Help with SSO plugin (my first plugin)

markcarey

I am in the earlier stages of writing my first plugin, a SSO plugin that is based off of the gist that @julian provided at https://community.nodebb.org/topic/812/using-php-sessions-with-nodebb/23:

How to create a login override plugin

How to create a login override plugin. GitHub Gist: instantly share code, notes, and snippets.

Gist (gist.github.com)

My plugin is at:
https://github.com/contentblvd/nodebb-plugin-sso-session

And the library.js is almost identical to the gist above. The only change I made it to hardcode the uid variable, for early testing purposes. My thought was that it would auto login to the uid=1 user. (Later I plan to add the real logic for the login)

I have activated the plugin, but nothing happens, nothing shows in the logs either (./nodebb log). As suggested by @julian in the thread linked above, I am trying to use the action:auth.overrideLogin hook.

I am pretty sure I am missing something (or several things!). Any guidance is greatly appreciated.

markcarey

Okay, got past the first issue (after learning how to to do ./nodebb dev ) -- I needed to require winston in library.js.

Now I get an error when I try to submit the login form:

9/9 10:53 [2522] - error: /login
 Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
    at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10)
    at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12)
    at /path/to/NodeBB/src/controllers/authentication.js:144:27
    at Strategy.strategy.error (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:333:18)
    at Strategy.authenticate (/path/to/NodeBB/node_modules/passport-local/lib/strategy.js:93:17)
    at attempt (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:341:16)
    at authenticate (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:342:7)
    at continueLogin (/path/to/NodeBB/src/controllers/authentication.js:196:4)
    at authenticationController.login (/path/to/NodeBB/src/controllers/authentication.js:121:10)
9/9 10:53 [2522] - error: Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
    at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10)
    at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12)
    at defaultFn (/path/to/NodeBB/src/middleware/middleware.js:314:10)
    at /path/to/NodeBB/src/middleware/middleware.js:362:7
    at /path/to/NodeBB/public/src/modules/translator.js:160:6
    at /path/to/NodeBB/public/src/modules/translator.js:180:4
    at /path/to/NodeBB/public/src/modules/translator.js:226:6
    at /path/to/NodeBB/public/src/modules/translator.js:291:4
    at fs.js:334:14
Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
    at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10)
    at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12)
    at defaultFn (/path/to/NodeBB/src/middleware/middleware.js:314:10)
    at /path/to/NodeBB/src/middleware/middleware.js:362:7
    at /path/to/NodeBB/public/src/modules/translator.js:160:6
    at /path/to/NodeBB/public/src/modules/translator.js:180:4
    at /path/to/NodeBB/public/src/modules/translator.js:226:6
    at /path/to/NodeBB/public/src/modules/translator.js:291:4
    at fs.js:334:14
9/9 10:53 [2522] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.

Thoughts?

julian

Build software better, together

GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.

GitHub (github.com)

You cannot call next(); twice here, it's either called for success or failure, and here, you're calling it for both.

It's supposed to be wrapped in a conditional

markcarey

Despite the error in the logs above, I just noticed that the plugin did do its thing, it logged in uid=1 regardless of what what user/pass was submitted.

So far, so good. but not quite the flow I was hoping for.

Here is what I am trying to achieve, maybe there is a better hook to use:

• user signs in our app, which is on a different subdomain from nodeBB (ie. app = app.domain.com and nodeBB = nodebb.domain.com)
• our app adds a session cookie for .domain.com (ensuring that other subdomains can access the cookie)
• user arrives at nodebb.domain.com
• plugin immediately gets triggered, and checks for the app session cookie
• if found, plugin does work to validate the session and identify the user
• if valid, login matching user or register new nodeBB user
• user logged in

All without the user needing to click the Login link, of course.

Any suggestions? The plugin, as it stands now seems to require a post of the local login form to get triggered, whereas ideally the following logic would happen: IF nodeBB session exists, use it ELSE: look for app session cookie as described above...

markcarey

@julian Thanks, I understand that part better now. I added conditionals and now that error goes away. It seems to be working now as designed for that hook -- any suggestions regarding other hooks to use, to achieve the flow I described in my previous message in this thread?

julian

I'd add some client side code that checks for the cookie existing, and react (redirect) appropriately