Other passport strategies and passport.initialization

[derberg]

Hi,

Sorry for submitting an issue for what I want to ask you about, but looks like you are the main expert for this question. I asked it already on docpad irc and gitter chat and got no answers.

So I'm trying to extend the server to use crowd authentication passport strategy. It almost works :) so I can validate with crowd server with not existing account, but when I try a real account, I get below issue:

Error: passport.initialize() middleware not in use
at IncomingMessage.req.login.req.logIn (/Users/i303812/projects/testblog/node_modules/passport-  atlassian-crowd/node_modules/passport/lib/passport/http/request.js:30:30)
at Strategy.strategy.success (/Users/i303812/projects/testblog/node_modules/passport/lib/middleware/authenticate.js:228:13)
at verified (/Users/i303812/projects/testblog/node_modules/passport-atlassian-crowd/lib/passport-atlassian-crowd/strategy.js:162:14)
at /Users/i303812/projects/testblog/docpad.js:308:26
at process._tickDomainCallback (node.js:463:13)

The authentication works fine, I can throw on the console user profile information and its crowd groups. Just the passport initialization is not triggered and therefor the serialization methods can't be used...?

This is my code events: serverExtend: (opts) -> AtlassianCrowdStrategy = undefined app = undefined docpad = undefined express = undefined flash = undefined passport = undefined users = undefined _ = undefined

ensureAuthenticated = (req, res, next) ->
  if req.isAuthenticated()
    return next()
  res.redirect '/login.html'
  return

docpad = @docpad
passport = require('passport')
express = require('express')
app = opts.server
_ = require('underscore')
AtlassianCrowdStrategy = require('passport-atlassian-crowd').Strategy

users = []

app.use express.session(
  secret: 'jajabinks&%'
  saveUninitialized: true
  resave: true)

app.use passport.initialize()
app.use passport.session()

passport.serializeUser (user, done) ->
  done null, user.username
  return

passport.deserializeUser (username, done) ->
  user = _.find(users, (user) ->
    user.username == username
  )
  if user == undefined
    done new Error('No user with username \'' + username + '\' found.')
  else
    done null, user
  return

passport.use new AtlassianCrowdStrategy({
  crowdServer: 'https://crowd1.hybris.com/'
  crowdApplication: 'yaas'
  crowdApplicationPassword: 'axoMfsWD7rAA!XHqqgpx'
  retrieveGroupMemberships: true
}, (userprofile, done) ->
  # asynchronous verification, for effect...
  process.nextTick ->
    exists = _.any(users, (user) ->
      user.id == userprofile.id
    )
    if !exists
      users.push userprofile
    done null, userprofile
  return
)
app.get /^(?!\/login.html|\/about.html)/, ensureAuthenticated, (req, res) ->
  res.redirect '/index.html'
  return

app.post '/login.html', passport.authenticate('atlassian-crowd'), (req, res) ->
  res.redirect 'back'
  return
return

I've tried to figure out how and when you trigger initialization and changed it accordingly. If you could take a look

[SteveMcArthur]

Hi - don't know about the expert bit. Its really hard to work out what's happening without some working code. I think your best option would be to download the authentication plugin source from here and modify it to use the AtlassianCrowdStrategy by adding it to the social-login.js file.

Alternatively I could simply add Atlassian to the plugin. Even if it still didn't work it would be easier to debug.

[derberg]

I tried to add crowd to the plugin bit I was getting some strange issue with express session and touch method which I did not understood. Tried to figure out more from you're code but failed. Would it be a big problem for you to add this strategy to the plugin? Many enterprise companies use crowd and I think that solution for crowd would bring more community people to docpad

[derberg]

@SteveMcArthur I hope you can see what I wrote, even though the case is closed.

If you are willing to add this strategy to the plugin this is what I've put there initially:

to specialCases added:

        crowd:  {
        setup:  {
            crowdServer:    "custom crowd server with slash at the end",
        },
        varChanges: {
            clientID:       'crowdApplication',
            clientSecret:   'crowdApplicationPassword'
        }
    }

to map I've added:

crowd:          ['passport-atlassian-crowd','Strategy']

to unique ids I've added:

crowd: 'id'

and this to dependencies in package json:

"passport-atlassian-crowd": ">= 0.0.0"

[SteveMcArthur]

Ok - will add atlassian to the plugin. Will make it part of the work to fix issue #4. It shouldn't be a big deal. Will aim to do it tmo.

In the meantime double, triple and quadruple check (and then check again) that you have got everything configured correctly on the atlassian side. In particular, check URLS (CHECK URLS!!!!). This is by far the source of most errors. If you have told the atlassian that your app is on "website.com" but you are testing on 'localhost' then it will fail. If you have told atlassian that your app is on 'www.website.com' but it is actually on 'website.com' then likely it will fail. If you are testing on localhost and you have configured Docpad in the docpad.coffee file with the url of 'website.com' then it will fail. Check that your app fails on both your development environment AND your production environment. Check that atlassian actually works on localhost/127.0.0.1. A lot of services don't like localhost/127.0.0.1. Problems with session tend to be URL issues as the session cookie is tied to the URL of your site.

Finally, test using chrome developer tools in the network tab, but tick 'preserve log'. This will preserve the log between requests. It will allow you to see the request that fails before being redirected to your fail URL. Quite often there is information telling you why the request failed when the service returns to you.

[derberg]

There is no issue with connection to crowd. My IP is added to crowd app's trusted apis. Anyway the authentication with crowd works like a charm locally - I get my groups assignments in response. Just passport initialisation fails.

Anyway, thanks a lot - let me know if you need any help in testing

[SteveMcArthur]

I've had a look at crowd and it's not what I was expecting. It looks like that you don't authenticate on the crowd website but a local internal server. Can you give me an idea of how your setup is?

[derberg]

for testing you need to install crowd locally indeed: https://confluence.atlassian.com/display/CROWD/Installing+Crowd you need to add:

• some test user there
• some application that is allowed to authenticate with crowd (the app name and its key is what is the most important for strategy configuration)

[SteveMcArthur]

mmm - this is more than I thought. I will have to think about how to do this. What language version did you use to install - Java, .net etc

[derberg]

I didn't have to install it as I have crowd server in my company so I'm using this one for testing. If you don't want to install it locally I can help you out as a tester

[SteveMcArthur]

OK - I'll have a go at installing crowd locally - but it sounds like I will not be able to deploy to the test website (http://login-stevehome.rhcloud.com) which I use to prove that authentication works in the wild.

[SteveMcArthur]

@derberg I've added crowd configuration as per your description. Haven't been able to test it. Installing crowd locally is probably too big a job for me. Also, I'm not really sure what the best way is to pass the crowdServer setup details - so for testing purposes you'll will probably have to hard code them in the social-login.js.