GoogleOauth2.0 First implementation

First try for GoogleOauth2.0

express-server/node_modules/passport-google-oauth20/.npmignore

@@ -0,0 +1,8 @@
+Makefile
+docs/
+examples/
+reports/
+test/
+
+.jshintrc
+.travis.yml

express-server/node_modules/passport-google-oauth20/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2012-2016 Jared Hanson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

express-server/node_modules/passport-google-oauth20/README.md

@@ -0,0 +1,123 @@
+# passport-google-oauth20
+
+[![Build](https://img.shields.io/travis/jaredhanson/passport-google-oauth2.svg)](https://travis-ci.org/jaredhanson/passport-google-oauth2)
+[![Coverage](https://img.shields.io/coveralls/jaredhanson/passport-google-oauth2.svg)](https://coveralls.io/r/jaredhanson/passport-google-oauth2)
+[![Quality](https://img.shields.io/codeclimate/github/jaredhanson/passport-google-oauth2.svg?label=quality)](https://codeclimate.com/github/jaredhanson/passport-google-oauth2)
+[![Dependencies](https://img.shields.io/david/jaredhanson/passport-google-oauth2.svg)](https://david-dm.org/jaredhanson/passport-google-oauth2)
+
+
+[Passport](http://passportjs.org/) strategy for authenticating with [Google](http://www.google.com/)
+using the OAuth 2.0 API.
+
+This module lets you authenticate using Google in your Node.js applications.
+By plugging into Passport, Google authentication can be easily and
+unobtrusively integrated into any application or framework that supports
+[Connect](http://www.senchalabs.org/connect/)-style middleware, including
+[Express](http://expressjs.com/).
+
+## Install
+
+    $ npm install passport-google-oauth20
+
+## Usage
+
+#### Create an Application
+
+Before using `passport-google-oauth20`, you must register an application with
+Google.  If you have not already done so, a new project can be created in the
+[Google Developers Console](https://console.developers.google.com/).
+Your application will be issued a client ID and client secret, which need to be
+provided to the strategy.  You will also need to configure a redirect URI which
+matches the route in your application.
+
+#### Configure Strategy
+
+The Google authentication strategy authenticates users using a Google account
+and OAuth 2.0 tokens.  The client ID and secret obtained when creating an
+application are supplied as options when creating the strategy.  The strategy
+also requires a `verify` callback, which receives the access token and optional
+refresh token, as well as `profile` which contains the authenticated user's
+Google profile.  The `verify` callback must call `cb` providing a user to
+complete authentication.
+
+    var GoogleStrategy = require('passport-google-oauth20').Strategy;
+
+    passport.use(new GoogleStrategy({
+        clientID: GOOGLE_CLIENT_ID,
+        clientSecret: GOOGLE_CLIENT_SECRET,
+        callbackURL: "http://www.example.com/auth/google/callback"
+      },
+      function(accessToken, refreshToken, profile, cb) {
+        User.findOrCreate({ googleId: profile.id }, function (err, user) {
+          return cb(err, user);
+        });
+      }
+    ));
+
+#### Authenticate Requests
+
+Use `passport.authenticate()`, specifying the `'google'` strategy, to
+authenticate requests.
+
+For example, as route middleware in an [Express](http://expressjs.com/)
+application:
+
+    app.get('/auth/google',
+      passport.authenticate('google', { scope: ['profile'] }));
+
+    app.get('/auth/google/callback', 
+      passport.authenticate('google', { failureRedirect: '/login' }),
+      function(req, res) {
+        // Successful authentication, redirect home.
+        res.redirect('/');
+      });
+
+## Examples
+
+Developers using the popular [Express](http://expressjs.com/) web framework can
+refer to an [example](https://github.com/passport/express-4.x-facebook-example)
+as a starting point for their own web applications.  The example shows how to
+authenticate users using Facebook.  However, because both Facebook and Google
+use OAuth 2.0, the code is similar.  Simply replace references to Facebook with
+corresponding references to Google.
+
+## Contributing
+
+#### Tests
+
+The test suite is located in the `test/` directory.  All new features are
+expected to have corresponding test cases.  Ensure that the complete test suite
+passes by executing:
+
+```bash
+$ make test
+```
+
+#### Coverage
+
+The test suite covers 100% of the code base.  All new feature development is
+expected to maintain that level.  Coverage reports can be viewed by executing:
+
+```bash
+$ make test-cov
+$ make view-cov
+```
+
+## Support
+
+#### Funding
+
+This software is provided to you as open source, free of charge.  The time and
+effort to develop and maintain this project is dedicated by [@jaredhanson](https://github.com/jaredhanson).
+If you (or your employer) benefit from this project, please consider a financial
+contribution.  Your contribution helps continue the efforts that produce this
+and other open source software.
+
+Funds are accepted via [PayPal](https://paypal.me/jaredhanson), [Venmo](https://venmo.com/jaredhanson),
+and [other](http://jaredhanson.net/pay) methods.  Any amount is appreciated.
+
+## License
+
+[The MIT License](http://opensource.org/licenses/MIT)
+
+Copyright (c) 2012-2016 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>

express-server/node_modules/passport-google-oauth20/lib/errors/googleplusapierror.js

@@ -0,0 +1,25 @@
+/**
+ * `GooglePlusAPIError` error.
+ *
+ * References:
+ *   - https://developers.google.com/+/web/api/rest/
+ *
+ * @constructor
+ * @param {string} [message]
+ * @param {number} [code]
+ * @access public
+ */
+function GooglePlusAPIError(message, code) {
+  Error.call(this);
+  Error.captureStackTrace(this, arguments.callee);
+  this.name = 'GooglePlusAPIError';
+  this.message = message;
+  this.code = code;
+}
+
+// Inherit from `Error`.
+GooglePlusAPIError.prototype.__proto__ = Error.prototype;
+
+
+// Expose constructor.
+module.exports = GooglePlusAPIError;

express-server/node_modules/passport-google-oauth20/lib/errors/userinfoerror.js

@@ -0,0 +1,22 @@
+/**
+ * `UserInfoError` error.
+ *
+ * @constructor
+ * @param {string} [message]
+ * @param {string} [code]
+ * @access public
+ */
+function UserInfoError(message, code) {
+  Error.call(this);
+  Error.captureStackTrace(this, arguments.callee);
+  this.name = 'UserInfoError';
+  this.message = message;
+  this.code = code;
+}
+
+// Inherit from `Error`.
+UserInfoError.prototype.__proto__ = Error.prototype;
+
+
+// Expose constructor.
+module.exports = UserInfoError;

express-server/node_modules/passport-google-oauth20/lib/index.js

@@ -0,0 +1,9 @@
+// Load modules.
+var Strategy = require('./strategy');
+
+
+// Expose Strategy.
+exports = module.exports = Strategy;
+
+// Exports.
+exports.Strategy = Strategy;

express-server/node_modules/passport-google-oauth20/lib/profile/googleplus.js

@@ -0,0 +1,47 @@
+/**
+ * Parse profile.
+ *
+ * Parses user profiles as fetched from Google's Google+ API.
+ *
+ * The amount of detail in the profile varies based on the scopes granted by the
+ * user.  The following scope values add additional data:
+ *
+ *     `https://www.googleapis.com/auth/plus.login` - recommended login scope
+ *     `profile` - basic profile information
+ *     `email` - email address
+ *
+ * References:
+ *   - https://developers.google.com/+/web/api/rest/latest/people/get
+ *   - https://developers.google.com/+/web/api/rest/
+ *   - https://developers.google.com/+/web/api/rest/oauth
+ *
+ * @param {object|string} json
+ * @return {object}
+ * @access public
+ */
+exports.parse = function(json) {
+  if ('string' == typeof json) {
+    json = JSON.parse(json);
+  }
+  
+  var profile = {}
+    , i, len;
+  profile.id = json.id;
+  profile.displayName = json.displayName;
+  if (json.name) {
+    profile.name = { familyName: json.name.familyName,
+                     givenName: json.name.givenName };
+  }
+  if (json.emails) {
+    profile.emails = [];
+    for (i = 0, len = json.emails.length; i < len; ++i) {
+      profile.emails.push({ value: json.emails[i].value, type: json.emails[i].type })
+    }
+  }
+  if (json.image) {
+    profile.photos = [{ value: json.image.url }];
+  }
+  profile.gender = json.gender;
+  
+  return profile;
+};

express-server/node_modules/passport-google-oauth20/lib/profile/openid.js

@@ -0,0 +1,40 @@
+/**
+ * Parse profile.
+ *
+ * Parses user profiles as fetched from Google's OpenID Connect-compatible user
+ * info endpoint.
+ *
+ * The amount of detail in the profile varies based on the scopes granted by the
+ * user.  The following scope values add additional data:
+ *
+ *     `profile` - basic profile information
+ *     `email` - email address
+ *
+ * References:
+ *   - https://developers.google.com/identity/protocols/OpenIDConnect
+ *
+ * @param {object|string} json
+ * @return {object}
+ * @access public
+ */
+exports.parse = function(json) {
+  if ('string' == typeof json) {
+    json = JSON.parse(json);
+  }
+  
+  var profile = {};
+  profile.id = json.sub;
+  profile.displayName = json.name;
+  if (json.family_name || json.given_name) {
+    profile.name = { familyName: json.family_name,
+                     givenName: json.given_name };
+  }
+  if (json.email) {
+    profile.emails = [ { value: json.email, verified: json.email_verified } ];
+  }
+  if (json.picture) {
+    profile.photos = [{ value: json.picture }];
+  }
+  
+  return profile;
+};

express-server/node_modules/passport-google-oauth20/lib/strategy.js

@@ -0,0 +1,199 @@
+// Load modules.
+var OAuth2Strategy = require('passport-oauth2')
+  , util = require('util')
+  , uri = require('url')
+  , GooglePlusProfile = require('./profile/googleplus')
+  , OpenIDProfile = require('./profile/openid')
+  , InternalOAuthError = require('passport-oauth2').InternalOAuthError
+  , GooglePlusAPIError = require('./errors/googleplusapierror')
+  , UserInfoError = require('./errors/userinfoerror');
+
+
+/**
+ * `Strategy` constructor.
+ *
+ * The Google authentication strategy authenticates requests by delegating to
+ * Google using the OAuth 2.0 protocol.
+ *
+ * Applications must supply a `verify` callback which accepts an `accessToken`,
+ * `refreshToken` and service-specific `profile`, and then calls the `cb`
+ * callback supplying a `user`, which should be set to `false` if the
+ * credentials are not valid.  If an exception occured, `err` should be set.
+ *
+ * Options:
+ *   - `clientID`      your Google application's client id
+ *   - `clientSecret`  your Google application's client secret
+ *   - `callbackURL`   URL to which Google will redirect the user after granting authorization
+ *
+ * Examples:
+ *
+ *     passport.use(new GoogleStrategy({
+ *         clientID: '123-456-789',
+ *         clientSecret: 'shhh-its-a-secret'
+ *         callbackURL: 'https://www.example.net/auth/google/callback'
+ *       },
+ *       function(accessToken, refreshToken, profile, cb) {
+ *         User.findOrCreate(..., function (err, user) {
+ *           cb(err, user);
+ *         });
+ *       }
+ *     ));
+ *
+ * @constructor
+ * @param {object} options
+ * @param {function} verify
+ * @access public
+ */
+function Strategy(options, verify) {
+  options = options || {};
+  options.authorizationURL = options.authorizationURL || 'https://accounts.google.com/o/oauth2/v2/auth';
+  options.tokenURL = options.tokenURL || 'https://www.googleapis.com/oauth2/v4/token';
+
+  OAuth2Strategy.call(this, options, verify);
+  this.name = 'google';
+  this._userProfileURL = options.userProfileURL || 'https://www.googleapis.com/plus/v1/people/me';
+  
+  var url = uri.parse(this._userProfileURL);
+  if (url.pathname.indexOf('/userinfo') == (url.pathname.length - '/userinfo'.length)) {
+    this._userProfileFormat = 'openid';
+  } else {
+    this._userProfileFormat = 'google+'; // Google Sign-In
+  }
+}
+
+// Inherit from `OAuth2Strategy`.
+util.inherits(Strategy, OAuth2Strategy);
+
+
+/**
+ * Retrieve user profile from Google.
+ *
+ * This function constructs a normalized profile, with the following properties:
+ *
+ *   - `provider`         always set to `google`
+ *   - `id`
+ *   - `username`
+ *   - `displayName`
+ *
+ * @param {string} accessToken
+ * @param {function} done
+ * @access protected
+ */
+Strategy.prototype.userProfile = function(accessToken, done) {
+  var self = this;
+  this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
+    var json;
+    
+    if (err) {
+      if (err.data) {
+        try {
+          json = JSON.parse(err.data);
+        } catch (_) {}
+      }
+      
+      if (json && json.error && json.error.message) {
+        return done(new GooglePlusAPIError(json.error.message, json.error.code));
+      } else if (json && json.error && json.error_description) {
+        return done(new UserInfoError(json.error_description, json.error));
+      }
+      return done(new InternalOAuthError('Failed to fetch user profile', err));
+    }
+    
+    try {
+      json = JSON.parse(body);
+    } catch (ex) {
+      return done(new Error('Failed to parse user profile'));
+    }
+    
+    var profile;
+    switch (self._userProfileFormat) {
+    case 'openid':
+      profile = OpenIDProfile.parse(json);
+      break;
+    default: // Google Sign-In
+      profile = GooglePlusProfile.parse(json);
+      break;
+    }
+    
+    profile.provider  = 'google';
+    profile._raw = body;
+    profile._json = json;
+    
+    done(null, profile);
+  });
+}
+
+/**
+ * Return extra Google-specific parameters to be included in the authorization
+ * request.
+ *
+ * @param {object} options
+ * @return {object}
+ * @access protected
+ */
+Strategy.prototype.authorizationParams = function(options) {
+  var params = {};
+  
+  // https://developers.google.com/identity/protocols/OAuth2WebServer
+  if (options.accessType) {
+    params['access_type'] = options.accessType;
+  }
+  if (options.prompt) {
+    params['prompt'] = options.prompt;
+  }
+  if (options.loginHint) {
+    params['login_hint'] = options.loginHint;
+  }
+  if (options.includeGrantedScopes) {
+    params['include_granted_scopes'] = true;
+  }
+  
+  // https://developers.google.com/identity/protocols/OpenIDConnect
+  if (options.display) {
+    // Specify what kind of display consent screen to display to users.
+    //   https://developers.google.com/accounts/docs/OpenIDConnect#authenticationuriparameters
+    params['display'] = options.display;
+  }
+  
+  // Google Apps for Work
+  if (options.hostedDomain || options.hd) {
+    // This parameter is derived from Google's OAuth 1.0 endpoint, and (although
+    // undocumented) is supported by Google's OAuth 2.0 endpoint was well.
+    //   https://developers.google.com/accounts/docs/OAuth_ref
+    params['hd'] = options.hostedDomain || options.hd;
+  }
+  
+  // Google+
+  if (options.requestVisibleActions) {
+    // Space separated list of allowed app actions
+    // as documented at:
+    //  https://developers.google.com/+/web/app-activities/#writing_an_app_activity_using_the_google_apis_client_libraries
+    //  https://developers.google.com/+/api/moment-types/
+    params['request_visible_actions'] = options.requestVisibleActions;
+  }
+  
+  // OpenID 2.0 migration
+  if (options.openIDRealm) {
+    // This parameter is needed when migrating users from Google's OpenID 2.0 to OAuth 2.0
+    //   https://developers.google.com/accounts/docs/OpenID?hl=ja#adjust-uri
+    params['openid.realm'] = options.openIDRealm;
+  }
+  
+  // Undocumented
+  if (options.approvalPrompt) {
+    params['approval_prompt'] = options.approvalPrompt;
+  }
+  if (options.userID) {
+    // Undocumented, but supported by Google's OAuth 2.0 endpoint.  Appears to
+    // be equivalent to `login_hint`.
+    params['user_id'] = options.userID;
+  }
+  
+  return params;
+}
+
+
+/**
+ * Expose `Strategy`.
+ */
+module.exports = Strategy;

express-server/node_modules/passport-google-oauth20/package.json

@@ -0,0 +1,74 @@
+{
+  "_from": "passport-google-oauth20@1.x.x",
+  "_id": "passport-google-oauth20@1.0.0",
+  "_inBundle": false,
+  "_integrity": "sha1-O5YOih1w0dvnlGFcgnxoxAOSpdA=",
+  "_location": "/passport-google-oauth20",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "range",
+    "registry": true,
+    "raw": "passport-google-oauth20@1.x.x",
+    "name": "passport-google-oauth20",
+    "escapedName": "passport-google-oauth20",
+    "rawSpec": "1.x.x",
+    "saveSpec": null,
+    "fetchSpec": "1.x.x"
+  },
+  "_requiredBy": [
+    "/passport-google-oauth"
+  ],
+  "_resolved": "https://registry.npmjs.org/passport-google-oauth20/-/passport-google-oauth20-1.0.0.tgz",
+  "_shasum": "3b960e8a1d70d1dbe794615c827c68c40392a5d0",
+  "_spec": "passport-google-oauth20@1.x.x",
+  "_where": "C:\\Users\\Georg\\GitHub\\SmartShopper\\express-server\\node_modules\\passport-google-oauth",
+  "author": {
+    "name": "Jared Hanson",
+    "email": "jaredhanson@gmail.com",
+    "url": "http://www.jaredhanson.net/"
+  },
+  "bugs": {
+    "url": "http://github.com/jaredhanson/passport-google-oauth2/issues"
+  },
+  "bundleDependencies": false,
+  "dependencies": {
+    "passport-oauth2": "1.x.x"
+  },
+  "deprecated": false,
+  "description": "Google (OAuth 2.0) authentication strategy for Passport.",
+  "devDependencies": {
+    "chai": "2.x.x",
+    "chai-passport-strategy": "1.x.x",
+    "make-node": "0.3.x",
+    "mocha": "1.x.x"
+  },
+  "engines": {
+    "node": ">= 0.4.0"
+  },
+  "homepage": "https://github.com/jaredhanson/passport-google-oauth2#readme",
+  "keywords": [
+    "passport",
+    "google",
+    "auth",
+    "authn",
+    "authentication",
+    "identity"
+  ],
+  "license": "MIT",
+  "licenses": [
+    {
+      "type": "MIT",
+      "url": "http://opensource.org/licenses/MIT"
+    }
+  ],
+  "main": "./lib",
+  "name": "passport-google-oauth20",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/jaredhanson/passport-google-oauth2.git"
+  },
+  "scripts": {
+    "test": "mocha --require test/bootstrap/node test/*.test.js test/**/*.test.js"
+  },
+  "version": "1.0.0"
+}