From 560ad6788cdb86fe90327163d85df8dc6f9205c5 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Fri, 17 Nov 2023 21:22:08 +0000 Subject: [PATCH] Tidy up OAuth, allow pulling properties from decoded JWT --- package-lock.json | 9 +++++++++ package.json | 1 + server/social.coffee | 19 +++++++------------ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 263589e..01801d9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,6 +11,7 @@ "dependencies": { "@passport-js/passport-twitter": "^1.0.8", "coffeescript": "^2.4.1", + "jwt-decode": "^4.0.0", "lodash": "^4.17.19", "passport": "^0.3.2", "passport-github2": "^0.1.12", @@ -3907,6 +3908,14 @@ "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true }, + "node_modules/jwt-decode": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz", + "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==", + "engines": { + "node": ">=18" + } + }, "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", diff --git a/package.json b/package.json index b904148..b3b2665 100644 --- a/package.json +++ b/package.json @@ -7,6 +7,7 @@ "dependencies": { "@passport-js/passport-twitter": "^1.0.8", "coffeescript": "^2.4.1", + "jwt-decode": "^4.0.0", "lodash": "^4.17.19", "passport": "^0.3.2", "passport-github2": "^0.1.12", diff --git a/server/social.coffee b/server/social.coffee index 4b3e307..ae45eda 100644 --- a/server/social.coffee +++ b/server/social.coffee @@ -17,6 +17,8 @@ url = require 'url' _ = require 'lodash' glob = require 'glob' +{ jwtDecode } = require('jwt-decode'); + passport = require('passport') # Export a function that generates security handler @@ -51,10 +53,6 @@ module.exports = exports = (log, loga, argv) -> callbackHost = callbackHost + ":" + url.parse(argv.url).port else callbackHost = url.parse(argv.url).host - if argv.oauth2_CallbackPort? - callbackHost = callbackHost + ":" + argv.oauth2_CallbackPort - - console.log "callbackHost", callbackHost ids = [] @@ -136,7 +134,7 @@ module.exports = exports = (log, loga, argv) -> return false switch idProvider - when "github", "google", "twitter", "oauth2" + when "github", "google", "twitter", 'oauth2' if _.isEqual(admin[idProvider], req.session.passport.user[idProvider].id) return true else @@ -166,13 +164,10 @@ module.exports = exports = (log, loga, argv) -> OAuth2Strategy = require('passport-oauth2').Strategy oauth2StrategyName = callbackHost + 'OAuth' - console.log "callbackHost", callbackHost if argv.oauth2_UserInfoURL? OAuth2Strategy::userProfile = (accesstoken, done) -> @_oauth2._request "GET", argv.oauth2_UserInfoURL, null, null, accesstoken, (err, data) -> - console.log "data", data - console.log "err", err if err return done err try @@ -191,6 +186,8 @@ module.exports = exports = (log, loga, argv) -> userInfoURL: argv.oauth2_UserInfoURL }, (accessToken, refreshToken, params, profile, cb) -> + token = jwtDecode(accessToken) + extractUserInfo = (uiParam, uiDef) -> uiPath = '' if typeof uiParam == 'undefined' then (uiPath = uiDef) else (uiPath = uiParam) @@ -198,6 +195,8 @@ module.exports = exports = (log, loga, argv) -> sParts = uiPath.split('.') sFrom = sParts.shift() switch sFrom + when "token" + obj = token when "params" obj = params when "profile" @@ -210,10 +209,6 @@ module.exports = exports = (log, loga, argv) -> obj = obj[sParts.shift()] return obj - console.log("accessToken", accessToken) - console.log("refreshToken", refreshToken) - console.log("params", params) - console.log("profile", profile) if argv.oauth2_UsernameField? username_query = argv.oauth2_UsernameField else