Permalink
Browse files

initial working version

  • Loading branch information...
1 parent 4481007 commit 7bf6672fdddcb18fb9474de165817e76b972f2a6 @jrandall jrandall committed Oct 29, 2012
Showing with 122 additions and 0 deletions.
  1. +13 −0 ep.json
  2. +86 −0 ep_sotauth.js
  3. +23 −0 package.json
View
13 ep.json
@@ -0,0 +1,13 @@
+{
+ "parts": [
+ {
+ "name": "ep_sotauth",
+ "hooks": {
+ "expressConfigure" : "ep_sotauth/ep_sotauth:expressConfigure",
+ "authenticate" : "ep_sotauth/ep_sotauth:authenticate",
+ "authorize" : "ep_sotauth/ep_sotauth:authorize",
+ "handleMessage" : "ep_sotauth/ep_sotauth:handleMessage"
+ }
+ }
+ ]
+}
View
@@ -0,0 +1,86 @@
+var ERR = require("async-stacktrace");
+
+var settings = require('ep_etherpad-lite/node/utils/Settings');
+var exp = require('ep_etherpad-lite/node_modules/express');
+var authorManager = require("ep_etherpad-lite/node/db/AuthorManager");
+
+/* sotauthUsername is set by authenticate and used in messageHandler, keyed on express_sid */
+var sotauthUsername = {};
+
+
+function sotauthSetUsername(token, username) {
+ console.debug('ep_sotauth.sotauthSetUsername: getting authorid for token %s', token);
+ authorManager.getAuthor4Token(token, function(err, author) {
+ if(ERR(err)) {
+ console.debug('ep_sotauth.sotauthSetUsername: error getting author for token %s', token);
+ return;
+ } else {
+ if(author) {
+ console.debug('ep_sotauth.sotauthSetUsername: have authorid %s, setting username to %s', author, username);
+ authorManager.setAuthorName(author, username);
+ } else {
+ console.debug('ep_sotauth.sotauthSetUsername: could not get authorid for token %s', token);
+ }
+ }
+ });
+ return;
+}
+
+
+exports.authenticate = function(hook_name, context, cb) {
+ console.debug('ep_sotauth.authenticate');
+ if (context.req.get('x-forwarded-user')) {
+ var username = context.req.get('x-forwarded-user');
+ var express_sid = context.req.sessionID;
+ console.debug('ep_sotauth.authenticate: have x-forwarded-user = %s for express_sid = %s', username, express_sid);
+ context.req.session.user = username;
+ if (settings.users[username] == undefined) settings.users[username] = {};
+ settings.users[username].username = username;
+ settings.globalUserName = username;
+ console.debug('ep_sotauth.authenticate: deferring setting of username [%s] to CLIENT_READY for express_sid = %s', username, express_sid);
+ sotauthUsername[express_sid] = username;
+ return cb([true]);
+ } else {
+ console.debug('ep_sotauth.authenticate: have no x-forwarded-user for express_sid = %s', express_sid);
+ return cb([false]);
+ }
+}
+
+
+exports.handleMessage = function(hook_name, context, cb) {
+ console.debug("ep_sotauth.handleMessage");
+ if( context.message.type == "CLIENT_READY" ) {
+ if(!context.message.token) {
+ console.debug('ep_sotauth.handleMessage: intercepted CLIENT_READY message has no token!');
+ } else {
+ var client_id = context.client.id;
+ var express_sid = context.client.manager.handshaken[client_id].sessionID;
+ console.debug('ep_sotauth.handleMessage: intercepted CLIENT_READY message for client_id = %s express_sid = %s, setting username for token %s to %s', client_id, express_sid, context.message.token, sotauthUsername);
+ sotauthSetUsername(context.message.token, sotauthUsername[express_sid]);
+ }
+ } else if( context.message.type == "COLLABROOM" && context.message.data.type == "USERINFO_UPDATE" ) {
+ console.debug('ep_sotauth.handleMessage: intercepted USERINFO_UPDATE and dropping it!');
+ return null;
+ }
+ return cb();
+}
+
+
+exports.expressConfigure = function(hook_name, context, cb) {
+ console.debug('ep_sotauth.expressConfigure: setting trust proxy');
+ context.app.enable('trust proxy');
+}
+
+
+exports.authorize = function(hook_name, context, cb) {
+ console.debug('ep_sotauth.authorize');
+ if (context.resource.match(/^\/(static|javascripts|pluginfw|favicon.ico|api)/)) {
+ console.debug('ep_sotauth.authorize: authorizing static path %s', context.resource);
+ return cb([true]);
+ } else {
+ console.debug('ep_sotauth.authorize: passing authorize along for path %s', context.resource);
+ return cb([false]);
+ }
+}
+
+
View
@@ -0,0 +1,23 @@
+{
+ "name": "ep_sotauth",
+ "description": "Hooks into etherpad lite auth to trust that whatever user is set in the X-Forwarded-User HTTP header is an authorised and authenticated user. This is useful when running behind a reverse proxy that handles authentication (such as when using Apache with Shibboleth authentication).",
+ "homepage": "https://github.com/wtsi-hgi/ep_sotauth",
+ "version": "0.0.3",
+ "dependencies": {
+ "log4js" : "0.5.x",
+ "async-stacktrace" : "0.0.2"
+ }
+ "engines": {
+ "node": "*"
+ },
+ "main": "ep_sotauth.js",
+ "scripts": {
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "repository": {
+ "type": "git",
+ "url": "https://github.com/wtsi-hgi/ep_sotauth.git"
+ },
+ "author": "Joshua C. Randall <jcrandall@alum.mit.edu>",
+ "license": "GPLv3"
+}

0 comments on commit 7bf6672

Please sign in to comment.