Adding OAuth2 & SAML authentication, fixes #10, & fixes #12

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Change Log
 
+## 0.7.0
+- Added `OAuth2`, & `SAML` authentication
+
 ## 0.6.1
 - Upgrading turtle.io to 3.0.15 for etag middleware fix (out of order execution negated it)
 

config.json

@@ -26,11 +26,23 @@
 			"client_secret": "",
 			"scope": null
 		},
+		"oauth2": {
+			"enabled": false,
+			"auth": null,
+			"auth_url": "",
+			"token_url": "",
+			"client_id": "",
+			"client_secret": ""
+		},
 		"local": {
 			"enabled": false,
 			"auth": null,
 			"middleware": null
 		},
+		"saml": {
+			"enabled": false,
+			"auth": null
+		},
 		"twitter": {
 			"enabled": false,
 			"auth": null,

lib/tenso.js

@@ -6,13 +6,13 @@
  * @license BSD-3 <https://raw.github.com/avoidwork/tenso/master/LICENSE>
  * @link http://avoidwork.github.io/tenso
  * @module tenso
- * @version 0.6.0
+ * @version 0.6.1
  */
 ( function () {
 "use strict";
 
 var turtleio = require( "turtle.io" ),
-    SERVER   = "tenso/0.6.0",
+    SERVER   = "tenso/0.6.1",
     CONFIG   = require( __dirname + "/../config.json" ),
     keigai   = require( "keigai" ),
     util     = keigai.util,
@@ -31,6 +31,8 @@ var turtleio = require( "turtle.io" ),
     FacebookStrategy = require( "passport-facebook" ).Strategy,
     GoogleStrategy   = require( "passport-google" ).Strategy,
     LinkedInStrategy = require( "passport-linkedin" ).Strategy,
+    OAuth2Strategy   = require( "passport-oauth2" ).Strategy,
+    SAMLStrategy     = require( "passport-saml" ).Strategy,
     TwitterStrategy  = require( "passport-twitter" ).Strategy,
     RedisStore       = require( "connect-redis" )( session ),
     REGEX_HYPERMEDIA = /_(guid|uuid|id|url|uri)$/,
@@ -52,7 +54,7 @@ function Tenso () {
 	this.rates        = {};
 	this.server       = turtleio();
 	this.server.tenso = this;
-	this.version      = "0.6.0";
+	this.version      = "0.6.1";
 }
 
 /**
@@ -457,6 +459,53 @@ function auth ( obj, config ) {
 				obj.server.get( "/auth/linkedin/callback", redirect );
 			}
 
+			if ( config.auth.oauth2.enabled ) {
+				passport.use( new OAuth2Strategy( {
+						authorizationURL: config.auth.oauth2.auth_url,
+						tokenURL        : config.auth.oauth2.token_url,
+						clientID        : config.auth.oauth2.client_id,
+						clientSecret    : config.auth.oauth2.client_secret,
+						callbackURL     : realm + "/auth/oauth2/callback"
+					}, function ( accessToken, refreshToken, profile, done ) {
+						config.auth.oauth2.auth( accessToken, refreshToken, profile, function ( err, user ) {
+							if ( err ) {
+								return done( err );
+							}
+
+							done( null, user );
+						} );
+					}
+				) );
+
+				obj.server.get( "/auth/oauth2", passport.authenticate( "oauth2" ) );
+				obj.server.get( "/auth/oauth2/callback", passport.authenticate( "oauth2", {failureRedirect: "/login"} ) );
+				obj.server.get( "/auth/oauth2/callback", redirect );
+			}
+
+			if ( config.auth.saml.enabled ) {
+				( function () {
+					var config = config.auth.saml;
+
+					config.callbackURL = realm + "/auth/saml/callback";
+					delete config.enabled;
+
+					passport.use( new SAMLStrategy( config, function ( accessToken, refreshToken, profile, done ) {
+							config.auth.saml.auth( accessToken, refreshToken, profile, function ( err, user ) {
+								if ( err ) {
+									return done( err );
+								}
+
+								done( null, user );
+							} );
+						}
+					) );
+				} )();
+
+				obj.server.get( "/auth/saml", passport.authenticate( "saml" ) );
+				obj.server.get( "/auth/saml/callback", passport.authenticate( "saml", {failureRedirect: "/login"} ) );
+				obj.server.get( "/auth/saml/callback", redirect );
+			}
+
 			if ( config.auth.twitter.enabled ) {
 				passport.use( new TwitterStrategy( {
 						consumerKey   : config.auth.twitter.consumer_key,
@@ -493,7 +542,7 @@ function auth ( obj, config ) {
 				} )();
 			}
 
-			config.routes.get["/login"] = {login_uri: "/auth"};
+			config.routes.get["/login"] = config.auth.saml.enabled ? {login_uri: "/auth", instruction: "POST username/password to authenticate"} : {login_uri: "/auth"};
 			config.routes.get["/logout"] = function ( req, res ) {
 				if ( req.session.authorized || req.session.isAuthorized() ) {
 					req.session.destroy();

package.json

@@ -33,11 +33,13 @@
     "cookie-parser": "1.3.2",
     "express-session": "^1.7.2",
     "passport": "0.2.0",
+    "passport-oauth2": "1.1.2",
     "passport-facebook": "1.0.3",
     "passport-google": "0.3.0",
     "passport-http": "0.2.2",
     "passport-http-bearer": "1.0.1",
     "passport-linkedin": "0.1.3",
+    "passport-saml": "0.5.2",
     "passport-twitter": "1.0.2",
     "connect-redis": "2.0.0",
     "lusca": "1.0.1"

src/auth.js

@@ -293,6 +293,53 @@ function auth ( obj, config ) {
 				obj.server.get( "/auth/linkedin/callback", redirect );
 			}
 
+			if ( config.auth.oauth2.enabled ) {
+				passport.use( new OAuth2Strategy( {
+						authorizationURL: config.auth.oauth2.auth_url,
+						tokenURL        : config.auth.oauth2.token_url,
+						clientID        : config.auth.oauth2.client_id,
+						clientSecret    : config.auth.oauth2.client_secret,
+						callbackURL     : realm + "/auth/oauth2/callback"
+					}, function ( accessToken, refreshToken, profile, done ) {
+						config.auth.oauth2.auth( accessToken, refreshToken, profile, function ( err, user ) {
+							if ( err ) {
+								return done( err );
+							}
+
+							done( null, user );
+						} );
+					}
+				) );
+
+				obj.server.get( "/auth/oauth2", passport.authenticate( "oauth2" ) );
+				obj.server.get( "/auth/oauth2/callback", passport.authenticate( "oauth2", {failureRedirect: "/login"} ) );
+				obj.server.get( "/auth/oauth2/callback", redirect );
+			}
+
+			if ( config.auth.saml.enabled ) {
+				( function () {
+					var config = config.auth.saml;
+
+					config.callbackURL = realm + "/auth/saml/callback";
+					delete config.enabled;
+
+					passport.use( new SAMLStrategy( config, function ( accessToken, refreshToken, profile, done ) {
+							config.auth.saml.auth( accessToken, refreshToken, profile, function ( err, user ) {
+								if ( err ) {
+									return done( err );
+								}
+
+								done( null, user );
+							} );
+						}
+					) );
+				} )();
+
+				obj.server.get( "/auth/saml", passport.authenticate( "saml" ) );
+				obj.server.get( "/auth/saml/callback", passport.authenticate( "saml", {failureRedirect: "/login"} ) );
+				obj.server.get( "/auth/saml/callback", redirect );
+			}
+
 			if ( config.auth.twitter.enabled ) {
 				passport.use( new TwitterStrategy( {
 						consumerKey   : config.auth.twitter.consumer_key,
@@ -329,7 +376,7 @@ function auth ( obj, config ) {
 				} )();
 			}
 
-			config.routes.get["/login"] = {login_uri: "/auth"};
+			config.routes.get["/login"] = config.auth.saml.enabled ? {login_uri: "/auth", instruction: "POST username/password to authenticate"} : {login_uri: "/auth"};
 			config.routes.get["/logout"] = function ( req, res ) {
 				if ( req.session.authorized || req.session.isAuthorized() ) {
 					req.session.destroy();

src/intro.js

@@ -21,6 +21,8 @@ var turtleio = require( "turtle.io" ),
     FacebookStrategy = require( "passport-facebook" ).Strategy,
     GoogleStrategy   = require( "passport-google" ).Strategy,
     LinkedInStrategy = require( "passport-linkedin" ).Strategy,
+    OAuth2Strategy   = require( "passport-oauth2" ).Strategy,
+    SAMLStrategy     = require( "passport-saml" ).Strategy,
     TwitterStrategy  = require( "passport-twitter" ).Strategy,
     RedisStore       = require( "connect-redis" )( session ),
     REGEX_HYPERMEDIA = /_(guid|uuid|id|url|uri)$/,

www/css/style.css

@@ -1,2 +1 @@
 html,body{min-height:100%}body{background:#fffff;color:#00000;font:12px Arial;margin:10px}
-/*# sourceMappingURL=style.css.map */