Change callback style

This commit is contained in:
9p4 2023-01-24 13:12:35 -05:00
parent 26221e4c37
commit b228095173
No known key found for this signature in database
GPG key ID: 856544207C7E3E16
4 changed files with 30 additions and 60 deletions

View file

@ -477,6 +477,9 @@ module.exports = {
clientID: "clientId",
secret: "secret",
logout: true,
usernameClaim: "preferred_username",
roleClaim: "roles",
requiredRoles: ["thelounge"],
},
// ## Debugging settings

View file

@ -76,6 +76,9 @@ type OpenID = {
clientID: string;
secret: string;
logout: boolean;
usernameClaim: string;
roleClaim: string;
requiredRoles: string[];
};
type TlsOptions = any;

View file

@ -1,44 +1,23 @@
import colors from "chalk";
import log from "../../log";
import Config from "../../config";
import type {AuthHandler} from "../auth";
import * as express from "express";
function openidAuthCommon(
user: string,
bindDN: string,
password: string,
callback: (success: boolean) => void
) {
const config = Config.values;
}
function openIDCheckSession(user: string, password: string, callback: (success: boolean) => void) {
if (!user || !password) {
const openIDAuth: AuthHandler = (manager, client, user, _, callback) => {
if (user === "") {
log.error(
`Authentication failed using header auth: empty username. Have you selected the right header?`
);
return callback(false);
}
// If success
callback(true);
}
const openIDAuth: AuthHandler = (manager, client, user, password, callback) => {
function callbackWrapper(valid: boolean) {
if (valid && !client) {
manager.addUser(user, null, true);
}
callback(valid);
// If no user is found, create it
if (!client) {
manager.addUser(user, null, true);
}
//return auth(user, password, callbackWrapper);
return false;
return callback(true);
};
function openIDLoadUsers(users: string[], callbackLoadUser) {
return false;
}
function isOpenIDEnabled() {
return !Config.values.public && Config.values.openid.enable;
}
@ -47,5 +26,4 @@ export default {
moduleName: "openid",
auth: openIDAuth,
isEnabled: isOpenIDEnabled,
loadUsers: openIDLoadUsers,
};

View file

@ -67,7 +67,10 @@ export type ClientConfiguration = Pick<
// A random number that will force clients to reload the page if it differs
const serverHash = Math.floor(Date.now() * Math.random());
// OpenID code generators and verifiers
const code_verifier = generators.codeVerifier();
const code_challenge = generators.codeChallenge(code_verifier);
var issuer: Issuer;
@ -102,7 +105,6 @@ export default async function (
.use(allRequests)
.use(addSecurityHeaders)
.get("/", indexRequest)
.get("/openid-redirect", openidRedirectRequest)
.get("/service-worker.js", forceNoCacheRequest)
.get("/js/bundle.js.map", forceNoCacheRequest)
.get("/css/style.css.map", forceNoCacheRequest)
@ -114,10 +116,9 @@ export default async function (
openidClient = new issuer.Client({
client_id: Config.values.openid.clientID,
client_secret: Config.values.openid.secret,
redirect_uris: [Config.values.openid.baseURL + "/openid-redirect"],
redirect_uris: [Config.values.openid.baseURL],
response_types: ["code"],
});
const code_challenge = generators.codeChallenge(code_verifier);
var redirectUrl = openidClient.authorizationUrl({
scope: "openid email profile",
code_challenge,
@ -435,25 +436,6 @@ function forceNoCacheRequest(req: Request, res: Response, next: NextFunction) {
return next();
}
async function openidRedirectRequest(req: Request, res: Response) {
openidClient = new issuer.Client({
client_id: Config.values.openid.clientID,
client_secret: Config.values.openid.secret,
redirect_uris: [Config.values.openid.baseURL + "/openid-redirect"],
response_types: ["code"],
});
const params = openidClient.callbackParams(req);
const tokenSet = await openidClient.callback(
Config.values.openid.baseURL + "/openid-redirect",
params,
{code_verifier}
);
log.info("received and validated tokens", JSON.stringify(tokenSet));
log.info("validated ID Token claims", JSON.stringify(tokenSet.claims()));
const userinfo = await openidClient.userinfo(tokenSet);
log.info("userinfo", JSON.stringify(userinfo));
}
function indexRequest(req: Request, res: Response) {
res.setHeader("Content-Type", "text/html");
@ -958,7 +940,7 @@ function getServerConfiguration(): ServerConfiguration {
return {...Config.values, ...{stylesheets: packages.getStylesheets()}};
}
function performAuthentication(this: Socket, data) {
async function performAuthentication(this: Socket, data) {
if (!_.isPlainObject(data)) {
return;
}
@ -1061,13 +1043,17 @@ function performAuthentication(this: Socket, data) {
}
}
// FIXME: Get rid of this (debug use only)
log.info(JSON.stringify(socket.handshake));
if (Config.values.openid.enable) {
// TODO: OpenID values
// set data.user to openid preferred_username
// set data.password to openid token
const params = openidClient.callbackParams(data.password);
const tokenSet = await openidClient.callback(
Config.values.openid.baseURL + "/openid-redirect",
params,
{code_verifier}
);
// TODO: OpenID handle undefined better
// TODO: OpenID role check
const userinfo = await openidClient.userinfo(tokenSet);
data.user = userinfo[Config.values.openid.usernameClaim];
}
Auth.initialize().then(() => {