From 4dcf664040eb4ca395e218a78e20b38f1e17838b Mon Sep 17 00:00:00 2001 From: NGPixel Date: Sun, 30 Aug 2020 16:33:52 -0400 Subject: [PATCH] fix: handle removed auth strategies --- server/models/authentication.js | 5 ++ .../authentication/oauth2/authentication.js | 32 ---------- .../authentication/oauth2/definition.yml | 58 ------------------- .../authentication/oidc/definition.yml | 46 ++++++++++++--- 4 files changed, 43 insertions(+), 98 deletions(-) delete mode 100644 server/modules/authentication/oauth2/authentication.js delete mode 100644 server/modules/authentication/oauth2/definition.yml diff --git a/server/models/authentication.js b/server/models/authentication.js index 3376c69e..8d6ac9e3 100644 --- a/server/models/authentication.js +++ b/server/models/authentication.js @@ -93,6 +93,11 @@ module.exports = class Authentication extends Model { for (const strategy of dbStrategies) { const strategyDef = _.find(WIKI.data.authentication, ['key', strategy.strategyKey]) + if (!strategyDef) { + await WIKI.models.authentication.query().delete().where('key', strategy.key) + WIKI.logger.info(`Authentication strategy ${strategy.strategyKey} was removed from disk: [ REMOVED ]`) + continue + } strategy.config = _.transform(strategyDef.props, (result, value, key) => { if (!_.has(result, key)) { _.set(result, key, value.default) diff --git a/server/modules/authentication/oauth2/authentication.js b/server/modules/authentication/oauth2/authentication.js deleted file mode 100644 index 880d253f..00000000 --- a/server/modules/authentication/oauth2/authentication.js +++ /dev/null @@ -1,32 +0,0 @@ -/* global WIKI */ - -// ------------------------------------ -// OAuth2 Account -// ------------------------------------ - -const OAuth2Strategy = require('passport-oauth2').Strategy - -module.exports = { - init (passport, conf) { - passport.use('oauth2', - new OAuth2Strategy({ - authorizationURL: conf.authorizationURL, - tokenURL: conf.tokenURL, - clientID: conf.clientId, - clientSecret: conf.clientSecret, - callbackURL: conf.callbackURL, - passReqToCallback: true - }, async (req, accessToken, refreshToken, profile, cb) => { - try { - const user = await WIKI.models.users.processProfile({ - providerKey: req.params.strategy, - profile - }) - cb(null, user) - } catch (err) { - cb(err, null) - } - }) - ) - } -} diff --git a/server/modules/authentication/oauth2/definition.yml b/server/modules/authentication/oauth2/definition.yml deleted file mode 100644 index d2ed7aa4..00000000 --- a/server/modules/authentication/oauth2/definition.yml +++ /dev/null @@ -1,58 +0,0 @@ -key: oauth2 -title: Generic OAuth2 -description: OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. -author: requarks.io -logo: https://static.requarks.io/logo/oauth2.svg -color: grey darken-4 -website: https://oauth.net/2/ -isAvailable: true -useForm: false -props: - clientId: - type: String - title: Client ID - hint: Application Client ID - order: 1 - clientSecret: - type: String - title: Client Secret - hint: Application Client Secret - order: 2 - authorizationURL: - type: String - title: Authorization Endpoint URL - hint: The full URL to the authorization endpoint, used to get an authorization code. - order: 3 - tokenURL: - type: String - title: Token Endpoint URL - hint: The full URL to the token endpoint, used to get an access token. - order: 4 - mappingUID: - title: Unique ID Field Mapping - type: String - default: 'id' - hint: The field storing the user unique identifier, e.g. "id" or "_id". - maxWidth: 500 - order: 20 - mappingEmail: - title: Email Field Mapping - type: String - default: 'email' - hint: The field storing the user email, e.g. "email" or "mail". - maxWidth: 500 - order: 21 - mappingDisplayName: - title: Display Name Field Mapping - type: String - default: 'name' - hint: The field storing the user display name, e.g. "name", "displayName" or "username". - maxWidth: 500 - order: 22 - mappingPicture: - title: Avatar Picture Field Mapping - type: String - default: 'pictureUrl' - hint: The field storing the user avatar picture, e.g. "pictureUrl" or "avatarUrl". - maxWidth: 500 - order: 23 diff --git a/server/modules/authentication/oidc/definition.yml b/server/modules/authentication/oidc/definition.yml index f10c6e81..dcbf9fce 100644 --- a/server/modules/authentication/oidc/definition.yml +++ b/server/modules/authentication/oidc/definition.yml @@ -1,5 +1,5 @@ key: oidc -title: Generic OpenID Connect +title: Generic OpenID Connect / OAuth2 description: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. author: requarks.io logo: https://static.requarks.io/logo/oidc.svg @@ -12,10 +12,40 @@ scopes: - profile - email props: - clientId: String - clientSecret: String - authorizationURL: String - tokenURL: String - issuer: String - userInfoURL: String - emailClaim: String + clientId: + type: String + title: Client ID + hint: Application Client ID + order: 1 + clientSecret: + type: String + title: Client Secret + hint: Application Client Secret + order: 2 + authorizationURL: + type: String + title: Authorization Endpoint URL + hint: Application Authorization Endpoint URL + order: 3 + tokenURL: + type: String + title: Token Endpoint URL + hint: Application Token Endpoint URL + order: 4 + userInfoURL: + type: String + title: User Info Endpoint URL + hint: User Info Endpoint URL + order: 5 + issuer: + type: String + title: Issuer + hint: Issuer URL + order: 6 + emailClaim: + type: String + title: Email Claim + hint: Field containing the email address + default: email + maxWidth: 500 + order: 7