MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-01-13 16:03:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improved SSO.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2020-05-27 00:18:16 -07:00
parent e4fffae5a2
commit a6958ff53c
1 changed files with 19 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
webserver.js
View File

@ -4208,11 +4208,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Twitter // Twitter
if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.clientid == 'string') && (typeof domain.authstrategies.twitter.clientsecret == 'string')) { if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.clientid == 'string') && (typeof domain.authstrategies.twitter.clientsecret == 'string')) {
const TwitterStrategy = require('passport-twitter'); const TwitterStrategy = require('passport-twitter');
var options = { var options = { consumerKey: domain.authstrategies.twitter.clientid, consumerSecret: domain.authstrategies.twitter.clientsecret };
consumerKey: domain.authstrategies.twitter.clientid, if (typeof domain.authstrategies.twitter.callbackurl == 'string') { options.callbackURL = domain.authstrategies.twitter.callbackurl; } else { options.path = url + 'auth-twitter-callback'; }
consumerSecret: domain.authstrategies.twitter.clientsecret,
callbackURL: (typeof domain.authstrategies.twitter.callbackurl == 'string') ? domain.authstrategies.twitter.callbackurl : (url + 'auth-twitter-callback')
};
parent.debug('web', 'Adding Twitter SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Twitter SSO with options: ' + JSON.stringify(options));
passport.use(new TwitterStrategy(options, passport.use(new TwitterStrategy(options,
function (token, tokenSecret, profile, cb) { function (token, tokenSecret, profile, cb) {
@ -4245,11 +4242,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Google // Google
if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) { if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) {
const GoogleStrategy = require('passport-google-oauth20'); const GoogleStrategy = require('passport-google-oauth20');
var options = { var options = { clientID: domain.authstrategies.google.clientid, clientSecret: domain.authstrategies.google.clientsecret };
clientID: domain.authstrategies.google.clientid, if (typeof domain.authstrategies.google.callbackurl == 'string') { options.callbackURL = domain.authstrategies.google.callbackurl; } else { options.path = url + 'auth-google-callback'; }
clientSecret: domain.authstrategies.google.clientsecret,
callbackURL: (typeof domain.authstrategies.google.callbackurl == 'string') ? domain.authstrategies.google.callbackurl : (url + 'auth-google-callback')
};
parent.debug('web', 'Adding Google SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Google SSO with options: ' + JSON.stringify(options));
passport.use(new GoogleStrategy(options, passport.use(new GoogleStrategy(options,
function (token, tokenSecret, profile, cb) { function (token, tokenSecret, profile, cb) {
@ -4274,11 +4268,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Github // Github
if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) { if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) {
const GitHubStrategy = require('passport-github2'); const GitHubStrategy = require('passport-github2');
var options = { var options = { clientID: domain.authstrategies.github.clientid, clientSecret: domain.authstrategies.github.clientsecret };
clientID: domain.authstrategies.github.clientid, if (typeof domain.authstrategies.github.callbackurl == 'string') { options.callbackURL = domain.authstrategies.github.callbackurl; } else { options.path = url + 'auth-github-callback'; }
clientSecret: domain.authstrategies.github.clientsecret,
callbackURL: (typeof domain.authstrategies.github.callbackurl == 'string') ? domain.authstrategies.github.callbackurl : (url + 'auth-github-callback')
};
parent.debug('web', 'Adding Github SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Github SSO with options: ' + JSON.stringify(options));
passport.use(new GitHubStrategy(options, passport.use(new GitHubStrategy(options,
function (token, tokenSecret, profile, cb) { function (token, tokenSecret, profile, cb) {
@ -4305,9 +4296,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
const RedditStrategy = require('passport-reddit'); const RedditStrategy = require('passport-reddit');
var options = { var options = {
clientID: domain.authstrategies.reddit.clientid, clientID: domain.authstrategies.reddit.clientid,
clientSecret: domain.authstrategies.reddit.clientsecret, clientSecret: domain.authstrategies.reddit.clientsecret
callbackURL: (typeof domain.authstrategies.reddit.callbackurl == 'string') ? domain.authstrategies.reddit.callbackurl : (url + 'auth-reddit-callback')
}; };
if (typeof domain.authstrategies.reddit.callbackurl == 'string') { options.callbackURL = domain.authstrategies.reddit.callbackurl; } else { options.path = url + 'auth-reddit-callback'; }
parent.debug('web', 'Adding Reddit SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Reddit SSO with options: ' + JSON.stringify(options));
passport.use(new RedditStrategy.Strategy(options, passport.use(new RedditStrategy.Strategy(options,
function (token, tokenSecret, profile, cb) { function (token, tokenSecret, profile, cb) {
@ -4350,9 +4341,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
var options = { var options = {
clientID: domain.authstrategies.azure.clientid, clientID: domain.authstrategies.azure.clientid,
clientSecret: domain.authstrategies.azure.clientsecret, clientSecret: domain.authstrategies.azure.clientsecret,
tenant: domain.authstrategies.azure.tenantid, tenant: domain.authstrategies.azure.tenantid
callbackURL: (typeof domain.authstrategies.azure.callbackurl == 'string') ? domain.authstrategies.azure.callbackurl : (url + 'auth-azure-callback')
}; };
if (typeof domain.authstrategies.azure.callbackurl == 'string') { options.callbackURL = domain.authstrategies.azure.callbackurl; } else { options.path = url + 'auth-azure-callback'; }
if (typeof domain.authstrategies.azure.forceauthn != 'undefined') { options.forceAuthn = domain.authstrategies.azure.forceauthn; }
parent.debug('web', 'Adding Azure SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Azure SSO with options: ' + JSON.stringify(options));
passport.use('azure', new AzureOAuth2Strategy(options, passport.use('azure', new AzureOAuth2Strategy(options,
function (accessToken, refreshtoken, params, profile, done) { function (accessToken, refreshtoken, params, profile, done) {
@ -4403,10 +4395,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (cert == null) { if (cert == null) {
console.log('ERROR: Unable to read SAML IdP certificate: ' + domain.authstrategies.saml.cert); console.log('ERROR: Unable to read SAML IdP certificate: ' + domain.authstrategies.saml.cert);
} else { } else {
var options = { var options = { entryPoint: domain.authstrategies.saml.idpurl, issuer: 'meshcentral' };
path: (typeof domain.authstrategies.saml.callbackurl == 'string') ? domain.authstrategies.saml.callbackurl : (url + 'auth-saml-callback'), if (typeof domain.authstrategies.saml.callbackurl == 'string') { options.callbackURL = domain.authstrategies.saml.callbackurl; } else { options.path = url + 'auth-saml-callback'; }
entryPoint: domain.authstrategies.saml.idpurl, issuer: 'meshcentral' if (typeof domain.authstrategies.saml.forceauthn != 'undefined') { options.forceAuthn = domain.authstrategies.saml.forceauthn; }
};
parent.debug('web', 'Adding SAML SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding SAML SSO with options: ' + JSON.stringify(options));
if (typeof domain.authstrategies.saml.entityid == 'string') { options.issuer = domain.authstrategies.saml.entityid; } if (typeof domain.authstrategies.saml.entityid == 'string') { options.issuer = domain.authstrategies.saml.entityid; }
options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join(''); options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('');
@ -4444,10 +4435,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (cert == null) { if (cert == null) {
console.log('ERROR: Unable to read Intel SAML IdP certificate: ' + domain.authstrategies.intel.cert); console.log('ERROR: Unable to read Intel SAML IdP certificate: ' + domain.authstrategies.intel.cert);
} else { } else {
var options = { var options = { entryPoint: domain.authstrategies.intel.idpurl, issuer: 'meshcentral' };
path: (typeof domain.authstrategies.intel.callbackurl == 'string') ? domain.authstrategies.intel.callbackurl : (url + 'auth-intel-callback'), if (typeof domain.authstrategies.intel.callbackurl == 'string') { options.callbackURL = domain.authstrategies.intel.callbackurl; } else { options.path = url + 'auth-intel-callback'; }
entryPoint: domain.authstrategies.intel.idpurl, issuer: 'meshcentral' if (typeof domain.authstrategies.intel.forceauthn != 'undefined') { options.forceAuthn = domain.authstrategies.intel.forceauthn; }
};
parent.debug('web', 'Adding Intel SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding Intel SSO with options: ' + JSON.stringify(options));
if (typeof domain.authstrategies.intel.entityid == 'string') { options.issuer = domain.authstrategies.intel.entityid; } if (typeof domain.authstrategies.intel.entityid == 'string') { options.issuer = domain.authstrategies.intel.entityid; }
options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join(''); options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('');
@ -4487,10 +4477,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (cert == null) { if (cert == null) {
console.log('ERROR: Unable to read JumpCloud IdP certificate: ' + domain.authstrategies.jumpcloud.cert); console.log('ERROR: Unable to read JumpCloud IdP certificate: ' + domain.authstrategies.jumpcloud.cert);
} else { } else {
var options = { var options = { entryPoint: domain.authstrategies.jumpcloud.idpurl, issuer: 'meshcentral' };
path: (typeof domain.authstrategies.jumpcloud.callbackurl == 'string') ? domain.authstrategies.jumpcloud.callbackurl : (url + 'auth-jumpcloud-callback'), if (typeof domain.authstrategies.jumpcloud.callbackurl == 'string') { options.callbackURL = domain.authstrategies.jumpcloud.callbackurl; } else { options.path = url + 'auth-jumpcloud-callback'; }
entryPoint: domain.authstrategies.jumpcloud.idpurl, issuer: 'meshcentral'
};
parent.debug('web', 'Adding JumpCloud SSO with options: ' + JSON.stringify(options)); parent.debug('web', 'Adding JumpCloud SSO with options: ' + JSON.stringify(options));
if (typeof domain.authstrategies.jumpcloud.entityid == 'string') { options.issuer = domain.authstrategies.jumpcloud.entityid; } if (typeof domain.authstrategies.jumpcloud.entityid == 'string') { options.issuer = domain.authstrategies.jumpcloud.entityid; }
options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join(''); options.cert = cert.toString().split('-----BEGIN CERTIFICATE-----').join('').split('-----END CERTIFICATE-----').join('');