wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add generic OAuth support

Browse Source
This commit is contained in:
3wc
2021-10-18 21:13:18 +02:00
parent a369822b0f
commit 5f2164cb12
3 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/config-oauth2.md Normal file
View File

@ -0,0 +1,15 @@
```JSON
{
"farm": true,
"security_type": "passportjs",
"oauth2_clientID": "CLIENT ID",
"oauth2_clientSecret": "CLIENT SECRET",
"oauth2_AuthorizationURL": "https://auth.example.com/oauth2/authorize",
"oauth2_TokenURL": "https://auth.example.com/oauth2/token",
"wikiDomains": {
"example.wiki": {}
}
}
```

1
docs/configuration.md
View File

@ -17,3 +17,4 @@ See, depending on which identity provider you choose to use:
* [GitHub](./config-github.md) * [GitHub](./config-github.md)
* [Google](./config-google.md) * [Google](./config-google.md)
* [Twitter](./config-twitter.md) * [Twitter](./config-twitter.md)
* [Generic OAuth](./config-oauth2.md)

50
server/social.coffee
View File

@ -135,7 +135,7 @@ module.exports = exports = (log, loga, argv) ->
idProvider = _.head(_.keys(req.session.passport.user)) idProvider = _.head(_.keys(req.session.passport.user))
console.log 'idProvider: ', idProvider console.log 'idProvider: ', idProvider
switch idProvider switch idProvider
when 'github', 'google', 'twitter' when 'github', 'google', 'twitter', 'oauth2'
if _.isEqual(owner[idProvider].id, req.session.passport.user[idProvider].id) if _.isEqual(owner[idProvider].id, req.session.passport.user[idProvider].id)
return true return true
else else
@ -165,7 +165,7 @@ module.exports = exports = (log, loga, argv) ->
return false return false
switch idProvider switch idProvider
when "github", "google", "twitter" when "github", "google", "twitter", 'oauth2'
if _.isEqual(admin[idProvider], req.session.passport.user[idProvider].id) if _.isEqual(admin[idProvider], req.session.passport.user[idProvider].id)
return true return true
else else
@ -194,6 +194,32 @@ module.exports = exports = (log, loga, argv) ->
passport.deserializeUser = (obj, req, done) -> passport.deserializeUser = (obj, req, done) ->
done(null, obj) done(null, obj)
# OAuth Strategy
if argv.oauth2_clientID? and argv.oauth2_clientSecret?
ids.push('oauth2')
OAuth2Strategy = require('passport-oauth2').Strategy
oauth2StrategyName = callbackHost + 'OAuth'
passport.use(oauth2StrategyName, new OAuth2Strategy({
clientID: argv.oauth2_clientID
clientSecret: argv.oauth2_clientSecret
authorizationURL: argv.oauth2_AuthorizationURL
tokenURL: argv.oauth2_TokenURL
# userURL: argv.oauth2_UserURL
# scope: 'user:emails'
# callbackURL is optional, and if it exists must match that given in
# the OAuth application settings - so we don't specify it.
}, (accessToken, refreshToken, params, profile, cb) ->
console.log("params", params)
console.log("profile", profile)
user.oauth2 = {
id: params.user_id,
username: params.user_id,
displayName: params.user_id,
}
cb(null, user)))
# Github Strategy # Github Strategy
if argv.github_clientID? and argv.github_clientSecret? if argv.github_clientID? and argv.github_clientSecret?
ids.push('github') ids.push('github')
@ -275,6 +301,11 @@ module.exports = exports = (log, loga, argv) ->
app.use(passport.initialize()) app.use(passport.initialize())
app.use(passport.session()) app.use(passport.session())
# OAuth2
app.get('/auth/oauth2', passport.authenticate(oauth2StrategyName), (req, res) -> )
app.get('/auth/oauth2/callback',
passport.authenticate(oauth2StrategyName, { successRedirect: '/auth/loginDone', failureRedirect: '/auth/loginDialog'}))
# Github # Github
app.get('/auth/github', passport.authenticate(githubStrategyName, {scope: 'user:email'}), (req, res) -> ) app.get('/auth/github', passport.authenticate(githubStrategyName, {scope: 'user:email'}), (req, res) -> )
app.get('/auth/github/callback', app.get('/auth/github/callback',
@ -317,6 +348,7 @@ module.exports = exports = (log, loga, argv) ->
schemeButtons = [] schemeButtons = []
_(ids).forEach (scheme) -> _(ids).forEach (scheme) ->
switch scheme switch scheme
when "oauth2" then schemeButtons.push({button: "<a href='/auth/oauth2' class='scheme-button oauth2-button'><span>OAuth2</span></a>"})
when "twitter" then schemeButtons.push({button: "<a href='/auth/twitter' class='scheme-button twitter-button'><span>Twitter</span></a>"}) when "twitter" then schemeButtons.push({button: "<a href='/auth/twitter' class='scheme-button twitter-button'><span>Twitter</span></a>"})
when "github" then schemeButtons.push({button: "<a href='/auth/github' class='scheme-button github-button'><span>Github</span></a>"}) when "github" then schemeButtons.push({button: "<a href='/auth/github' class='scheme-button github-button'><span>Github</span></a>"})
when "google" when "google"
@ -504,6 +536,13 @@ module.exports = exports = (log, loga, argv) ->
userIds = {} userIds = {}
idProviders.forEach (idProvider) -> idProviders.forEach (idProvider) ->
id = switch idProvider id = switch idProvider
when "oauth2" then {
name: user.oauth2.displayName
oauth2: {
id: user.oauth2.id
username: user.oauth2.username
}
}
when "twitter" then { when "twitter" then {
name: user.twitter.displayName name: user.twitter.displayName
twitter: { twitter: {
@ -580,6 +619,13 @@ module.exports = exports = (log, loga, argv) ->
id = {} id = {}
idProviders.forEach (idProvider) -> idProviders.forEach (idProvider) ->
id = switch idProvider id = switch idProvider
when "oauth2" then {
name: user.oauth2.displayName
oauth2: {
id: user.oauth2.id
username: user.oauth2.username
}
}
when "twitter" then { when "twitter" then {
name: user.twitter.displayName name: user.twitter.displayName
twitter: { twitter: {