Generic OAuth provider support

Refactors facebook login into oauth generic login

Adds additional oauth2 providers

adds ability to pass an oAuth validator in the config

Adds Twitter validation support + OAuth 1 client

Support auth_token instead of access_token for twitter

Improves code coverage of OAuth

Adds validation of oauth provider structures

Better coverage of the OAuth spec

100% coverage of OAuth1.js

Adds passing auth_token_secret for Twitter auth.

Refactors auth validation methods to include authData parameter

- Adds ability to extens oauth validator through configuration
- Adds ability to extend oauth validator through external module (file or package)
- Adds more tests
- Adds tests to login with custom auth provider

Adds more tests for REST API

fixes twitter auth_token

f

src/oauth/OAuth1Client.js

@@ -0,0 +1,226 @@
+var https = require('https'),
+  crypto = require('crypto');
+
+var OAuth = function(options) {
+  this.consumer_key = options.consumer_key;
+  this.consumer_secret = options.consumer_secret;
+  this.auth_token = options.auth_token;
+  this.auth_token_secret = options.auth_token_secret;
+  this.host = options.host;
+  this.oauth_params = options.oauth_params || {};
+};
+
+OAuth.prototype.send = function(method, path, params, body){
+
+  var request = this.buildRequest(method, path, params, body);
+  // Encode the body properly, the current Parse Implementation don't do it properly
+  return new Promise(function(resolve, reject) {
+    var httpRequest = https.request(request, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to make an OAuth request');
+    });
+    if (request.body) {
+    	httpRequest.write(request.body);
+    }
+    httpRequest.end();
+  });
+};
+
+OAuth.prototype.buildRequest = function(method, path, params, body) {
+  if (path.indexOf("/") != 0) {
+    path = "/"+path;
+  }
+  if (params && Object.keys(params).length > 0) {
+    path += "?" + OAuth.buildParameterString(params);
+  }
+
+  var request = {
+    host:   this.host,
+    path: 	path,
+    method: method.toUpperCase()
+  };
+
+  var oauth_params = this.oauth_params || {};
+  oauth_params.oauth_consumer_key = this.consumer_key;
+  if(this.auth_token){
+    oauth_params["oauth_token"] = this.auth_token;
+  }
+
+  request = OAuth.signRequest(request, oauth_params, this.consumer_secret,  this.auth_token_secret);
+
+  if (body && Object.keys(body).length > 0) {
+    request.body = OAuth.buildParameterString(body);
+  }
+  return request;
+}
+
+OAuth.prototype.get = function(path, params) {
+	return this.send("GET", path, params);
+}
+
+OAuth.prototype.post = function(path, params, body) {
+	return this.send("POST", path, params, body);
+}
+
+/*
+	Proper string %escape encoding
+*/
+OAuth.encode = function(str) {
+  //       discuss at: http://phpjs.org/functions/rawurlencode/
+  //      original by: Brett Zamir (http://brett-zamir.me)
+  //         input by: travc
+  //         input by: Brett Zamir (http://brett-zamir.me)
+  //         input by: Michael Grier
+  //         input by: Ratheous
+  //      bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
+  //      bugfixed by: Brett Zamir (http://brett-zamir.me)
+  //      bugfixed by: Joris
+  // reimplemented by: Brett Zamir (http://brett-zamir.me)
+  // reimplemented by: Brett Zamir (http://brett-zamir.me)
+  //             note: This reflects PHP 5.3/6.0+ behavior
+  //             note: Please be aware that this function expects to encode into UTF-8 encoded strings, as found on
+  //             note: pages served as UTF-8
+  //        example 1: rawurlencode('Kevin van Zonneveld!');
+  //        returns 1: 'Kevin%20van%20Zonneveld%21'
+  //        example 2: rawurlencode('http://kevin.vanzonneveld.net/');
+  //        returns 2: 'http%3A%2F%2Fkevin.vanzonneveld.net%2F'
+  //        example 3: rawurlencode('http://www.google.nl/search?q=php.js&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a');
+  //        returns 3: 'http%3A%2F%2Fwww.google.nl%2Fsearch%3Fq%3Dphp.js%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dcom.ubuntu%3Aen-US%3Aunofficial%26client%3Dfirefox-a'
+
+  str = (str + '')
+    .toString();
+
+  // Tilde should be allowed unescaped in future versions of PHP (as reflected below), but if you want to reflect current
+  // PHP behavior, you would need to add ".replace(/~/g, '%7E');" to the following.
+  return encodeURIComponent(str)
+    .replace(/!/g, '%21')
+    .replace(/'/g, '%27')
+    .replace(/\(/g, '%28')
+    .replace(/\)/g, '%29')
+    .replace(/\*/g, '%2A');
+}
+
+OAuth.signatureMethod = "HMAC-SHA1";
+OAuth.version = "1.0";
+
+/*
+	Generate a nonce
+*/
+OAuth.nonce = function(){
+    var text = "";
+    var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+    for( var i=0; i < 30; i++ )
+        text += possible.charAt(Math.floor(Math.random() * possible.length));
+
+    return text;
+}
+
+OAuth.buildParameterString = function(obj){
+	var result = {};
+
+	// Sort keys and encode values
+	if (obj) {
+		var keys = Object.keys(obj).sort();
+
+		// Map key=value, join them by &
+		return keys.map(function(key){
+			return key + "=" + OAuth.encode(obj[key]);
+		}).join("&");
+	}
+
+	return "";
+}
+
+/*
+	Build the signature string from the object
+*/
+
+OAuth.buildSignatureString = function(method, url, parameters){
+	return [method.toUpperCase(), OAuth.encode(url), OAuth.encode(parameters)].join("&");
+}
+
+/*
+	Retuns encoded HMAC-SHA1 from key and text
+*/
+OAuth.signature = function(text, key){
+	crypto = require("crypto");
+	return OAuth.encode(crypto.createHmac('sha1', key).update(text).digest('base64'));
+}
+
+OAuth.signRequest = function(request, oauth_parameters, consumer_secret, auth_token_secret){
+	oauth_parameters = oauth_parameters || {};
+
+	// Set default values
+	if (!oauth_parameters.oauth_nonce) {
+		oauth_parameters.oauth_nonce = OAuth.nonce();
+	}
+	if (!oauth_parameters.oauth_timestamp) {
+		oauth_parameters.oauth_timestamp = Math.floor(new Date().getTime()/1000);
+	}
+	if (!oauth_parameters.oauth_signature_method) {
+		oauth_parameters.oauth_signature_method = OAuth.signatureMethod;
+	}
+	if (!oauth_parameters.oauth_version) {
+		oauth_parameters.oauth_version = OAuth.version;
+	}
+
+	if(!auth_token_secret){
+		auth_token_secret="";
+	}
+	// Force GET method if unset
+	if (!request.method) {
+		request.method = "GET"
+	}
+
+	// Collect  all the parameters in one signatureParameters object
+	var signatureParams = {};
+	var parametersToMerge = [request.params, request.body, oauth_parameters];
+	for(var i in parametersToMerge) {
+		var parameters = parametersToMerge[i];
+		for(var k in parameters) {
+			signatureParams[k] = parameters[k];
+		}
+	}
+
+	// Create a string based on the parameters
+	var parameterString = OAuth.buildParameterString(signatureParams);
+
+	// Build the signature string
+	var url = "https://"+request.host+""+request.path;
+
+	var signatureString = OAuth.buildSignatureString(request.method, url, parameterString);
+	// Hash the signature string
+	var signatureKey = [OAuth.encode(consumer_secret), OAuth.encode(auth_token_secret)].join("&");
+
+	var signature = OAuth.signature(signatureString, signatureKey);
+
+	// Set the signature in the params
+	oauth_parameters.oauth_signature = signature;
+	if(!request.headers){
+		request.headers = {};
+	}
+
+	// Set the authorization header
+	var signature = Object.keys(oauth_parameters).sort().map(function(key){
+		var value = oauth_parameters[key];
+		return key+'="'+value+'"';
+	}).join(", ")
+
+	request.headers.Authorization = 'OAuth ' + signature;
+
+	// Set the content type header
+	request.headers["Content-Type"] = "application/x-www-form-urlencoded";
+	return request;
+
+}
+
+module.exports = OAuth;

src/oauth/facebook.js

@@ -0,0 +1,57 @@
+// Helper functions for accessing the Facebook Graph API.
+var https = require('https');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  return graphRequest('me?fields=id&access_token=' + authData.access_token)
+    .then((data) => {
+      if (data && data.id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Facebook auth is invalid for this user.');
+    });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId(appIds, access_token) {
+  if (!appIds.length) {
+    throw new Parse.Error(
+      Parse.Error.OBJECT_NOT_FOUND,
+      'Facebook auth is not configured.');
+  }
+  return graphRequest('app?access_token=' + access_token)
+    .then((data) => {
+      if (data && appIds.indexOf(data.id) != -1) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Facebook auth is invalid for this user.');
+    });
+}
+
+// A promisey wrapper for FB graph requests.
+function graphRequest(path) {
+  return new Promise(function(resolve, reject) {
+    https.get('https://graph.facebook.com/v2.5/' + path, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to validate this access token with Facebook.');
+    });
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/oauth/github.js

@@ -0,0 +1,51 @@
+// Helper functions for accessing the github API.
+var https = require('https');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  return request('user', authData.access_token)
+    .then((data) => {
+      if (data && data.id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Github auth is invalid for this user.');
+    });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+// A promisey wrapper for api requests
+function request(path, access_token) {
+  return new Promise(function(resolve, reject) {
+    https.get({
+      host: 'api.github.com',
+      path: '/' + path,
+      headers: {
+        'Authorization': 'bearer '+access_token,
+        'User-Agent': 'parse-server'
+      }
+    }, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to validate this access token with Github.');
+    });
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/oauth/google.js

@@ -0,0 +1,44 @@
+// Helper functions for accessing the google API.
+var https = require('https');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  return request("tokeninfo?access_token="+authData.access_token)
+    .then((response) => {
+      if (response && response.user_id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Google auth is invalid for this user.');
+    });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+// A promisey wrapper for api requests
+function request(path) {
+  return new Promise(function(resolve, reject) {
+    https.get("https://www.googleapis.com/oauth2/v1/" + path, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to validate this access token with Google.');
+    });
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/oauth/index.js

@@ -0,0 +1,17 @@
+var facebook = require('./facebook');
+var instagram = require("./instagram");
+var linkedin = require("./linkedin");
+var meetup = require("./meetup");
+var google = require("./google");
+var github = require("./github");
+var twitter = require("./twitter");
+
+module.exports = {
+	facebook: facebook,
+	github: github,
+	google: google,
+	instagram: instagram,
+	linkedin: linkedin, 
+	meetup: meetup,
+	twitter: twitter
+}

src/oauth/instagram.js

@@ -0,0 +1,44 @@
+// Helper functions for accessing the instagram API.
+var https = require('https');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  return request("users/self/?access_token="+authData.access_token)
+    .then((response) => {
+      if (response && response.data && response.data.id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Instagram auth is invalid for this user.');
+    });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+// A promisey wrapper for api requests
+function request(path) {
+  return new Promise(function(resolve, reject) {
+    https.get("https://api.instagram.com/v1/" + path, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to validate this access token with Instagram.');
+    });
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/oauth/linkedin.js

@@ -0,0 +1,51 @@
+// Helper functions for accessing the linkedin API.
+var https = require('https');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  return request('people/~:(id)', authData.access_token)
+    .then((data) => {
+      if (data && data.id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Meetup auth is invalid for this user.');
+    });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+// A promisey wrapper for api requests
+function request(path, access_token) {
+  return new Promise(function(resolve, reject) {
+    https.get({
+      host: 'api.linkedin.com',
+      path: '/v1/' + path,
+      headers: {
+        'Authorization': 'Bearer '+access_token,
+        'x-li-format': 'json'
+      }
+    }, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to validate this access token with Linkedin.');
+    });
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/oauth/meetup.js

@@ -0,0 +1,50 @@
+// Helper functions for accessing the meetup API.
+var https = require('https');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  return request('member/self', authData.access_token)
+    .then((data) => {
+      if (data && data.id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Meetup auth is invalid for this user.');
+    });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+// A promisey wrapper for api requests
+function request(path, access_token) {
+  return new Promise(function(resolve, reject) {
+    https.get({
+      host: 'api.meetup.com',
+      path: '/2/' + path,
+      headers: {
+        'Authorization': 'bearer '+access_token
+      }
+    }, function(res) {
+      var data = '';
+      res.on('data', function(chunk) {
+        data += chunk;
+      });
+      res.on('end', function() {
+        data = JSON.parse(data);
+        resolve(data);
+      });
+    }).on('error', function(e) {
+      reject('Failed to validate this access token with Meetup.');
+    });
+  });
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};

src/oauth/twitter.js

@@ -0,0 +1,30 @@
+// Helper functions for accessing the meetup API.
+var OAuth = require('./OAuth1Client');
+var Parse = require('parse/node').Parse;
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData, options) {
+  var client = new OAuth(options);
+  client.host = "api.twitter.com";
+  client.auth_token = authData.auth_token;
+  client.auth_token_secret = authData.auth_token_secret;
+  
+  return client.get("/1.1/account/verify_credentials.json").then((data) => {
+    if (data && data.id == authData.id) {
+      return;
+    }
+    throw new Parse.Error(
+      Parse.Error.OBJECT_NOT_FOUND,
+      'Twitter auth is invalid for this user.');
+  });
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId() {
+  return Promise.resolve();
+}
+
+module.exports = {
+  validateAppId: validateAppId,
+  validateAuthData: validateAuthData
+};