Merge pull request #642 from RocketChat/custom-oauth

Custom oauth

.meteor/packages

@@ -78,6 +78,5 @@ raix:push@2.6.13-rc.1
 jalik:ufs
 jalik:ufs-gridfs
 monbro:mongodb-mapreduce-aggregation
-accounts-gitlab
-gitlab
+rocketchat:custom-oauth
 rocketchat:gitlab

.meteor/versions

 accounts-base@1.2.0
 accounts-facebook@1.0.4
 accounts-github@1.0.4
-accounts-gitlab@1.0.5-plugins.0
 accounts-google@1.0.4
 accounts-meteor-developer@1.0.4
 accounts-oauth@1.1.5
@@ -32,7 +31,6 @@ fastclick@1.0.3
 francocatena:status@1.3.2
 geojson-utils@1.0.3
 github@1.1.3
-gitlab@1.1.4-plugins.0
 google@1.1.5
 html-tools@1.0.4
 htmljs@1.0.4
@@ -104,6 +102,7 @@ reload@1.1.3
 retry@1.0.3
 rocketchat:autolinker@0.0.1
 rocketchat:colors@0.0.1
+rocketchat:custom-oauth@1.0.0
 rocketchat:emojione@0.0.1
 rocketchat:favico@0.0.1
 rocketchat:file@0.0.1

client/stylesheets/base.less

@@ -3546,9 +3546,6 @@ a.github-fork {
 		padding: 0;
 		-webkit-flex-grow: 1;
 		flex-grow: 1;
-		span {
-			display: none;
-		}
 	}
 }
 

client/views/login/services.coffee

+Meteor.startup ->
+	ServiceConfiguration.configurations.find({custom: true}).observe
+		added: (record) ->
+			new CustomOAuth record.service,
+				serverURL: record.serverURL
+
 Template.loginServices.helpers
 	loginService: ->
 		services = []
 
-		authServices = _.pluck ServiceConfiguration.configurations.find({}, { service: 1 }).fetch(), 'service'
+		authServices = ServiceConfiguration.configurations.find({}, { sort: {service: 1} }).fetch()
 
-		authServices.sort()
 		authServices.forEach (service) ->
-			switch service
+			switch service.service
 				when 'meteor-developer'
 					serviceName = 'Meteor'
 					icon = 'meteor'
@@ -15,10 +20,10 @@ Template.loginServices.helpers
 					icon = 'github-circled'
 				when 'gitlab'
 					serviceName = 'Gitlab'
-					icon = service
+					icon = service.service
 				else
-					serviceName = _.capitalize service
-					icon = service
+					serviceName = _.capitalize service.service
+					icon = service.service
 
 			services.push
 				service: service
@@ -29,7 +34,7 @@ Template.loginServices.helpers
 
 Template.loginServices.events
 	'click .external-login': (e, t)->
-		return unless this.service?
+		return unless this.service?.service?
 
 		loadingIcon = $(e.currentTarget).find('.loading-icon')
 		serviceIcon = $(e.currentTarget).find('.service-icon')
@@ -38,7 +43,7 @@ Template.loginServices.events
 		serviceIcon.addClass 'hidden'
 
 		# login with native facebook app
-		if Meteor.isCordova and this.service is 'facebook'
+		if Meteor.isCordova and this.service.service is 'facebook'
 			Meteor.loginWithFacebookCordova {}, (error) ->
 				loadingIcon.addClass 'hidden'
 				serviceIcon.removeClass 'hidden'
@@ -50,7 +55,7 @@ Template.loginServices.events
 
 				FlowRouter.go 'index'
 		else
-			loginWithService = "loginWith" + (if this.service is 'meteor-developer' then 'MeteorDeveloperAccount' else _.capitalize(this.service))
+			loginWithService = "loginWith" + (if this.service.service is 'meteor-developer' then 'MeteorDeveloperAccount' else _.capitalize(this.service.service))
 			serviceConfig = {}
 			Meteor[loginWithService] serviceConfig, (error) ->
 				loadingIcon.addClass 'hidden'

client/views/login/services.html

@@ -2,7 +2,7 @@
 	{{#if loginService.length}}
 		<div class="social-login">
 			{{#each loginService}}
-				<button type="button" class="button external-login {{service}}"><i class="icon-{{icon}} service-icon"></i><i class="icon-spin4 animate-spin loading-icon hidden"></i><span>{{displayName}}</span></button>
+				<button type="button" class="button external-login {{service.service}}" title="{{displayName}}" style="{{#if service.buttonColor}}background-color:{{service.buttonColor}};{{/if}}{{#if service.buttonLabelColor}}color:{{service.buttonLabelColor}};{{/if}}"><i class="icon-{{icon}} service-icon"></i><i class="icon-spin4 animate-spin loading-icon hidden"></i><span>{{service.buttonLabelText}}</span></button>
 			{{/each}}
 		</div>
 	{{/if}}

i18n/en.i18n.json

@@ -3,26 +3,35 @@
   "Access_Online_Demo" : "Access the Online Demo",
   "Accounts_denyUnverifiedEmail" : "Deny unverified e-mail",
   "Accounts_EmailVerification" : "E-mail Verification",
-  "Accounts_Facebook": "Facebook Login",
-  "Accounts_Facebook_id": "Facebook App Id",
-  "Accounts_Facebook_secret": "Facebook Secret",
-  "Accounts_Github": "GitHub Login",
-  "Accounts_Github_id": "GitHub Id",
-  "Accounts_Github_secret": "GitHub Secret",
-  "Accounts_Google": "Google Login",
-  "Accounts_Google_id": "Google Id",
-  "Accounts_Google_secret": "Google Secret",
-  "Accounts_Linkedin": "LinkedIn Login",
-  "Accounts_Linkedin_id": "LinkedIn Id",
-  "Accounts_Linkedin_secret": "LinkedIn Secret",
-  "Accounts_ManuallyApproveNewUsers" : "Manually aprove new users",
-  "Accounts_Meteor": "Meteor Login",
-  "Accounts_Meteor_id": "Meteor Id",
-  "Accounts_Meteor_secret": "Meteor Secret",
-  "Accounts_RegistrationRequired" : "Registration Required",
-  "Accounts_Twitter": "Twitter Login",
-  "Accounts_Twitter_id": "Twitter Id",
-  "Accounts_Twitter_secret": "Twitter Secret",
+  "Accounts_OAuth_Facebook": "Facebook Login",
+  "Accounts_OAuth_Facebook_id": "Facebook App Id",
+  "Accounts_OAuth_Facebook_secret": "Facebook Secret",
+  "Accounts_OAuth_Github": "GitHub Login",
+  "Accounts_OAuth_Github_id": "GitHub Id",
+  "Accounts_OAuth_Github_secret": "GitHub Secret",
+  "Accounts_OAuth_Google": "Google Login",
+  "Accounts_OAuth_Google_id": "Google Id",
+  "Accounts_OAuth_Google_secret": "Google Secret",
+  "Accounts_OAuth_Linkedin": "LinkedIn Login",
+  "Accounts_OAuth_Linkedin_id": "LinkedIn Id",
+  "Accounts_OAuth_Linkedin_secret": "LinkedIn Secret",
+  "Accounts_OAuth_ManuallyApproveNewUsers" : "Manually aprove new users",
+  "Accounts_OAuth_Meteor": "Meteor Login",
+  "Accounts_OAuth_Meteor_id": "Meteor Id",
+  "Accounts_OAuth_Meteor_secret": "Meteor Secret",
+  "Accounts_OAuth_RegistrationRequired" : "Registration Required",
+  "Accounts_OAuth_Twitter": "Twitter Login",
+  "Accounts_OAuth_Twitter_id": "Twitter Id",
+  "Accounts_OAuth_Twitter_secret": "Twitter Secret",
+  "Accounts_OAuth_Custom_ID": "ID",
+  "Accounts_OAuth_Custom_URL": "URL",
+  "Accounts_OAuth_Custom_Token_Path": "Token Path",
+  "Accounts_OAuth_Custom_Identity_Path": "Identity Path",
+  "Accounts_OAuth_Custom_Secret": "Secret",
+  "Accounts_OAuth_Custom_Enable": "Enable",
+  "Accounts_OAuth_Custom_Button_Label_Text": "Button Text",
+  "Accounts_OAuth_Custom_Button_Label_Color": "Button Text Color",
+  "Accounts_OAuth_Custom_Button_Color": "Button Color",
   "Add_Members" : "Add Members",
   "Add_users" : "Add users",
   "Administration" : "Administration",

packages/accounts-gitlab/README.md

-# accounts-gitlab
-
-A login service for Gitlab. Courtesy of the [Rocket.Chat](https://rocket.chat/) open source communications platform. See the [project page](https://www.meteor.com/accounts) on Meteor Accounts for more details.

packages/accounts-gitlab/gitlab.js

-Accounts.oauth.registerService('gitlab');
-
-if (Meteor.isClient) {
-  Meteor.loginWithGitlab = function(options, callback) {
-    // support a callback without options
-    if (! callback && typeof options === "function") {
-      callback = options;
-      options = null;
-    }
-
-    var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback);
-    Gitlab.requestCredential(options, credentialRequestCompleteCallback);
-  };
-} else {
-  Accounts.addAutopublishFields({
-    forLoggedInUser: ['services.gitlab'],
-    forOtherUsers: ['services.gitlab.username']
-  });
-}

packages/accounts-gitlab/package.js

-Package.describe({
-  summary: "Login service for Gitlab accounts",
-  version: "1.0.5-plugins.0"
-});
-
-Package.onUse(function(api) {
-  api.use('accounts-base', ['client', 'server']);
-  // Export Accounts (etc) to packages using this one.
-  api.imply('accounts-base', ['client', 'server']);
-  api.use('accounts-oauth', ['client', 'server']);
-  api.use('gitlab', ['client', 'server']);
-
-  api.addFiles('gitlab_login_button.css', 'client');
-
-  api.addFiles("gitlab.js");
-});

packages/gitlab/.gitignore

-.build*

packages/gitlab/gitlab_client.js

-// Request Gitlab credentials for the user
-// @param options {optional}
-// @param credentialRequestCompleteCallback {Function} Callback function to call on
-//   completion. Takes one argument, credentialToken on success, or Error on
-//   error.
-Gitlab.requestCredential = function (options, credentialRequestCompleteCallback) {
-  // support both (options, callback) and (callback).
-  if (!credentialRequestCompleteCallback && typeof options === 'function') {
-    credentialRequestCompleteCallback = options;
-    options = {};
-  }
-
-  var config = ServiceConfiguration.configurations.findOne({service: 'gitlab'});
-  if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
-      new ServiceConfiguration.ConfigError());
-    return;
-  }
-
-  var credentialToken = Random.secret();
-  var loginStyle = OAuth._loginStyle('gitlab', config, options);
-
-  var loginUrl =
-    Gitlab.ServerURL + '/oauth/authorize' +
-    '?client_id=' + config.clientId +
-    '&redirect_uri=' +  OAuth._redirectUri('gitlab', config) +
-    '&response_type=code' +
-    '&state=' + OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl);
-
-  OAuth.launchLogin({
-    loginService: "gitlab",
-    loginStyle: loginStyle,
-    loginUrl: loginUrl,
-    credentialRequestCompleteCallback: credentialRequestCompleteCallback,
-    credentialToken: credentialToken,
-    popupOptions: {width: 900, height: 450}
-  });
-};

packages/gitlab/gitlab_common.js

-Gitlab = {};
-
-Gitlab.ServerURL = 'https://gitlab.com';  // this needs to be configured from Settings

packages/gitlab/gitlab_configure.html

-<template name="configureLoginServiceDialogForGitlab">
-  <p>
-    First, you'll need to get a Gitlab Client ID. Follow these steps:
-  </p>
-  <ol>
-    <li>
-      Visit <a href="https://gitlab.com/oauth/applications/new" target="blank">https://gitlab.com/oauth/applications/new</a>
-    </li>
-    <li>
-      Set Authorization callback URL to: <span class="url">{{siteUrl}}_oauth/gitlab</span>
-    </li>
-  </ol>
-</template>

packages/gitlab/gitlab_configure.js

-Template.configureLoginServiceDialogForGitlab.helpers({
-  siteUrl: function () {
-    return Meteor.absoluteUrl();
-  }
-});
-
-Template.configureLoginServiceDialogForGitlab.fields = function () {
-  return [
-    {property: 'clientId', label: 'Client ID'},
-    {property: 'secret', label: 'Client Secret'}
-  ];
-};

packages/gitlab/gitlab_server.js

-OAuth.registerService('gitlab', 2, null, function(query) {
-
-  var accessToken = getAccessToken(query);
-	console.log('at: ' + accessToken);
-  var identity = getIdentity(accessToken);
-	console.log('id: ' + JSON.stringify(identity));
-  var primaryEmail = identity.email;
-	console.log('primay: ' + JSON.stringify(primaryEmail));
-
-  return {
-    serviceData: {
-      id: identity.id,
-      accessToken: OAuth.sealSecret(accessToken),
-      email: identity.email || '',
-      username: identity.username,
-      emails: [identity.email]
-    },
-    options: {profile: {name: identity.username}}
-  };
-});
-
-
-var userAgent = "Meteor";
-if (Meteor.release)
-  userAgent += "/" + Meteor.release;
-
-var getAccessToken = function (query) {
-  var config = ServiceConfiguration.configurations.findOne({service: 'gitlab'});
-  if (!config)
-    throw new ServiceConfiguration.ConfigError();
-
-
-  var response;
-  try {
-    response = HTTP.post(
-      Gitlab.ServerURL + "/oauth/token", {
-        headers: {
-          Accept: 'application/json',
-          "User-Agent": userAgent
-        },
-        params: {
-          code: query.code,
-          client_id: config.clientId,
-          client_secret: OAuth.openSecret(config.secret),
-          redirect_uri: OAuth._redirectUri('gitlab', config),
-           grant_type: 'authorization_code',
-		state: query.state
-        }
-      });
-  } catch (err) {
-    throw _.extend(new Error("Failed to complete OAuth handshake with Gitlab. " + err.message),
-                   {response: err.response});
-  }
-  if (response.data.error) { // if the http response was a json object with an error attribute
-    throw new Error("Failed to complete OAuth handshake with Gitlab. " + response.data.error);
-  } else {
-    return response.data.access_token;
-  }
-};
-
-var getIdentity = function (accessToken) {
-  try {
-    return HTTP.get(
-      Gitlab.ServerURL + "/api/v3/user", {
-        headers: {"User-Agent": userAgent}, // http://doc.gitlab.com/ce/api/users.html#Current-user
-        params: {access_token: accessToken}
-      }).data;
-  } catch (err) {
-    throw _.extend(new Error("Failed to fetch identity from Gitlab. " + err.message),
-                   {response: err.response});
-  }
-};
-
-
-Gitlab.retrieveCredential = function(credentialToken, credentialSecret) {
-  return OAuth.retrieveCredential(credentialToken, credentialSecret);
-};

packages/gitlab/package.js

-Package.describe({
-  summary: "Gitlab OAuth flow",
-  version: "1.1.4-plugins.0"
-});
-
-Package.onUse(function(api) {
-  api.use('oauth2', ['client', 'server']);
-  api.use('oauth', ['client', 'server']);
-  api.use('http', ['server']);
-  api.use('underscore', 'client');
-  api.use('templating', 'client');
-  api.use('random', 'client');
-  api.use('service-configuration', ['client', 'server']);
-
-  api.export('Gitlab');
-
-  api.addFiles(
-    ['gitlab_configure.html', 'gitlab_configure.js'],
-    'client');
-
-  api.addFiles(['gitlab_common.js','gitlab_server.js'], 'server');
-  api.addFiles(['gitlab_common.js','gitlab_client.js'], 'client');
-});

packages/rocketchat-custom-oauth/custom_oauth_client.coffee

+# Request Gitlab credentials for the user
+# @param options {optional}
+# @param credentialRequestCompleteCallback {Function} Callback function to call on
+#   completion. Takes one argument, credentialToken on success, or Error on
+#   error.
+class CustomOAuth
+	constructor: (@name, @options) ->
+		if not Match.test @name, String
+			return throw new Meteor.Error 'CustomOAuth: Name is required and must be String'
+
+		if not Match.test @options, Object
+			return throw new Meteor.Error 'CustomOAuth: Options is required and must be Object'
+
+		if not Match.test @options.serverURL, String
+			return throw new Meteor.Error 'CustomOAuth: Options.serverURL is required and must be String'
+
+		@serverURL = options.serverURL
+
+		Accounts.oauth.registerService @name
+
+		@configureLogin()
+
+	configureLogin: ->
+		self = @
+		loginWithService = "loginWith" + s.capitalize(@name)
+
+		Meteor[loginWithService] = (options, callback) ->
+			# support a callback without options
+			if not callback and typeof options is "function"
+				callback = options
+				options = null
+
+			credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback)
+			self.requestCredential(options, credentialRequestCompleteCallback)
+
+	requestCredential: (options, credentialRequestCompleteCallback) ->
+		# support both (options, callback) and (callback).
+		if not credentialRequestCompleteCallback and typeof options is 'function'
+			credentialRequestCompleteCallback = options
+			options = {}
+
+		config = ServiceConfiguration.configurations.findOne service: @name
+		if not config
+			credentialRequestCompleteCallback? new ServiceConfiguration.ConfigError()
+			return
+
+		credentialToken = Random.secret()
+		loginStyle = OAuth._loginStyle @name, config, options
+
+		loginUrl = @serverURL + '/oauth/authorize' +
+			'?client_id=' + config.clientId +
+			'&redirect_uri=' + OAuth._redirectUri(@name, config) +
+			'&response_type=code' +
+			'&state=' + OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl)
+
+		OAuth.launchLogin
+			loginService: @name
+			loginStyle: loginStyle
+			loginUrl: loginUrl
+			credentialRequestCompleteCallback: credentialRequestCompleteCallback
+			credentialToken: credentialToken
+			popupOptions:
+				width: 900
+				height: 450

packages/rocketchat-custom-oauth/custom_oauth_server.coffee

+Services = {}
+
+class CustomOAuth
+	constructor: (@name, options) ->
+		if not Match.test @name, String
+			return throw new Meteor.Error 'CustomOAuth: Name is required and must be String'
+
+		if Services[@name]?
+			Services[@name].configure options
+			return
+
+		Services[@name] = @
+
+		@configure options
+
+		@userAgent = "Meteor"
+		if Meteor.release
+			@userAgent += '/' + Meteor.release
+
+		Accounts.oauth.registerService @name
+		@registerService()
+
+	configure: (options) ->
+		if not Match.test options, Object
+			return throw new Meteor.Error 'CustomOAuth: Options is required and must be Object'
+
+		if not Match.test options.serverURL, String
+			return throw new Meteor.Error 'CustomOAuth: Options.serverURL is required and must be String'
+
+		if not Match.test options.tokenPath, String
+			options.tokenPath = '/oauth/token'
+
+		if not Match.test options.identityPath, String
+			options.identityPath = '/me'
+
+		@serverURL = options.serverURL
+		@tokenPath = options.tokenPath
+		@identityPath = options.identityPath
+
+		if Match.test options.addAutopublishFields, Object
+			Accounts.addAutopublishFields options.addAutopublishFields
+
+	getAccessToken: (query) ->
+		config = ServiceConfiguration.configurations.findOne service: @name
+		if not config?
+			throw new ServiceConfiguration.ConfigError()
+
+		response = undefined
+		try
+			response = HTTP.post @serverURL + @tokenPath,
+				headers:
+					Accept: 'application/json'
+					'User-Agent': @userAgent
+				params:
+					code: query.code
+					client_id: config.clientId
+					client_secret: OAuth.openSecret(config.secret)
+					redirect_uri: OAuth._redirectUri(@name, config)
+					grant_type: 'authorization_code'
+					state: query.state
+
+		catch err
+			error = new Error("Failed to complete OAuth handshake with #{@name} at #{@serverURL + @tokenPath}. " + err.message)
+			throw _.extend error, {response: err.response}
+
+		if response.data.error #if the http response was a json object with an error attribute
+			throw new Error("Failed to complete OAuth handshake with #{@name} at #{@serverURL + @tokenPath}. " + response.data.error)
+		else
+			return response.data.access_token
+
+	getIdentity: (accessToken) ->
+		try
+			response = HTTP.get @serverURL + @identityPath,
+				headers:
+					'User-Agent': @userAgent # http://doc.gitlab.com/ce/api/users.html#Current-user
+				params:
+					access_token: accessToken
+
+			return response.data
+
+		catch err
+			error = new Error("Failed to fetch identity from #{@name} at #{@serverURL + @identityPath}. " + err.message)
+			throw _.extend error, {response: err.response}
+
+	registerService: ->
+		self = @
+		OAuth.registerService @name, 2, null, (query) ->
+			accessToken = self.getAccessToken query
+			console.log 'at:', accessToken
+
+			identity = self.getIdentity accessToken
+			console.log 'id:', JSON.stringify identity, null, '  '
+
+			serviceData =
+				_oAuthCustom: true
+				accessToken: accessToken
+
+			_.extend serviceData, identity
+
+			data =
+				serviceData: serviceData
+				options:
+					profile:
+						name: identity.name or identity.username or identity.nickname
+
+			console.log data
+
+			return data
+
+	retrieveCredential: (credentialToken, credentialSecret) ->
+		return OAuth.retrieveCredential credentialToken, credentialSecret