bnoguchi / everyauth Goto Github PK

I'm not sure if I'm missing something in the implementation, but I'm getting errors using the LinkedIn module.

User's click the link to login and get redirected to the LinkedIn login page as expected. If they grant access to the application, there are no problems. However; if they cancel or reject the application, an error is thrown. Specifically, it complains about line 46 of linkedin.js, which is part of the convertErr method - specifically parsing a JSON response. The problem is there is no JSON response from LinkedIn. The user is sent back to the redirect URL with the oauth_problem=user_refused attribute appended.

Here's the error dump to the Node console:

SyntaxError: Unexpected token ILLEGAL
    at Object.parse (native)
    at /usr/local/lib/node_modules/everyauth/lib/modules/linkedin.js:46:21
    at /usr/local/lib/node_modules/everyauth/lib/step.js:97:21
    at [object Object].fail (/usr/local/lib/node_modules/everyauth/lib/promise.js:52:24)
    at /usr/local/lib/node_modules/everyauth/lib/modules/oauth.js:151:24
    at /usr/local/lib/node_modules/oauth/lib/oauth.js:345:22
    at IncomingMessage.<anonymous> (/usr/local/lib/node_modules/oauth/lib/oauth.js:312:11)
    at IncomingMessage.emit (events.js:81:20)
    at HTTPParser.onMessageComplete (http.js:133:23)
    at CleartextStream.ondata (http.js:1226:22)

Here's the code I'm using:

var usersByLinkedinId = {};
everyauth.linkedin
  .myHostname('http://' + domain)
  .consumerKey( linkedin.appKey )
  .consumerSecret( linkedin.appSecret )
  .authorizePath('/uas/oauth/authenticate')
  .callbackPath('/auth/linkedin/callback')
  .findOrCreateUser( function (sess, accessToken, accessSecret, linkedinUser) {
    return usersByLinkedinId[linkedinUser.id] || (usersByLinkedinId[linkedinUser.id] = linkedinUser);
  })
  .redirectPath('/');

Furthemore, I originally tried to add a handleAuthCallbackError before I noticed that was only implemented in the OAuth2 module, not OAuth that the LinkedIn module leverages.

So there are two things. One, am I doing something wrong here? It appears there may be bug or I'm simply too sleep derived to see the obvious. Second, it would be nice if there were an error handler in both OAuth modules to maintain consistency.

Thanks for all the work on everyauth!

I'm using everyauth v 0.2.2

Step getAccessToken of `facebook` module timed out.
Error: Step getAccessToken of `facebook` module timed out.
    at /home/user/project/node_modules/everyauth/lib/step.js:101:18
    at Object.<anonymous> (/home/user/project/node_modules/everyauth/lib/promise.js:63:27)
    at Timer.callback (timers.js:83:39)

• I've tried logging out of Facebook before hitting the /login oauth entry point. It still times-out.
• I've tried testing on other user accounts. It still times-out.

I restarted my node app.js, and then it worked. After playing with it (logging in/ logging out), it would time out again until i restart the node app.

I did this on 3 servers (identical EC2 images of each other), and they all had the same result. (In other words, after logging in/out for many times, it times out until I restart the server)

Any help? thanks a lot!

It looks like the user object found or created by findOrCreateUser is being thrown away by the oAuth2 module.

Starting at line 191 of oauth2.js:

.addToSession( function (sess, auth) {
  var _auth = sess.auth || (sess.auth = {})
    , mod = _auth[this.name] || (_auth[this.name] = {});
  _auth.loggedIn = true;
  _auth.userId || (_auth.userId = auth.user.id);
  mod.user = auth.oauthUser;
  mod.accessToken = auth.accessToken;
  // this._super() ?
})

mod.user is set to auth.oauthUser, auth.user is never used as far as I can tell.

Hi,

I've got everyauth up and running but I was unable to get the user variable working as expected.

The docs say:

To access the user, configure everyauth.everymodule.findUserById. For example, using mongoose:

So I have taken your example and got it working for "everymodule"

https://gist.github.com/1a00376d28eb95fdf1b0

But this does the same this for each auth type, meaning I have a pretty dodgy if statement in "findUserById"

Ideally I would like to specify the findeUserById function per auth type:

The following code does not work, is there a way to get it working?

https://gist.github.com/1018545

Thanks

I'm trying to write up a netflix oauth module, but one of the steps requires that you use https://api-user.netflix.com/oauth/login rather than http://api.netflix.com for the .authorizePath() function.

Is there a simple way to do this that I'm missing or would you like me to issue a pull request to allow .requestTokenPath(), .authorizePath() and .accessTokenPath() to accept either the path or the entire protocol://domain/path for these unique cases?

Thanks!
slickplaid

In issue #12 you talk about overriding sendResponse. Unless I am mistaken, this step is not available on the 'password' authentication strategy. Is there any way to redirect back to a particular URL if you're using the password strategy?

Steps to reproduce:

1. Use a view engine that is NOT Jade (I'm using ejs).
2. Break the Google auth request (e.g., remove the required scope() setting -- https://github.com/bnoguchi/everyauth/blob/master/example/server.js#L181)
3. Make a google auth request. The request fails and everyauth tries unsuccesfully to render the views/auth-fail.jade template.

Hi,
I'm trying to use mongoose-auth for my application, but I'm getting an error when I add in password auth and I try to register. This is the stack trace I get:

TypeError: Cannot read property 'sanitize' of undefined
    at Object._validateRegistrationBase (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/modules/password.js:284:40)
    at Object.exec (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/step.js:48:21)
    at /home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/stepSequence.js:19:38
    at [object Object].callback (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/promise.js:13:12)
    at RouteTriggeredSequence._bind (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/stepSequence.js:18:20)
    at RouteTriggeredSequence.start (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/stepSequence.js:45:33)
    at RouteTriggeredSequence.routeHandler (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/lib/routeTriggeredSequence.js:16:13)
    at Object.<anonymous> (native)
    at nextMiddleware (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/middleware/router.js:175:25)
    at param (/home/v/coopmap/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/middleware/router.js:183:16)

This doesn't make a lot of sense to me. Does anyone know what the problem is? I might be doing something wrong, but even if that's the case, it shouldn't fail with such a cryptic message. I can provide more info if necessary.

Very useful module, but need some tricks if using with facebook apps authentication (i mean using canvas[iframe] page).

two issues:

• when calling faceboom.com/dialog/oauth, we must set redirect_uri to 'CANVAS_PAGE' = apps.facebook.com/[app_name]
  but for entrypath, it must be http://[my_hostname]/[entry_path]

can not being set like below, causing error=119 not valid redirect_uri
everyauth.facebook.entryPath = http://[my_hostname]/entry_path]
everyauth.facebook.callbackPath = http://apps.facebook.com/[app_name]
because both entryPath and callbackPath construct url by concat myHostname() + entryPath() or callbackPath()

my workaround for this is to hard code redirect_uri but it is not the way it must be.

• because canvas is in iframe, we must call facebook.com/dialog/oauth with top.location.href not just with 303 header.

even for these issues, it still works great for very painful auth coding.

I tried running the example server. It works fine with facebook, but it crashes with google (same as #16) and yahoo, which gives me:

starting step - getRequestToken
...finished step7
starting step - storeRequestToken
...finished step
starting step - redirectToProviderAuth
...finished step
starting step - extractTokenAndVerifier
...finished step
starting step - getSession
...finished step
starting step - rememberTokenSecret
...finished step
starting step - getAccessToken
...finished step
starting step - fetchOAuthUser

/cygdrive/c/Users/vincent/Documents/devel/test-case/node_modules/everyauth/lib/modules/everymodule.js:350
  throw err;
  ^
[object Object]

I'm using everyauth through mongoose-auth, which is working fine with 0.2.10 but failing like this with 0.2.11:

500 TypeError: Cannot read property '_methods' of undefined
at Object.registerReqGettersAndMethods as handle
at next (/Users/jh/1/lightgetsin/lightgetsin/node_modules/everyauth/node_modules/connect/lib/http.js:204:15)
at HTTPServer.handle (/Users/jh/1/lightgetsin/lightgetsin/node_modules/everyauth/node_modules/connect/lib/http.js:217:3)
at Object.handle (/Users/jh/1/lightgetsin/lightgetsin/node_modules/express/node_modules/connect/lib/http.js:112:14)
at next (/Users/jh/1/lightgetsin/lightgetsin/node_modules/express/node_modules/connect/lib/http.js:204:15)
at /Users/jh/1/lightgetsin/lightgetsin/node_modules/express/node_modules/connect/lib/middleware/session.js:322:9
at /Users/jh/1/lightgetsin/lightgetsin/node_modules/express/node_modules/connect/lib/middleware/session.js:337:9
at Array.0 (/Users/jh/1/lightgetsin/lightgetsin/node_modules/express/node_modules/connect/lib/middleware/session/memory.js:57:7)
at EventEmitter._tickCallback (node.js:126:26)

I am wondering if you are going to add openID to the list of auth methods - It will mean that a larger choice of logins can exist perhaps?

Thanks

If I don't want to create a user when I can't find him how do I support that and give the user a message saying he needs to register first?

Promise.fail doesn't do the trick and results in a timeout

Is it possible to implement a function everyauth.getSession(session) where we can pass in a connect/express session manually and get access to a variable containing the user's data?

Right now there is no way to establish a user session except via everyauth.middleware(), which is useless when using socket.io since there never is a express request. However, it is possible to recreate a session using connect in socket.io, but it is impossible to use this session to reconstruct everyauth's data as well.

To replicate:

1. set up everyauth with an express server and invalid Twitter credentials
2. go to /auth/twitter

What happens:

/private/tmp/meat.me/node_modules/everyauth/lib/modules/twitter.js:43
    return new Error(data.data.match(/<error>(.+)<\/error>/)[1]);
                                                            ^
TypeError: Cannot read property '1' of null
    at /private/tmp/meat.me/node_modules/everyauth/lib/modules/twitter.js:43:61
    at /private/tmp/meat.me/node_modules/everyauth/lib/step.js:97:21
    at [object Object].fail (/private/tmp/meat.me/node_modules/everyauth/lib/promise.js:53:24)

The problem is that Twitter is now returning data of the form

{
  "statusCode": 401,
  "data": "Failed to validate oauth signature and token"
}

Thus, data.data does not match /<error>(.+)<\/error>/ and that test returns null.

when using password authentication, one must define getLoginPath, and loginView.
if my understanding is correct this define the login route and eventually override any route already defined for the same path
how can I define more options for the rendering, like specifying custom layout, pass some data to the template, rendering different format, or redirect if user is already logged in without breaking everyauth plugin ?

I am trying to integrate everyauth with the Basecamp API, which follows an API url scheme of https://#{yourbasecampaccount}.basecamphq.com/#{resource}/#{representation}.xml

So if I have two people with different accounts, the API URL for each of them is different.

How do I resolve this when oauth2.js asks for 'apiHost: 'e.g., https://graph.facebook.com' ?

This may not be an issue, it may just be me not understanding express and/or everyauth well enough yet. But, it seems like the default error behavior will cause an uncaughtException, which will either let the process crash, or can be caught with process.on("uncaughtException"...), but without a response to write to, the process will hang.

Are there established techniques for handling errors gracefully when everyauth is handling the req/res lifecycle?

Sorry if I missed this, but is there a recommended way to handle user denials? That is - user clicks on the login with [xxx] link, then clicks "don't allow" in the app. When I try this with Facebook, I get a 500 response with this error on the console:

Step getCode of `facebook` is promising: code ; however, the step returns nothing. Fix the step by returning the expected values OR by returning a Promise that promises said values.' }

Maybe a configurable "denial" handler? I suppose the default redirect could work (leaving the subsequence request to sort out whether or not the user is authenticated,) but something more flexible would be nice. But right now neither is the case, it just errors out.

My first guess was that i forgot about the express session middleware but it's setup and working (req.session exists)...

starting step - getRequestToken
...finished step
starting step - storeRequestToken
...finished step
starting step - redirectToProviderAuth
...finished step
starting step - extractTokenAndVerifier
...finished step
starting step - getSession
...finished step
starting step - rememberTokenSecret

node.js:134
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: Step rememberTokenSecret of twitter is promising: requestTokenSecret ; however, the step returns nothing. Fix the step by returning the expected values OR by returning a Promise that promises said values.

I think that would be useful have a function to recover and setting new passwords (in password login).
Something like login or register views.
For example, this is the code for configure the login view:

getLoginPath: '/login',
postLoginPath: '/login',
loginView: 'login.jade'

And that can be the code for configure the recover password view:

getRecoverPath: '/lostPassword',
postRecoverPath: '/lostPassword',
recoverView: 'recoverPassword.jade'

What do you think?

Hi Brian -

After a few-week hiatus working on my app, I now have a couple of problems with facebook connect, not sure if it's on their, my, or your side.

1. Despite my using http throughout (including facebook configs), facebook is now redirecting to an https version of my url. Is that a change on your side? If not it must be something they did over there.
2. When I setup and run SSL to receive the above redirect, I now get this error on the console:

ReferenceError: ret is not defined
    at Object.exec (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/lib/step.js:77:18)
    at RouteTriggeredSequence.start (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/lib/stepSequence.js:39:39)
    at RouteTriggeredSequence.routeHandler (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/lib/routeTriggeredSequence.js:16:13)
    at Object.<anonymous> (native)
    at nextMiddleware (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/middleware/router.js:175:25)
    at param (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/middleware/router.js:183:16)
    at pass (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/middleware/router.js:191:10)
    at Object.router [as handle] (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/middleware/router.js:197:6)
    at next (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/node_modules/connect/lib/http.js:198:15)
    at Object.fetchUserFromSession [as handle] (/usr/local/tixelated/node_modules/mongoose-auth/node_modules/everyauth/index.js:37:27)

That error is accompanied by a call to moduleErrorback - the error object passed to that is:

{ stack: [Getter/Setter],
  arguments: [ 'constructor', undefined ],
  type: 'non_object_property_load',
  message: [Getter/Setter] }
{ stack: [Getter/Setter],
  arguments: undefined,
  type: undefined,
  message: 'Step getAuthUri of `facebook` is promising: authUri ; however, the step returns nothing. Fix the step by returning the expected values OR by returning a Promise that promises said values.' }

Any thoughts? I've literally changed no configs or implementation around these two (I'm also using mongoose-auth)

When I run server.js, other steps except the ones below never completes. I don't get any error, but I believe I don't get the twitterUser either. Any idea why?

// debug steps

starting step - getRequestToken
...finished step
starting step - storeRequestToken
...finished step
starting step - redirectToProviderAuth
...finished step

// code

var express = require('express')
, everyauth = require('everyauth')
, conf = require('./conf');

everyauth.debug = true;

var usersByTwitId = {};

everyauth
.twitter
.myHostname('http://local.host:3000')
.consumerKey(conf.twit.consumerKey)
.consumerSecret(conf.twit.consumerSecret)
.findOrCreateUser( function (sess, accessToken, accessSecret, twitUser) {
return usersByTwitId[twitUser.id] || (usersByTwitId[twitUser.id] = twitUser);
})
.redirectPath('/');

var app = express.createServer(
express.bodyParser()
, express.static(__dirname + "/public")
, express.cookieParser()
, express.session({ secret: 'htuayreve'})
, everyauth.middleware()
);

app.configure( function () {
app.set('view engine', 'jade');
});

// Dynamic Helpers for the client
app.dynamicHelpers({
session: function(req, res) {
return req.session;
},
flash: function(req, res) {
return req.flash();
}
});

app.get('/', function(req, res) {
res.render('index');
});

everyauth.helpExpress(app);

// Only listen on $ node app.js
if (!module.parent) {
app.listen(3000);
console.log("Express server listening on port %d", app.address().port);
}

Hi,

When I run the website normally, everything works fine. No errors, no nothing. But awkwardly, when I "view source", this error pops up all the time.

This is the code that it fails on:

function checkUserExists(req, res, next){
    var params = req.localparams;
    if(!req.to_user){
        params.note = "The user does not exist.";
        res.render('notice',params);
    }else{
        next();
    }
}
exports.newRoomCheckUserExists = newRoomCheckUserExists;

Awkwardly, when I change res.render to res.send("user does not exist. try again") ...everything is fine, and the error disappears.

I have similar code all over my app. However, this error appears whenever I "view source" of any page. Even if that page does not utilize this function.

Any ideas? Thanks!

How can I logout an individual service, for example I am currently logging in using Twitter and Facebook, how can I just logout of Twitter ?

Installing [email protected] shows extraneous dependency [email protected].

When using yahoo in a server with Connect and everyauth I am getting this error when going to /auth/yahoo

/root/local/lib/node/.npm/everyauth/0.2.17/package/lib/modules/everymodule.js:350
throw err;
^
undefined

my code for yahoo is:

everyauth.yahoo
.consumerKey(yahooConsumerKey)
.consumerSecret(yahooConsumerSecret)
.findOrCreateUser( function (session, accessToken, accessTokenSecret, yahooUserMetadata) {
sys.log("Authenticated from yahoo " + util.inspect(yahooUserMetadata));
session.from = "yahoo";
var promise = this.Promise();
/*RegisterOrLogin(yahooUserMetadata.email, "", yahooUserMetadata.id, session, function(result)
{
...

})
.entryPath('/auth/yahoo')
.callbackPath(yahooCallbackAddress);

findOrCreateUser is not called.

$ git clone https://github.com/bnoguchi/everyauth.git
$ cd everyauth
$ npm install
$ cd example
$ node server.js

node.js:116
throw e; // process.nextTick error, or 'error' event on first tick
^
TypeError: Object # has no method 'router'
at Object.middleware (/Users/balupton/Dropbox/Server/public_html/sandbox/everyauth/index.js:33:15)
at Object. (/Users/balupton/Dropbox/Server/public_html/sandbox/everyauth/example/server.js:105:15)
at Module._compile (module.js:380:26)
at Object..js (module.js:386:10)
at Module.load (module.js:312:31)
at Function._load (module.js:273:12)
at Array. (module.js:399:10)
at EventEmitter._tickCallback (node.js:108:26)

The README.md is getting rather long. Would breaking it into smaller parts with links to the specific modules' README.md be a better solution? Possibly creating a github hosted website for everyauth (such as connect, coffescript, etc. do)?

Best to have a docs/ folder to house the parts? Ideas? Concerns?

Hi,

Everyauth is working quite nicely for me now. The one bit of functionality that I cannot figure out is how to redirect the user back to the page from which they requested login.

I know I can change the redirect value:

.redirectPath('/HARDCODED/PATH');

But that will change it for every request. I very specifically want to redirect the user back to their originating page:

So when Bob clicks login from:

/page1/blah

he is returned to:

/page1/blah

but when Jane logs in from:

/page2/blah

she should be returned to:

/page2/blah

after login.

I guess I could do this with a cookie but just thought I would check if everyauth has this capability built in.

Thanks for all the work. Everyauth looks like a really nice auth module.

Simon

With nodejs 0.4.10 and everyauth 0.2.17 I get the following error while debugging with node-inspector.
I guess there should be some code which detects if someone is debugging and the timeout should be set appropriately.

/home/user/stuff/node_modules/everyauth/lib/modules/everymodule.js:350
  throw err;
  ^
Error: Step authenticate of `password` module timed out.
    at /home/user/stuff/node_modules/everyauth/lib/step.js:119:18
    at Object.<anonymous> (/home/user/stuff/node_modules/everyauth/lib/promise.js:64:27)
    at Timer.callback (timers.js:83:39)

The 'openid' dependencies from 0.1.0 -> 0.1.2 are broken via (my latest) NPM because of malformed json.

See:
https://github.com/havard/node-openid/blob/v0.1.0/package.json
https://github.com/havard/node-openid/blob/v0.1.2/package.json

Of course now would be a good time to update to v0.2.0.

$ cd example
$ node server.js
open http://local.host:3000 in my chrome browser
facebook, twitter and google work fine
but when I click on the dropbox auth image, I see this lines in terminal

starting step - getRequestToken
...finished step
starting step - storeRequestToken
...finished step
starting step - redirectToProviderAuth
...finished step
starting step - getRequestToken
...finished step
starting step - storeRequestToken
...finished step
starting step - redirectToProviderAuth
...finished step
starting step - extractTokenAndVerifier
breaking out to handleDuplicateCallbackRequest
starting step - waitForPriorRequestToWriteSession

Error: Step waitForPriorRequestToWriteSession of dropbox module timed out.

https://developers.facebook.com/docs/plugins/registration/advanced/

Live example: http://www.friend.ly/signup

I want to implement login function with everyauth and mysql db, it's very simple and normal as spring security.
It have two column：email and password in the user table.
But the node.js reuqired mysql is async callback.
The code is :

getUserInfo = function(user) {
            console.log("============== getUserInfo ==============: "
                    + new Date());

            var email = user.email;
            var passwd = user.password;

            console.log("email:" + email + ",passwd:" + passwd);
            var sql = "SELECT email, passwd FROM USER WHERE email = ? AND passwd = ? ";
            var params = [];
            params.push(email);
            params.push(passwd);
            db.query(sql, params, function(err, rows) {
                if (rows && rows.length > 0) {
                    var user = rows[0];
                    return user;
                }
            });
        };

everyauth.password.loginWith('email').getLoginPath('/login')
                .postLoginPath('/login').loginView('search/login')
                .authenticate(function(login, password) {

                    console.log("login:" + login);
                    console.log("password:" + password);

                    var errors = [];
                    if (!login || !password || errors.length) {
                        errors.push('The email or password must be provided.');
                        return errors;
                    }
                    var userInfo = {
                        email : login,
                        password : password
                    };
                    var promise = this.Promise();
                    getUserInfo(userInfo, function(user, err) {
                        if (err)
                            return promise.fulfill([ err ]);
                        promise.fulfill(user);
                    });
                    return promise;
                                        }).getRegisterPath('/register').postRegisterPath('/register')
                .registerView('search/login').validateRegistration(
                        function(newUserAttrs, errors) {
                            var login = newUserAttrs.login;
                            if (usersByLogin[login])
                                errors.push('Login already taken');
                            return errors;
                        }).registerUser(function(newUserAttrs) {
                    var login = newUserAttrs[this.loginKey()];
                    return usersByLogin[login] = this.addUser(newUserAttrs);
                }).loginSuccessRedirect('/').registerSuccessRedirect('/');

But It's have some error for me:

/Users/yangwn/Applications/https/todo/node_modules/everyauth/lib/modules/everymodule.js:350
  throw err;
  ^
Error: Step authenticate of `password` module timed out.
    at /Users/yangwn/Applications/https/todo/node_modules/everyauth/lib/step.js:119:18
    at Object.<anonymous> (/Users/yangwn/Applications/https/todo/node_modules/everyauth/lib/promise.js:64:27)
    at Timer.callback (timers.js:83:39)

Thanks very much!

Some APIs (I know of at least twitter) allow the calling app to specify the callback URL, that will be used. This is very useful for development where the app URL may not match the settings in the twitter account. The node-oauth package supports this parameter and it works well with twitter, but I didn't see a way to pass that through with everyauth (or in turn mongoose-auth). I haven't dug into the code to see if this works, but isn't documented, or if it's not implemented at all, but it would be a nice feature to have (and document).

hello
i've got a single page layout so basicaly everything has the same template.

i cant pass a static object to the loginLocals because it depends on the userRole whats in the locals..
so i am trying to configure the loginLocals with a function which returns the locals but this fails with
-> Your locals function must have arity 2 or 3
would it be possible to make loginLocals accept a function?

everyauth:
{ postLoginPath: '/login'
, loginView: 'layout.jade'
, loginLocals : function(){return {"arr":"brr"}} <<<
, loginSuccessRedirect: '/'
, postRegisterPath: '/register'
, registerView: 'layout.jade'
, registerLocals : {}
, registerSuccessRedirect: '/' }

Hi Brian,

I'm trying to find how to use every-auth with express and nowjs. Is this possible?

After searching in several forums, it seems that the req object is not present in nowjs and the best way to link express sessions and nowjs is by sending the cookie id and recreate the session in nowjs.
In the workflow bellow I don't know how to do step 4.

Workflow:
(1) User logs in using express / every-auth:

...................
everyauth: {
         ..............
          , authenticate: function (login, password) {
              var promise
              , errors = [];

            if (!login) errors.push('Missing login.');
            if (!password) errors.push('Missing password.');
            if (errors.length) return errors;

            promise = this.Promise();
            this.User()().authenticate(login, password, function (err, user) {
              if (err) {
                errors.push(err.message || err);
                return promise.fulfill(errors);
              }
              if (!user) {
                errors.push('Failed login.');
                return promise.fulfill(errors);
              }

              // The following block is the new code
              if (user.state != 1) {
                errors.push('You are not yet activated.');
                return promise.fulfill(errors);
              }

              promise.fulfill(user);
            });
            return promise;
          }
        }
    }
...................

(2) User opens chat page where connection is made to nowjs.

chat.jade:

script
    $(document).ready(function(){
        now.name = prompt("What's your name?", "");
        ......
    });
...................

app.js

...................
var nowjs = require('now');
var everyone = nowjs.initialize(app);

nowjs.on('connect', function(){
    console.log("Joined: " + this.now.name);
});

nowjs.on('disconnect', function(){
    console.log("Left: " + this.now.name);
});
...................

(3) Send cookie id.

chat.jade

script
    $(document).ready(function(){
        .......
        now.send($.cookie());
    });
...................

app.js

................
everyone.now.setId = function(session_id){
    console.log("Session id: " + session_id);
};
...................

(4) Rebuild user.

?????

(5) Start sending and receiving messages.

chat.jade:

script
    $(document).ready(function(){
        .............
        now.receiveMessage = function(name, message){
            $("#messages").append("<br>" + name + ": " + message)
        }
        $("#send-button").click(function(){
            now.distributeMessage($("#text-input").val());
            $("#text-input").val("");
        });
    });

div.messages
    input(type="text", id="text-input")
    input(type="button", value="Send", id="send-button")

app.js

...................
....
everyone.now.distributeMessage = function(message){
    everyone.now.receiveMessage(this.now.name, message);
};
...................

Can you help me?
Thanks in advance.
Best regards,
Migrate

Example code: https://gist.github.com/9022490fd5e98d2cf98d

A little background on my setup:

The server.js file starts up the express app and passes it along to many "services", which is defined in my service.js file. My service is the one including the everyauth module and handling all the logic for it.

starting step - getCode
...finished step
starting step - getAccessToken
DEBUG:

DEBUG: /users/project/drtw/node_modules/everyauth/lib/step.js:87

DEBUG: throw err;
^

DEBUG: Error: Step getAccessToken of github module timed out.
at /users/project/drtw/node_modules/everyauth/lib/step.js:101:18
at Object. (/users/project/drtw/node_modules/everyauth/lib/promise.js:63:27)
at Timer.callback (timers.js:83:39)

Getting the following when I try to "npm install everyauth"

npm ERR! Unsupported
npm ERR! Not compatible with your version of node/npm: [email protected]
npm ERR! Required: {"node":"0.4.x"}
npm ERR! Actual: {"npm":"1.0.10","node":"v0.5.0-pre"}
npm ERR!
npm ERR! System Darwin 10.7.0
npm ERR! command "node" "/usr/local/bin/npm" "install" "everyauth"

Will this be updated to support 0.5x?

in example,
when I use google oauth, error occured in callback.
and my code is same.

starting step - getAuthUri
...finished step
starting step - requestAuthUri
...finished step
starting step - getCode
...finished step
starting step - getAccessToken

/Users/Outsider/Documents/Projects/Node/everyauth/lib/modules/everymodule.js:350
  throw err;
  ^
Error: Step getAccessToken of `google` module timed out.
    at /Users/Outsider/Documents/Projects/Node/everyauth/lib/step.js:110:18
    at Object.<anonymous> (/Users/Outsider/Documents/Projects/Node/everyauth/lib/promise.js:63:27)
    at Timer.callback (timers.js:83:39)

From what I understand, when using blowfish, the salt is the first 29 characters, so you don't need to store the salt separately from the hash. This is what I see in the db right now:

"salt": "$2a$10$oOE4pu123id0h6YOY8Igbe",
"hash": "$2a$10$oOE4pu123id0h6YOY8Igbe5OaWzloJ3y3UltFcGlbWE9DQ4Vn32eS",

It just seems redundant.

Hi,

I've got a project in express that is using connect's vhost middleware to split up sites by region, so that I have region1.example.com, region2.example.com, etc. Please forgive my code in advance, I am by no means a JS expert - I have something like the following:

var app = express.createServer();

/* Middleware additions snipped */

function generateAuth(hostname) {
    var auth = require('everyauth');
    /*
     * Configuration snipped - configured with myHostname(hostname)
     */
    return auth;
}

for (region in REGIONS) {
    var site = createExpressSite();
    // Function that runs express.createServer(), adds middleware, sets routes

    var auth = generateAuth(getHostname(region));
    site.use(auth.middleware());
    auth.helpExpress(site);
    app.use(express.vhost(getHostname(region), site));  // Add vhost
}

app.listen(3000);

This isn't the full code obviously, but hopefully you get the idea. I'm trying to set up everyauth for each vhost, but whenever I attempt to authenticate, only the last hostname from the REGIONS array is used. Is there any way to configure an instance of everyauth for a single express/connect server object? Thanks in advance for any insight you can give - great project!

Cheers

The example twitter app fails and the node.js app exits and stops running, when a user declines to give access to the application. I checked some of the library modules, and a fallback functionality is available for facebook and google, but not for twitter.

The signature for findOrCreateUser in the facebook connect example is wrong:

.findOrCreateUser( function (session, accessToken, fbUserMetadata) {
    // find or create user logic goes here
  })

The step in the oauth2 module states:

.step('findOrCreateUser')
      //.optional()
      .accepts('session accessToken extra oauthUser')
      .promises('user')

So findOrCreateUser takes four parameters, the third being an "extra" parameter. The OAuth user is the fourth argument. So the example should read:

.findOrCreateUser( function (session, accessToken, extra, fbUserMetadata) {
    // find or create user logic goes here
  })

Otherwise, fbUserMetadata will be 'null' for facebook connect.

Looking over the openid.js implementation, it appears as if it is pretty hard-coded for use as part of googlehybrid. There are several configurables which have nothing to do with openid, for example, and the URL to authenticate at is a hard-coded string.

I was going to generalize this module for my use, but wasn't sure if there was some reason for having the "extra" stuff in it. I'm new to node/step/promise/etc and so my code-reading skills aren't 100% yet.

For example, should openid.js have oauthHost, requestTokenPath, accessTokenPath, authorizePath, consumerKey/Secret, etc in it at all? (i.e. I feel they belong in the googlehybrid object.)

I can't figure out where callbackPath is made configurable, but is used like one in .definit(). Or does .get() make them configurable too.

Apologies in advance if these are dumb questions. If there's a doc site for any of this just point me there.

So I don't know if this is a bug or a support request, I've tried everything but I'm at a loss..

everyauth.twitter
    .myHostname('http://util.it.arcadia.edu:8000')
    .consumerKey(app.settings.oauthConsumerKey)
    .consumerSecret(app.settings.oauthConsumerSecret)
    .authorizePath('/oauth/authenticate')
    .findOrCreateUser( function (session, accessToken, accessTokenSecret, twitterUserMetadata) {
      var promise = this.Promise();
      app.User.findOne({username: twitterUserMetadata.screen_name }, function(err, user) {
        if (!user) {
          var user = new app.User({
              username  :   twitterUserMetadata.screen_name
            , picture   :   twitterUserMetadata.profile_image_url
            , newUser       :   true
          })
        }
        promise.fulfill(user);
      });
      return promise;
    })
    .redirectPath('/login');

That code doesn't throw any errors, so I assume it's satisfied with the fulfilled promise. The problem is req.user is never being created. req.session.auth has reported that everything is logged in ok. Is there something I'm missing?

Thanks!

When logged in via Twitter, the view helper everyauth.twitter.user.id works. However, the other two mentioned in the title (as seen in the documentation area Express Helpers) cause an error: "Cannot read property 'id' of undefined"

I'm trying to use the OpenId module of everyauth in combination with hyves.nl which is a OpenId provider.
It seems to work for stackexchange as the provider but not for hyves.

I tried this from the example as well. Using 'hyves.nl' as the OpenId identifier I would expect to get a hyves.nl login screen or something like i get when using for example openid.stackexchange.com.

It logs:
starting step - sendToAuthenticationUri
...finished step

and timesout after a long period with a 'connection closed'