Azure AD support + defaultReadAccess option + All Pages UI work

libs/auth.js

@@ -2,13 +2,6 @@
 
 /* global appconfig, appdata, db, winston */
 
-const LocalStrategy = require('passport-local').Strategy
-const GoogleStrategy = require('passport-google-oauth20').Strategy
-const WindowsLiveStrategy = require('passport-windowslive').Strategy
-const FacebookStrategy = require('passport-facebook').Strategy
-const GitHubStrategy = require('passport-github2').Strategy
-const SlackStrategy = require('passport-slack').Strategy
-const LdapStrategy = require('passport-ldapauth').Strategy
 const fs = require('fs')
 
 module.exports = function (passport) {
@@ -34,6 +27,7 @@ module.exports = function (passport) {
   // Local Account
 
   if (!appdata.capabilities.manyAuthProviders || (appconfig.auth.local && appconfig.auth.local.enabled)) {
+    const LocalStrategy = require('passport-local').Strategy
     passport.use('local',
       new LocalStrategy({
         usernameField: 'email',
@@ -60,6 +54,7 @@ module.exports = function (passport) {
   // Google ID
 
   if (appdata.capabilities.manyAuthProviders && appconfig.auth.google && appconfig.auth.google.enabled) {
+    const GoogleStrategy = require('passport-google-oauth20').Strategy
     passport.use('google',
       new GoogleStrategy({
         clientID: appconfig.auth.google.clientId,
@@ -79,6 +74,7 @@ module.exports = function (passport) {
   // Microsoft Accounts
 
   if (appdata.capabilities.manyAuthProviders && appconfig.auth.microsoft && appconfig.auth.microsoft.enabled) {
+    const WindowsLiveStrategy = require('passport-windowslive').Strategy
     passport.use('windowslive',
       new WindowsLiveStrategy({
         clientID: appconfig.auth.microsoft.clientId,
@@ -98,6 +94,7 @@ module.exports = function (passport) {
   // Facebook
 
   if (appdata.capabilities.manyAuthProviders && appconfig.auth.facebook && appconfig.auth.facebook.enabled) {
+    const FacebookStrategy = require('passport-facebook').Strategy
     passport.use('facebook',
       new FacebookStrategy({
         clientID: appconfig.auth.facebook.clientId,
@@ -118,6 +115,7 @@ module.exports = function (passport) {
   // GitHub
 
   if (appdata.capabilities.manyAuthProviders && appconfig.auth.github && appconfig.auth.github.enabled) {
+    const GitHubStrategy = require('passport-github2').Strategy
     passport.use('github',
       new GitHubStrategy({
         clientID: appconfig.auth.github.clientId,
@@ -138,6 +136,7 @@ module.exports = function (passport) {
   // Slack
 
   if (appdata.capabilities.manyAuthProviders && appconfig.auth.slack && appconfig.auth.slack.enabled) {
+    const SlackStrategy = require('passport-slack').Strategy
     passport.use('slack',
       new SlackStrategy({
         clientID: appconfig.auth.slack.clientId,
@@ -157,6 +156,7 @@ module.exports = function (passport) {
   // LDAP
 
   if (appdata.capabilities.manyAuthProviders && appconfig.auth.ldap && appconfig.auth.ldap.enabled) {
+    const LdapStrategy = require('passport-ldapauth').Strategy
     passport.use('ldapauth',
       new LdapStrategy({
         server: {
@@ -187,6 +187,32 @@ module.exports = function (passport) {
     ))
   }
 
+  // AZURE AD
+
+  if (appdata.capabilities.manyAuthProviders && appconfig.auth.azure && appconfig.auth.azure.enabled) {
+    const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy
+    const jwt = require('jsonwebtoken')
+    passport.use('azure_ad_oauth2',
+      new AzureAdOAuth2Strategy({
+        clientID: appconfig.auth.azure.clientId,
+        clientSecret: appconfig.auth.azure.clientSecret,
+        callbackURL: appconfig.host + '/login/azure/callback',
+        resource: appconfig.auth.azure.resource,
+        tenant: appconfig.auth.azure.tenant
+      },
+      (accessToken, refreshToken, params, profile, cb) => {
+        let waadProfile = jwt.decode(params.id_token)
+        waadProfile.id = waadProfile.oid
+        waadProfile.provider = 'azure'
+        db.User.processProfile(waadProfile).then((user) => {
+          return cb(null, user) || true
+        }).catch((err) => {
+          return cb(err, null) || true
+        })
+      }
+    ))
+  }
+
   // Create users for first-time
 
   db.onReady.then(() => {

libs/config.js

@@ -1,7 +1,5 @@
 'use strict'
 
-/* global winston */
-
 const fs = require('fs')
 const yaml = require('js-yaml')
 const _ = require('lodash')
@@ -25,7 +23,7 @@ module.exports = (confPaths) => {
     appconfig = yaml.safeLoad(fs.readFileSync(confPaths.config, 'utf8'))
     appdata = yaml.safeLoad(fs.readFileSync(confPaths.data, 'utf8'))
   } catch (ex) {
-    winston.error(ex)
+    console.error(ex)
     process.exit(1)
   }
 
@@ -41,7 +39,7 @@ module.exports = (confPaths) => {
       socialEnabled: (_.chain(appconfig.auth).omit('local').reject({ enabled: false }).value().length > 0)
     }
     if (appconfig.authStrategies.list.length < 1) {
-      winston.error(new Error('You must enable at least 1 authentication strategy!'))
+      console.error(new Error('You must enable at least 1 authentication strategy!'))
       process.exit(1)
     }
   } else {