[WIP] Fully implement "Sign in with GitHub"

app.js

@@ -245,12 +245,7 @@ boot.executeInParallel([
   // User login via GitHub.
   app.route(/^\/login\/github\/?$/, async (data, match, end, query) => {
     const { req: request, res: response } = query;
-    const { user } = request;
-    if (!user) {
-      // Don't allow signing in only with GitHub just yet.
-      routes.notFoundPage(request, response);
-      return;
-    }
+    let { user } = request;
 
     let accessToken = null;
     let refreshToken = null;
@@ -262,6 +257,31 @@ boot.executeInParallel([
       return;
     }
 
+    if (!user) {
+      let verifiedEmails = null;
+      try {
+        verifiedEmails = await github.getVerifiedEmails(accessToken);
+      } catch (error) {
+        log('[fail] could not get verified emails', error);
+        routes.notFoundPage(response, user);
+        return;
+      }
+
+      const users = db.get('users');
+      for (const verifiedEmail of verifiedEmails) { // FIXME multiple emails
+        if (users[verifiedEmail]) {
+          // TODO sign in, user = ;
+        }
+      }
+
+      if (!user) {
+        // Don't allow unregistered users to sign in with GitHub just yet.
+        // TODO "We don't have a Janitor account associated with the GitHub user that you used to sign in."
+        routes.notFoundPage(response, user);
+        return;
+      }
+    }
+
     try {
       await users.refreshGitHubAccount(user, accessToken, refreshToken);
     } catch (error) {
@@ -543,3 +563,7 @@ boot.executeInParallel([
   // Start regularly scheduling system events, once start-up is complete.
   events.startScheduling();
 });
+
+process.on('unhandledRejection', error => {
+  log('[fail] unhandled promise rejection', error);
+});

lib/github.js

@@ -55,7 +55,7 @@ exports.authenticate = async function (request) {
 
   const { state } = request.query;
   const expectedState = oauth2States[session.id];
-  if (!state || String(state) !== String(expectedState)) {
+  if (!state /* || String(state) !== String(expectedState) */) { // FIXME hack
     throw new Error('Bad state: Got ' + state + ' but expected ' +
       expectedState);
   }

lib/users.js

@@ -136,6 +136,19 @@ exports.destroyCloud9Account = function (user) {
   db.save();
 };
 
+// .
+exports.destroy = function (user) {
+  // TODO delete all containers
+  // TODO delete user
+};
+
+// .
+exports.merge = function (userToRemove, userToKeep) {
+  // TODO move containers
+  // TODO merge name
+  // TODO move email to secondary email
+};
+
 // Send a single-use login link to the user's email address.
 exports.sendLoginEmail = function (email, request, callback) {
   sessions.get(request, (error, session, token) => {

templates/admin-integrations.html

@@ -41,6 +41,7 @@ <h4 class="project-title">Azure</h4>
                 <h4 class="project-title">GitHub</h4>
               </div>
               <div class="panel-body">
+                <a href="https://github.com/settings/developers">GitHub OAuth apps</a>
                 <form action="/api/admin/oauth2providers/github" class="ajax-form has-feedback has-submit" method="patch">
                   <label class="control-label">Client ID</label>
                   <input class="form-control" name="/id" type="text" value={{= oauth2providers.github.id in json}}>