replacing eval() with function using property accessors

2021-11-02 18:56:21 +00:00 · 2021-11-02 18:56:21 +00:00 · 7eba6ba411
parent 001def2fea
commit 7eba6ba411
2 changed files with 30 additions and 6 deletions
--- a/docs/config-oauth2.md
+++ b/docs/config-oauth2.md
@ -21,7 +21,7 @@ specify it with `oauth2_CallbackURL`.

 You might also need to tell Federated Wiki how to look up usernames:
 * `oauth2_UserInfoURL` -- from login provider's documentation
-* `oauth2_UsernameField` -- starting with 
+* `oauth2_IdField`, `oauth2_DisplayNameField`, `oauth2_UsernameField` -- starting with 
  * `params` for information returned in the original token request, or
  * `profile` for data returned from `oauth2_UserInfoURL`, if you provided it.

--- a/server/social.coffee
+++ b/server/social.coffee
@ -223,6 +223,26 @@ module.exports = exports = (log, loga, argv) ->
        callbackURL: argv.oauth2_CallbackURL,
        userInfoURL: argv.oauth2_UserInfoURL
        }, (accessToken, refreshToken, params, profile, cb) ->
+
+          extractUserInfo = (uiParam, uiDef) ->
+            uiPath = ''
+            if typeof uiParam == 'undefined' then (uiPath = uiDef) else (uiPath = uiParam)
+            console.log('extractUI', uiParam, uiDef, uiPath)
+            sParts = uiPath.split('.')
+            sFrom = sParts.shift()
+            switch sFrom
+              when "params"
+                obj = params
+              when "profile"
+                obj = profile
+              else
+                console.error('*** source of user info not recognised', uiPath)
+                obj = {}
+            
+            while (sParts.length)
+              obj = obj[sParts.shift()]
+            return obj
+
          console.log("accessToken", accessToken)
          console.log("refreshToken", refreshToken)
          console.log("params", params)
@ -231,11 +251,15 @@ module.exports = exports = (log, loga, argv) ->
            username_query = argv.oauth2_UsernameField 
          else 
            username_query = 'params.user_id'
-          user.oauth2 = {
-            id: eval username_query,
-            username: eval username_query
-            displayName: eval username_query
-          }
+
+          try
+            user.oauth2 = {
+              id: extractUserInfo(argv.oauth2_IdField, 'params.user_id')
+              username: extractUserInfo(argv.oauth2_UsernameField, 'params.user_id')
+              displayName: extractUserInfo(argv.oauth2_DisplayNameField, 'params.user_id')
+            }
+          catch e
+            console.error('*** Error extracting user info:', e)
          console.log user.oauth2
          cb(null, user)))