mirror of
https://github.com/thelounge/thelounge.git
synced 2024-06-15 12:06:00 +02:00
Change callback style
This commit is contained in:
parent
26221e4c37
commit
b228095173
|
@ -477,6 +477,9 @@ module.exports = {
|
|||
clientID: "clientId",
|
||||
secret: "secret",
|
||||
logout: true,
|
||||
usernameClaim: "preferred_username",
|
||||
roleClaim: "roles",
|
||||
requiredRoles: ["thelounge"],
|
||||
},
|
||||
|
||||
// ## Debugging settings
|
||||
|
|
|
@ -76,6 +76,9 @@ type OpenID = {
|
|||
clientID: string;
|
||||
secret: string;
|
||||
logout: boolean;
|
||||
usernameClaim: string;
|
||||
roleClaim: string;
|
||||
requiredRoles: string[];
|
||||
};
|
||||
|
||||
type TlsOptions = any;
|
||||
|
|
|
@ -1,44 +1,23 @@
|
|||
import colors from "chalk";
|
||||
|
||||
import log from "../../log";
|
||||
import Config from "../../config";
|
||||
import type {AuthHandler} from "../auth";
|
||||
import * as express from "express";
|
||||
|
||||
function openidAuthCommon(
|
||||
user: string,
|
||||
bindDN: string,
|
||||
password: string,
|
||||
callback: (success: boolean) => void
|
||||
) {
|
||||
const config = Config.values;
|
||||
}
|
||||
|
||||
function openIDCheckSession(user: string, password: string, callback: (success: boolean) => void) {
|
||||
if (!user || !password) {
|
||||
const openIDAuth: AuthHandler = (manager, client, user, _, callback) => {
|
||||
if (user === "") {
|
||||
log.error(
|
||||
`Authentication failed using header auth: empty username. Have you selected the right header?`
|
||||
);
|
||||
return callback(false);
|
||||
}
|
||||
// If success
|
||||
callback(true);
|
||||
}
|
||||
|
||||
const openIDAuth: AuthHandler = (manager, client, user, password, callback) => {
|
||||
function callbackWrapper(valid: boolean) {
|
||||
if (valid && !client) {
|
||||
manager.addUser(user, null, true);
|
||||
}
|
||||
|
||||
callback(valid);
|
||||
// If no user is found, create it
|
||||
if (!client) {
|
||||
manager.addUser(user, null, true);
|
||||
}
|
||||
|
||||
//return auth(user, password, callbackWrapper);
|
||||
return false;
|
||||
return callback(true);
|
||||
};
|
||||
|
||||
function openIDLoadUsers(users: string[], callbackLoadUser) {
|
||||
return false;
|
||||
}
|
||||
|
||||
function isOpenIDEnabled() {
|
||||
return !Config.values.public && Config.values.openid.enable;
|
||||
}
|
||||
|
@ -47,5 +26,4 @@ export default {
|
|||
moduleName: "openid",
|
||||
auth: openIDAuth,
|
||||
isEnabled: isOpenIDEnabled,
|
||||
loadUsers: openIDLoadUsers,
|
||||
};
|
||||
|
|
|
@ -67,7 +67,10 @@ export type ClientConfiguration = Pick<
|
|||
|
||||
// A random number that will force clients to reload the page if it differs
|
||||
const serverHash = Math.floor(Date.now() * Math.random());
|
||||
|
||||
// OpenID code generators and verifiers
|
||||
const code_verifier = generators.codeVerifier();
|
||||
const code_challenge = generators.codeChallenge(code_verifier);
|
||||
|
||||
var issuer: Issuer;
|
||||
|
||||
|
@ -102,7 +105,6 @@ export default async function (
|
|||
.use(allRequests)
|
||||
.use(addSecurityHeaders)
|
||||
.get("/", indexRequest)
|
||||
.get("/openid-redirect", openidRedirectRequest)
|
||||
.get("/service-worker.js", forceNoCacheRequest)
|
||||
.get("/js/bundle.js.map", forceNoCacheRequest)
|
||||
.get("/css/style.css.map", forceNoCacheRequest)
|
||||
|
@ -114,10 +116,9 @@ export default async function (
|
|||
openidClient = new issuer.Client({
|
||||
client_id: Config.values.openid.clientID,
|
||||
client_secret: Config.values.openid.secret,
|
||||
redirect_uris: [Config.values.openid.baseURL + "/openid-redirect"],
|
||||
redirect_uris: [Config.values.openid.baseURL],
|
||||
response_types: ["code"],
|
||||
});
|
||||
const code_challenge = generators.codeChallenge(code_verifier);
|
||||
var redirectUrl = openidClient.authorizationUrl({
|
||||
scope: "openid email profile",
|
||||
code_challenge,
|
||||
|
@ -435,25 +436,6 @@ function forceNoCacheRequest(req: Request, res: Response, next: NextFunction) {
|
|||
return next();
|
||||
}
|
||||
|
||||
async function openidRedirectRequest(req: Request, res: Response) {
|
||||
openidClient = new issuer.Client({
|
||||
client_id: Config.values.openid.clientID,
|
||||
client_secret: Config.values.openid.secret,
|
||||
redirect_uris: [Config.values.openid.baseURL + "/openid-redirect"],
|
||||
response_types: ["code"],
|
||||
});
|
||||
const params = openidClient.callbackParams(req);
|
||||
const tokenSet = await openidClient.callback(
|
||||
Config.values.openid.baseURL + "/openid-redirect",
|
||||
params,
|
||||
{code_verifier}
|
||||
);
|
||||
log.info("received and validated tokens", JSON.stringify(tokenSet));
|
||||
log.info("validated ID Token claims", JSON.stringify(tokenSet.claims()));
|
||||
const userinfo = await openidClient.userinfo(tokenSet);
|
||||
log.info("userinfo", JSON.stringify(userinfo));
|
||||
}
|
||||
|
||||
function indexRequest(req: Request, res: Response) {
|
||||
res.setHeader("Content-Type", "text/html");
|
||||
|
||||
|
@ -958,7 +940,7 @@ function getServerConfiguration(): ServerConfiguration {
|
|||
return {...Config.values, ...{stylesheets: packages.getStylesheets()}};
|
||||
}
|
||||
|
||||
function performAuthentication(this: Socket, data) {
|
||||
async function performAuthentication(this: Socket, data) {
|
||||
if (!_.isPlainObject(data)) {
|
||||
return;
|
||||
}
|
||||
|
@ -1061,13 +1043,17 @@ function performAuthentication(this: Socket, data) {
|
|||
}
|
||||
}
|
||||
|
||||
// FIXME: Get rid of this (debug use only)
|
||||
log.info(JSON.stringify(socket.handshake));
|
||||
|
||||
if (Config.values.openid.enable) {
|
||||
// TODO: OpenID values
|
||||
// set data.user to openid preferred_username
|
||||
// set data.password to openid token
|
||||
const params = openidClient.callbackParams(data.password);
|
||||
const tokenSet = await openidClient.callback(
|
||||
Config.values.openid.baseURL + "/openid-redirect",
|
||||
params,
|
||||
{code_verifier}
|
||||
);
|
||||
// TODO: OpenID handle undefined better
|
||||
// TODO: OpenID role check
|
||||
const userinfo = await openidClient.userinfo(tokenSet);
|
||||
data.user = userinfo[Config.values.openid.usernameClaim];
|
||||
}
|
||||
|
||||
Auth.initialize().then(() => {
|
||||
|
|
Loading…
Reference in a new issue