Replaces Google with MediaWiki OAuth

package.co

@@ -42,7 +42,7 @@ dependencies                    :
     'nib'                       : '== 0.4.0'
 
     'passport'                  : '== 0.1.16'
-    'passport-google'           : '== 0.3.0'
+    'passport-mediawiki-oauth'  : '== 0.1.0'
 
 devDependencies                 : 
     'coco'                      : '== 0.9.x'
@@ -54,7 +54,7 @@ devDependencies                 :
     'uglify-js'                 : '>= 1.2.x'
 
 scripts                         : 
-    test                        : 'phantomjs test/phantom.runner.js http://localhost:8081/test 3'
+    test                        : 'phantomjs test/phantom.runner.js http://localhost:5000/test 3'
     start                       : 'coke server'
 repository                      : type:'git', url:'git://github.com/wikimedia/limn.git'
 

package.json

@@ -44,7 +44,7 @@
     "stylus": "== 0.27.2",
     "nib": "== 0.4.0",
     "passport": "== 0.1.16",
-    "passport-google": "== 0.3.0"
+    "passport-mediawiki-oauth": "== 0.1.0"
   },
   "devDependencies": {
     "coco": "== 0.9.x",
@@ -56,7 +56,7 @@
     "uglify-js": ">= 1.2.x"
   },
   "scripts": {
-    "test": "phantomjs test/phantom.runner.js http://localhost:8081/test 3",
+    "test": "phantomjs test/phantom.runner.js http://localhost:5000/test 3",
     "start": "coke server"
   },
   "repository": {

server/file-controller.co

@@ -99,7 +99,8 @@ class FileBackedController extends Controller
         return data
 
     isAuthorized: (req) ->
-        return req.user and _ LIMN_CONFIG.emails_allowed_to_save .contains req.user.email
+        # ids_allowed_to_save is a list of the global mediawiki ids that have rights to save
+        return req.user and _ LIMN_CONFIG.ids_allowed_to_save .contains req.user.id
 
 
 module.exports = exports = FileBackedController

server/middleware.co

@@ -47,23 +47,20 @@ REV = process.env.LIMN_REV or 'HEAD'
 /**
  * For authentication via passport js and OAuth
  */
-helpers         = {}
-users           = {}
-passport        = require 'passport'
-GoogleStrategy  = require 'passport-google' .Strategy;
+users               = {}
+passport            = require 'passport'
+MediaWikiStrategy   = require 'passport-mediawiki-oauth' .OAuthStrategy;
 
 passport.serializeUser (user, done) -> done(null, user.id)
 passport.deserializeUser (id, done) -> done(null, users[id])
 
-passport.use 'google', new GoogleStrategy(
+passport.use 'mediawiki', new MediaWikiStrategy(
     {
-        returnURL: LIMN_CONFIG.web.redirect_uris[0],
-        realm: LIMN_CONFIG.web.javascript_origins[0]
+        consumerKey: LIMN_CONFIG.mediawiki.consumerKey,
+        consumerSecret: LIMN_CONFIG.mediawiki.consumerSecret,
+        callbackURL: LIMN_CONFIG.mediawiki.callbackURL
     },
-    #User.findOrCreate({ openId: identifier }, (err, user) -> done(err, user))
-    (identifier, profile, done) ->
-        profile.id = identifier
-        profile.email = profile.emails[0].value
+    (token, tokenSecret, profile, done) ->
         user = users[profile.id] ?= profile
         done(null, user)
 )
@@ -352,18 +349,22 @@ application = limn.application =
         @get '/test', (req, res) ->
             res.render 'test'
 
-        # Redirect the user to Google for authentication.  When complete, Google
+        # Redirect the user to MediaWiki for authentication.  When complete, MediaWiki
         # will redirect the user back to the application at
-        #     /auth/google/callback
-        @get '/auth/google', passport.authenticate('google')
+        #     /auth/mediawiki/callback
+        @get '/auth/mediawiki', (req, res) ~>
+            req.session.next = req.header('Referer') or '/'
+            passport.authenticate('mediawiki') ...
 
-        # Google will redirect the user to this URL after authentication.  Finish
+        # MediaWiki will redirect the user to this URL after authentication.  Finish
         # the process by verifying the assertion.  If valid, the user will be
         # logged in.  Otherwise, authentication has failed.
-        @get '/auth/google/callback', passport.authenticate('google', {
-            successRedirect: '/',
-            failureRedirect: '/auth/google'
-        })
+        @get '/auth/mediawiki/callback', passport.authenticate('mediawiki', {
+            failureRedirect: '/auth/mediawiki'
+        }), (req, res) ->
+            next = req.session.next
+            req.session.next = null
+            res.redirect next or '/'
 
         @get '/logout', (req, res) ->
             req.logout()

server/server.co

@@ -34,7 +34,7 @@ app.use express.errorHandler { +dumpExceptions, +showStack }
 
 mainfile = path.basename require.main?.filename
 if require.main is module or 'Cokefile' is mainfile
-    PORT = 8081
+    PORT = 5000
     PORT = parseInt(that, 10) if process.env.LIMN_PORT
 
     NODE_ENV    = process.env.NODE_ENV    or 'development'

src/graph/graph-create-view.co

@@ -148,7 +148,7 @@ class exports.GraphCreateView extends View
             .fail (data, message, response) ->
                 switch response.status
                     case 403
-                        limn.error "Not Saved.  Please sign in (top right of this page)"
+                        limn.error "Not Saved.  Please sign in with an authorized user"
                     case 409
                         limn.error "Not Saved.  Graph '#{@slug()}' already exists"
                     default

test/run_headless

@@ -5,5 +5,5 @@ git clone git://github.com/wikimedia/limn-data.git ../limn-data
 coke -v ./var -d ../../../../limn-data -t example link_data
 
 # starts the server, gives it a sec to fire up, runs that file I linked with phantomjs, then cleans up the server process
-export LIMN_PORT=8081
+export LIMN_PORT=5000
 npm start & sleep 3 && npm test ; killall node

views/login.jade

@@ -1,6 +1,6 @@
 if isAuthenticated
-    span Welcome #{user.name.givenName}
+    span Welcome #{user.displayName}
      
     a.not-client-side(href='/logout') (sign out)
 else
-    a.not-client-side(href='/auth/google', target="_blank") sign in
+    a.not-client-side(href='/auth/mediawiki') sign in