/cli": "^8.0.0",
"@commitlint/config-angular": "^7.1.2",
"eslint": "^5.16.0",
"eslint-config-airbnb-base": "^12.1.0",
"eslint-plugin-import": "^2.8.0",
"husky": "^2.4.0",
"lint-staged": "^8.2.0"
},
"husky": {
"hooks": {
"pre-commit": "lint-staged",
"commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
}
},
"lint-staged": {
"*.js": [
"eslint --fix",
"git add"
]
}
}

View File

@ -5,9 +5,8 @@
"url": "https://github.com/julianlam/nodebb-plugin-sso-oauth",
"library": "./library.js",
"hooks": [
{ "hook": "filter:user.delete", "method": "deleteUserData" },
{ "hook": "static:user.delete", "method": "deleteUserData" },
{ "hook": "filter:user.whitelistFields", "method": "whitelistFields" },
{ "hook": "filter:auth.init", "method": "getStrategy" }
],
"templates": "./templates",
"minver": "0.5.0"
]
}

View File

@ -1,81 +0,0 @@
<h1><i class="fa fa-key"></i> Generic OAuth Authentication</h1>
<hr />
<form class="sso-oauth-settings">
<div class="alert alert-warning">
<p>
Please refer to your OAuth provider&apos;s documentation for appropriate values. All fields are mandatory.
</p>
<br />
<select name="oauth:type" title="OAuth Strategy" class="form-control">
<option value="x">Disabled</option>
<option value="1">OAuth</option>
<option value="2">OAuth2</option>
</select>
<hr />
<div class="form-group">
<input type="text" data-strategy="1" name="oauth:key" title="OAuth Key" class="form-control input-lg" placeholder="OAuth Key">
</div>
<div class="form-group">
<input type="text" data-strategy="1" name="oauth:secret" title="OAuth Secret" class="form-control" placeholder="OAuth Secret">
</div>
<div class="form-group">
<input type="text" data-strategy="1" name="oauth:reqTokenUrl" title="Token Request URL" class="form-control" placeholder="Token Request URL">
</div>
<div class="form-group">
<input type="text" data-strategy="1" name="oauth:accessTokenUrl" title="Access Token URL" class="form-control" placeholder="Access Token URL">
</div>
<div class="form-group">
<input type="text" data-strategy="1" name="oauth:authUrl" title="Authorization URL" class="form-control" placeholder="Authorization URL">
</div>
<div class="form-group">
<input type="text" data-strategy="2" name="oauth2:id" title="Client ID" class="form-control input-lg" placeholder="Client ID">
</div>
<div class="form-group">
<input type="text" data-strategy="2" name="oauth2:secret" title="Client Secret" class="form-control" placeholder="Client Secret">
</div>
<div class="form-group">
<input type="text" data-strategy="2" name="oauth2:authUrl" title="Authorization URL" class="form-control" placeholder="Authorization URL">
</div>
<div class="form-group">
<input type="text" data-strategy="2" name="oauth2:tokenUrl" title="Token URL" class="form-control" placeholder="Token URL">
</div>
<div class="form-group">
<input type="text" name="oauth:userProfileUrl" title="User Profile URL" class="form-control" placeholder="User Profile URL">
</div>
</div>
</form>
<button class="btn btn-lg btn-primary" type="button" id="save">Save</button>
<script>
require(['settings'], function(Settings) {
Settings.load('sso-oauth', $('.sso-oauth-settings'), function() {
var OAuthType = $('[name="oauth:type"]').val();
toggleFields(OAuthType);
});
$('#save').on('click', function() {
Settings.save('sso-oauth', $('.sso-oauth-settings'));
});
});
var toggleFields = function(value) {
if (value === '1') {
$('[data-strategy="2"]').hide();
$('[data-strategy="1"]').show();
} else if (value === '2') {
$('[data-strategy="1"]').hide();
$('[data-strategy="2"]').show();
} else {
$('[data-strategy]').hide();
}
}
toggleFields(false);
$('[name="oauth:type"]').on('change', function() {
toggleFields(this.value);
})
</script>

3070
yarn.lock Normal file

File diff suppressed because it is too large Load Diff