passport-iveryone
Version:
iVeryOne authentication strategy for Passport.
269 lines (260 loc) • 9.5 kB
JavaScript
/**
* Module dependencies.
*/
var url = require('url')
, util = require('util')
, utils = require('./utils')
, OAuth2Strategy = require('passport-oauth2')
, Profile = require('./profile')
, InternalOAuthError = require('passport-oauth2').InternalOAuthError;
/**
* `Strategy` constructor.
*
* The iVeryOne authentication strategy authenticates requests by delegating to
* iVeryOne using the OAuth 2.0 protocol.
*
* Applications must supply a `verify` callback which accepts an `accessToken`,
* `refreshToken` and service-specific `profile`, and then calls the `done`
* callback supplying a `user`, which should be set to `false` if the
* credentials are not valid. If an exception occured, `err` should be set.
*
* Options:
* - `clientID` your iVeryOne application's Client ID
* - `clientSecret` your iVeryOne application's Client Secret
* - `callbackURL` URL to which iVeryOne will redirect the user after granting authorization
* - `scope` array of permission scopes to request. Valid scopes include:
* 'user', 'public_repo', 'repo', 'gist', or none.
* (see http://developer.iVeryOne.com/v3/oauth/#scopes for more info)
* — `userAgent` All API requests MUST include a valid User Agent string.
* e.g: domain name of your application.
*
* Examples:
*
* passport.use(new iVeryOneStrategy({
* clientID: '123-456-789',
* clientSecret: 'shhh-its-a-secret',
* callbackURL: 'https://www.example.net/auth/iveryone/callback',
* userAgent: 'myapp.com'
* },
* function(accessToken, refreshToken, profile, done) {
* User.findOrCreate(..., function (err, user) {
* done(err, user);
* });
* }
* ));
*
* @param {Object} options
* @param {Function} verify
* @api public
*/
function Strategy(options, verify) {
options = options || {};
let query = `?appkey=${options.clientID}&appsecret=${options.clientSecret}`;
options.authorizationURL = (options.authorizationURL || 'https://openapi.iveryone.wuyan.cn/Oauth2/Authorize') + query;
options.tokenURL = (options.tokenURL || 'https://openapi.iveryone.wuyan.cn/Oauth2/AccessToken') + query;
options.scopeSeparator = options.scopeSeparator || ',';
options.customHeaders = options.customHeaders || {};
if (!options.customHeaders['User-Agent']) {
options.customHeaders['User-Agent'] = options.userAgent || 'passport-iveryone';
}
OAuth2Strategy.call(this, options, verify);
this.name = 'iveryone';
this._userProfileURL = (options.userProfileURL || 'https://openapi.iveryone.wuyan.cn/Api/User/GetInfo') + query;
this._oauth2.useAuthorizationHeaderforGET(false);
this._oauth2.setAccessTokenName('accesstoken');
}
/**
* Inherit from `OAuth2Strategy`.
*/
util.inherits(Strategy, OAuth2Strategy);
/**
* Retrieve user profile from iVeryOne.
*
* This function constructs a normalized profile, with the following properties:
*
* - `provider` always set to `iVeryOne`
* - `id` the user's iVeryOne ID
* - `username` the user's iVeryOne username
* - `displayName` the user's full name
* - `profileUrl` the URL of the profile for the user on iVeryOne
* - `emails` the user's email addresses
*
* @param {String} accessToken
* @param {Function} done
* @api protected
*/
Strategy.prototype.userProfile = function(accessToken, done) {
var self = this;
this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
var json;
// iVeryOne Debug {
// console.log('[Passport DEBUG] request: ', this._userProfileURL, accessToken);
// console.log('[Passport DEBUG] body: ', body);
// }
if (err) {
return done(new InternalOAuthError('Failed to fetch user profile', err));
}
try {
json = JSON.parse(body);
} catch (ex) {
return done(new Error('Failed to parse user profile'));
}
var profile = Profile.parse(json.data);
profile.provider = 'iveryone';
profile._raw = body;
profile._json = json;
done(null, profile);
});
};
Strategy.prototype.authorizationParams = function(options) {
let params = {};
if (options.appuid) {
params.appuid = options.appuid;
}
return params;
};
Strategy.prototype.tokenParams = function(options) {
let params = {};
params.grant_type = 'authorization_code';
return params;
};
/**
* Authenticate request by delegating to a service provider using OAuth 2.0.
*
* @param {Object} req
* @api protected
*/
Strategy.prototype.authenticate = function(req, options) {
options = options || {};
var self = this;
if (req.query && req.query.error) {
if (req.query.error == 'access_denied') {
return this.fail({ message: req.query.error_description });
} else {
return this.error(new AuthorizationError(req.query.error_description, req.query.error, req.query.error_uri));
}
}
var callbackURL = options.callbackURL || this._callbackURL;
if (callbackURL) {
var parsed = url.parse(callbackURL);
if (!parsed.protocol) {
// The callback URL is relative, resolve a fully qualified URL from the
// URL of the originating request.
callbackURL = url.resolve(utils.originalURL(req, { proxy: this._trustProxy }), callbackURL);
}
}
var meta = {
authorizationURL: this._oauth2._authorizeUrl,
tokenURL: this._oauth2._accessTokenUrl,
clientID: this._oauth2._clientId
}
if (req.query && req.query.code) {
function loaded(err, ok, state) {
if (err) { return self.error(err); }
if (!ok) {
return self.fail(state, 403);
}
var code = req.query.code;
var params = self.tokenParams(options);
params.grant_type = 'authorization_code';
if (callbackURL) { params.redirect_uri = callbackURL; }
self._oauth2.getOAuthAccessToken(code, params,
function(err, accessToken, refreshToken, params) {
// iVeryOne Debug {
// console.log('[Passport DEBUG] auth: ', err, accessToken, refreshToken, params);
// }
accessToken = params && params.data && params.data.accesstoken;
if (err || !params || params.errno || params.errmsg || !accessToken) {
return self.error(self._createOAuthError(
params && params.errmsg || 'Failed to obtain access token', err || params
));
}
self._loadUserProfile(accessToken, function(err, profile) {
if (err) { return self.error(err); }
function verified(err, user, info) {
if (err) { return self.error(err); }
if (!user) { return self.fail(info); }
info = info || {};
if (state) { info.state = state; }
self.success(user, info);
}
try {
if (self._passReqToCallback) {
var arity = self._verify.length;
if (arity == 6) {
self._verify(req, accessToken, refreshToken, params, profile, verified);
} else { // arity == 5
self._verify(req, accessToken, refreshToken, profile, verified);
}
} else {
var arity = self._verify.length;
if (arity == 5) {
self._verify(accessToken, refreshToken, params, profile, verified);
} else { // arity == 4
self._verify(accessToken, refreshToken, profile, verified);
}
}
} catch (ex) {
return self.error(ex);
}
});
}
);
}
var state = req.query.state;
try {
var arity = this._stateStore.verify.length;
if (arity == 4) {
this._stateStore.verify(req, state, meta, loaded);
} else { // arity == 3
this._stateStore.verify(req, state, loaded);
}
} catch (ex) {
return this.error(ex);
}
} else {
var params = this.authorizationParams(options);
params.response_type = 'code';
if (callbackURL) { params.redirect_uri = callbackURL; }
var scope = options.scope || this._scope;
if (scope) {
if (Array.isArray(scope)) { scope = scope.join(this._scopeSeparator); }
params.scope = scope;
}
var state = options.state;
if (state) {
params.state = state;
var parsed = url.parse(this._oauth2._authorizeUrl, true);
utils.merge(parsed.query, params);
parsed.query['client_id'] = this._oauth2._clientId;
delete parsed.search;
var location = url.format(parsed);
this.redirect(location);
} else {
function stored(err, state) {
if (err) { return self.error(err); }
if (state) { params.state = state; }
var parsed = url.parse(self._oauth2._authorizeUrl, true);
utils.merge(parsed.query, params);
parsed.query['client_id'] = self._oauth2._clientId;
delete parsed.search;
var location = url.format(parsed);
self.redirect(location);
}
try {
var arity = this._stateStore.store.length;
if (arity == 3) {
this._stateStore.store(req, meta, stored);
} else { // arity == 2
this._stateStore.store(req, stored);
}
} catch (ex) {
return this.error(ex);
}
}
}
};
/**
* Expose `Strategy`.
*/
module.exports = Strategy;