Help with SSO plugin (my first plugin)
-
I am in the earlier stages of writing my first plugin, a SSO plugin that is based off of the gist that @julian provided at https://community.nodebb.org/topic/812/using-php-sessions-with-nodebb/23:
https://gist.github.com/julianlam/19deafaa4dbd624ceecd
My plugin is at:
https://github.com/contentblvd/nodebb-plugin-sso-sessionAnd the library.js is almost identical to the gist above. The only change I made it to hardcode the uid variable, for early testing purposes. My thought was that it would auto login to the uid=1 user. (Later I plan to add the real logic for the login)
I have activated the plugin, but nothing happens, nothing shows in the logs either (./nodebb log). As suggested by @julian in the thread linked above, I am trying to use the action:auth.overrideLogin hook.
I am pretty sure I am missing something (or several things!). Any guidance is greatly appreciated.
-
Okay, got past the first issue (after learning how to to do ./nodebb dev ) -- I needed to require winston in library.js.
Now I get an error when I try to submit the login form:
9/9 10:53 [2522] - error: /login Error: Can't set headers after they are sent. at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11) at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10) at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12) at /path/to/NodeBB/src/controllers/authentication.js:144:27 at Strategy.strategy.error (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:333:18) at Strategy.authenticate (/path/to/NodeBB/node_modules/passport-local/lib/strategy.js:93:17) at attempt (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:341:16) at authenticate (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:342:7) at continueLogin (/path/to/NodeBB/src/controllers/authentication.js:196:4) at authenticationController.login (/path/to/NodeBB/src/controllers/authentication.js:121:10) 9/9 10:53 [2522] - error: Error: Can't set headers after they are sent. at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11) at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10) at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12) at defaultFn (/path/to/NodeBB/src/middleware/middleware.js:314:10) at /path/to/NodeBB/src/middleware/middleware.js:362:7 at /path/to/NodeBB/public/src/modules/translator.js:160:6 at /path/to/NodeBB/public/src/modules/translator.js:180:4 at /path/to/NodeBB/public/src/modules/translator.js:226:6 at /path/to/NodeBB/public/src/modules/translator.js:291:4 at fs.js:334:14 Error: Can't set headers after they are sent. at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11) at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10) at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12) at defaultFn (/path/to/NodeBB/src/middleware/middleware.js:314:10) at /path/to/NodeBB/src/middleware/middleware.js:362:7 at /path/to/NodeBB/public/src/modules/translator.js:160:6 at /path/to/NodeBB/public/src/modules/translator.js:180:4 at /path/to/NodeBB/public/src/modules/translator.js:226:6 at /path/to/NodeBB/public/src/modules/translator.js:291:4 at fs.js:334:14 9/9 10:53 [2522] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.
Thoughts?
-
https://github.com/contentblvd/nodebb-plugin-sso-session/blob/master/library.js#L19-L24
You cannot call
next();
twice here, it's either called for success or failure, and here, you're calling it for both.It's supposed to be wrapped in a conditional
-
Despite the error in the logs above, I just noticed that the plugin did do its thing, it logged in uid=1 regardless of what what user/pass was submitted.
So far, so good. but not quite the flow I was hoping for.
Here is what I am trying to achieve, maybe there is a better hook to use:
- user signs in our app, which is on a different subdomain from nodeBB (ie. app = app.domain.com and nodeBB = nodebb.domain.com)
- our app adds a session cookie for .domain.com (ensuring that other subdomains can access the cookie)
- user arrives at nodebb.domain.com
- plugin immediately gets triggered, and checks for the app session cookie
- if found, plugin does work to validate the session and identify the user
- if valid, login matching user or register new nodeBB user
- user logged in
All without the user needing to click the Login link, of course.
Any suggestions? The plugin, as it stands now seems to require a post of the local login form to get triggered, whereas ideally the following logic would happen: IF nodeBB session exists, use it ELSE: look for app session cookie as described above...
-
@julian Thanks, I understand that part better now. I added conditionals and now that error goes away. It seems to be working now as designed for that hook -- any suggestions regarding other hooks to use, to achieve the flow I described in my previous message in this thread?