wikijs-fork/server/modules/authentication/oauth2/authentication.js

const _ = require('lodash')

/* global WIKI */

// ------------------------------------
// OAuth2 Account
// ------------------------------------

const OAuth2Strategy = require('passport-oauth2').Strategy

module.exports = {
  init (passport, conf) {
    var client = new OAuth2Strategy({
      authorizationURL: conf.authorizationURL,
      tokenURL: conf.tokenURL,
      clientID: conf.clientId,
      clientSecret: conf.clientSecret,
      userInfoURL: conf.userInfoURL,
      callbackURL: conf.callbackURL,
      passReqToCallback: true,
      scope: conf.scope,
      state: conf.enableCSRFProtection
    }, async (req, accessToken, refreshToken, profile, cb) => {
      try {
        const user = await WIKI.models.users.processProfile({
          providerKey: req.params.strategy,
          profile: {
            ...profile,
            id: _.get(profile, conf.userIdClaim),
            displayName: _.get(profile, conf.displayNameClaim, '???'),
            email: _.get(profile, conf.emailClaim)
          }
        })
        if (conf.mapGroups) {
          const groups = _.get(profile, conf.groupsClaim)
          if (groups && _.isArray(groups)) {
            const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)
            const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)
            for (const groupId of _.difference(expectedGroups, currentGroups)) {
              await user.$relatedQuery('groups').relate(groupId)
            }
            for (const groupId of _.difference(currentGroups, expectedGroups)) {
              await user.$relatedQuery('groups').unrelate().where('groupId', groupId)
            }
          }
        }
        cb(null, user)
      } catch (err) {
        cb(err, null)
      }
    })

    client.userProfile = function (accesstoken, done) {
      this._oauth2._useAuthorizationHeaderForGET = !conf.useQueryStringForAccessToken
      this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => {
        if (err) {
          return done(err)
        }
        try {
          data = JSON.parse(data)
        } catch (e) {
          return done(e)
        }
        done(null, data)
      })
    }
    passport.use(conf.key, client)
  },
  logout (conf) {
    if (!conf.logoutURL) {
      return '/'
    } else {
      return conf.logoutURL
    }
  }
}
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`const _ = require('lodash')`

			`/* global WIKI */`

			`// ------------------------------------`
fix: various OAuth2 fixes 2021-10-16 02:36:30 +00:00			`// OAuth2 Account`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`// ------------------------------------`

			`const OAuth2Strategy = require('passport-oauth2').Strategy`

			`module.exports = {`
			`init (passport, conf) {`
			`var client = new OAuth2Strategy({`
			`authorizationURL: conf.authorizationURL,`
			`tokenURL: conf.tokenURL,`
			`clientID: conf.clientId,`
			`clientSecret: conf.clientSecret,`
			`userInfoURL: conf.userInfoURL,`
			`callbackURL: conf.callbackURL,`
feat(auth): OAuth2 scope support (#5181) 2022-04-12 04:14:02 +00:00			`passReqToCallback: true,`
feat: enable state key on generic oauth2 (#6104) 2023-01-29 21:51:40 +00:00			`scope: conf.scope,`
feat: optional oauth2 module nonce toggle 2023-01-29 22:14:34 +00:00			`state: conf.enableCSRFProtection`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`}, async (req, accessToken, refreshToken, profile, cb) => {`
			`try {`
			`const user = await WIKI.models.users.processProfile({`
			`providerKey: req.params.strategy,`
			`profile: {`
			`...profile,`
fix: various OAuth2 fixes 2021-10-16 02:36:30 +00:00			`id: _.get(profile, conf.userIdClaim),`
			`displayName: _.get(profile, conf.displayNameClaim, '???'),`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`email: _.get(profile, conf.emailClaim)`
			`}`
			`})`
feat: oauth2 add groups mapping (#6053) Co-authored-by: Nicolas Giard <github@ngpixel.com> 2023-01-29 23:08:13 +00:00			`if (conf.mapGroups) {`
			`const groups = _.get(profile, conf.groupsClaim)`
			`if (groups && _.isArray(groups)) {`
			`const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)`
			`const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)`
			`for (const groupId of _.difference(expectedGroups, currentGroups)) {`
			`await user.$relatedQuery('groups').relate(groupId)`
			`}`
			`for (const groupId of _.difference(currentGroups, expectedGroups)) {`
			`await user.$relatedQuery('groups').unrelate().where('groupId', groupId)`
			`}`
			`}`
			`}`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`cb(null, user)`
			`} catch (err) {`
			`cb(err, null)`
			`}`
			`})`

			`client.userProfile = function (accesstoken, done) {`
feat(auth): OAuth2 access_token in GET query string in userInfoURL (#5188) 2022-04-17 00:39:07 +00:00			`this._oauth2._useAuthorizationHeaderForGET = !conf.useQueryStringForAccessToken`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => {`
			`if (err) {`
			`return done(err)`
			`}`
			`try {`
			`data = JSON.parse(data)`
fix: various OAuth2 fixes 2021-10-16 02:36:30 +00:00			`} catch (e) {`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`return done(e)`
			`}`
			`done(null, data)`
			`})`
			`}`
fix: handle multi social auth strategies 2022-03-26 01:17:04 +00:00			`passport.use(conf.key, client)`
fix: various OAuth2 fixes 2021-10-16 02:36:30 +00:00			`},`
			`logout (conf) {`
			`if (!conf.logoutURL) {`
			`return '/'`
			`} else {`
			`return conf.logoutURL`
			`}`
feat: Generic OAuth2 authentication implementation (#3094) * OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code 2021-10-16 02:25:15 +00:00			`}`
			`}`