feat: SAML auth module

2019-04-27 21:42:04 -04:00
parent a034295b2c
commit bdfac22876
4 changed files with 97 additions and 32 deletions
--- a/server/modules/authentication/saml/authentication.js
+++ b/server/modules/authentication/saml/authentication.js
@@ -10,30 +10,53 @@ const SAMLStrategy = require('passport-saml').Strategy

 module.exports = {
  init (passport, conf) {
+    let samlConfig = {
+      callbackUrl: conf.callbackURL,
+      entryPoint: conf.entryPoint,
+      issuer: conf.issuer,
+      signatureAlgorithm: conf.signatureAlgorithm,
+      identifierFormat: conf.identifierFormat,
+      acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
+      disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
+      authnContext: conf.authnContext,
+      forceAuthn: conf.forceAuthn,
+      providerName: conf.providerName,
+      skipRequestCompression: conf.skipRequestCompression,
+      authnRequestBinding: conf.authnRequestBinding
+    }
+    if (!_.isEmpty(conf.audience)) {
+      samlConfig.audience = conf.audience
+    }
+    if (!_.isEmpty(conf.cert)) {
+      samlConfig.cert = _.split(conf.cert, '|')
+    }
+    if (!_.isEmpty(conf.privateCert)) {
+      samlConfig.privateCert = conf.privateCert
+    }
+    if (!_.isEmpty(conf.decryptionPvk)) {
+      samlConfig.decryptionPvk = conf.decryptionPvk
+    }
    passport.use('saml',
-      new SAMLStrategy({
-        callbackURL: conf.callbackURL,
-        entryPoint: conf.entryPoint,
-        issuer: conf.issuer,
-        audience: conf.audience,
-        cert: _.split(conf.cert, '|'),
-        privateCert: conf.privateCert,
-        decryptionPvk: conf.decryptionPvk,
-        signatureAlgorithm: conf.signatureAlgorithm,
-        identifierFormat: conf.identifierFormat,
-        acceptedClockSkewMs: _.toSafeInteger(conf.acceptedClockSkewMs),
-        disableRequestedAuthnContext: conf.disableRequestedAuthnContext,
-        authnContext: conf.authnContext,
-        forceAuthn: conf.forceAuthn,
-        providerName: conf.providerName,
-        skipRequestCompression: conf.skipRequestCompression,
-        authnRequestBinding: conf.authnRequestBinding
-      }, (profile, cb) => {
-        WIKI.models.users.processProfile(profile).then((user) => {
-          return cb(null, user) || true
-        }).catch((err) => {
-          return cb(err, null) || true
-        })
+      new SAMLStrategy(samlConfig, async (profile, cb) => {
+        try {
+          const userId = _.get(profile, [conf.mappingUID], null) || _.get(profile, 'nameID', null)
+          if (!userId) {
+            throw new Error('Invalid or Missing Unique ID field!')
+          }
+
+          const user = await WIKI.models.users.processProfile({
+            profile: {
+              id: userId,
+              email: _.get(profile, conf.mappingEmail, ''),
+              displayName: _.get(profile, conf.mappingDisplayName, '???'),
+              picture: _.get(profile, conf.mappingPicture, '')
+            },
+            providerKey: 'saml'
+          })
+          cb(null, user)
+        } catch (err) {
+          cb(err, null)
+        }
      })
    )
  }