liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: oauth2 add groups mapping (#6053)

Browse Source 
Co-authored-by: Nicolas Giard <github@ngpixel.com>
This commit is contained in:
Aurélien Lajoie 2023-01-30 00:08:13 +01:00 committed by GitHub
parent 43a797d322
commit 1da80eaab8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/modules/authentication/oauth2/authentication.js
View File

@ -31,6 +31,19 @@ module.exports = {
email: _.get(profile, conf.emailClaim) email: _.get(profile, conf.emailClaim)
} }
}) })
if (conf.mapGroups) {
const groups = _.get(profile, conf.groupsClaim)
if (groups && _.isArray(groups)) {
const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)
const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)
for (const groupId of _.difference(expectedGroups, currentGroups)) {
await user.$relatedQuery('groups').relate(groupId)
}
for (const groupId of _.difference(currentGroups, expectedGroups)) {
await user.$relatedQuery('groups').unrelate().where('groupId', groupId)
}
}
}
cb(null, user) cb(null, user)
} catch (err) { } catch (err) {
cb(err, null) cb(err, null)

21
server/modules/authentication/oauth2/definition.yml
View File

@ -54,25 +54,38 @@ props:
default: email default: email
maxWidth: 500 maxWidth: 500
order: 8 order: 8
mapGroups:
type: Boolean
title: Map Groups
hint: Map groups matching names from the groups claim value
default: false
order: 9
groupsClaim:
type: String
title: Groups Claim
hint: Field containing the group names
default: groups
maxWidth: 500
order: 10
logoutURL: logoutURL:
type: String type: String
title: Logout URL title: Logout URL
hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process. hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
order: 9 order: 11
scope: scope:
type: String type: String
title: Scope title: Scope
hint: (optional) Application Client permission scopes. hint: (optional) Application Client permission scopes.
order: 10 order: 12
useQueryStringForAccessToken: useQueryStringForAccessToken:
type: Boolean type: Boolean
default: false default: false
title: Pass access token via GET query string to User Info Endpoint title: Pass access token via GET query string to User Info Endpoint
hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header. hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header.
order: 11 order: 13
enableCSRFProtection: enableCSRFProtection:
type: Boolean type: Boolean
default: true default: true
title: Enable CSRF protection title: Enable CSRF protection
hint: Pass a nonce state parameter during authentication to protect against CSRF attacks. hint: Pass a nonce state parameter during authentication to protect against CSRF attacks.
order: 12 order: 14