added authentication for github at backend.

[asiyani]

Added GitHub authentication using passport.js & passport-github2. created user routes as described below.

SETUP

For GitHub authentication, we need to register an application with GitHub. The new application can be created at developer applications within GitHub's settings panel. You will also need to configure a callback URL which matches the route in your application.

URL to register app ->  https://github.com/settings/applications/new
# use following values for testing 
'Homepage URL' -> 'http://localhost:3000'
'Authorization callback URL' -> 'http://localhost:3000/user/auth/callback'

Your application will be issued a client ID and client secret, which need to be provided to the strategy. Please rename sample.dev.env to .dev.env and then update Client ID and Client secret in that. I am doing this because we should not share that secret on GitHub. For production, we need to do same but using curisityLab logins and setup environment variable.

Routes & back end Files

Added auth.js is sever folder. This contails setting needed for passportjs and github strategy. added findOrCreate function to db/user.js to find user if its already in db or create one if not. updated routes/user.js to add folloing routes.

• GET user/ send json object of userdata including access-token if user authenticated.
• GET user/auth -> user tring to login -> it will be redirected to github for authentication
• GET user/auth/callback -> github will call this URL once authenticatin completed.
• GET user/login -> if authentication failed user will be redirected here to login again.
• POST user/logout -> user will be logged out and redirected to /

Middleware

• isAuthenticated is the middleware in routes/user.js file. When used isAuthenticated will check every request and if user is not logged in it will redirect user to user/login to authenticaate.

Front end File changes

• Added auth.js file to send query to server if user is authenticated.
• added buttons for login, logout and info regarding user if the user is authenticated.

Just for testing

After logging in you can try http://localhost:3000/user/ you will receive JSON obj with your details.

Please review this code for any issue and changes you guys want me to make. fell free to change front end login/logout section. (I am not good with design and css 😄 ).

[mubaris]

I have few issues with this code.

When I go to localhost:3000 it still asks for Github Token, we should remove that. I pressed cancel and tried to login using Github Auth but I got the following error. Cannot GET /auth/github/fallback

You should fix this.

[mubaris]

If you want to access Github application details, head to settings tab of Curiosity org, and select OAuth Apps

[asiyani]

http://localhost:3000/user/auth/callback Please use this as authorization URL I think I made mistakes in PR comment fixing it now.

[mubaris]

I'll update the app preferences

[mubaris]

Now it's working

But we still need to Change UI. @alejandronanez We have 2 options. 1) Fix the UI before merging by @asiyani or 2) Fix the UI after merging by @vvvdeep or @maiquynhtruong

What do you think?

[asiyani]

I have change initial login pop up so that it will ask for login instead of submitting token. I think for now this will do, in future, we might not have to ask the user to login at first because we should have all data cached in our database. We will only ask the user to login if we don't have any data they asking for or it is out of date.

What do you guys think about this?

[mubaris]

It's not asking for initial login popup. But not asking for token either.

Another issue, it consoles isAuthenticated: failed when I login. Is that a problem?

Few questions about current state of app. Are we storing repository data in DB now? and are we storing anything apart from user details?

[asiyani]

Ya its not asking for token because we dont need that now.we are getting same token via authentication. Yes isAuthenticated is failed if you load website with out login..thats ok.. At the moment we are just storing user info. Intact all Github API calls are happening on front end not on server side. We need to move thouse apis backend but need to work on #42. Its not clear from your comment, is everything working for you? I mean can you see repo info. If not please check you have. .dev.env file with correct details.

On Thu, 8 Jun 2017, 1:47 am Mubaris NK, notifications@github.com wrote:

It's not asking for initial login popup. But not asking for token either.

Another issue, it consoles isAuthenticated: failed when I login. Is that a problem?

Few questions about current state of app. Are we storing repository data in DB now? and are we storing anything apart from user details?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/curiositylab/curiosity/pull/45#issuecomment-306966065, or mute the thread https://github.com/notifications/unsubscribe-auth/AGz7sJ_ofo6TJ6o_-G6f0LHVKT9HwtXVks5sB0SSgaJpZM4NxGBb .

[mubaris]

Everything is working for me. I just wanted to know, what has happened.

Everything fine from my side.

Waiting for @alejandronanez