Merge pull request #9 from DmitrySumaroka/master

Auth-proxy to work with passport-drupal and Drupal OAuth authentication strategy

default.config.yaml

@@ -17,3 +17,6 @@ verbose: false
 loginPath: /login
 logoutPath: /proxy-logout
 indexPath: /
+routeWhiteList:
+  - '/css/bootstrap.css'
+  - '/img/glyphicons-halflings.png'

examples/config/DrupalOAuth.yaml

@@ -0,0 +1,10 @@
+authenticationStrategies:
+  DrupalOAuth:
+    providerURL: "http://yourdruplasite.com/"
+    consumerKey: "YOUR_KEY"
+    consumerSecret: "YOUR_SECRET"
+    requestTokenURL: "http://yourdruplasite.com/oauth/request_token"
+    accessTokenURL: "http://yourdruplasite.com/oauth/access_token"
+    userAuthorizationURL: "http://yourdruplasite/oauth/authorize"
+    resourceURL: "http://yourdruplasite/rest/system/connect/user/info"
+    resourceEndpoint: "rest/system/connect" # <-- thats the default

examples/config/GoogleOauth2.yaml

@@ -1,10 +1,9 @@
 authenticationStrategies:
   GoogleOAuth2:
     # Note this option does not work with `@gmail.com` addresses, you would need to leave it empty.
-    allowedDomains:
-      - "howardtyson.com"
+    allowedDomains: YOUR_DOMAINS
     # Note if you leave this empty and populate only the domain everyone in your apps domain will have access.
-    allowedEmails:
-      - "howard@howardtyson.com"
+    allowedEmails: YOUR_EMAILS
     googleClientId: CHANGE ME
     googleClientSecret: CHAGNE ME
+

lib/plugins/DrupalOAuth.js

@@ -0,0 +1,54 @@
+
+DStrategy = require('passport-drupal').DrupalStrategy;
+
+module.exports = {};
+module.exports.attach = function(passport, app, config, pluginConfig, logger) {
+
+  passport.use(new DStrategy({
+    consumerKey: pluginConfig.consumerKey, 
+    consumerSecret: pluginConfig.consumerSecret,
+    providerURL: pluginConfig.providerURL, 
+    resourceEndpoint: config.resourceEndpoint, // <---- optional. Defaults to `rest/system/connect`
+    callbackURL: config.host + ":" + config.port + "/auth/drupal/callback",
+    requestTokenURL: pluginConfig.requestTokenURL,
+    accessTokenURL: pluginConfig.accessTokenURL,
+    userAuthorizationURL: pluginConfig.userAuthorizationURL,
+    resourceURL: pluginConfig.resourceURL
+  },
+    function(token, tokenSecret, profile, done) {
+      profile.oauth = { token: token, token_secret: tokenSecret };
+      done(null, profile);
+    }
+  ));
+
+  config.routeWhiteList.push('/auth/drupal');
+  config.routeWhiteList.push('/auth/drupal/callback');
+
+  app.get('/auth/drupal',
+    passport.authenticate('drupal'),
+    function(req, res) {
+      // The request will be redirected to the Drupal website for
+      // authentication, so this function will not be called.
+  });
+
+  app.get('/auth/drupal/callback',
+    passport.authenticate('drupal', { failureRedirect: config.loginPath }),
+    function(req, res) {
+      if (req.session.redirectTo) {
+          res.redirect(req.session.redirectTo);
+
+      }else{
+          res.redirect('/');
+      }
+  });
+
+
+  app.get('/error', function(req, res) {
+    res.writeHead(200);
+    res.end("Could not sign in");
+  });
+}
+module.exports.renderLogin = function() {
+  return '<a href="/auth/drupal">Login with Drupal</a>';
+};
+

lib/plugins/GoogleOAuth2.js

@@ -16,6 +16,9 @@ module.exports.attach = function(passport, app, config, pluginConfig, logger) {
     return checkEmails && pluginConfig.allowedEmails.indexOf(email) !== -1;
   }
 
+  // Attach our routes used for authentication to the whitelist allowing unauthed users to reach them.
+  config.routeWhiteList('/auth/google');
+  config.routeWhiteList('/oauth2callback');
 
   // Use the GoogleStrategy within Passport.
   //   Strategies in Passport require a `verify` function, which accept
@@ -80,3 +83,4 @@ module.exports.attach = function(passport, app, config, pluginConfig, logger) {
 module.exports.renderLogin = function() {
   return '<a href="/auth/google">Login with Google</a>';
 };
+

lib/plugins/MockAuth.js

@@ -26,6 +26,7 @@ module.exports.MockStrategy = MockStrategy;
 
 module.exports.attach = function(passport, app, config, pluginConfig, logger) {
   passport.use(new MockStrategy({}));
+  config.routeWhiteList('/mockAuth');
   app.get('/mockAuth', passport.authenticate('mock'), function(req, res, next) {
     res.redirect('/');
   });

lib/plugins/index.js

@@ -2,4 +2,5 @@ var path = require('path');
 module.exports = {
   MockAuth: require(path.join(__dirname, 'MockAuth')),
   GoogleOAuth2: require(path.join(__dirname, 'GoogleOAuth2')),
+  DrupalOAuth: require(path.join(__dirname, 'DrupalOAuth')),
 };

lib/routes.js

@@ -43,5 +43,9 @@ module.exports = function(app, authenticationStrategies, config) {
     res.redirect('https://' + host + '/');
   });
 
+  app.get('/error', function(req, res) {
+    res.writeHead(200);
+    res.end("Could not sign in");
+  });
 
 }

lib/server.js

@@ -141,6 +141,7 @@ function configure(confPath, done) {
     var defaults = yaml.safeLoad(defaults);
     ConfigLoader.load(defaults, confPath, function(error, localConfig) {
       if (error) return done(error);
+      localConfig.routeWhiteList.push(localConfig.loginPath);
       var routes = [];
       for (i in localConfig.routes) {
         routes.push(new Route(localConfig.routes[i]));
@@ -241,17 +242,8 @@ function stop(done) {
 // Check whether the url is in a white-list of paths that do
 // not require authentication.
 function inURLWhiteList(url) {
-  // TODO: Add configured auth paths dynacmially.
-  var whiteList = [
-    config.loginPath,
-    '/mockAuth',
-    '/auth/google',
-    '/oauth2callback',
-    '/css/bootstrap.css',
-    '/img/glyphicons-halflings.png'
-  ];
   var url = url.split('?')[0];
-  return whiteList.indexOf(url) !== -1;
+  return config.routeWhiteList.indexOf(url) !== -1;
 }
 
 // Simple route middleware to ensure user is authenticated.

npm-debug.log

@@ -0,0 +1,27 @@
+0 info it worked if it ends with ok
+1 verbose cli [ '/usr/bin/node', '/usr/bin/npm', 'start' ]
+2 info using npm@1.4.21
+3 info using node@v0.10.30
+4 verbose node symlink /usr/bin/node
+5 verbose run-script [ 'prestart', 'start', 'poststart' ]
+6 info prestart auth-proxy@0.0.0
+7 info start auth-proxy@0.0.0
+8 verbose unsafe-perm in lifecycle true
+9 info auth-proxy@0.0.0 Failed to exec start script
+10 error auth-proxy@0.0.0 start: `bin/auth-proxy`
+10 error Exit status 8
+11 error Failed at the auth-proxy@0.0.0 start script.
+11 error This is most likely a problem with the auth-proxy package,
+11 error not with npm itself.
+11 error Tell the author that this fails on your system:
+11 error     bin/auth-proxy
+11 error You can get their info via:
+11 error     npm owner ls auth-proxy
+11 error There is likely additional logging output above.
+12 error System Linux 3.8.0-29-generic
+13 error command "/usr/bin/node" "/usr/bin/npm" "start"
+14 error cwd /var/www/auth-proxy
+15 error node -v v0.10.30
+16 error npm -v 1.4.21
+17 error code ELIFECYCLE
+18 verbose exit [ 1, true ]

package.json

@@ -8,17 +8,28 @@
     "auth-proxy": "./bin/auth-proxy"
   },
   "dependencies": {
-    "express": "3.9.0",
+    "assert": "~0.4.9",
+    "async": "~0.2.9",
+    "blanket": "~1.1.6",
     "connect-flash": "0.1.x",
+    "connect-redis": "~1.4.5",
+    "coveralls": "~2.7.1",
     "ejs": ">= 0.8.4",
     "ejs-locals": ">= 1.0.2",
-    "passport": ">= 0.0.0",
-    "passport-local": ">= 0.0.0",
+    "express": "3.9.0",
     "http-proxy": "~1.1.4",
-    "request": "~2.12.0",
+    "js-yaml": "~3.0.2",
+    "mocha": "~1.14.0",
+    "mocha-lcov-reporter": "0.0.1",
+    "passport": ">= 0.0.0",
+    "passport-drupal": "^0.3.2",
     "passport-google-oauth": "~0.1.5",
-    "connect-redis": "~1.4.5",
+    "passport-local": ">= 0.0.0",
+    "portfinder": "~0.2.1",
     "redis": "~0.9.0",
+    "request": "~2.12.0",
+    "should": "~2.1.0",
+    "winston": "~0.7.2",
     "winston": "~0.7.2",
     "async": "~0.2.9",
     "portfinder": "~0.2.1",