MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-12-26 07:05:52 -05:00
Code Issues Packages Projects Releases Wiki Activity

working generic oidc section

Browse Source 
tested with authelia, works for me :)
This commit is contained in:
mstrhakr 2022-04-08 00:14:58 -04:00
parent 48a68197b2
commit 126c1474cc
1 changed files with 9 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
webserver.js
View File

@ -6241,20 +6241,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
}, handleStrategyLogin);
}
// passport-openidconnect example code
/* var OpenIDConnectStrategy = require('passport-openidconnect');
passport.use(new OpenIDConnectStrategy({
issuer: 'https://server.example.com',
authorizationURL: 'https://server.example.com/authorize',
tokenURL: 'https://server.example.com/token',
userInfoURL: 'https://server.example.com/userinfo',
clientID: process.env['CLIENT_ID'],
clientSecret: process.env['CLIENT_SECRET'],
callbackURL: 'https://client.example.org/cb'
)); */
// Generic OpenID Connect
if ((typeof domain.authstrategies.oidc == 'object') && (typeof domain.authstrategies.oidc.clientid == 'string') && (typeof domain.authstrategies.oidc.clientsecret == 'string') && (typeof domain.authstrategies.oidc.issuer == 'string')) {
var options = {
@ -6265,55 +6251,22 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
issuer: domain.authstrategies.oidc.issuer,
tokenURL: domain.authstrategies.oidc.tokenurl,
userInfoURL: domain.authstrategies.oidc.userinfourl,
scope: [ 'openid email profile' ],
scope: [ 'openid profile email' ],
responseMode: 'form_post' ,
state: true
};
const OIDCStrategy = require('passport-openidconnect');
if (typeof domain.authstrategies.oidc.callbackurl == 'string') { options.callbackURL = domain.authstrategies.oidc.callbackurl; } else { options.callbackURL = url + 'oidc-callback'; }
parent.debug('web', 'Adding Generic OIDC SSO with options: ' + JSON.stringify(options));
passport.use('oidc-' + domain.id, new OIDCStrategy(options,
function (accessToken, refreshtoken, params, profile, done) {
var userex = null;
try { userex = require('jwt-simple').decode(params.id_token, "", true); } catch (ex) { }
parent.debug('web', 'OpenID Connect profile: ' + JSON.stringify(userex));
var user = null;
if (userex != null) {
var user = { sid: '~oidc:' + userex.unique_name, name: userex.name, strategy: 'oidc' };
if (typeof userex.email == 'string') { user.email = userex.email; }
}
return done(null, user);
}
));
/* passport.use('oidc-' + domain.id, new OIDCStrategy.Strategy(options,
function (authorization_code, refresh_token, profile, cb) {
parent.debug('web', 'OIDC profile: ' + JSON.stringify(profile));
var user = { sid: '~oidc:' + profile.id, name: profile.displayName, strategy: 'oidc' };
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
passport.use('openidconnect', new OIDCStrategy.Strategy(options,
function verify( iss, sub, profile, cb ) {
var user = { sid: '~oidc:' + profile.id, name: profile.displayName, email: profile.email, strategy: 'oidc' };
parent.debug('AUTH', 'OIDC: Configured user: ' + JSON.stringify(user));
return cb(null, user);
}
)); */
obj.app.get(url + 'auth-oidc', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('oidc-' + domain.id, { scope: 'openid email profile', state: obj.parent.encodeCookie({ 'p': 'azure' }, obj.parent.loginCookieEncryptionKey) })(req, res, next);
});
obj.app.get(url + 'oidc-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
var url = req.url;
if (url.indexOf('?') >= 0) { url += '&nmr=1'; } else { url += '?nmr=1'; } // Add this to the URL to prevent redirect loop.
res.set('Content-Type', 'text/html');
res.end('<html><head><meta http-equiv="refresh" content=0;url="' + url + '"></head><body></body></html>');
} else {
if (req.query.state != null) {
var c = obj.parent.decodeCookie(req.query.state, obj.parent.loginCookieEncryptionKey, 10); // 10 minute timeout
if ((c != null) && (c.p == 'oidc')) { domain.passport.authenticate('oidc-' + domain.id, { failureRedirect: '/' })(req, res, next); return; }
}
next();
}
}, handleStrategyLogin);
));
obj.app.get(url + 'auth-oidc', domain.passport.authenticate('openidconnect'));
obj.app.get(url + 'oidc-callback', domain.passport.authenticate('openidconnect', { failureRedirect: '/login?failed-auth-attempt', failureFlash: true }), handleStrategyLogin);
}