From a6958ff53ca55ad552d580edb60c4ac2c7bfa318 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Wed, 27 May 2020 00:18:16 -0700 Subject: [PATCH] Improved SSO. --- webserver.js | 50 +++++++++++++++++++------------------------------- 1 file changed, 19 insertions(+), 31 deletions(-) diff --git a/webserver.js b/webserver.js index e22e2ac4..29dbf42d 100644 --- a/webserver.js +++ b/webserver.js @@ -4208,11 +4208,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Twitter if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.clientid == 'string') && (typeof domain.authstrategies.twitter.clientsecret == 'string')) { const TwitterStrategy = require('passport-twitter'); - var options = { - consumerKey: domain.authstrategies.twitter.clientid, - consumerSecret: domain.authstrategies.twitter.clientsecret, - callbackURL: (typeof domain.authstrategies.twitter.callbackurl == 'string') ? domain.authstrategies.twitter.callbackurl : (url + 'auth-twitter-callback') - }; + var options = { consumerKey: domain.authstrategies.twitter.clientid, consumerSecret: domain.authstrategies.twitter.clientsecret }; + if (typeof domain.authstrategies.twitter.callbackurl == 'string') { options.callbackURL = domain.authstrategies.twitter.callbackurl; } else { options.path = url + 'auth-twitter-callback'; } parent.debug('web', 'Adding Twitter SSO with options: ' + JSON.stringify(options)); passport.use(new TwitterStrategy(options, function (token, tokenSecret, profile, cb) { @@ -4245,11 +4242,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Google if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) { const GoogleStrategy = require('passport-google-oauth20'); - var options = { - clientID: domain.authstrategies.google.clientid, - clientSecret: domain.authstrategies.google.clientsecret, - callbackURL: (typeof domain.authstrategies.google.callbackurl == 'string') ? domain.authstrategies.google.callbackurl : (url + 'auth-google-callback') - }; + var options = { clientID: domain.authstrategies.google.clientid, clientSecret: domain.authstrategies.google.clientsecret }; + if (typeof domain.authstrategies.google.callbackurl == 'string') { options.callbackURL = domain.authstrategies.google.callbackurl; } else { options.path = url + 'auth-google-callback'; } parent.debug('web', 'Adding Google SSO with options: ' + JSON.stringify(options)); passport.use(new GoogleStrategy(options, function (token, tokenSecret, profile, cb) { @@ -4274,11 +4268,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { // Github if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) { const GitHubStrategy = require('passport-github2'); - var options = { - clientID: domain.authstrategies.github.clientid, - clientSecret: domain.authstrategies.github.clientsecret, - callbackURL: (typeof domain.authstrategies.github.callbackurl == 'string') ? domain.authstrategies.github.callbackurl : (url + 'auth-github-callback') - }; + var options = { clientID: domain.authstrategies.github.clientid, clientSecret: domain.authstrategies.github.clientsecret }; + if (typeof domain.authstrategies.github.callbackurl == 'string') { options.callbackURL = domain.authstrategies.github.callbackurl; } else { options.path = url + 'auth-github-callback'; } parent.debug('web', 'Adding Github SSO with options: ' + JSON.stringify(options)); passport.use(new GitHubStrategy(options, function (token, tokenSecret, profile, cb) { @@ -4305,9 +4296,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { const RedditStrategy = require('passport-reddit'); var options = { clientID: domain.authstrategies.reddit.clientid, - clientSecret: domain.authstrategies.reddit.clientsecret, - callbackURL: (typeof domain.authstrategies.reddit.callbackurl == 'string') ? domain.authstrategies.reddit.callbackurl : (url + 'auth-reddit-callback') + clientSecret: domain.authstrategies.reddit.clientsecret }; + if (typeof domain.authstrategies.reddit.callbackurl == 'string') { options.callbackURL = domain.authstrategies.reddit.callbackurl; } else { options.path = url + 'auth-reddit-callback'; } parent.debug('web', 'Adding Reddit SSO with options: ' + JSON.stringify(options)); passport.use(new RedditStrategy.Strategy(options, function (token, tokenSecret, profile, cb) { @@ -4350,9 +4341,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { var options = { clientID: domain.authstrategies.azure.clientid, clientSecret: domain.authstrategies.azure.clientsecret, - tenant: domain.authstrategies.azure.tenantid, - callbackURL: (typeof domain.authstrategies.azure.callbackurl == 'string') ? domain.authstrategies.azure.callbackurl : (url + 'auth-azure-callback') + tenant: domain.authstrategies.azure.tenantid }; + if (typeof domain.authstrategies.azure.callbackurl == 'string') { options.callbackURL = domain.authstrategies.azure.callbackurl; } else { options.path = url + 'auth-azure-callback'; } + if (typeof domain.authstrategies.azure.forceauthn != 'undefined') { options.forceAuthn = domain.authstrategies.azure.forceauthn; } parent.debug('web', 'Adding Azure SSO with options: ' + JSON.stringify(options)); passport.use('azure', new AzureOAuth2Strategy(options, function (accessToken, refreshtoken, params, profile, done) { @@ -4403,10 +4395,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (cert == null) { console.log('ERROR: Unable to read SAML IdP certificate: ' + domain.authstrategies.saml.cert); } else { - var options = { - path: (typeof domain.authstrategies.saml.callbackurl == 'string') ? domain.authstrategies.saml.callbackurl : (url + 'auth-saml-callback'), - entryPoint: domain.authstrategies.saml.idpurl, issuer: 'meshcentral' - }; + var options = { entryPoint: domain.authstrategies.saml.idpurl, issuer: 'meshcentral' }; + if (typeof domain.authstrategies.saml.callbackurl == 'string') { options.callbackURL = domain.authstrategies.saml.callbackurl; } else { options.path = url + 'auth-saml-callback'; } + if (typeof domain.authstrategies.saml.forceauthn != 'undefined') { options.forceAuthn = domain.authstrategies.saml.forceauthn; } parent.debug('web', 'Adding SAML SSO with options: ' + JSON.stringify(options)); if (typeof domain.authstrategies.saml.entityid == 'string') { options.issuer = domain.authstrategies.saml.entityid; } options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join(''); @@ -4444,10 +4435,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (cert == null) { console.log('ERROR: Unable to read Intel SAML IdP certificate: ' + domain.authstrategies.intel.cert); } else { - var options = { - path: (typeof domain.authstrategies.intel.callbackurl == 'string') ? domain.authstrategies.intel.callbackurl : (url + 'auth-intel-callback'), - entryPoint: domain.authstrategies.intel.idpurl, issuer: 'meshcentral' - }; + var options = { entryPoint: domain.authstrategies.intel.idpurl, issuer: 'meshcentral' }; + if (typeof domain.authstrategies.intel.callbackurl == 'string') { options.callbackURL = domain.authstrategies.intel.callbackurl; } else { options.path = url + 'auth-intel-callback'; } + if (typeof domain.authstrategies.intel.forceauthn != 'undefined') { options.forceAuthn = domain.authstrategies.intel.forceauthn; } parent.debug('web', 'Adding Intel SSO with options: ' + JSON.stringify(options)); if (typeof domain.authstrategies.intel.entityid == 'string') { options.issuer = domain.authstrategies.intel.entityid; } options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join(''); @@ -4487,10 +4477,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) { if (cert == null) { console.log('ERROR: Unable to read JumpCloud IdP certificate: ' + domain.authstrategies.jumpcloud.cert); } else { - var options = { - path: (typeof domain.authstrategies.jumpcloud.callbackurl == 'string') ? domain.authstrategies.jumpcloud.callbackurl : (url + 'auth-jumpcloud-callback'), - entryPoint: domain.authstrategies.jumpcloud.idpurl, issuer: 'meshcentral' - }; + var options = { entryPoint: domain.authstrategies.jumpcloud.idpurl, issuer: 'meshcentral' }; + if (typeof domain.authstrategies.jumpcloud.callbackurl == 'string') { options.callbackURL = domain.authstrategies.jumpcloud.callbackurl; } else { options.path = url + 'auth-jumpcloud-callback'; } parent.debug('web', 'Adding JumpCloud SSO with options: ' + JSON.stringify(options)); if (typeof domain.authstrategies.jumpcloud.entityid == 'string') { options.issuer = domain.authstrategies.jumpcloud.entityid; } options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('');