MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4476 from mstrhakr/master 

Update oidc passport module
This commit is contained in:
Ylian Saint-Hilaire 2022-09-01 00:34:08 -07:00 committed by GitHub
parent ad22876219 03e15c6be1
commit 90dab68802
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meshcentral.js
View File

@ -3886,7 +3886,7 @@ function mainStart() {
if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); } if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); } if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); } if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); }
if ((typeof config.domains[i].authstrategies.oidc == 'object') && (typeof config.domains[i].authstrategies.oidc.clientid == 'string') && (typeof config.domains[i].authstrategies.oidc.clientsecret == 'string') && (passport.indexOf('@mstrhakr/passport-generic-oidc') == -1)) { passport.push('@mstrhakr/passport-generic-oidc'); } if ((typeof config.domains[i].authstrategies.oidc == 'object') && (typeof config.domains[i].authstrategies.oidc.clientid == 'string') && (typeof config.domains[i].authstrategies.oidc.clientsecret == 'string') && (passport.indexOf('passport-openidconnect') == -1)) { passport.push('passport-openidconnect'); }
if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); } if ((typeof config.domains[i].authstrategies.saml == 'object') || (typeof config.domains[i].authstrategies.jumpcloud == 'object')) { passport.push('passport-saml'); }
} }
if (config.domains[i].sessionrecording != null) { sessionRecording = true; } if (config.domains[i].sessionrecording != null) { sessionRecording = true; }

31
webserver.js
View File

@ -6421,8 +6421,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Generic OpenID // Generic OpenID
if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.openid) != 0) { if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.openid) != 0) {
obj.app.get(url + 'auth-oidc', domain.passport.authenticate('openidconnect')); obj.app.get(url + 'auth-oidc', function (req, res, next) {
obj.app.get(url + 'oidc-callback', domain.passport.authenticate('openidconnect', { failureRedirect: '/login?failed-auth-attempt', failureFlash: true }), handleStrategyLogin); var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('oidc-' + domain.id, { failureRedirect: '/', failureFlash: true })(req, res, next);
});
obj.app.get(url + 'oidc-callback', function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate('oidc-' + domain.id, { failureRedirect: '/', failureFlash: true })(req, res, next);
}, handleStrategyLogin);
} }
// Generic SAML // Generic SAML
@ -6886,25 +6894,22 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Generic OpenID Connect // Generic OpenID Connect
if ((typeof domain.authstrategies.oidc == 'object') && (typeof domain.authstrategies.oidc.clientid == 'string') && (typeof domain.authstrategies.oidc.clientsecret == 'string') && (typeof domain.authstrategies.oidc.issuer == 'string')) { if ((typeof domain.authstrategies.oidc == 'object') && (typeof domain.authstrategies.oidc.clientid == 'string') && (typeof domain.authstrategies.oidc.clientsecret == 'string') && (typeof domain.authstrategies.oidc.issuer == 'string')) {
var options = { var options = {
authorizationURL: domain.authstrategies.oidc.authorizationurl,
callbackURL: domain.authstrategies.oidc.callbackurl,
clientID: domain.authstrategies.oidc.clientid,
clientSecret: domain.authstrategies.oidc.clientsecret,
issuer: domain.authstrategies.oidc.issuer, issuer: domain.authstrategies.oidc.issuer,
authorizationURL: domain.authstrategies.oidc.authorizationurl,
tokenURL: domain.authstrategies.oidc.tokenurl, tokenURL: domain.authstrategies.oidc.tokenurl,
userInfoURL: domain.authstrategies.oidc.userinfourl, userInfoURL: domain.authstrategies.oidc.userinfourl,
scope: ['openid profile email'], clientID: domain.authstrategies.oidc.clientid,
responseMode: 'form_post', clientSecret: domain.authstrategies.oidc.clientsecret,
state: true scope: ['openid profile email groups'],
}; };
const OIDCStrategy = require('@mstrhakr/passport-generic-oidc'); var OIDCStrategy = require('passport-openidconnect');
if (typeof domain.authstrategies.oidc.callbackurl == 'string') { options.callbackURL = domain.authstrategies.oidc.callbackurl; } else { options.callbackURL = url + 'oidc-callback'; } if (typeof domain.authstrategies.oidc.callbackurl == 'string') { options.callbackURL = domain.authstrategies.oidc.callbackurl; } else { options.callbackURL = url + 'oidc-callback'; }
parent.debug('web', 'Adding Generic OIDC SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Generic OIDC SSO with options: ' + JSON.stringify(options));
passport.use('openidconnect', new OIDCStrategy.Strategy(options, passport.use('oidc-' + domain.id, new OIDCStrategy.Strategy(options,
function verify(iss, sub, profile, cb) { function verify(issuer, profile, verified) {
var user = { sid: '~oidc:' + profile.id, name: profile.displayName, email: profile.email, strategy: 'oidc' }; var user = { sid: '~oidc:' + profile.id, name: profile.displayName, email: profile.email, strategy: 'oidc' };
parent.debug('AUTH', 'OIDC: Configured user: ' + JSON.stringify(user)); parent.debug('AUTH', 'OIDC: Configured user: ' + JSON.stringify(user));
return cb(null, user); return verified(null, user);
} }
)); ));
authStrategyFlags |= domainAuthStrategyConsts.openid; authStrategyFlags |= domainAuthStrategyConsts.openid;