Merge pull request #42 from csync/laik/facebook-auth

Add Facebook auth
csync · Feb 9, 2017 · 2295f12 · 2295f12
2 parents 5d2e32f + cf14fac
commit 2295f12
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -94,15 +94,19 @@ The ACL for a key is set when the key is created by the first write performed to
 
   - `docker run -d -p 6005:6005 csync`
 
-  To enable **Google Authentication** add in a environment variable like so:
+  To enable **Google Authentication** add in an environment variable like so:
 
   - `docker run -d -p 6005:6005 -e CSYNC_GOOGLE_CLIENT_IDS="CLIENTID HERE" csync`
 
   To enable **GitHub Authentication** add in a client ID and client Secret 
 
   - `docker run -d -p 6005:6005 -e CSYNC_GITHUB_ID githubIdHere -e CSYNC_GITHUB_SECRET githubSecretHere csync`
 
-  Both authentication providers can be enabled at the same time by having all environment variables specified.
+  To enable **Facebook Authentication** add in an app ID and app secret 
+
+  - `docker run -d -p 6005:6005 -e CSYNC_FACEBOOK_ID facebookIdHere -e CSYNC_FACEBOOK_SECRET facebookSecretHere csync`
+
+  All of the authentication providers can be enabled at the same time by having each environment variables specified.
 
   Click [here] (https://github.com/csync/csync-server/wiki/Create-a-CSync-Instance-on-Bluemix) for instructions to run CSync on Bluemix
 

diff --git a/build.sbt b/build.sbt
@@ -42,6 +42,7 @@ lazy val postgresDriver = "org.postgresql" % "postgresql" % "9.4.1208"
 lazy val logging = "org.slf4j" % "slf4j-simple" % "1.7.21"
 lazy val scalaTest = "org.scalatest" %% "scalatest" % "3.0.1"
 lazy val scalaCheck = "org.scalacheck" %% "scalacheck" % "1.13.4"
+lazy val json4s = "org.json4s" %% "json4s-native" % "3.5.0"
 
 // Keeping the silly style thing happy
 lazy val P9000 = 9000
@@ -91,9 +92,9 @@ lazy val vertx = project.dependsOn(core)
       "io.vertx" % "vertx-codegen" % "3.3.0",
 
       logging,
+      json4s,
       postgresDriver,
       "com.zaxxer" % "HikariCP" % "2.4.6",
-      "org.json4s" %% "json4s-native" % "3.5.0",
       "com.ibm.bluemix.deploymenttracker" % "cf-java-app-tracker-client" % "0.3.0"
     ),
 
@@ -129,8 +130,9 @@ lazy val core = project
 
       // google-api-client, version 1.22.0
       "com.google.api-client" % "google-api-client" % "1.22.0",
-      "com.google.api-client" % "google-api-client-gson" % "1.22.0"
+      "com.google.api-client" % "google-api-client-gson" % "1.22.0",
 
+      json4s
       // avoid conflict
       //xml
     ),

diff --git a/core/src/main/scala/com/ibm/csync/auth/facebook/ValidateFacebookToken.scala b/core/src/main/scala/com/ibm/csync/auth/facebook/ValidateFacebookToken.scala
@@ -0,0 +1,61 @@
+/*
+ * Copyright IBM Corporation 2016-2017
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.ibm.csync.auth.facebook
+
+import com.google.api.client.json.JsonFactory
+import com.google.api.client.json.gson.GsonFactory
+import com.ibm.csync.session.UserInfo
+import com.typesafe.scalalogging.LazyLogging
+import org.json4s._
+import org.json4s.native.JsonMethods._
+import scala.util.Try
+import scalaj.http.{Http, HttpResponse}
+
+object ValidateFacebookToken extends LazyLogging {
+
+  val facebookAppId = sys.env.getOrElse("CSYNC_FACEBOOK_ID", "")
+  val facebookAppSecret = sys.env.getOrElse("CSYNC_FACEBOOK_SECRET", "")
+
+  val jsonFactory: JsonFactory = new GsonFactory()
+
+  def validate(token: String): UserInfo = {
+    logger.info(s"[validateToken]: $token Validating facebook id token representing user’s identity asserted by the identity provider")
+
+    val url = s"https://graph.facebook.com/debug_token?input_token=${token}&access_token=${facebookAppId}|${facebookAppSecret}"
+
+    val response: Try[HttpResponse[String]] = Try(Http(url).asString)
+
+    if (response.isFailure || response.get.code != 200) {
+      logger.info(s"[validateFacebookToken]: Token validation failed for token: ${token}")
+      throw new Exception("Cannot establish session. Token validation failed")
+    }
+
+    val data = response.get.body
+    val parsed = parse(data)
+
+    if((parsed \ "data" \ "is_valid").values.equals(false)) {
+      logger.info(s"[validateFacebookToken]: Token validation failed for token: ${token}")
+      throw new Exception("Cannot establish session. Token validation failed")
+    }
+
+    val id =(parsed \ "data" \ "user_id" ).values
+    val authenticatorId = s"facebook:${id}"
+
+    logger.debug(s"[validateToken]: Validated id token. Contains authenticatorid $authenticatorId")
+    UserInfo(authenticatorId)
+  }
+}
diff --git a/core/src/main/scala/com/ibm/csync/session/Session.scala b/core/src/main/scala/com/ibm/csync/session/Session.scala
@@ -21,6 +21,7 @@ import java.sql.{Connection => SqlConnection}
 import javax.sql.DataSource
 
 import com.ibm.csync.auth.demo.ValidateDemoToken
+import com.ibm.csync.auth.facebook.ValidateFacebookToken
 import com.ibm.csync.auth.github.ValidateGitHubToken
 import com.ibm.csync.auth.google.ValidateGoogleToken
 import com.ibm.csync.commands.{ConnectResponse, Data, Err, Response}
@@ -38,6 +39,7 @@ object Session {
   val DemoAuthProvider = "demo"
   val GoogleAuthProvider = "google"
   val GithubAuthProvider = "github"
+  val FacebookAuthProvider = "facebook"
 
   val demoToken: String = """demoToken"""
   val userToken: Regex = """demoToken\((.*)\)""".r
@@ -64,6 +66,7 @@ case class Session(ds: DataSource, uuid: String,
     authProvider match {
       case Some(GoogleAuthProvider) => ValidateGoogleToken.validate(token.s).get
       case Some(GithubAuthProvider) => ValidateGitHubToken.validate(token.s)
+      case Some(FacebookAuthProvider) => ValidateFacebookToken.validate(token.s)
       case Some(DemoAuthProvider) | None => ValidateDemoToken.validate(token.s)
       case Some(unknownProvider) =>
         logger.info(s"[validateToken]: Unknown provider ${'\"'}$unknownProvider${'\"'}")

diff --git a/core/src/test/scala/com/ibm/csync/auth/ValidateFacebookTokenTests.scala b/core/src/test/scala/com/ibm/csync/auth/ValidateFacebookTokenTests.scala
@@ -0,0 +1,27 @@
+/*
+ * Copyright IBM Corporation 2017
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.ibm.csync.auth.facebook
+
+import org.scalatest.{FunSuite, Matchers}
+
+class ValidateFacebookTokenTests extends FunSuite with Matchers {
+  test("Test bad github token") {
+    assertThrows[Exception] {
+      ValidateFacebookToken.validate("This is a bad token")
+    }
+  }
+}