Help with SSO plugin (my first plugin)



  • I am in the earlier stages of writing my first plugin, a SSO plugin that is based off of the gist that @julian provided at https://community.nodebb.org/topic/812/using-php-sessions-with-nodebb/23:

    My plugin is at:
    https://github.com/contentblvd/nodebb-plugin-sso-session

    And the library.js is almost identical to the gist above. The only change I made it to hardcode the uid variable, for early testing purposes. My thought was that it would auto login to the uid=1 user. (Later I plan to add the real logic for the login)

    I have activated the plugin, but nothing happens, nothing shows in the logs either (./nodebb log). As suggested by @julian in the thread linked above, I am trying to use the action:auth.overrideLogin hook.

    I am pretty sure I am missing something (or several things!). Any guidance is greatly appreciated.



  • Okay, got past the first issue (after learning how to to do ./nodebb dev 🙂 ) -- I needed to require winston in library.js.

    Now I get an error when I try to submit the login form:

    9/9 10:53 [2522] - error: /login
     Error: Can't set headers after they are sent.
        at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
        at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10)
        at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12)
        at /path/to/NodeBB/src/controllers/authentication.js:144:27
        at Strategy.strategy.error (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:333:18)
        at Strategy.authenticate (/path/to/NodeBB/node_modules/passport-local/lib/strategy.js:93:17)
        at attempt (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:341:16)
        at authenticate (/path/to/NodeBB/node_modules/passport/lib/middleware/authenticate.js:342:7)
        at continueLogin (/path/to/NodeBB/src/controllers/authentication.js:196:4)
        at authenticationController.login (/path/to/NodeBB/src/controllers/authentication.js:121:10)
    9/9 10:53 [2522] - error: Error: Can't set headers after they are sent.
        at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
        at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10)
        at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12)
        at defaultFn (/path/to/NodeBB/src/middleware/middleware.js:314:10)
        at /path/to/NodeBB/src/middleware/middleware.js:362:7
        at /path/to/NodeBB/public/src/modules/translator.js:160:6
        at /path/to/NodeBB/public/src/modules/translator.js:180:4
        at /path/to/NodeBB/public/src/modules/translator.js:226:6
        at /path/to/NodeBB/public/src/modules/translator.js:291:4
        at fs.js:334:14
    Error: Can't set headers after they are sent.
        at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:335:11)
        at ServerResponse.header (/path/to/NodeBB/node_modules/express/lib/response.js:718:10)
        at ServerResponse.send (/path/to/NodeBB/node_modules/express/lib/response.js:163:12)
        at defaultFn (/path/to/NodeBB/src/middleware/middleware.js:314:10)
        at /path/to/NodeBB/src/middleware/middleware.js:362:7
        at /path/to/NodeBB/public/src/modules/translator.js:160:6
        at /path/to/NodeBB/public/src/modules/translator.js:180:4
        at /path/to/NodeBB/public/src/modules/translator.js:226:6
        at /path/to/NodeBB/public/src/modules/translator.js:291:4
        at fs.js:334:14
    9/9 10:53 [2522] - info: [app] Shutdown (SIGTERM/SIGINT) Initialised.
    

    Thoughts?


  • Admin

    https://github.com/contentblvd/nodebb-plugin-sso-session/blob/master/library.js#L19-L24

    You cannot call next(); twice here, it's either called for success or failure, and here, you're calling it for both.

    It's supposed to be wrapped in a conditional



  • Despite the error in the logs above, I just noticed that the plugin did do its thing, it logged in uid=1 regardless of what what user/pass was submitted.

    So far, so good. but not quite the flow I was hoping for.

    Here is what I am trying to achieve, maybe there is a better hook to use:

    • user signs in our app, which is on a different subdomain from nodeBB (ie. app = app.domain.com and nodeBB = nodebb.domain.com)
    • our app adds a session cookie for .domain.com (ensuring that other subdomains can access the cookie)
    • user arrives at nodebb.domain.com
    • plugin immediately gets triggered, and checks for the app session cookie
    • if found, plugin does work to validate the session and identify the user
    • if valid, login matching user or register new nodeBB user
    • user logged in

    All without the user needing to click the Login link, of course.

    Any suggestions? The plugin, as it stands now seems to require a post of the local login form to get triggered, whereas ideally the following logic would happen: IF nodeBB session exists, use it ELSE: look for app session cookie as described above...



  • @julian Thanks, I understand that part better now. I added conditionals and now that error goes away. It seems to be working now as designed for that hook -- any suggestions regarding other hooks to use, to achieve the flow I described in my previous message in this thread?


  • Admin

    I'd add some client side code that checks for the cookie existing, and react (redirect) appropriately


 

| |