Started work on added JumpCloud support.

2025-10-29 23:35:02 -04:00 · 2020-05-19 19:02:27 -07:00 · 2020-05-19 19:02:27 -07:00 · 7b1c553ca8
commit 7b1c553ca8
parent 0c1fbc4369
6 changed files with 42 additions and 2 deletions
--- a/meshcentral.js
+++ b/meshcentral.js
@ -2556,6 +2556,7 @@ function mainStart() {
                if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
                if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
                if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
+                if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); }
            }
            if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; }
        }
--- a/public/images/login/jumpcloud32.png
+++ b/public/images/login/jumpcloud32.png
--- a/public/images/login/jumpcloud64.png
+++ b/public/images/login/jumpcloud64.png
--- a/views/default.handlebars
+++ b/views/default.handlebars
@ -886,7 +886,7 @@
                            </td>
                            <td style=width:20px></td>
                            <td style=width:200px;position:relative valign=top>
-                                <img id="p30userAuthServiceLogo" loading="lazy" style="display:none" class=userAuthStrategyLogo src=images/login/reddit64.png width=64 height=64>
+                                <img id="p30userAuthServiceLogo" loading="lazy" style="display:none" class=userAuthStrategyLogo width=64 height=64>
                                <picture id=MainUserImage style=border-width:0px;height:200px;width:200px;float:right>
                                    <source type="image/webp" width=200 height=200 srcset="images/webp/user-256.webp" />
                                    <img alt="" width=200 height=200 src=images/user-256.png />
@ -10884,6 +10884,7 @@
            else if (shortuserid.startsWith('~google:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/google64.png';; }
            else if (shortuserid.startsWith('~github:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/github64.png';; }
            else if (shortuserid.startsWith('~reddit:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/reddit64.png';; }
+            else if (shortuserid.startsWith('~jumpcloud:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/jumpcloud64.png';; }
            else if (shortuserid.startsWith('~intel:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/intel64.png';; }
            else { QV('p30userAuthServiceLogo', false); }

--- a/views/login.handlebars
+++ b/views/login.handlebars
@ -77,6 +77,7 @@
                                    <a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
                                    <a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
                                    <a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
+                                    <a id="auth-jumpcloud" href="auth-jumpcloud" style="display:none"><img src="images/login/jumpcloud32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using JumpCloud" /></a>
                                </div>
                            </form>
                        </div>
@ -384,6 +385,7 @@
                if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
                if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
                if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
+                if (authStrategies.indexOf('jumpcloud') >= 0) { QV('auth-jumpcloud', true); }
            }

            // Display the welcome text
--- a/webserver.js
+++ b/webserver.js
@ -2115,6 +2115,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
            if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) { authStrategies.push('google'); }
            if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) { authStrategies.push('github'); }
            if ((typeof domain.authstrategies.reddit == 'object') && (typeof domain.authstrategies.reddit.clientid == 'string') && (typeof domain.authstrategies.reddit.clientsecret == 'string')) { authStrategies.push('reddit'); }
+            if ((typeof domain.authstrategies.jumpcloud == 'object')) { authStrategies.push('jumpcloud'); }
            if ((typeof domain.authstrategies.intel == 'object') && (typeof domain.authstrategies.intel.clientid == 'string') && (typeof domain.authstrategies.intel.clientsecret == 'string')) { authStrategies.push('intel'); }
        }

@ -4188,7 +4189,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                    ));
                    obj.app.get(url + 'auth-reddit', function (req, res, next) {
                        req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
-                        domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next); // TODO: Replace 'rcookie' with a time-limited cookie
+                        domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next);
                    });
                    obj.app.get(url + 'auth-reddit-callback', function (req, res, next) {
                        if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
@ -4208,6 +4209,41 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                        }
                    }, handleStrategyLogin);
                }
+
+                // JumpCloud
+                if (typeof domain.authstrategies.jumpcloud == 'object') {
+                    const SamlStrategy = require('passport-saml').Strategy;
+
+                    var options = {
+                        path: url + 'auth-jumpcloud-callback',
+                        entryPoint: domain.authstrategies.jumpcloud.idpurl,
+                        issuer: 'passport-saml'
+                    };
+
+                    if (domain.authstrategies.jumpcloud.cert) {
+                        var cert = obj.fs.readFileSync(obj.path.join(obj.parent.datapath, domain.authstrategies.jumpcloud.cert));
+                        if (cert != null) { options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join(''); }
+                        //console.log(options);
+                    }
+
+                    passport.use(new SamlStrategy(options,
+                        function (profile, done) {
+                            //var user = { id: 'user/' + domain.id + '/~reddit:' + profile.id, name: profile.name };
+                            //if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
+                            console.log('JumpCloud Profile', profile);
+                            var user = { id: 'user/' + domain.id + '/~jumpcloud:' + profile.id, name: profile.name };
+                            return done(null, user);
+                        }
+                    ));
+                    obj.app.get(url + 'auth-jumpcloud', function (req, res, next) {
+                        console.log('auth-jumpcloud');
+                        domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
+                    });
+                    obj.app.get(url + 'auth-jumpcloud-callback', function (req, res, next) {
+                        console.log('auth-jumpcloud-callback');
+                        domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
+                    });
+                }
            }

            // Server redirects