Initial working google auth

auth-service/node_modules/passport-google-oauth20/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,54 @@
+** READ THIS FIRST! **
+
+#### Are you looking for help?
+
+Reminder: The issue tracker is not a support forum.
+
+Issues should only be filed in this project once they are able to be reproduced
+and confirmed as a flaw in the software or incorrect information in associated
+documention.
+
+If you are encountering problems integrating this module into your application,
+please post a question on the [discussion forum](https://github.com/passport/discuss)
+rather than filing an issue.
+
+#### Is this a security issue?
+
+Do not open issues that might have security implications.  Potential security
+vulnerabilities should be reported privately to jaredhanson@gmail.com.  Once any
+vulerabilities have been repaired, the details will be disclosed publicly in a
+responsible manner.  This also allows time for coordinating with affected parties
+in order to mitigate negative consequences.
+
+
+If neither of the above two scenarios apply to your situation, you should open
+an issue.  Delete this paragraph and the text above, and fill in the information
+requested below.
+
+<!-- Provide a brief summary of the issue in the title field above. -->
+
+<!-- Provide a detailed description of your use case, including as much -->
+<!-- detail as possible about what you are trying to accomplish and why. -->
+
+### Expected behavior
+<!-- Provide a detailed description of how you expected the software to -->
+<!-- behave. -->
+
+### Actual behavior
+<!-- Provide a detailed description of how the software actually behaved, -->
+<!-- including any rationale for why that behavior is incorrect. -->
+
+### Steps to reproduce
+<!-- Provide an unambiguous series of steps that can be used to reproduce -->
+<!-- this issue, including any code if applicable. -->
+
+```js
+// Format code using Markdown code blocks
+```
+
+### Environment
+
+* Operating System: 
+* Node version: <!-- $ node -v -->
+* passport version: <!-- $ npm list passport -->
+* passport-google-oauth2 version: <!-- $ npm list passport-google-oauth2 -->

auth-service/node_modules/passport-google-oauth20/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,41 @@
+** READ THIS FIRST! **
+
+#### Are you implementing a new feature?
+
+Requests for new features should first be discussed on the [developer forum](https://github.com/passport/develop).
+This allows the community to gather feedback and assess whether or not there is
+an existing way to achieve the desired functionality.
+
+If it is determined that a new feature needs to be implemented, include a link
+to the relevant discussion along with the pull request.
+
+#### Is this a security patch?
+
+Do not open pull requests that might have security implications.  Potential
+security vulnerabilities should be reported privately to jaredhanson@gmail.com.
+Once any vulerabilities have been repaired, the details will be disclosed
+publicly in a responsible manner.  This also allows time for coordinating with
+affected parties in order to mitigate negative consequences.
+
+
+If neither of the above two scenarios apply to your situation, you should open
+a pull request.  Delete this paragraph and the text above, and fill in the
+information requested below.
+
+<!-- Provide a brief summary of the request in the title field above. -->
+
+<!-- Provide a detailed description of your use case, including as much -->
+<!-- detail as possible about what you are trying to accomplish and why. -->
+<!-- If this patch closes an open issue, include a reference to the issue -->
+<!-- number. -->
+
+### Checklist
+
+<!-- Place an `x` in the boxes that apply.  If you are unsure, please ask and -->
+<!-- we will help. -->
+
+- [ ] I have read the [CONTRIBUTING](https://github.com/jaredhanson/passport-google-oauth2/blob/master/CONTRIBUTING.md) guidelines.
+- [ ] I have added test cases which verify the correct operation of this feature or patch.
+- [ ] I have added documentation pertaining to this feature or patch.
+- [ ] The automated test suite (`$ make test`) executes successfully.
+- [ ] The automated code linting (`$ make lint`) executes successfully.

auth-service/node_modules/passport-google-oauth20/.npmignore

@@ -0,0 +1,8 @@
+Makefile
+docs/
+examples/
+reports/
+test/
+
+.jshintrc
+.travis.yml

auth-service/node_modules/passport-google-oauth20/CONTRIBUTING.md

@@ -0,0 +1,20 @@
+## Contributing
+
+### Tests
+
+The test suite is located in the `test/` directory.  All new features are
+expected to have corresponding test cases with complete code coverage.  Patches
+that increase test coverage are happily accepted.
+
+Ensure that the test suite passes by executing:
+
+```bash
+$ make test
+```
+
+Coverage reports can be generated and viewed by executing:
+
+```bash
+$ make test-cov
+$ make view-cov
+```

auth-service/node_modules/passport-google-oauth20/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2012-2016 Jared Hanson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

auth-service/node_modules/passport-google-oauth20/README.md

@@ -0,0 +1,108 @@
+# passport-google-oauth20
+
+[Passport](http://passportjs.org/) strategy for authenticating with [Google](http://www.google.com/)
+using the OAuth 2.0 API.
+
+This module lets you authenticate using Google in your Node.js applications.
+By plugging into Passport, Google authentication can be easily and
+unobtrusively integrated into any application or framework that supports
+[Connect](http://www.senchalabs.org/connect/)-style middleware, including
+[Express](http://expressjs.com/).
+
+---
+
+<p align="center"><a href="http://www.tkqlhce.com/click-8907558-13433666" target="_top">1Password, the only password manager you should trust.</a> Industry-leading security and award winning design.</p>
+
+---
+
+Status:
+[![Build](https://img.shields.io/travis/jaredhanson/passport-google-oauth2.svg)](https://travis-ci.org/jaredhanson/passport-google-oauth2)
+[![Coverage](https://img.shields.io/coveralls/jaredhanson/passport-google-oauth2.svg)](https://coveralls.io/r/jaredhanson/passport-google-oauth2)
+[![Quality](https://img.shields.io/codeclimate/github/jaredhanson/passport-google-oauth2.svg?label=quality)](https://codeclimate.com/github/jaredhanson/passport-google-oauth2)
+[![Dependencies](https://img.shields.io/david/jaredhanson/passport-google-oauth2.svg)](https://david-dm.org/jaredhanson/passport-google-oauth2)
+
+
+## Install
+
+```bash
+$ npm install passport-google-oauth20
+```
+
+## Usage
+
+#### Create an Application
+
+Before using `passport-google-oauth20`, you must register an application with
+Google.  If you have not already done so, a new project can be created in the
+[Google Developers Console](https://console.developers.google.com/).
+Your application will be issued a client ID and client secret, which need to be
+provided to the strategy.  You will also need to configure a redirect URI which
+matches the route in your application.
+
+#### Configure Strategy
+
+The Google authentication strategy authenticates users using a Google account
+and OAuth 2.0 tokens.  The client ID and secret obtained when creating an
+application are supplied as options when creating the strategy.  The strategy
+also requires a `verify` callback, which receives the access token and optional
+refresh token, as well as `profile` which contains the authenticated user's
+Google profile.  The `verify` callback must call `cb` providing a user to
+complete authentication.
+
+```javascript
+var GoogleStrategy = require('passport-google-oauth20').Strategy;
+
+passport.use(new GoogleStrategy({
+    clientID: GOOGLE_CLIENT_ID,
+    clientSecret: GOOGLE_CLIENT_SECRET,
+    callbackURL: "http://www.example.com/auth/google/callback"
+  },
+  function(accessToken, refreshToken, profile, cb) {
+    User.findOrCreate({ googleId: profile.id }, function (err, user) {
+      return cb(err, user);
+    });
+  }
+));
+```
+
+#### Authenticate Requests
+
+Use `passport.authenticate()`, specifying the `'google'` strategy, to
+authenticate requests.
+
+For example, as route middleware in an [Express](http://expressjs.com/)
+application:
+
+```javascript
+app.get('/auth/google',
+  passport.authenticate('google', { scope: ['profile'] }));
+
+app.get('/auth/google/callback', 
+  passport.authenticate('google', { failureRedirect: '/login' }),
+  function(req, res) {
+    // Successful authentication, redirect home.
+    res.redirect('/');
+  });
+  ```
+
+## Examples
+
+Developers using the popular [Express](http://expressjs.com/) web framework can
+refer to an [example](https://github.com/passport/express-4.x-facebook-example)
+as a starting point for their own web applications.  The example shows how to
+authenticate users using Facebook.  However, because both Facebook and Google
+use OAuth 2.0, the code is similar.  Simply replace references to Facebook with
+corresponding references to Google.
+
+## Sponsorship
+
+Passport is open source software.  Ongoing development is made possible by
+generous contributions from [individuals and corporations](https://github.com/jaredhanson/passport/blob/master/SPONSORS.md).
+To learn more about how you can help keep this project financially sustainable,
+please visit Jared Hanson's page on [Patreon](https://www.patreon.com/jaredhanson).
+
+## License
+
+[The MIT License](http://opensource.org/licenses/MIT)
+
+Copyright (c) 2012-2016 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>

auth-service/node_modules/passport-google-oauth20/lib/errors/googleplusapierror.js

@@ -0,0 +1,25 @@
+/**
+ * `GooglePlusAPIError` error.
+ *
+ * References:
+ *   - https://developers.google.com/+/web/api/rest/
+ *
+ * @constructor
+ * @param {string} [message]
+ * @param {number} [code]
+ * @access public
+ */
+function GooglePlusAPIError(message, code) {
+  Error.call(this);
+  Error.captureStackTrace(this, arguments.callee);
+  this.name = 'GooglePlusAPIError';
+  this.message = message;
+  this.code = code;
+}
+
+// Inherit from `Error`.
+GooglePlusAPIError.prototype.__proto__ = Error.prototype;
+
+
+// Expose constructor.
+module.exports = GooglePlusAPIError;

auth-service/node_modules/passport-google-oauth20/lib/errors/userinfoerror.js

@@ -0,0 +1,22 @@
+/**
+ * `UserInfoError` error.
+ *
+ * @constructor
+ * @param {string} [message]
+ * @param {string} [code]
+ * @access public
+ */
+function UserInfoError(message, code) {
+  Error.call(this);
+  Error.captureStackTrace(this, arguments.callee);
+  this.name = 'UserInfoError';
+  this.message = message;
+  this.code = code;
+}
+
+// Inherit from `Error`.
+UserInfoError.prototype.__proto__ = Error.prototype;
+
+
+// Expose constructor.
+module.exports = UserInfoError;

auth-service/node_modules/passport-google-oauth20/lib/index.js

@@ -0,0 +1,9 @@
+// Load modules.
+var Strategy = require('./strategy');
+
+
+// Expose Strategy.
+exports = module.exports = Strategy;
+
+// Exports.
+exports.Strategy = Strategy;

auth-service/node_modules/passport-google-oauth20/lib/profile/googleplus.js

@@ -0,0 +1,47 @@
+/**
+ * Parse profile.
+ *
+ * Parses user profiles as fetched from Google's Google+ API.
+ *
+ * The amount of detail in the profile varies based on the scopes granted by the
+ * user.  The following scope values add additional data:
+ *
+ *     `https://www.googleapis.com/auth/plus.login` - recommended login scope
+ *     `profile` - basic profile information
+ *     `email` - email address
+ *
+ * References:
+ *   - https://developers.google.com/+/web/api/rest/latest/people/get
+ *   - https://developers.google.com/+/web/api/rest/
+ *   - https://developers.google.com/+/web/api/rest/oauth
+ *
+ * @param {object|string} json
+ * @return {object}
+ * @access public
+ */
+exports.parse = function(json) {
+  if ('string' == typeof json) {
+    json = JSON.parse(json);
+  }
+  
+  var profile = {}
+    , i, len;
+  profile.id = json.id;
+  profile.displayName = json.displayName;
+  if (json.name) {
+    profile.name = { familyName: json.name.familyName,
+                     givenName: json.name.givenName };
+  }
+  if (json.emails) {
+    profile.emails = [];
+    for (i = 0, len = json.emails.length; i < len; ++i) {
+      profile.emails.push({ value: json.emails[i].value, type: json.emails[i].type })
+    }
+  }
+  if (json.image) {
+    profile.photos = [{ value: json.image.url }];
+  }
+  profile.gender = json.gender;
+  
+  return profile;
+};

auth-service/node_modules/passport-google-oauth20/lib/profile/openid.js

@@ -0,0 +1,40 @@
+/**
+ * Parse profile.
+ *
+ * Parses user profiles as fetched from Google's OpenID Connect-compatible user
+ * info endpoint.
+ *
+ * The amount of detail in the profile varies based on the scopes granted by the
+ * user.  The following scope values add additional data:
+ *
+ *     `profile` - basic profile information
+ *     `email` - email address
+ *
+ * References:
+ *   - https://developers.google.com/identity/protocols/OpenIDConnect
+ *
+ * @param {object|string} json
+ * @return {object}
+ * @access public
+ */
+exports.parse = function(json) {
+  if ('string' == typeof json) {
+    json = JSON.parse(json);
+  }
+  
+  var profile = {};
+  profile.id = json.sub;
+  profile.displayName = json.name;
+  if (json.family_name || json.given_name) {
+    profile.name = { familyName: json.family_name,
+                     givenName: json.given_name };
+  }
+  if (json.email) {
+    profile.emails = [ { value: json.email, verified: json.email_verified } ];
+  }
+  if (json.picture) {
+    profile.photos = [{ value: json.picture }];
+  }
+  
+  return profile;
+};

auth-service/node_modules/passport-google-oauth20/lib/strategy.js

@@ -0,0 +1,199 @@
+// Load modules.
+var OAuth2Strategy = require('passport-oauth2')
+  , util = require('util')
+  , uri = require('url')
+  , GooglePlusProfile = require('./profile/googleplus')
+  , OpenIDProfile = require('./profile/openid')
+  , InternalOAuthError = require('passport-oauth2').InternalOAuthError
+  , GooglePlusAPIError = require('./errors/googleplusapierror')
+  , UserInfoError = require('./errors/userinfoerror');
+
+
+/**
+ * `Strategy` constructor.
+ *
+ * The Google authentication strategy authenticates requests by delegating to
+ * Google using the OAuth 2.0 protocol.
+ *
+ * Applications must supply a `verify` callback which accepts an `accessToken`,
+ * `refreshToken` and service-specific `profile`, and then calls the `cb`
+ * callback supplying a `user`, which should be set to `false` if the
+ * credentials are not valid.  If an exception occured, `err` should be set.
+ *
+ * Options:
+ *   - `clientID`      your Google application's client id
+ *   - `clientSecret`  your Google application's client secret
+ *   - `callbackURL`   URL to which Google will redirect the user after granting authorization
+ *
+ * Examples:
+ *
+ *     passport.use(new GoogleStrategy({
+ *         clientID: '123-456-789',
+ *         clientSecret: 'shhh-its-a-secret'
+ *         callbackURL: 'https://www.example.net/auth/google/callback'
+ *       },
+ *       function(accessToken, refreshToken, profile, cb) {
+ *         User.findOrCreate(..., function (err, user) {
+ *           cb(err, user);
+ *         });
+ *       }
+ *     ));
+ *
+ * @constructor
+ * @param {object} options
+ * @param {function} verify
+ * @access public
+ */
+function Strategy(options, verify) {
+  options = options || {};
+  options.authorizationURL = options.authorizationURL || 'https://accounts.google.com/o/oauth2/v2/auth';
+  options.tokenURL = options.tokenURL || 'https://www.googleapis.com/oauth2/v4/token';
+
+  OAuth2Strategy.call(this, options, verify);
+  this.name = 'google';
+  this._userProfileURL = options.userProfileURL || 'https://www.googleapis.com/oauth2/v3/userinfo';
+  
+  var url = uri.parse(this._userProfileURL);
+  if (url.pathname.indexOf('/userinfo') == (url.pathname.length - '/userinfo'.length)) {
+    this._userProfileFormat = 'openid';
+  } else {
+    this._userProfileFormat = 'google+'; // Google Sign-In
+  }
+}
+
+// Inherit from `OAuth2Strategy`.
+util.inherits(Strategy, OAuth2Strategy);
+
+
+/**
+ * Retrieve user profile from Google.
+ *
+ * This function constructs a normalized profile, with the following properties:
+ *
+ *   - `provider`         always set to `google`
+ *   - `id`
+ *   - `username`
+ *   - `displayName`
+ *
+ * @param {string} accessToken
+ * @param {function} done
+ * @access protected
+ */
+Strategy.prototype.userProfile = function(accessToken, done) {
+  var self = this;
+  this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
+    var json;
+    
+    if (err) {
+      if (err.data) {
+        try {
+          json = JSON.parse(err.data);
+        } catch (_) {}
+      }
+      
+      if (json && json.error && json.error.message) {
+        return done(new GooglePlusAPIError(json.error.message, json.error.code));
+      } else if (json && json.error && json.error_description) {
+        return done(new UserInfoError(json.error_description, json.error));
+      }
+      return done(new InternalOAuthError('Failed to fetch user profile', err));
+    }
+    
+    try {
+      json = JSON.parse(body);
+    } catch (ex) {
+      return done(new Error('Failed to parse user profile'));
+    }
+    
+    var profile;
+    switch (self._userProfileFormat) {
+    case 'openid':
+      profile = OpenIDProfile.parse(json);
+      break;
+    default: // Google Sign-In
+      profile = GooglePlusProfile.parse(json);
+      break;
+    }
+    
+    profile.provider  = 'google';
+    profile._raw = body;
+    profile._json = json;
+    
+    done(null, profile);
+  });
+}
+
+/**
+ * Return extra Google-specific parameters to be included in the authorization
+ * request.
+ *
+ * @param {object} options
+ * @return {object}
+ * @access protected
+ */
+Strategy.prototype.authorizationParams = function(options) {
+  var params = {};
+  
+  // https://developers.google.com/identity/protocols/OAuth2WebServer
+  if (options.accessType) {
+    params['access_type'] = options.accessType;
+  }
+  if (options.prompt) {
+    params['prompt'] = options.prompt;
+  }
+  if (options.loginHint) {
+    params['login_hint'] = options.loginHint;
+  }
+  if (options.includeGrantedScopes) {
+    params['include_granted_scopes'] = true;
+  }
+  
+  // https://developers.google.com/identity/protocols/OpenIDConnect
+  if (options.display) {
+    // Specify what kind of display consent screen to display to users.
+    //   https://developers.google.com/accounts/docs/OpenIDConnect#authenticationuriparameters
+    params['display'] = options.display;
+  }
+  
+  // Google Apps for Work
+  if (options.hostedDomain || options.hd) {
+    // This parameter is derived from Google's OAuth 1.0 endpoint, and (although
+    // undocumented) is supported by Google's OAuth 2.0 endpoint was well.
+    //   https://developers.google.com/accounts/docs/OAuth_ref
+    params['hd'] = options.hostedDomain || options.hd;
+  }
+  
+  // Google+
+  if (options.requestVisibleActions) {
+    // Space separated list of allowed app actions
+    // as documented at:
+    //  https://developers.google.com/+/web/app-activities/#writing_an_app_activity_using_the_google_apis_client_libraries
+    //  https://developers.google.com/+/api/moment-types/
+    params['request_visible_actions'] = options.requestVisibleActions;
+  }
+  
+  // OpenID 2.0 migration
+  if (options.openIDRealm) {
+    // This parameter is needed when migrating users from Google's OpenID 2.0 to OAuth 2.0
+    //   https://developers.google.com/accounts/docs/OpenID?hl=ja#adjust-uri
+    params['openid.realm'] = options.openIDRealm;
+  }
+  
+  // Undocumented
+  if (options.approvalPrompt) {
+    params['approval_prompt'] = options.approvalPrompt;
+  }
+  if (options.userID) {
+    // Undocumented, but supported by Google's OAuth 2.0 endpoint.  Appears to
+    // be equivalent to `login_hint`.
+    params['user_id'] = options.userID;
+  }
+  
+  return params;
+}
+
+
+/**
+ * Expose `Strategy`.
+ */
+module.exports = Strategy;

auth-service/node_modules/passport-google-oauth20/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "passport-google-oauth20",
+  "version": "2.0.0",
+  "description": "Google (OAuth 2.0) authentication strategy for Passport.",
+  "keywords": [
+    "passport",
+    "google",
+    "auth",
+    "authn",
+    "authentication",
+    "identity"
+  ],
+  "author": {
+    "name": "Jared Hanson",
+    "email": "jaredhanson@gmail.com",
+    "url": "http://www.jaredhanson.net/"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/jaredhanson/passport-google-oauth2.git"
+  },
+  "bugs": {
+    "url": "http://github.com/jaredhanson/passport-google-oauth2/issues"
+  },
+  "license": "MIT",
+  "licenses": [
+    {
+      "type": "MIT",
+      "url": "http://opensource.org/licenses/MIT"
+    }
+  ],
+  "main": "./lib",
+  "dependencies": {
+    "passport-oauth2": "1.x.x"
+  },
+  "devDependencies": {
+    "make-node": "0.3.x",
+    "mocha": "1.x.x",
+    "chai": "2.x.x",
+    "chai-passport-strategy": "1.x.x"
+  },
+  "engines": {
+    "node": ">= 0.4.0"
+  },
+  "scripts": {
+    "test": "node_modules/.bin/mocha --require test/bootstrap/node test/*.test.js test/**/*.test.js"
+  }
+}