feat: logout by auth strategy + keycloak implementation

This commit is contained in:
NGPixel 2020-09-01 20:01:25 -04:00
parent cda1f1e805
commit 062a0b7979
6 changed files with 87 additions and 11 deletions

View File

@ -462,8 +462,7 @@ export default {
}
},
logout () {
Cookies.remove('jwt')
window.location.assign('/')
window.location.assign('/logout')
},
goHome () {
window.location.assign('/')

View File

@ -109,10 +109,11 @@ router.post('/login', bruteforce.prevent, async (req, res, next) => {
/**
* Logout
*/
router.get('/logout', function (req, res) {
router.get('/logout', async (req, res) => {
const redirURL = await WIKI.models.users.logout({ req, res })
req.logout()
res.clearCookie('jwt')
res.redirect('/')
res.redirect(redirURL)
})
/**

View File

@ -271,6 +271,9 @@ module.exports = class User extends Model {
throw new Error('You are not authorized to login.')
}
/**
* Login a user
*/
static async login (opts, context) {
if (_.has(WIKI.auth.strategies, opts.strategy)) {
const selStrategy = _.get(WIKI.auth.strategies, opts.strategy)
@ -307,6 +310,9 @@ module.exports = class User extends Model {
}
}
/**
* Perform post-login checks
*/
static async afterLoginChecks (user, context, { skipTFA, skipChangePwd } = { skipTFA: false, skipChangePwd: false }) {
// Get redirect target
user.groups = await user.$relatedQuery('groups').select('groups.id', 'permissions', 'redirectOnLogin')
@ -380,6 +386,9 @@ module.exports = class User extends Model {
})
}
/**
* Generate a new token for a user
*/
static async refreshToken(user) {
if (_.isSafeInteger(user)) {
user = await WIKI.models.users.query().findById(user).withGraphFetched('groups').modifyGraph('groups', builder => {
@ -427,6 +436,9 @@ module.exports = class User extends Model {
}
}
/**
* Verify a TFA login
*/
static async loginTFA ({ securityCode, continuationToken, setup }, context) {
if (securityCode.length === 6 && continuationToken.length > 1) {
const user = await WIKI.models.userKeys.validateToken({
@ -819,6 +831,18 @@ module.exports = class User extends Model {
}
}
/**
* Logout the current user
*/
static async logout (context) {
if (!context.req.user || context.req.user.id === 2) {
return '/'
}
const usr = await WIKI.models.users.query().findById(context.req.user.id).select('providerKey')
const provider = _.find(WIKI.auth.strategies, ['key', usr.providerKey])
return provider.logout ? provider.logout(provider.config) : '/'
}
static async getGuestUser () {
const user = await WIKI.models.users.query().findById(2).withGraphJoined('groups').modifyGraph('groups', builder => {
builder.select('groups.id', 'permissions')

View File

@ -30,5 +30,8 @@ module.exports = {
}
})
)
},
logout (conf) {
return '/'
}
}

View File

@ -42,5 +42,15 @@ module.exports = {
}
})
)
},
logout (conf) {
if (!conf.logoutUpstream) {
return '/'
} else if (conf.logoutURL && conf.logoutURL.length > 5) {
return `${conf.logoutURL}?redirect_uri=${encodeURIComponent(WIKI.config.host)}`
} else {
WIKI.logger.warn('Keycloak logout URL is not configured!')
return '/'
}
}
}

View File

@ -8,10 +8,49 @@ website: https://www.keycloak.org/
useForm: false
isAvailable: true
props:
host: String
realm: String
clientId: String
clientSecret: String
authorizationURL: String
userInfoURL: String
tokenURL: String
host:
type: String
title: Host
hint: e.g. https://your.keycloak-host.com
order: 1
realm:
type: String
title: Realm
hint: The realm this application belongs to.
order: 2
clientId:
type: String
title: Client ID
hint: Application Client ID
order: 3
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 4
authorizationURL:
type: String
title: Authorization Endpoint URL
hint: e.g. https://KEYCLOAK-HOST/auth/realms/YOUR-REALM/protocol/openid-connect/auth
order: 5
tokenURL:
type: String
title: Token Endpoint URL
hint: e.g. https://KEYCLOAK-HOST/auth/realms/YOUR-REALM/protocol/openid-connect/token
order: 6
userInfoURL:
type: String
title: User Info Endpoint URL
hint: e.g. https://KEYCLOAK-HOST/auth/realms/YOUR-REALM/protocol/openid-connect/userinfo
order: 7
logoutUpstream:
type: Boolean
title: Logout from Keycloak on Logout
hint: Should the user be redirected to Keycloak logout mechanism upon logout
order: 8
logoutURL:
type: String
title: Logout Endpoint URL
hint: e.g. https://KEYCLOAK-HOST/auth/realms/YOUR-REALM/protocol/openid-connect/logout
order: 9