feat: auth jwt, permissions, login ui (wip)
This commit is contained in:
@@ -30,13 +30,13 @@ module.exports = class Authentication extends Model {
|
||||
}
|
||||
}
|
||||
|
||||
static async getStrategies() {
|
||||
const strategies = await WIKI.models.authentication.query()
|
||||
return strategies.map(str => ({
|
||||
static async getStrategies(isEnabled) {
|
||||
const strategies = await WIKI.models.authentication.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})
|
||||
return _.sortBy(strategies.map(str => ({
|
||||
...str,
|
||||
domainWhitelist: _.get(str.domainWhitelist, 'v', []),
|
||||
autoEnrollGroups: _.get(str.autoEnrollGroups, 'v', [])
|
||||
}))
|
||||
})), ['title'])
|
||||
}
|
||||
|
||||
static async refreshStrategiesFromDisk() {
|
||||
|
@@ -4,6 +4,7 @@ const bcrypt = require('bcryptjs-then')
|
||||
const _ = require('lodash')
|
||||
const tfa = require('node-2fa')
|
||||
const securityHelper = require('../helpers/security')
|
||||
const jwt = require('jsonwebtoken')
|
||||
const Model = require('objection').Model
|
||||
|
||||
const bcryptRegexp = /^\$2[ayb]\$[0-9]{2}\$[A-Za-z0-9./]{53}$/
|
||||
@@ -199,7 +200,7 @@ module.exports = class User extends Model {
|
||||
|
||||
// Authenticate
|
||||
return new Promise((resolve, reject) => {
|
||||
WIKI.auth.passport.authenticate(opts.strategy, async (err, user, info) => {
|
||||
WIKI.auth.passport.authenticate(opts.strategy, { session: false }, async (err, user, info) => {
|
||||
if (err) { return reject(err) }
|
||||
if (!user) { return reject(new WIKI.Error.AuthLoginFailed()) }
|
||||
|
||||
@@ -218,9 +219,11 @@ module.exports = class User extends Model {
|
||||
}
|
||||
} else {
|
||||
// No 2FA, log in user
|
||||
return context.req.logIn(user, err => {
|
||||
return context.req.logIn(user, { session: false }, async err => {
|
||||
if (err) { return reject(err) }
|
||||
const jwtToken = await WIKI.models.users.refreshToken(user)
|
||||
resolve({
|
||||
jwt: jwtToken.token,
|
||||
tfaRequired: false
|
||||
})
|
||||
})
|
||||
@@ -232,6 +235,33 @@ module.exports = class User extends Model {
|
||||
}
|
||||
}
|
||||
|
||||
static async refreshToken(user) {
|
||||
if (_.isSafeInteger(user)) {
|
||||
user = await WIKI.models.users.query().findById(user)
|
||||
if (!user) {
|
||||
WIKI.logger.warn(`Failed to refresh token for user ${user}: Not found.`)
|
||||
throw new WIKI.Error.AuthGenericError()
|
||||
}
|
||||
}
|
||||
return {
|
||||
token: jwt.sign({
|
||||
id: user.id,
|
||||
email: user.email,
|
||||
name: user.name,
|
||||
pictureUrl: user.pictureUrl,
|
||||
timezone: user.timezone,
|
||||
localeCode: user.localeCode,
|
||||
defaultEditor: user.defaultEditor,
|
||||
permissions: []
|
||||
}, WIKI.config.sessionSecret, {
|
||||
expiresIn: '10s',
|
||||
audience: 'urn:wiki.js', // TODO: use value from admin
|
||||
issuer: 'urn:wiki.js'
|
||||
}),
|
||||
user
|
||||
}
|
||||
}
|
||||
|
||||
static async loginTFA(opts, context) {
|
||||
if (opts.securityCode.length === 6 && opts.loginToken.length === 64) {
|
||||
let result = await WIKI.redis.get(`tfa:${opts.loginToken}`)
|
||||
|
Reference in New Issue
Block a user