MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed OAuth/SAML when used in multi-domain.

This commit is contained in:
Ylian Saint-Hilaire 2020-05-24 22:05:18 -07:00
parent e6798f2b7d
commit 41701153d3
2 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/MeshCentral2 User's Guide v0.2.8.odt → docs/MeshCentral2 User's Guide v0.2.9.odt
View File

Binary file not shown.

42
webserver.js
View File

@ -4199,8 +4199,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
return cb(null, user); return cb(null, user);
} }
)); ));
obj.app.get(url + 'auth-twitter', domain.passport.authenticate('twitter')); obj.app.get(url + 'auth-twitter', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('twitter')(req, res, next);
});
obj.app.get(url + 'auth-twitter-callback', function (req, res, next) { obj.app.get(url + 'auth-twitter-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) { if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack). // This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
@ -4225,8 +4230,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
return cb(null, user); return cb(null, user);
} }
)); ));
obj.app.get(url + 'auth-google', domain.passport.authenticate('google', { scope: ['profile', 'email'] })); obj.app.get(url + 'auth-google', function (req, res, next) {
obj.app.get(url + 'auth-google-callback', domain.passport.authenticate('google', { failureRedirect: '/' }), handleStrategyLogin); var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('google', { scope: ['profile', 'email'] })(req, res, next);
});
obj.app.get(url + 'auth-google-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('google', { failureRedirect: '/' })(req, res, next);
}, handleStrategyLogin);
} }
// Github // Github
@ -4240,8 +4253,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
return cb(null, user); return cb(null, user);
} }
)); ));
obj.app.get(url + 'auth-github', domain.passport.authenticate('github', { scope: ['user:email'] })); obj.app.get(url + 'auth-github', function (req, res, next) {
obj.app.get(url + 'auth-github-callback', domain.passport.authenticate('github', { failureRedirect: '/' }), handleStrategyLogin); var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('github', { scope: ['user:email'] })(req, res, next);
});
obj.app.get(url + 'auth-github-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('github', { failureRedirect: '/' })(req, res, next);
}, handleStrategyLogin);
} }
// Reddit // Reddit
@ -4256,11 +4277,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
)); ));
obj.app.get(url + 'auth-reddit', function (req, res, next) { obj.app.get(url + 'auth-reddit', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
req.session.rstate = obj.crypto.randomBytes(32).toString('hex'); req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next); domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next);
}); });
obj.app.get(url + 'auth-reddit-callback', function (req, res, next) { obj.app.get(url + 'auth-reddit-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) { if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack). // This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
@ -4302,11 +4325,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
)); ));
obj.app.get(url + 'auth-azure', function (req, res, next) { obj.app.get(url + 'auth-azure', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
req.session.rstate = obj.crypto.randomBytes(32).toString('hex'); req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
domain.passport.authenticate('azure', { state: req.session.rstate })(req, res, next); domain.passport.authenticate('azure', { state: req.session.rstate })(req, res, next);
}); });
obj.app.get(url + 'auth-azure-callback', function (req, res, next) { obj.app.get(url + 'auth-azure-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) { if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack). // This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
@ -4350,10 +4375,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
)); ));
obj.app.get(url + 'auth-saml', function (req, res, next) { obj.app.get(url + 'auth-saml', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next); domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
}); });
obj.app.post(url + 'auth-saml-callback', function (req, res, next) { obj.app.post(url + 'auth-saml-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next); domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
}, handleStrategyLogin); }, handleStrategyLogin);
@ -4382,15 +4409,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
else if ((typeof profile.FirstName == 'string') && (typeof profile.LastName == 'string')) { user.name = profile.FirstName + ' ' + profile.LastName; } else if ((typeof profile.FirstName == 'string') && (typeof profile.LastName == 'string')) { user.name = profile.FirstName + ' ' + profile.LastName; }
if (typeof profile.email == 'string') { user.email = profile.email; } if (typeof profile.email == 'string') { user.email = profile.email; }
else if (typeof profile.EmailAddress == 'string') { user.email = profile.EmailAddress; } else if (typeof profile.EmailAddress == 'string') { user.email = profile.EmailAddress; }
console.log(user);
return done(null, user); return done(null, user);
} }
)); ));
obj.app.get(url + 'auth-intel', function (req, res, next) { obj.app.get(url + 'auth-intel', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next); domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
}); });
obj.app.post(url + 'auth-intel-callback', function (req, res, next) { obj.app.post(url + 'auth-intel-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next); domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
}, handleStrategyLogin); }, handleStrategyLogin);
@ -4421,10 +4449,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} }
)); ));
obj.app.get(url + 'auth-jumpcloud', function (req, res, next) { obj.app.get(url + 'auth-jumpcloud', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next); domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
}); });
obj.app.post(url + 'auth-jumpcloud-callback', function (req, res, next) { obj.app.post(url + 'auth-jumpcloud-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; } if (domain.passport == null) { next(); return; }
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next); domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
}, handleStrategyLogin); }, handleStrategyLogin);