From 0e8bba84a301cae20ccc34c94d04b8bf7be86f8b Mon Sep 17 00:00:00 2001
From: Lukasz Sielski <lukaszsielski@gmail.com>
Date: Tue, 12 May 2015 20:10:03 +0100
Subject: [PATCH] Refactor user

---
 bower.json                                    |   3 +-
 config/assets/default.js                      |   6 +-
 config/env/development.js                     |  48 ++--
 gruntfile.js                                  |  14 +-
 .../controllers/errors.server.controller.js   |  11 +-
 .../client/config/users.client.routes.js      |   9 +
 .../admin/users.client.controller.js          |  13 +
 .../controllers/settings.client.controller.js |  79 ++++--
 .../edit-profile.client.controller.js         |  38 ++-
 ...anage-social-accounts.client.controller.js |  29 ++-
 .../settings/settings.client.controller.js    |   2 +-
 modules/users/client/users.client.module.js   |   2 +-
 .../views/admin/users.list.client.view.html   |  34 +++
 .../settings/edit-profile.client.view.html    |  33 ++-
 .../manage-social-accounts.client.view.html   |   6 +-
 .../server/config/strategies/facebook.js      |  17 +-
 .../users/server/config/strategies/github.js  |  22 +-
 .../users/server/config/strategies/google.js  |  13 +-
 .../server/config/strategies/linkedin.js      |  13 +-
 .../users/server/config/strategies/local.js   |   8 +-
 .../users/server/config/strategies/twitter.js |  22 +-
 .../controllers/users.server.controller.js    |   3 +-
 .../users.authentication.server.controller.js | 126 +++-------
 .../users.authorization.server.controller.js  |   6 +-
 .../users/users.crud.server.controller.js     |  13 +
 .../users/users.password.server.controller.js |  64 ++---
 .../users/server/models/user.server.model.js  | 238 +++++++++++++++---
 .../server/policies/users.server.policy.js    |  46 ++++
 .../server/routes/users.server.routes.js      |   7 +-
 .../tests/server/user.server.model.tests.js   |  73 ++++--
 package.json                                  |  47 ++--
 31 files changed, 717 insertions(+), 328 deletions(-)
 create mode 100644 modules/users/client/controllers/admin/users.client.controller.js
 create mode 100644 modules/users/client/views/admin/users.list.client.view.html
 create mode 100644 modules/users/server/controllers/users/users.crud.server.controller.js
 create mode 100644 modules/users/server/policies/users.server.policy.js

diff --git a/bower.json b/bower.json
index 951e48aaac..38be8f6194 100644
--- a/bower.json
+++ b/bower.json
@@ -11,6 +11,7 @@
 		"angular-bootstrap": "~0.11.0",
 		"angular-ui-utils": "~0.1.1",
 		"angular-ui-router": "~0.2.10",
-		"angular-file-upload": "~1.1.5"
+		"angular-file-upload": "~1.1.5",
+		"angular-json-tree": "*"
 	}
 }
diff --git a/config/assets/default.js b/config/assets/default.js
index 42f1b1062a..4377b7fd1c 100644
--- a/config/assets/default.js
+++ b/config/assets/default.js
@@ -5,7 +5,8 @@ module.exports = {
 		lib: {
 			css: [
 				'public/lib/bootstrap/dist/css/bootstrap.css',
-				'public/lib/bootstrap/dist/css/bootstrap-theme.css'
+				'public/lib/bootstrap/dist/css/bootstrap-theme.css',
+				'public/lib/angular-json-tree/build/angular-json-tree.css'
 			],
 			js: [
 				'public/lib/angular/angular.js',
@@ -14,7 +15,8 @@ module.exports = {
 				'public/lib/angular-ui-router/release/angular-ui-router.js',
 				'public/lib/angular-ui-utils/ui-utils.js',
 				'public/lib/angular-bootstrap/ui-bootstrap-tpls.js',
-				'public/lib/angular-file-upload/angular-file-upload.js'
+				'public/lib/angular-file-upload/angular-file-upload.js',
+				'public/lib/angular-json-tree/build/angular-json-tree.min.js'
 			],
 			tests: ['public/lib/angular-mocks/angular-mocks.js']
 		},
diff --git a/config/env/development.js b/config/env/development.js
index 310189454b..abf0ff9afe 100644
--- a/config/env/development.js
+++ b/config/env/development.js
@@ -6,30 +6,30 @@ module.exports = {
 		title: 'MEAN.JS - Development Environment'
 	},
 	facebook: {
-        clientID: process.env.FACEBOOK_ID || 'APP_ID',
-        clientSecret: process.env.FACEBOOK_SECRET || 'APP_SECRET',
-        callbackURL: '/api/auth/facebook/callback'
-    },
-    twitter: {
-        clientID: process.env.TWITTER_KEY || 'CONSUMER_KEY',
-        clientSecret: process.env.TWITTER_SECRET || 'CONSUMER_SECRET',
-        callbackURL: '/api/auth/twitter/callback'
-    },
-    google: {
-        clientID: process.env.GOOGLE_ID || 'APP_ID',
-        clientSecret: process.env.GOOGLE_SECRET || 'APP_SECRET',
-        callbackURL: '/api/auth/google/callback'
-    },
-    linkedin: {
-        clientID: process.env.LINKEDIN_ID || 'APP_ID',
-        clientSecret: process.env.LINKEDIN_SECRET || 'APP_SECRET',
-        callbackURL: '/api/auth/linkedin/callback'
-    },
-    github: {
-        clientID: process.env.GITHUB_ID || 'APP_ID',
-        clientSecret: process.env.GITHUB_SECRET || 'APP_SECRET',
-        callbackURL: '/api/auth/github/callback'
-    },
+		clientID: process.env.FACEBOOK_ID || 'APP_ID',
+		clientSecret: process.env.FACEBOOK_SECRET || 'APP_SECRET',
+		callbackURL: '/api/auth/facebook/callback'
+	},
+	twitter: {
+		clientID: process.env.TWITTER_KEY || 'CONSUMER_KEY',
+		clientSecret: process.env.TWITTER_SECRET || 'CONSUMER_SECRET',
+		callbackURL: '/api/auth/twitter/callback'
+	},
+	google: {
+		clientID: process.env.GOOGLE_ID || 'APP_ID',
+		clientSecret: process.env.GOOGLE_SECRET || 'APP_SECRET',
+		callbackURL: '/api/auth/google/callback'
+	},
+	linkedin: {
+		clientID: process.env.LINKEDIN_ID || 'APP_ID',
+		clientSecret: process.env.LINKEDIN_SECRET || 'APP_SECRET',
+		callbackURL: '/api/auth/linkedin/callback'
+	},
+	github: {
+		clientID: process.env.GITHUB_ID || 'APP_ID',
+		clientSecret: process.env.GITHUB_SECRET || 'APP_SECRET',
+		callbackURL: '/api/auth/github/callback'
+	},
 	mailer: {
 		from: process.env.MAILER_FROM || 'MAILER_FROM',
 		options: {
diff --git a/gruntfile.js b/gruntfile.js
index e8abfe71ab..584cf1331e 100644
--- a/gruntfile.js
+++ b/gruntfile.js
@@ -138,8 +138,8 @@ module.exports = function (grunt) {
 					expand: true,
 					src: defaultAssets.client.sass,
 					ext: '.css',
-					rename: function(base, src) {
-						return  src.replace('/scss/', '/css/');
+					rename: function (base, src) {
+						return src.replace('/scss/', '/css/');
 					}
 				}]
 			}
@@ -150,8 +150,8 @@ module.exports = function (grunt) {
 					expand: true,
 					src: defaultAssets.client.less,
 					ext: '.css',
-					rename: function(base, src) {
-						return  src.replace('/less/', '/css/');
+					rename: function (base, src) {
+						return src.replace('/less/', '/css/');
 					}
 				}]
 			}
@@ -203,14 +203,14 @@ module.exports = function (grunt) {
 		}
 	});
 
-	// Load NPM tasks 
+	// Load NPM tasks
 	require('load-grunt-tasks')(grunt);
 
 	// Making grunt default to force in order not to break the project.
 	grunt.option('force', true);
 
 	// Connect to the MongoDB instance and load the models
-	grunt.task.registerTask('mongoose', 'Task that connects to the MongoDB instance and loads the application models.', function() {
+	grunt.task.registerTask('mongoose', 'Task that connects to the MongoDB instance and loads the application models.', function () {
 		// Get the callback
 		var done = this.async();
 
@@ -218,7 +218,7 @@ module.exports = function (grunt) {
 		var mongoose = require('./config/lib/mongoose.js');
 
 		// Connect to database
-		mongoose.connect(function(db) {
+		mongoose.connect(function (db) {
 			done();
 		});
 	});
diff --git a/modules/core/server/controllers/errors.server.controller.js b/modules/core/server/controllers/errors.server.controller.js
index db81a8ec86..ae1497c274 100644
--- a/modules/core/server/controllers/errors.server.controller.js
+++ b/modules/core/server/controllers/errors.server.controller.js
@@ -3,14 +3,14 @@
 /**
  * Get unique error field name
  */
-var getUniqueErrorMessage = function(err) {
+var getUniqueErrorMessage = function (err) {
 	var output;
 
 	try {
 		var fieldName = err.err.substring(err.err.lastIndexOf('.$') + 2, err.err.lastIndexOf('_1'));
 		output = fieldName.charAt(0).toUpperCase() + fieldName.slice(1) + ' already exist';
 
-	} catch(ex) {
+	} catch (ex) {
 		output = 'Unique field already exist';
 	}
 
@@ -20,9 +20,9 @@ var getUniqueErrorMessage = function(err) {
 /**
  * Get the error message from error object
  */
-exports.getErrorMessage = function(err) {
+exports.getErrorMessage = function (err) {
 	var message = '';
-	
+
 	if (err.code) {
 		switch (err.code) {
 			case 11000:
@@ -33,6 +33,9 @@ exports.getErrorMessage = function(err) {
 				message = 'Something went wrong';
 		}
 	} else {
+		if (!err.errors && err.message) {
+			return err.message;
+		}
 		for (var errName in err.errors) {
 			if (err.errors[errName].message) message = err.errors[errName].message;
 		}
diff --git a/modules/users/client/config/users.client.routes.js b/modules/users/client/config/users.client.routes.js
index 9b0546360e..71e2300f6f 100644
--- a/modules/users/client/config/users.client.routes.js
+++ b/modules/users/client/config/users.client.routes.js
@@ -64,6 +64,15 @@ angular.module('users').config(['$stateProvider',
 			state('password.reset.form', {
 				url: '/:token',
 				templateUrl: 'modules/users/views/password/reset-password.client.view.html'
+			}).
+			state('admin', {
+				abstract: true,
+				url: '/admin',
+				template: '<ui-view/>'
+			}).
+			state('admin.users', {
+				url: '/users',
+				templateUrl: 'modules/users/views/admin/users.list.client.view.html'
 			});
 	}
 ]);
diff --git a/modules/users/client/controllers/admin/users.client.controller.js b/modules/users/client/controllers/admin/users.client.controller.js
new file mode 100644
index 0000000000..d1266e4c3c
--- /dev/null
+++ b/modules/users/client/controllers/admin/users.client.controller.js
@@ -0,0 +1,13 @@
+'use strict';
+
+angular.module('users').controller('AdminUsersController', ['$scope', 'Users', 'Authentication',
+	function ($scope, Users, Authentication) {
+
+		$scope.rows = Users.query();
+
+		$scope.identityToLink = function (identity) {
+			return 'noneYet';
+		};
+
+	}
+]);
diff --git a/modules/users/client/controllers/settings.client.controller.js b/modules/users/client/controllers/settings.client.controller.js
index 70b16c5151..2cbb830f05 100644
--- a/modules/users/client/controllers/settings.client.controller.js
+++ b/modules/users/client/controllers/settings.client.controller.js
@@ -1,14 +1,49 @@
 'use strict';
 
 angular.module('users').controller('SettingsController', ['$scope', '$http', '$location', 'Users', 'Authentication',
-	function($scope, $http, $location, Users, Authentication) {
+	function ($scope, $http, $location, Users, Authentication) {
 		$scope.user = Authentication.user;
+		$scope.linkedProviders = [];
 
 		// If user is not signed in then redirect back home
 		if (!$scope.user) $location.path('/');
 
+		$scope.user.identities.forEach(function (identity) {
+			if (identity.provider === 'username') {
+				$scope.user.username = identity.id;
+			}
+		});
+
+		$scope.identitiesToEmails = function () {
+			$scope.user.emails = [];
+			if ($scope.user.identities) {
+				$scope.user.identities.forEach(function (identity, idx) {
+					if (identity.provider === 'email') {
+						$scope.user.identities.splice(idx, 1);
+						$scope.user.emails.push(identity);
+					}
+				});
+			}
+		};
+		$scope.identitiesToEmails();
+
+		$scope.removeEmail = function (emailIndex) {
+			$scope.user.emails.splice(emailIndex, 1);
+			return false;
+		};
+
+		$scope.addEmail = function () {
+			if (!$scope.user.identities) {
+				$scope.user.identities = [];
+			}
+			$scope.user.emails.push({
+				provider: 'email',
+				id: ''
+			});
+		};
+
 		// Check if there are additional accounts 
-		$scope.hasConnectedAdditionalSocialAccounts = function(provider) {
+		$scope.hasConnectedAdditionalSocialAccounts = function (provider) {
 			for (var i in $scope.user.additionalProvidersData) {
 				return true;
 			}
@@ -17,37 +52,51 @@ angular.module('users').controller('SettingsController', ['$scope', '$http', '$l
 		};
 
 		// Check if provider is already in use with current user
-		$scope.isConnectedSocialAccount = function(provider) {
-			return $scope.user.provider === provider || ($scope.user.additionalProvidersData && $scope.user.additionalProvidersData[provider]);
+		$scope.isConnectedSocialAccount = function (provider) {
+			var connected = false;
+			angular.forEach($scope.user.identities, function (identity) {
+				if (identity.provider === provider) {
+					connected = true;
+					$scope.linkedProviders.push(provider);
+				}
+			});
+			return connected;
 		};
 
 		// Remove a user social account
-		$scope.removeUserSocialAccount = function(provider) {
+		$scope.removeUserSocialAccount = function (provider) {
 			$scope.success = $scope.error = null;
 
 			$http.delete('/api/users/accounts', {
 				params: {
 					provider: provider
 				}
-			}).success(function(response) {
+			}).success(function (response) {
 				// If successful show success message and clear form
 				$scope.success = true;
 				$scope.user = Authentication.user = response;
-			}).error(function(response) {
+			}).error(function (response) {
 				$scope.error = response.message;
 			});
 		};
 
 		// Update a user profile
-		$scope.updateUserProfile = function(isValid) {
-			if (isValid){
+		$scope.updateUserProfile = function (isValid) {
+			if (isValid) {
 				$scope.success = $scope.error = null;
+
+				$scope.user.emails.forEach(function (email) {
+					$scope.user.identities.push(email);
+				});
+				delete $scope.user.emails;
+
 				var user = new Users($scope.user);
-	
-				user.$update(function(response) {
+
+				user.$update(function (response) {
 					$scope.success = true;
 					Authentication.user = response;
-				}, function(response) {
+					$scope.identitiesToEmails();
+				}, function (response) {
 					$scope.error = response.data.message;
 				});
 			} else {
@@ -56,14 +105,14 @@ angular.module('users').controller('SettingsController', ['$scope', '$http', '$l
 		};
 
 		// Change user password
-		$scope.changeUserPassword = function() {
+		$scope.changeUserPassword = function () {
 			$scope.success = $scope.error = null;
 
-			$http.post('/api/users/password', $scope.passwordDetails).success(function(response) {
+			$http.post('/api/users/password', $scope.passwordDetails).success(function (response) {
 				// If successful show success message and clear form
 				$scope.success = true;
 				$scope.passwordDetails = null;
-			}).error(function(response) {
+			}).error(function (response) {
 				$scope.error = response.message;
 			});
 		};
diff --git a/modules/users/client/controllers/settings/edit-profile.client.controller.js b/modules/users/client/controllers/settings/edit-profile.client.controller.js
index 8e1d423819..5f6da1e258 100644
--- a/modules/users/client/controllers/settings/edit-profile.client.controller.js
+++ b/modules/users/client/controllers/settings/edit-profile.client.controller.js
@@ -1,24 +1,52 @@
 'use strict';
 
 angular.module('users').controller('EditProfileController', ['$scope', '$http', '$location', 'Users', 'Authentication',
-	function($scope, $http, $location, Users, Authentication) {
+	function ($scope, $http, $location, Users, Authentication) {
 		$scope.user = Authentication.user;
 
 		// Update a user profile
-		$scope.updateUserProfile = function(isValid) {
-			if (isValid){
+		$scope.updateUserProfile = function (isValid) {
+			if (isValid) {
 				$scope.success = $scope.error = null;
 				var user = new Users($scope.user);
 
-				user.$update(function(response) {
+				user.$update(function (response) {
 					$scope.success = true;
 					Authentication.user = response;
-				}, function(response) {
+				}, function (response) {
 					$scope.error = response.data.message;
 				});
 			} else {
 				$scope.submitted = true;
 			}
 		};
+
+		$scope.identitiesToEmails = function () {
+			$scope.user.emails = [];
+			if ($scope.user.identities) {
+				$scope.user.identities.forEach(function (identity, idx) {
+					if (identity.provider === 'email') {
+						$scope.user.identities.splice(idx, 1);
+						$scope.user.emails.push(identity);
+					}
+				});
+			}
+		};
+		$scope.identitiesToEmails();
+
+		$scope.removeEmail = function (emailIndex) {
+			$scope.user.emails.splice(emailIndex, 1);
+			return false;
+		};
+
+		$scope.addEmail = function () {
+			if (!$scope.user.identities) {
+				$scope.user.identities = [];
+			}
+			$scope.user.emails.push({
+				provider: 'email',
+				id: ''
+			});
+		};
 	}
 ]);
diff --git a/modules/users/client/controllers/settings/manage-social-accounts.client.controller.js b/modules/users/client/controllers/settings/manage-social-accounts.client.controller.js
index 74774f06d1..35ba8f93e8 100644
--- a/modules/users/client/controllers/settings/manage-social-accounts.client.controller.js
+++ b/modules/users/client/controllers/settings/manage-social-accounts.client.controller.js
@@ -1,36 +1,39 @@
 'use strict';
 
 angular.module('users').controller('SocialAccountsController', ['$scope', '$http', '$location', 'Users', 'Authentication',
-	function($scope, $http, $location, Users, Authentication) {
+	function ($scope, $http, $location, Users, Authentication) {
 		$scope.user = Authentication.user;
 
 		// Check if there are additional accounts
-		$scope.hasConnectedAdditionalSocialAccounts = function(provider) {
-			for (var i in $scope.user.additionalProvidersData) {
-				return true;
-			}
-
-			return false;
+		$scope.hasConnectedAdditionalSocialAccounts = function (provider) {
+			return true;
 		};
 
 		// Check if provider is already in use with current user
-		$scope.isConnectedSocialAccount = function(provider) {
-			return $scope.user.provider === provider || ($scope.user.additionalProvidersData && $scope.user.additionalProvidersData[provider]);
+		$scope.isConnectedSocialAccount = function (provider) {
+			var has = false;
+			angular.forEach($scope.user.identities, function (identity) {
+				if (identity.provider === provider) {
+					has = true;
+				}
+			});
+			return has;
 		};
 
 		// Remove a user social account
-		$scope.removeUserSocialAccount = function(provider) {
+		$scope.removeUserSocialAccount = function (provider, id) {
 			$scope.success = $scope.error = null;
 
 			$http.delete('/api/users/accounts', {
 				params: {
-					provider: provider
+					provider: provider,
+					id: id
 				}
-			}).success(function(response) {
+			}).success(function (response) {
 				// If successful show success message and clear form
 				$scope.success = true;
 				$scope.user = Authentication.user = response;
-			}).error(function(response) {
+			}).error(function (response) {
 				$scope.error = response.message;
 			});
 		};
diff --git a/modules/users/client/controllers/settings/settings.client.controller.js b/modules/users/client/controllers/settings/settings.client.controller.js
index 25af58435f..524cdcbc96 100644
--- a/modules/users/client/controllers/settings/settings.client.controller.js
+++ b/modules/users/client/controllers/settings/settings.client.controller.js
@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module('users').controller('SettingsController', ['$scope', '$http', '$location', 'Users', 'Authentication',
-	function($scope, $http, $location, Users, Authentication) {
+	function ($scope, $http, $location, Users, Authentication) {
 		$scope.user = Authentication.user;
 
 		// If user is not signed in then redirect back home
diff --git a/modules/users/client/users.client.module.js b/modules/users/client/users.client.module.js
index 569aba8c16..5d3164a205 100644
--- a/modules/users/client/users.client.module.js
+++ b/modules/users/client/users.client.module.js
@@ -1,4 +1,4 @@
 'use strict';
 
 // Use Applicaion configuration module to register a new module
-ApplicationConfiguration.registerModule('users');
+ApplicationConfiguration.registerModule('users', ['angular-json-tree']);
diff --git a/modules/users/client/views/admin/users.list.client.view.html b/modules/users/client/views/admin/users.list.client.view.html
new file mode 100644
index 0000000000..1c0966c995
--- /dev/null
+++ b/modules/users/client/views/admin/users.list.client.view.html
@@ -0,0 +1,34 @@
+<div data-ng-controller="AdminUsersController">
+	<h3 class="col-md-12 text-center">Browse Users</h3>
+
+	<div class="col-md-12">
+		<table class="table table-bordered">
+			<thead>
+			<tr>
+				<th>ID</th>
+				<th>User Name</th>
+				<th>Data</th>
+				<th>Accounts</th>
+			</tr>
+			</thead>
+			<tbody>
+			<tr data-ng-repeat="row in rows">
+				<td class="col-sm-2">{{ row._id | limitTo : 6 }}</td>
+				<td class="col-sm-2">{{ row.displayName }}</td>
+				<td class="col-sm-4">
+					<json-tree object="row"></json-tree>
+				</td>
+				<td class="col-sm-4">
+					<ul class="list-unstyled">
+						<li data-ng-repeat="identity in row.identities">
+							<a ng-href="{{ identityToLink(identity) }}">
+								{{ identity.provider }} - {{ identity.id }}
+							</a>
+						</li>
+					</ul>
+				</td>
+			</tr>
+			</tbody>
+		</table>
+	</div>
+</div>
diff --git a/modules/users/client/views/settings/edit-profile.client.view.html b/modules/users/client/views/settings/edit-profile.client.view.html
index ae8cd30327..3e6f877918 100644
--- a/modules/users/client/views/settings/edit-profile.client.view.html
+++ b/modules/users/client/views/settings/edit-profile.client.view.html
@@ -1,22 +1,43 @@
 <section class="row" data-ng-controller="EditProfileController">
 	<div class="col-xs-offset-1 col-xs-10 col-md-offset-4 col-md-4">
-		<form name="userForm" data-ng-submit="updateUserProfile(userForm.$valid)" class="signin form-horizontal" autocomplete="off">
+		<form name="userForm" data-ng-submit="updateUserProfile(userForm.$valid)" class="signin form-horizontal"
+			  autocomplete="off">
 			<fieldset>
 				<div class="form-group">
 					<label for="firstName">First Name</label>
-					<input type="text" id="firstName" name="firstName" class="form-control" data-ng-model="user.firstName" placeholder="First Name">
+					<input type="text" id="firstName" name="firstName" class="form-control"
+						   data-ng-model="user.firstName" placeholder="First Name">
 				</div>
 				<div class="form-group">
 					<label for="lastName">Last Name</label>
-					<input type="text" id="lastName" name="lastName" class="form-control" data-ng-model="user.lastName" placeholder="Last Name">
+					<input type="text" id="lastName" name="lastName" class="form-control" data-ng-model="user.lastName"
+						   placeholder="Last Name">
 				</div>
 				<div class="form-group">
-					<label for="email">Email</label>
-					<input type="email" id="email" name="email" class="form-control" data-ng-model="user.email" placeholder="Email">
+					<btn class="btn btn-xs pull-right btn-default" data-ng-click="addEmail()">
+						<i class="glyphicon glyphicon-plus"></i> Add Email
+					</btn>
+					<label for="email">
+
+						Email
+					</label>
+
+					<div class="row" ng-repeat="(key,identity) in user.emails">
+						<div class="col-sm-10">
+							<input type="email" id="email" name="email" class="form-control" data-ng-model="identity.id"
+								   placeholder="Email">
+						</div>
+						<div class="col-sm-2">
+							<button class="btn btn-default btn-block" data-ng-click="removeEmail(key)" ng-if="key > 0">
+								<i class="glyphicon glyphicon-trash"></i>
+							</button>
+						</div>
+					</div>
 				</div>
 				<div class="form-group">
 					<label for="username">Username</label>
-					<input type="text" id="username" name="username" class="form-control" data-ng-model="user.username" placeholder="Username">
+					<input type="text" id="username" name="username" class="form-control" data-ng-model="user.username"
+						   placeholder="Username">
 				</div>
 				<div class="text-center form-group">
 					<button type="submit" class="btn btn-large btn-primary">Save Profile</button>
diff --git a/modules/users/client/views/settings/manage-social-accounts.client.view.html b/modules/users/client/views/settings/manage-social-accounts.client.view.html
index b40b203e6c..2395053ec7 100644
--- a/modules/users/client/views/settings/manage-social-accounts.client.view.html
+++ b/modules/users/client/views/settings/manage-social-accounts.client.view.html
@@ -1,9 +1,9 @@
 <section class="row" data-ng-controller="SocialAccountsController">
 	<h3 class="col-md-12 text-center" data-ng-show="hasConnectedAdditionalSocialAccounts()">Connected social accounts:</h3>
 	<div class="col-md-12 text-center">
-		<div data-ng-repeat="(providerName, providerData) in user.additionalProvidersData" class="social-account-container">
-			<img ng-src="/modules/users/img/buttons/{{providerName}}.png">
-			<a class="btn btn-danger btn-remove-account" data-ng-click="removeUserSocialAccount(providerName)">
+		<div data-ng-repeat="(id, providerData) in user.identities" class="social-account-container" ng-if="providerData.provider !== 'username' && providerData.provider !== 'email'">
+			<img ng-src="/modules/users/img/buttons/{{providerData.provider}}.png">
+			<a class="btn btn-danger btn-remove-account" data-ng-click="removeUserSocialAccount(providerData.provider,providerData.id)">
 				<i class="glyphicon glyphicon-trash"></i>
 			</a>
 		</div>
diff --git a/modules/users/server/config/strategies/facebook.js b/modules/users/server/config/strategies/facebook.js
index ed03ce267a..cd9bfbeabc 100644
--- a/modules/users/server/config/strategies/facebook.js
+++ b/modules/users/server/config/strategies/facebook.js
@@ -5,9 +5,10 @@
  */
 var passport = require('passport'),
 	FacebookStrategy = require('passport-facebook').Strategy,
+	User = require('mongoose').model('User'),
 	users = require('../../controllers/users.server.controller');
 
-module.exports = function(config) {
+module.exports = function (config) {
 	// Use facebook strategy
 	passport.use(new FacebookStrategy({
 			clientID: config.facebook.clientID,
@@ -16,14 +17,11 @@ module.exports = function(config) {
 			profileFields: ['id', 'name', 'displayName', 'emails', 'photos'],
 			passReqToCallback: true
 		},
-		function(req, accessToken, refreshToken, profile, done) {
+		function (req, accessToken, refreshToken, profile, done) {
 			// Set the provider data and include tokens
 			var providerData = profile._json;
-			providerData.accessToken = accessToken;
-			providerData.refreshToken = refreshToken;
-
 			// Create the user OAuth profile
-			var providerUserProfile = {
+			var userData = {
 				firstName: profile.name.givenName,
 				lastName: profile.name.familyName,
 				displayName: profile.displayName,
@@ -31,11 +29,14 @@ module.exports = function(config) {
 				profileImageURL: (profile.id) ? '//graph.facebook.com/' + profile.id + '/picture?type=large' : undefined,
 				provider: 'facebook',
 				providerIdentifierField: 'id',
-				providerData: providerData
+				providerData: providerData,
+				username: profile.displayName
 			};
 
 			// Save the user OAuth profile
-			users.saveOAuthUserProfile(req, providerUserProfile, done);
+			User.oAuthHandle(req.user, 'facebook', providerData.id, accessToken, refreshToken, providerData, userData, function (err, user, isNew) {
+				users.saveOAuthUserProfile(err, user, isNew, done);
+			});
 		}
 	));
 };
diff --git a/modules/users/server/config/strategies/github.js b/modules/users/server/config/strategies/github.js
index e4fa84e99a..d74e8392a5 100644
--- a/modules/users/server/config/strategies/github.js
+++ b/modules/users/server/config/strategies/github.js
@@ -5,9 +5,10 @@
  */
 var passport = require('passport'),
 	GithubStrategy = require('passport-github').Strategy,
+	User = require('mongoose').model('User'),
 	users = require('../../controllers/users.server.controller');
 
-module.exports = function(config) {
+module.exports = function (config) {
 	// Use github strategy
 	passport.use(new GithubStrategy({
 			clientID: config.github.clientID,
@@ -15,15 +16,20 @@ module.exports = function(config) {
 			callbackURL: config.github.callbackURL,
 			passReqToCallback: true
 		},
-		function(req, accessToken, refreshToken, profile, done) {
+		function (req, accessToken, refreshToken, profile, done) {
 			// Set the provider data and include tokens
 			var providerData = profile._json;
-			providerData.accessToken = accessToken;
-			providerData.refreshToken = refreshToken;
 
 			// Create the user OAuth profile
-			var providerUserProfile = {
-				displayName: profile.displayName,
+			var displayName = profile.displayName.trim();
+			var iSpace = displayName.indexOf(' '); // index of the whitespace following the firstName
+			var firstName = iSpace !== -1 ? displayName.substring(0, iSpace) : displayName;
+			var lastName = iSpace !== -1 ? displayName.substring(iSpace + 1) : '';
+
+			var userData = {
+				firstName: firstName,
+				lastName: lastName,
+				displayName: displayName,
 				email: profile.emails[0].value,
 				username: profile.username,
 				profileImageURL: (providerData.avatar_url) ? providerData.avatar_url : undefined,
@@ -33,7 +39,9 @@ module.exports = function(config) {
 			};
 
 			// Save the user OAuth profile
-			users.saveOAuthUserProfile(req, providerUserProfile, done);
+			User.oAuthHandle(req.user, 'github', providerData.id, accessToken, refreshToken, providerData, userData, function (err, user, isNew) {
+				users.saveOAuthUserProfile(err, user, isNew, done);
+			});
 		}
 	));
 };
diff --git a/modules/users/server/config/strategies/google.js b/modules/users/server/config/strategies/google.js
index bd4df63f87..c8184a21a4 100644
--- a/modules/users/server/config/strategies/google.js
+++ b/modules/users/server/config/strategies/google.js
@@ -5,9 +5,10 @@
  */
 var passport = require('passport'),
 	GoogleStrategy = require('passport-google-oauth').OAuth2Strategy,
+	User = require('mongoose').model('User'),
 	users = require('../../controllers/users.server.controller');
 
-module.exports = function(config) {
+module.exports = function (config) {
 	// Use google strategy
 	passport.use(new GoogleStrategy({
 			clientID: config.google.clientID,
@@ -15,14 +16,12 @@ module.exports = function(config) {
 			callbackURL: config.google.callbackURL,
 			passReqToCallback: true
 		},
-		function(req, accessToken, refreshToken, profile, done) {
+		function (req, accessToken, refreshToken, profile, done) {
 			// Set the provider data and include tokens
 			var providerData = profile._json;
-			providerData.accessToken = accessToken;
-			providerData.refreshToken = refreshToken;
 
 			// Create the user OAuth profile
-			var providerUserProfile = {
+			var userData = {
 				firstName: profile.name.givenName,
 				lastName: profile.name.familyName,
 				displayName: profile.displayName,
@@ -35,7 +34,9 @@ module.exports = function(config) {
 			};
 
 			// Save the user OAuth profile
-			users.saveOAuthUserProfile(req, providerUserProfile, done);
+			User.oAuthHandle(req.user, 'google', providerData.id, accessToken, refreshToken, providerData, userData, function (err, user, isNew) {
+				users.saveOAuthUserProfile(err, user, isNew, done);
+			});
 		}
 	));
 };
diff --git a/modules/users/server/config/strategies/linkedin.js b/modules/users/server/config/strategies/linkedin.js
index 220269cf48..499b502ad1 100644
--- a/modules/users/server/config/strategies/linkedin.js
+++ b/modules/users/server/config/strategies/linkedin.js
@@ -5,9 +5,10 @@
  */
 var passport = require('passport'),
 	LinkedInStrategy = require('passport-linkedin').Strategy,
+	User = require('mongoose').model('User'),
 	users = require('../../controllers/users.server.controller');
 
-module.exports = function(config) {
+module.exports = function (config) {
 	// Use linkedin strategy
 	passport.use(new LinkedInStrategy({
 			consumerKey: config.linkedin.clientID,
@@ -16,14 +17,12 @@ module.exports = function(config) {
 			passReqToCallback: true,
 			profileFields: ['id', 'first-name', 'last-name', 'email-address', 'picture-url']
 		},
-		function(req, accessToken, refreshToken, profile, done) {
+		function (req, accessToken, refreshToken, profile, done) {
 			// Set the provider data and include tokens
 			var providerData = profile._json;
-			providerData.accessToken = accessToken;
-			providerData.refreshToken = refreshToken;
 
 			// Create the user OAuth profile
-			var providerUserProfile = {
+			var userData = {
 				firstName: profile.name.givenName,
 				lastName: profile.name.familyName,
 				displayName: profile.displayName,
@@ -36,7 +35,9 @@ module.exports = function(config) {
 			};
 
 			// Save the user OAuth profile
-			users.saveOAuthUserProfile(req, providerUserProfile, done);
+			User.oAuthHandle(req.user, 'linkedin', providerData.id, accessToken, refreshToken, providerData, userData, function (err, user, isNew) {
+				users.saveOAuthUserProfile(err, user, isNew, done);
+			});
 		}
 	));
 };
diff --git a/modules/users/server/config/strategies/local.js b/modules/users/server/config/strategies/local.js
index 50ad14f142..171df481a8 100644
--- a/modules/users/server/config/strategies/local.js
+++ b/modules/users/server/config/strategies/local.js
@@ -7,16 +7,14 @@ var passport = require('passport'),
 	LocalStrategy = require('passport-local').Strategy,
 	User = require('mongoose').model('User');
 
-module.exports = function() {
+module.exports = function () {
 	// Use local strategy
 	passport.use(new LocalStrategy({
 			usernameField: 'username',
 			passwordField: 'password'
 		},
-		function(username, password, done) {
-			User.findOne({
-				username: username
-			}, function(err, user) {
+		function (username, password, done) {
+			User.findByProvider([User.USERNAME, User.EMAIL], username, function (err, user) {
 				if (err) {
 					return done(err);
 				}
diff --git a/modules/users/server/config/strategies/twitter.js b/modules/users/server/config/strategies/twitter.js
index 6a668ac17d..0e9e6bf2d8 100644
--- a/modules/users/server/config/strategies/twitter.js
+++ b/modules/users/server/config/strategies/twitter.js
@@ -5,9 +5,10 @@
  */
 var passport = require('passport'),
 	TwitterStrategy = require('passport-twitter').Strategy,
+	User = require('mongoose').model('User'),
 	users = require('../../controllers/users.server.controller');
 
-module.exports = function(config) {
+module.exports = function (config) {
 	// Use twitter strategy
 	passport.use(new TwitterStrategy({
 			consumerKey: config.twitter.clientID,
@@ -15,15 +16,20 @@ module.exports = function(config) {
 			callbackURL: config.twitter.callbackURL,
 			passReqToCallback: true
 		},
-		function(req, token, tokenSecret, profile, done) {
+		function (req, accessToken, refreshToken, profile, done) {
 			// Set the provider data and include tokens
 			var providerData = profile._json;
-			providerData.token = token;
-			providerData.tokenSecret = tokenSecret;
 
 			// Create the user OAuth profile
-			var providerUserProfile = {
-				displayName: profile.displayName,
+			var displayName = profile.displayName.trim();
+			var iSpace = displayName.indexOf(' '); // index of the whitespace following the firstName
+			var firstName = iSpace !== -1 ? displayName.substring(0, iSpace) : displayName;
+			var lastName = iSpace !== -1 ? displayName.substring(iSpace + 1) : '';
+
+			var userData = {
+				firstName: firstName,
+				lastName: lastName,
+				displayName: displayName,
 				username: profile.username,
 				profileImageURL: profile.photos[0].value.replace('normal', 'bigger'),
 				provider: 'twitter',
@@ -32,7 +38,9 @@ module.exports = function(config) {
 			};
 
 			// Save the user OAuth profile
-			users.saveOAuthUserProfile(req, providerUserProfile, done);
+			User.oAuthHandle(req.user, 'twitter', providerData.id_str, accessToken, refreshToken, providerData, userData, function (err, user, isNew) {
+				users.saveOAuthUserProfile(err, user, isNew, done);
+			});
 		}
 	));
 };
diff --git a/modules/users/server/controllers/users.server.controller.js b/modules/users/server/controllers/users.server.controller.js
index 06ef00ea31..6be871f9b3 100644
--- a/modules/users/server/controllers/users.server.controller.js
+++ b/modules/users/server/controllers/users.server.controller.js
@@ -12,5 +12,6 @@ module.exports = _.extend(
 	require('./users/users.authentication.server.controller'),
 	require('./users/users.authorization.server.controller'),
 	require('./users/users.password.server.controller'),
-	require('./users/users.profile.server.controller')
+	require('./users/users.profile.server.controller'),
+	require('./users/users.crud.server.controller')
 );
diff --git a/modules/users/server/controllers/users/users.authentication.server.controller.js b/modules/users/server/controllers/users/users.authentication.server.controller.js
index c8920bd3a8..4210fef843 100644
--- a/modules/users/server/controllers/users/users.authentication.server.controller.js
+++ b/modules/users/server/controllers/users/users.authentication.server.controller.js
@@ -12,7 +12,7 @@ var path = require('path'),
 /**
  * Signup
  */
-exports.signup = function(req, res) {
+exports.signup = function (req, res) {
 	// For security measurement we remove the roles from the req.body object
 	delete req.body.roles;
 
@@ -24,8 +24,8 @@ exports.signup = function(req, res) {
 	user.provider = 'local';
 	user.displayName = user.firstName + ' ' + user.lastName;
 
-	// Then save the user 
-	user.save(function(err) {
+	// Then save the user
+	user.save(function (err) {
 		if (err) {
 			return res.status(400).send({
 				message: errorHandler.getErrorMessage(err)
@@ -35,7 +35,7 @@ exports.signup = function(req, res) {
 			user.password = undefined;
 			user.salt = undefined;
 
-			req.login(user, function(err) {
+			req.login(user, function (err) {
 				if (err) {
 					res.status(400).send(err);
 				} else {
@@ -49,8 +49,8 @@ exports.signup = function(req, res) {
 /**
  * Signin after passport authentication
  */
-exports.signin = function(req, res, next) {
-	passport.authenticate('local', function(err, user, info) {
+exports.signin = function (req, res, next) {
+	passport.authenticate('local', function (err, user, info) {
 		if (err || !user) {
 			res.status(400).send(info);
 		} else {
@@ -58,7 +58,7 @@ exports.signin = function(req, res, next) {
 			user.password = undefined;
 			user.salt = undefined;
 
-			req.login(user, function(err) {
+			req.login(user, function (err) {
 				if (err) {
 					res.status(400).send(err);
 				} else {
@@ -72,7 +72,7 @@ exports.signin = function(req, res, next) {
 /**
  * Signout
  */
-exports.signout = function(req, res) {
+exports.signout = function (req, res) {
 	req.logout();
 	res.redirect('/');
 };
@@ -80,13 +80,13 @@ exports.signout = function(req, res) {
 /**
  * OAuth callback
  */
-exports.oauthCallback = function(strategy) {
-	return function(req, res, next) {
-		passport.authenticate(strategy, function(err, user, redirectURL) {
+exports.oauthCallback = function (strategy) {
+	return function (req, res, next) {
+		passport.authenticate(strategy, function (err, user, redirectURL) {
 			if (err || !user) {
 				return res.redirect('/#!/signin');
 			}
-			req.login(user, function(err) {
+			req.login(user, function (err) {
 				if (err) {
 					return res.redirect('/#!/signin');
 				}
@@ -98,103 +98,41 @@ exports.oauthCallback = function(strategy) {
 };
 
 /**
- * Helper function to save or update a OAuth user profile
+ * Helper function to save or update a OAuth user profile WTF is that?
  */
-exports.saveOAuthUserProfile = function(req, providerUserProfile, done) {
-	if (!req.user) {
-		// Define a search query fields
-		var searchMainProviderIdentifierField = 'providerData.' + providerUserProfile.providerIdentifierField;
-		var searchAdditionalProviderIdentifierField = 'additionalProvidersData.' + providerUserProfile.provider + '.' + providerUserProfile.providerIdentifierField;
-
-		// Define main provider search query
-		var mainProviderSearchQuery = {};
-		mainProviderSearchQuery.provider = providerUserProfile.provider;
-		mainProviderSearchQuery[searchMainProviderIdentifierField] = providerUserProfile.providerData[providerUserProfile.providerIdentifierField];
-
-		// Define additional provider search query
-		var additionalProviderSearchQuery = {};
-		additionalProviderSearchQuery[searchAdditionalProviderIdentifierField] = providerUserProfile.providerData[providerUserProfile.providerIdentifierField];
-
-		// Define a search query to find existing user with current provider profile
-		var searchQuery = {
-			$or: [mainProviderSearchQuery, additionalProviderSearchQuery]
-		};
-
-		User.findOne(searchQuery, function(err, user) {
-			if (err) {
-				return done(err);
-			} else {
-				if (!user) {
-					var possibleUsername = providerUserProfile.username || ((providerUserProfile.email) ? providerUserProfile.email.split('@')[0] : '');
-
-					User.findUniqueUsername(possibleUsername, null, function(availableUsername) {
-						user = new User({
-							firstName: providerUserProfile.firstName,
-							lastName: providerUserProfile.lastName,
-							username: availableUsername,
-							displayName: providerUserProfile.displayName,
-							email: providerUserProfile.email,
-							profileImageURL: providerUserProfile.profileImageURL,
-							provider: providerUserProfile.provider,
-							providerData: providerUserProfile.providerData
-						});
-
-						// And save the user
-						user.save(function(err) {
-							return done(err, user);
-						});
-					});
-				} else {
-					return done(err, user);
-				}
-			}
-		});
-	} else {
-		// User is already logged in, join the provider data to the existing user
-		var user = req.user;
-
-		// Check if user exists, is not signed in using this provider, and doesn't have that provider data already configured
-		if (user.provider !== providerUserProfile.provider && (!user.additionalProvidersData || !user.additionalProvidersData[providerUserProfile.provider])) {
-			// Add the provider data to the additional provider data field
-			if (!user.additionalProvidersData) user.additionalProvidersData = {};
-			user.additionalProvidersData[providerUserProfile.provider] = providerUserProfile.providerData;
-
-			// Then tell mongoose that we've updated the additionalProvidersData field
-			user.markModified('additionalProvidersData');
-
-			// And save the user
-			user.save(function(err) {
-				return done(err, user, '/#!/settings/accounts');
-			});
-		} else {
-			return done(new Error('User is already connected using this provider'), user);
-		}
+exports.saveOAuthUserProfile = function (err, user, isNew, done) {
+	if (err) {
+		return done(err);
 	}
+	if (!user) {
+		return done(new Error('No user returned by Strategy'));
+	}
+	if (isNew) {
+		return done(null, user);
+	}
+	done(null, user, '/#!/settings/accounts');
 };
 
 /**
  * Remove OAuth provider
  */
-exports.removeOAuthProvider = function(req, res, next) {
+exports.removeOAuthProvider = function (req, res) {
 	var user = req.user;
-	var provider = req.params.provider;
+	var provider = req.param('provider');
+	var id = req.param('id');
 
-	if (user && provider) {
-		// Delete the additional provider
-		if (user.additionalProvidersData[provider]) {
-			delete user.additionalProvidersData[provider];
+	if (user && provider && id) {
 
-			// Then tell mongoose that we've updated the additionalProvidersData field
-			user.markModified('additionalProvidersData');
-		}
+		user.removeIdentity(provider, id);
+		user.markModified('identities');
 
-		user.save(function(err) {
+		user.save(function (err) {
 			if (err) {
 				return res.status(400).send({
 					message: errorHandler.getErrorMessage(err)
 				});
 			} else {
-				req.login(user, function(err) {
+				req.login(user, function (err) {
 					if (err) {
 						res.status(400).send(err);
 					} else {
@@ -203,5 +141,7 @@ exports.removeOAuthProvider = function(req, res, next) {
 				});
 			}
 		});
+	} else {
+		res.status(400).json('Invalid parameters');
 	}
 };
diff --git a/modules/users/server/controllers/users/users.authorization.server.controller.js b/modules/users/server/controllers/users/users.authorization.server.controller.js
index 9ad24fc3ef..f57088cc59 100644
--- a/modules/users/server/controllers/users/users.authorization.server.controller.js
+++ b/modules/users/server/controllers/users/users.authorization.server.controller.js
@@ -10,10 +10,8 @@ var _ = require('lodash'),
 /**
  * User middleware
  */
-exports.userByID = function(req, res, next, id) {
-	User.findOne({
-		_id: id
-	}).exec(function(err, user) {
+exports.userByID = function (req, res, next, id) {
+	User.findById(id).exec(function (err, user) {
 		if (err) return next(err);
 		if (!user) return next(new Error('Failed to load User ' + id));
 		req.profile = user;
diff --git a/modules/users/server/controllers/users/users.crud.server.controller.js b/modules/users/server/controllers/users/users.crud.server.controller.js
new file mode 100644
index 0000000000..5c2cdf3170
--- /dev/null
+++ b/modules/users/server/controllers/users/users.crud.server.controller.js
@@ -0,0 +1,13 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+var mongoose = require('mongoose'),
+	User = mongoose.model('User');
+
+exports.users = function (req, res) {
+	User.find({}, function (error, users) {
+		res.json(users || null);
+	});
+};
diff --git a/modules/users/server/controllers/users/users.password.server.controller.js b/modules/users/server/controllers/users/users.password.server.controller.js
index 060bdca28b..582c40620e 100644
--- a/modules/users/server/controllers/users/users.password.server.controller.js
+++ b/modules/users/server/controllers/users/users.password.server.controller.js
@@ -4,7 +4,7 @@
  * Module dependencies.
  */
 var path = require('path'),
- 	config = require(path.resolve('./config/config')),
+	config = require(path.resolve('./config/config')),
 	errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')),
 	mongoose = require('mongoose'),
 	User = mongoose.model('User'),
@@ -12,24 +12,26 @@ var path = require('path'),
 	async = require('async'),
 	crypto = require('crypto');
 
+var smtpTransport = nodemailer.createTransport(config.mailer.options);
+
 /**
  * Forgot for reset password (forgot POST)
  */
-exports.forgot = function(req, res, next) {
+exports.forgot = function (req, res, next) {
 	async.waterfall([
 		// Generate random token
-		function(done) {
-			crypto.randomBytes(20, function(err, buffer) {
+		function (done) {
+			crypto.randomBytes(20, function (err, buffer) {
 				var token = buffer.toString('hex');
 				done(err, token);
 			});
 		},
 		// Lookup user by username
-		function(token, done) {
+		function (token, done) {
 			if (req.body.username) {
 				User.findOne({
 					username: req.body.username
-				}, '-salt -password', function(err, user) {
+				}, '-salt -password', function (err, user) {
 					if (!user) {
 						return res.status(400).send({
 							message: 'No account with that username has been found'
@@ -42,7 +44,7 @@ exports.forgot = function(req, res, next) {
 						user.resetPasswordToken = token;
 						user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
 
-						user.save(function(err) {
+						user.save(function (err) {
 							done(err, token, user);
 						});
 					}
@@ -53,35 +55,38 @@ exports.forgot = function(req, res, next) {
 				});
 			}
 		},
-		function(token, user, done) {
+		function (token, user, done) {
 			res.render(path.resolve('modules/users/server/templates/reset-password-email'), {
 				name: user.displayName,
 				appName: config.app.title,
 				url: 'http://' + req.headers.host + '/api/auth/reset/' + token
-			}, function(err, emailHTML) {
+			}, function (err, emailHTML) {
 				done(err, emailHTML, user);
 			});
 		},
 		// If valid email, send reset email using service
-		function(emailHTML, user, done) {
-			var smtpTransport = nodemailer.createTransport(config.mailer.options);
+		function (emailHTML, user, done) {
 			var mailOptions = {
 				to: user.email,
 				from: config.mailer.from,
 				subject: 'Password Reset',
 				html: emailHTML
 			};
-			smtpTransport.sendMail(mailOptions, function(err) {
+			smtpTransport.sendMail(mailOptions, function (err) {
 				if (!err) {
 					res.send({
 						message: 'An email has been sent to the provided email with further instructions.'
 					});
+				} else {
+					return res.status(400).send({
+						message: 'Failure sending email'
+					});
 				}
 
 				done(err);
 			});
 		}
-	], function(err) {
+	], function (err) {
 		if (err) return next(err);
 	});
 };
@@ -89,13 +94,13 @@ exports.forgot = function(req, res, next) {
 /**
  * Reset password GET from email token
  */
-exports.validateResetToken = function(req, res) {
+exports.validateResetToken = function (req, res) {
 	User.findOne({
 		resetPasswordToken: req.params.token,
 		resetPasswordExpires: {
 			$gt: Date.now()
 		}
-	}, function(err, user) {
+	}, function (err, user) {
 		if (!user) {
 			return res.redirect('/#!/password/reset/invalid');
 		}
@@ -107,33 +112,33 @@ exports.validateResetToken = function(req, res) {
 /**
  * Reset password POST from email token
  */
-exports.reset = function(req, res, next) {
+exports.reset = function (req, res, next) {
 	// Init Variables
 	var passwordDetails = req.body;
 	var message = null;
 
 	async.waterfall([
 
-		function(done) {
+		function (done) {
 			User.findOne({
 				resetPasswordToken: req.params.token,
 				resetPasswordExpires: {
 					$gt: Date.now()
 				}
-			}, function(err, user) {
+			}, function (err, user) {
 				if (!err && user) {
 					if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
 						user.password = passwordDetails.newPassword;
 						user.resetPasswordToken = undefined;
 						user.resetPasswordExpires = undefined;
 
-						user.save(function(err) {
+						user.save(function (err) {
 							if (err) {
 								return res.status(400).send({
 									message: errorHandler.getErrorMessage(err)
 								});
 							} else {
-								req.login(user, function(err) {
+								req.login(user, function (err) {
 									if (err) {
 										res.status(400).send(err);
 									} else {
@@ -157,17 +162,16 @@ exports.reset = function(req, res, next) {
 				}
 			});
 		},
-		function(user, done) {
+		function (user, done) {
 			res.render('modules/users/server/templates/reset-password-confirm-email', {
 				name: user.displayName,
 				appName: config.app.title
-			}, function(err, emailHTML) {
+			}, function (err, emailHTML) {
 				done(err, emailHTML, user);
 			});
 		},
 		// If valid email, send reset email using service
-		function(emailHTML, user, done) {
-			var smtpTransport = nodemailer.createTransport(config.mailer.options);
+		function (emailHTML, user, done) {
 			var mailOptions = {
 				to: user.email,
 				from: config.mailer.from,
@@ -175,11 +179,11 @@ exports.reset = function(req, res, next) {
 				html: emailHTML
 			};
 
-			smtpTransport.sendMail(mailOptions, function(err) {
+			smtpTransport.sendMail(mailOptions, function (err) {
 				done(err, 'done');
 			});
 		}
-	], function(err) {
+	], function (err) {
 		if (err) return next(err);
 	});
 };
@@ -187,26 +191,26 @@ exports.reset = function(req, res, next) {
 /**
  * Change Password
  */
-exports.changePassword = function(req, res, next) {
+exports.changePassword = function (req, res, next) {
 	// Init Variables
 	var passwordDetails = req.body;
 	var message = null;
 
 	if (req.user) {
 		if (passwordDetails.newPassword) {
-			User.findById(req.user.id, function(err, user) {
+			User.findById(req.user.id, function (err, user) {
 				if (!err && user) {
 					if (user.authenticate(passwordDetails.currentPassword)) {
 						if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
 							user.password = passwordDetails.newPassword;
 
-							user.save(function(err) {
+							user.save(function (err) {
 								if (err) {
 									return res.status(400).send({
 										message: errorHandler.getErrorMessage(err)
 									});
 								} else {
-									req.login(user, function(err) {
+									req.login(user, function (err) {
 										if (err) {
 											res.status(400).send(err);
 										} else {
diff --git a/modules/users/server/models/user.server.model.js b/modules/users/server/models/user.server.model.js
index f4d06c6df2..6ccd1c92e0 100644
--- a/modules/users/server/models/user.server.model.js
+++ b/modules/users/server/models/user.server.model.js
@@ -5,19 +5,21 @@
  */
 var mongoose = require('mongoose'),
 	Schema = mongoose.Schema,
-	crypto = require('crypto');
+	crypto = require('crypto'),
+	UserModel,
+	eachAsync = require('each-async');
 
 /**
  * A Validation function for local strategy properties
  */
-var validateLocalStrategyProperty = function(property) {
+var validateLocalStrategyProperty = function (property) {
 	return ((this.provider !== 'local' && !this.updated) || property.length);
 };
 
 /**
  * A Validation function for local strategy password
  */
-var validateLocalStrategyPassword = function(password) {
+var validateLocalStrategyPassword = function (password) {
 	return (this.provider !== 'local' || (password && password.length > 6));
 };
 
@@ -41,19 +43,14 @@ var UserSchema = new Schema({
 		type: String,
 		trim: true
 	},
-	email: {
-		type: String,
-		trim: true,
-		default: '',
-		validate: [validateLocalStrategyProperty, 'Please fill in your email'],
-		match: [/.+\@.+\..+/, 'Please fill a valid email address']
-	},
-	username: {
-		type: String,
-		unique: 'testing error message',
-		required: 'Please fill in a username',
-		trim: true
-	},
+	identities: [{
+		provider: {type: String},
+		id: {type: String},
+		accessToken: {type: String},
+		refreshToken: {type: String},
+		providerData: {type: Object},
+		confirmed: {type: Boolean}
+	}],
 	password: {
 		type: String,
 		default: '',
@@ -66,12 +63,6 @@ var UserSchema = new Schema({
 		type: String,
 		default: 'modules/users/img/profile/default.png'
 	},
-	provider: {
-		type: String,
-		required: 'Provider is required'
-	},
-	providerData: {},
-	additionalProvidersData: {},
 	roles: {
 		type: [{
 			type: String,
@@ -90,27 +81,61 @@ var UserSchema = new Schema({
 	resetPasswordToken: {
 		type: String
 	},
-  	resetPasswordExpires: {
-  		type: Date
-  	}
+	resetPasswordExpires: {
+		type: Date
+	}
+});
+
+UserSchema.virtual('email').get(function () {
+	return this.getIdentity(UserModel.EMAIL);
+}).set(function (email) {
+	this.setIdentity(UserModel.EMAIL, email);
+});
+
+UserSchema.virtual('username').get(function () {
+	return this.getIdentity(UserModel.USERNAME);
+}).set(function (username) {
+	this.setIdentity(UserModel.USERNAME, username);
 });
 
 /**
  * Hook a pre save method to hash the password
  */
-UserSchema.pre('save', function(next) {
+
+UserSchema.pre('save', function (next) {
 	if (this.password && this.password.length > 6) {
-		this.salt = crypto.randomBytes(16).toString('base64');
+		this.salt = new Buffer(crypto.randomBytes(16).toString('base64'), 'base64');
 		this.password = this.hashPassword(this.password);
 	}
-
-	next();
+	if (!this.identities || this.identities.length === 0) {
+		return next();
+	}
+	var _this = this;
+	eachAsync(this.identities, function (identity, index, done) {
+		UserModel.findByProvider(identity.provider, identity.id, function (err, user) {
+			if (err) {
+				return next(err);
+			}
+			if (user === null) {
+				return done();
+			}
+			if (!_this._id || _this._id.toString() !== user._id.toString()) {
+				return next(new Error(identity.provider + ' : ' + identity.id + ' is assinged to other user'));
+			}
+			return done();
+		});
+	}, function (error) {
+		if (error) {
+			return next(error);
+		}
+		next();
+	});
 });
 
 /**
  * Create instance method for hashing a password
  */
-UserSchema.methods.hashPassword = function(password) {
+UserSchema.methods.hashPassword = function (password) {
 	if (this.salt && password) {
 		return crypto.pbkdf2Sync(password, new Buffer(this.salt, 'base64'), 10000, 64).toString('base64');
 	} else {
@@ -121,20 +146,126 @@ UserSchema.methods.hashPassword = function(password) {
 /**
  * Create instance method for authenticating user
  */
-UserSchema.methods.authenticate = function(password) {
+UserSchema.methods.authenticate = function (password) {
 	return this.password === this.hashPassword(password);
 };
 
+/**
+ * Create instance method for authenticating user
+ */
+UserSchema.methods.setIdentity = function (provider, id, accessToken, refreshToken, providerData) {
+	var found = false;
+	var auth = {
+		provider: provider,
+		id: id
+	};
+	if (!this.identities) {
+		this.identities = [];
+	}
+	this.identities.forEach(function (identity) {
+		if (identity.provider === provider && identity.id.toString() === id.toString()) {
+			auth = identity;
+			found = true;
+		}
+	});
+	auth.accessToken = accessToken || null;
+	auth.refreshToken = refreshToken || null;
+	auth.providerData = providerData || null;
+	if (!found) {
+		this.identities.push(auth);
+	}
+};
+
+UserSchema.methods.getIdentity = function (provider, id) {
+	var auth = null;
+	if (this.identities) {
+		
+		this.identities.forEach(function (identity) {
+			if (identity.provider === provider && (identity.id === id || id === undefined || id === null )) {
+				auth = identity;
+			}
+		});
+	}
+	return auth;
+};
+
+UserSchema.methods.removeIdentity = function (provider, id) {
+	if (this.identities) {
+		var c = this.identities.length - 1;
+		while (c >= 0) {
+			if (this.identities[c] && this.identities[c].provider === provider && this.identities[c].id === id) {
+				this.identities.pull(this.identities[c]);
+			}
+			c--;
+		}
+	}
+};
+
+
+UserSchema.methods.removeOtherIdentity = function (provider, id) {
+	if (this.identities) {
+		this.identities.forEach(function (auth, idx) {
+			if (auth.provider === provider && auth.id !== id) {
+				this.identities.splice(idx, 1);
+			}
+		});
+	}
+};
+
+UserSchema.methods.isIdentityConfirmed = function (provider, id) {
+	var identity = this.getIdentity(provider, id);
+	if (identity) {
+		return !!identity.confirmed;
+	}
+};
+
+UserSchema.methods.setIdentityConfirmed = function (provider, id, confirmed) {
+	var identity = this.getIdentity(provider, id);
+	if (identity) {
+		identity.confirmed = confirmed;
+	} else {
+		throw new Error('Identity of type ' + provider + ' is not set');
+	}
+};
+
+
+/**
+ * Find possible not used username
+ */
+UserSchema.statics.findByProvider = function (provider, id, callback) {
+
+	var providerQuery = provider;
+
+	if (Array.isArray(provider)) {
+		providerQuery = {
+			'$in': provider
+		};
+	}
+
+	this.findOne({
+		identities: {
+			$elemMatch: {
+				provider: providerQuery,
+				id: id
+			}
+		}
+	}, function (err, user) {
+		if (!err) {
+			return callback(null, user);
+		} else {
+			callback(null);
+		}
+	});
+};
+
 /**
  * Find possible not used username
  */
-UserSchema.statics.findUniqueUsername = function(username, suffix, callback) {
+UserSchema.statics.findUniqueUsername = function (username, suffix, callback) {
 	var _this = this;
 	var possibleUsername = username + (suffix || '');
 
-	_this.findOne({
-		username: possibleUsername
-	}, function(err, user) {
+	this.findByProvider(UserModel.USERNAME, possibleUsername, function (err, user) {
 		if (!err) {
 			if (!user) {
 				callback(possibleUsername);
@@ -147,4 +278,39 @@ UserSchema.statics.findUniqueUsername = function(username, suffix, callback) {
 	});
 };
 
-mongoose.model('User', UserSchema);
+UserSchema.statics.oAuthHandle = function (currentUser, provider, id, accessToken, refreshToken, providerData, userData, callback) {
+	if (!currentUser) {
+		UserModel.findByProvider(provider, id, function (err, user) {
+			if (err) {
+				return callback(err);
+			}
+			if (!user) {
+				var possibleUsername = userData.username || ((userData.email) ? userData.email.split('@')[0] : '');
+				return UserModel.findUniqueUsername(possibleUsername, null, function (availableUserName) {
+					user = new UserModel(userData);
+					user.setIdentity(provider, id, accessToken, refreshToken, providerData);
+					user.setIdentity(UserModel.USERNAME, availableUserName, null, null, null);
+					user.save(function (err) {
+						return callback(err, user, true);
+					});
+				});
+			}
+			user.setIdentity(provider, id, accessToken, refreshToken, providerData);
+			user.save(function (err) {
+				return callback(err, user, false);
+			});
+		});
+
+	} else {
+		currentUser.setIdentity(provider, id, accessToken, refreshToken, providerData);
+		return currentUser.save(function (err) {
+			return callback(err, currentUser, '/#!/settings/accounts');
+		});
+	}
+};
+
+
+UserSchema.statics.USERNAME = 'username';
+UserSchema.statics.EMAIL = 'email';
+
+UserModel = mongoose.model('User', UserSchema);
diff --git a/modules/users/server/policies/users.server.policy.js b/modules/users/server/policies/users.server.policy.js
new file mode 100644
index 0000000000..c89a305c6e
--- /dev/null
+++ b/modules/users/server/policies/users.server.policy.js
@@ -0,0 +1,46 @@
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+var acl = require('acl');
+
+// Using the memory backend
+acl = new acl(new acl.memoryBackend());
+
+/**
+ * Invoke Users Permissions
+ */
+exports.invokeRolesPolicies = function () {
+	acl.allow([{
+		roles: ['admin'],
+		allows: [{
+			resources: '/api/users',
+			permissions: ['get']
+		}]
+	}]);
+};
+
+/**
+ * Check If Policy Allows
+ */
+exports.isAllowed = function (req, res, next) {
+	var roles = (req.user) ? req.user.roles : ['guest'];
+
+	// Check for user roles
+	acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
+		if (err) {
+			// An authorization error occurred.
+			return res.status(500).send('Unexpected authorization error');
+		} else {
+			if (isAllowed) {
+				// Access granted! Invoke next middleware
+				return next();
+			} else {
+				return res.status(403).json({
+					message: 'User is not authorized'
+				});
+			}
+		}
+	});
+};
diff --git a/modules/users/server/routes/users.server.routes.js b/modules/users/server/routes/users.server.routes.js
index d74a428190..04ba1264dc 100644
--- a/modules/users/server/routes/users.server.routes.js
+++ b/modules/users/server/routes/users.server.routes.js
@@ -1,12 +1,15 @@
 'use strict';
 
-module.exports = function(app) {
+module.exports = function (app) {
 	// User Routes
+	var usersPolicy = require('../policies/users.server.policy');
 	var users = require('../controllers/users.server.controller');
 
 	// Setting up the users profile api
 	app.route('/api/users/me').get(users.me);
-	app.route('/api/users').put(users.update);
+	app.route('/api/users')
+		.get(usersPolicy.isAllowed, users.users)
+		.put(users.update);
 	app.route('/api/users/accounts').delete(users.removeOAuthProvider);
 	app.route('/api/users/password').post(users.changePassword);
 	app.route('/api/users/picture').post(users.changeProfilePicture);
diff --git a/modules/users/tests/server/user.server.model.tests.js b/modules/users/tests/server/user.server.model.tests.js
index e43848764d..34726c8579 100644
--- a/modules/users/tests/server/user.server.model.tests.js
+++ b/modules/users/tests/server/user.server.model.tests.js
@@ -10,13 +10,13 @@ var should = require('should'),
 /**
  * Globals
  */
-var user, user2;
+var user, user2, oauthUserData;
 
 /**
  * Unit tests
  */
-describe('User Model Unit Tests:', function() {
-	before(function(done) {
+describe('User Model Unit Tests:', function () {
+	before(function (done) {
 		user = new User({
 			firstName: 'Full',
 			lastName: 'Name',
@@ -33,43 +33,80 @@ describe('User Model Unit Tests:', function() {
 			email: 'test@test.com',
 			username: 'username',
 			password: 'password',
-			provider: 'local'
+			provider: 'local',
+			confirmed: true
 		});
-
 		done();
 	});
 
-	describe('Method Save', function() {
-		it('should begin with no users', function(done) {
-			User.find({}, function(err, users) {
+	describe('Method Save', function () {
+		it('should begin with no users', function (done) {
+			User.find({}, function (err, users) {
 				users.should.have.length(0);
 				done();
 			});
 		});
 
-		it('should be able to save without problems', function(done) {
+		it('should be able to save without problems', function (done) {
 			user.save(done);
 		});
 
-		it('should fail to save an existing user again', function(done) {
-			user.save(function() {
-				user2.save(function(err) {
+		it('should fail to save an existing user again', function (done) {
+			user.save(function () {
+				user2.save(function (err) {
 					should.exist(err);
 					done();
-				});	
+				});
+			});
+		});
+
+		it('should allow to add oauth account to existing user', function (done) {
+			User.oAuthHandle(user, 'facebook', '1234567890', 'abcdefghijkl', 'abcdefghijkl9', {}, {}, done);
+		});
+
+		it('should allow to create other user with different oauth id', function (done) {
+			User.oAuthHandle(null, 'facebook', '0987654321', 'abcdefghijkl', 'abcdefghijkl9', {}, {}, function (error, newUser) {
+				if (error) {
+					return done(error);
+				}
+				oauthUserData = newUser;
+				should(oauthUserData._id).not.eql(user._id);
+				done();
 			});
 		});
 
-		it('should be able to show an error when try to save without first name', function(done) {
-			user.firstName = '';
-			return user.save(function(err) {
-				should.exist(err);
+		it('should verify which user has confirmed identity', function (done) {
+			should(user.isIdentityConfirmed(User.EMAIL)).be.false;
+			should(user2.isIdentityConfirmed(User.EMAIL)).be.false;
+			user.setIdentityConfirmed(User.EMAIL, null, true);
+			user.save(function (error, _user) {
+				should.not.exist(error);
+				should(_user.isIdentityConfirmed(User.EMAIL)).be.true;
 				done();
 			});
+
 		});
+
+		it('should allow to update provider data and token', function (done) {
+			User.oAuthHandle(user, 'facebook', '1234567890', '13579', 'abcdefghijkl9', {someData: 222}, {}, function (error, newUser) {
+				var fbdata = newUser.getIdentity('facebook');
+				should(fbdata.accessToken).eql('13579');
+				should(fbdata.providerData.someData).eql(222);
+				done();
+			});
+		});
+
+		it('shouldn\'t allow to use one provider/id for two users', function (done) {
+			User.oAuthHandle(user, 'facebook', '0987654321', 'abcdefghijkl', 'abcdefghijkl9', {}, {}, function (error, newUser) {
+				should.exist(error);
+				done();
+			});
+		});
+
+
 	});
 
-	after(function(done) {
+	after(function (done) {
 		User.remove().exec(done);
 	});
 });
diff --git a/package.json b/package.json
index 873e02e09e..bf06abc942 100644
--- a/package.json
+++ b/package.json
@@ -18,38 +18,39 @@
 		"postinstall": "bower install --config.interactive=false"
 	},
 	"dependencies": {
-		"express": "~4.12.3",
-		"express-session": "~1.10.4",
-		"serve-favicon": "~2.1.6",
+		"acl": "~0.4.4",
+		"async": "~0.9.0",
 		"body-parser": "~1.12.2",
-		"cookie-parser": "~1.3.2",
+		"bower": "~1.3.8",
+		"chalk": "~0.5.1",
 		"compression": "~1.4.3",
-		"method-override": "~2.3.0",
-		"morgan": "~1.5.2",
-		"multer": "0.1.6",
-		"connect-mongo": "~0.8.0",
 		"connect-flash": "~0.1.1",
-		"helmet": "~0.7.1",
+		"connect-mongo": "~0.8.0",
 		"consolidate": "~0.11.0",
-		"swig": "~1.4.1",
+		"cookie-parser": "~1.3.2",
+		"each-async": "^1.1.1",
+		"express": "~4.12.3",
+		"express-session": "~1.10.4",
+		"forever": "~0.11.0",
+		"glob": "~5.0.0",
+		"grunt-cli": "~0.1.13",
+		"helmet": "~0.7.1",
+		"lodash": "~2.4.1",
+		"method-override": "~2.3.0",
 		"mongoose": "~3.8.8",
+		"morgan": "~1.5.2",
+		"multer": "0.1.6",
+		"nodemailer": "~1.3.0",
 		"passport": "~0.2.0",
-		"passport-local": "~1.0.0",
 		"passport-facebook": "~1.0.2",
-		"passport-twitter": "~1.0.2",
-		"passport-linkedin": "~0.1.3",
-		"passport-google-oauth": "~0.1.5",
 		"passport-github": "~0.1.5",
-		"acl": "~0.4.4",
+		"passport-google-oauth": "~0.1.5",
+		"passport-linkedin": "~0.1.3",
+		"passport-local": "~1.0.0",
+		"passport-twitter": "~1.0.2",
+		"serve-favicon": "~2.1.6",
 		"socket.io": "~1.1.0",
-		"lodash": "~2.4.1",
-		"forever": "~0.11.0",
-		"bower": "~1.3.8",
-		"grunt-cli": "~0.1.13",
-		"chalk": "~0.5.1",
-		"glob": "~5.0.0",
-		"async": "~0.9.0",
-		"nodemailer": "~1.3.0"
+		"swig": "~1.4.1"
 	},
 	"devDependencies": {
 		"supertest": "~0.14.0",