liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: auth0 + discord + github + slack auth modules

Browse Source
This commit is contained in:
Nick 2019-04-21 21:43:33 -04:00
parent 8af21c02af
commit d7676513ac
20 changed files with 286 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/components/admin/admin-auth.vue
View File

@ -183,8 +183,8 @@
.body-2 Allowed Web Origins .body-2 Allowed Web Origins
.body-1 {{host}} .body-1 {{host}}
v-divider.my-3 v-divider.my-3
.body-2 Callback URL .body-2 Callback URL / Redirect URI
.body-1 {{host}}/login/callback/{{strategy.key}} .body-1 {{host}}/login/{{strategy.key}}/callback
v-divider.my-3 v-divider.my-3
.body-2 Login URL .body-2 Login URL
.body-1 {{host}}/login .body-1 {{host}}/login

6
client/components/common/nav-header.vue
View File

@ -143,8 +143,10 @@
span Admin span Admin
v-menu(v-if='isAuthenticated', offset-y, min-width='300', left) v-menu(v-if='isAuthenticated', offset-y, min-width='300', left)
v-tooltip(bottom, slot='activator') v-tooltip(bottom, slot='activator')
v-btn.btn-animate-grow(icon, slot='activator', outline, color='blue') v-btn(icon, slot='activator', outline, color='blue')
v-icon(color='grey') account_circle v-icon(v-if='picture.kind === `initials`', color='grey') account_circle
v-avatar(v-else-if='picture.kind === `image`', :size='29')
v-img(:src='picture.url')
span Account span Account
v-list.py-0 v-list.py-0
v-list-tile.py-3.grey(avatar, :class='$vuetify.dark ? `darken-4-l5` : `lighten-5`') v-list-tile.py-3.grey(avatar, :class='$vuetify.dark ? `darken-4-l5` : `lighten-5`')

2
package.json
View File

@ -39,6 +39,7 @@
"node": ">=10.12" "node": ">=10.12"
}, },
"dependencies": { "dependencies": {
"@aoberoi/passport-slack": "1.0.5",
"@bugsnag/js": "5.2.0", "@bugsnag/js": "5.2.0",
"algoliasearch": "3.32.1", "algoliasearch": "3.32.1",
"apollo-fetch": "0.7.0", "apollo-fetch": "0.7.0",
@ -135,7 +136,6 @@
"passport-okta-oauth": "0.0.1", "passport-okta-oauth": "0.0.1",
"passport-openidconnect": "0.0.2", "passport-openidconnect": "0.0.2",
"passport-saml": "1.0.0", "passport-saml": "1.0.0",
"passport-slack": "0.0.7",
"passport-twitch": "1.0.3", "passport-twitch": "1.0.3",
"passport-windowslive": "1.0.2", "passport-windowslive": "1.0.2",
"pem-jwk": "2.0.0", "pem-jwk": "2.0.0",

3
server/controllers/auth.js
View File

@ -27,7 +27,8 @@ router.get('/login/:strategy/callback', async (req, res, next) => {
const authResult = await WIKI.models.users.login({ const authResult = await WIKI.models.users.login({
strategy: req.params.strategy strategy: req.params.strategy
}, { req, res }) }, { req, res })
console.info(authResult) res.cookie('jwt', authResult.jwt, { expires: moment().add(1, 'y').toDate() })
res.redirect('/')
} catch (err) { } catch (err) {
next(err) next(err)
} }

13
server/core/auth.js
View File

@ -78,17 +78,12 @@ module.exports = {
stg.config.callbackURL = `${WIKI.config.host}/login/${stg.key}/callback` stg.config.callbackURL = `${WIKI.config.host}/login/${stg.key}/callback`
strategy.init(passport, stg.config) strategy.init(passport, stg.config)
strategy.config = stg.config
try { WIKI.auth.strategies[stg.key] = {
strategy.icon = await fs.readFile(path.join(WIKI.ROOTPATH, `assets/svg/auth-icon-${strategy.key}.svg`), 'utf8') ...strategy,
} catch (err) { ...stg
if (err.code === 'ENOENT') {
strategy.icon = '[missing icon]'
} else {
WIKI.logger.warn(err)
}
} }
WIKI.auth.strategies[stg.key] = strategy
WIKI.logger.info(`Authentication Strategy ${stg.key}: [ OK ]`) WIKI.logger.info(`Authentication Strategy ${stg.key}: [ OK ]`)
} }
} catch (err) { } catch (err) {

118
server/models/users.js
View File

@ -19,13 +19,13 @@ module.exports = class User extends Model {
static get jsonSchema () { static get jsonSchema () {
return { return {
type: 'object', type: 'object',
required: ['email', 'name', 'provider'], required: ['email'],
properties: { properties: {
id: {type: 'integer'}, id: {type: 'integer'},
email: {type: 'string', format: 'email'}, email: {type: 'string', format: 'email'},
name: {type: 'string', minLength: 1, maxLength: 255}, name: {type: 'string', minLength: 1, maxLength: 255},
providerId: {type: 'number'}, providerId: {type: 'string'},
password: {type: 'string'}, password: {type: 'string'},
role: {type: 'string', enum: ['admin', 'guest', 'user']}, role: {type: 'string', enum: ['admin', 'guest', 'user']},
tfaIsActive: {type: 'boolean', default: false}, tfaIsActive: {type: 'boolean', default: false},
@ -154,8 +154,17 @@ module.exports = class User extends Model {
// Model Methods // Model Methods
// ------------------------------------------------ // ------------------------------------------------
static async processProfile({ profile, provider }) { static async processProfile({ profile, providerKey }) {
// -> Parse email const provider = _.get(WIKI.auth.strategies, providerKey, {})
provider.info = _.find(WIKI.data.authentication, ['key', providerKey])
// Find existing user
let user = await WIKI.models.users.query().findOne({
providerId: profile.id,
providerKey
})
// Parse email
let primaryEmail = '' let primaryEmail = ''
if (_.isArray(profile.emails)) { if (_.isArray(profile.emails)) {
const e = _.find(profile.emails, ['primary', true]) const e = _.find(profile.emails, ['primary', true])
@ -167,50 +176,75 @@ module.exports = class User extends Model {
} else if (profile.user && profile.user.email && profile.user.email.length > 5) { } else if (profile.user && profile.user.email && profile.user.email.length > 5) {
primaryEmail = profile.user.email primaryEmail = profile.user.email
} else { } else {
return Promise.reject(new Error('Missing or invalid email address from profile.')) throw new Error('Missing or invalid email address from profile.')
} }
primaryEmail = _.toLower(primaryEmail) primaryEmail = _.toLower(primaryEmail)
// -> Find user // Parse display name
let user = await WIKI.models.users.query().findOne({ let displayName = ''
email: primaryEmail, if (_.isString(profile.displayName) && profile.displayName.length > 0) {
providerKey: provider displayName = profile.displayName
}) } else if (_.isString(profile.name) && profile.name.length > 0) {
if (user) { displayName = profile.name
user.$query().patchAdnFetch({
email: primaryEmail,
providerKey: provider,
providerId: profile.id,
name: _.get(profile, 'displayName', primaryEmail.split('@')[0])
})
} else { } else {
// user = await WIKI.models.users.query().insertAndFetch({ displayName = primaryEmail.split('@')[0]
// email: primaryEmail,
// providerKey: provider,
// providerId: profile.id,
// name: profile.displayName || _.split(primaryEmail, '@')[0]
// })
} }
// Handle unregistered accounts // Parse picture URL
// if (!user && profile.provider !== 'local' && (WIKI.config.auth.defaultReadAccess || profile.provider === 'ldap' || profile.provider === 'azure')) { let pictureUrl = _.get(profile, 'picture', _.get(user, 'pictureUrl', null))
// let nUsr = {
// email: primaryEmail,
// provider: profile.provider,
// providerId: profile.id,
// password: '',
// name: profile.displayName || profile.name || profile.cn,
// rights: [{
// role: 'read',
// path: '/',
// exact: false,
// deny: false
// }]
// }
// return WIKI.models.users.query().insert(nUsr)
// }
return user // Update existing user
if (user) {
if (!user.isActive) {
throw new WIKI.Error.AuthAccountBanned()
}
if (user.isSystem) {
throw new Error('This is a system reserved account and cannot be used.')
}
user = await user.$query().patchAndFetch({
email: primaryEmail,
name: displayName,
pictureUrl: pictureUrl
})
return user
}
// Self-registration
if (provider.selfRegistration) {
// Check if email domain is whitelisted
if (_.get(provider, 'domainWhitelist', []).length > 0) {
const emailDomain = _.last(primaryEmail.split('@'))
if (!_.includes(provider.domainWhitelist, emailDomain)) {
throw new WIKI.Error.AuthRegistrationDomainUnauthorized()
}
}
// Create account
user = await WIKI.models.users.query().insertAndFetch({
providerKey: providerKey,
providerId: profile.id,
email: primaryEmail,
name: displayName,
pictureUrl: pictureUrl,
localeCode: WIKI.config.lang.code,
defaultEditor: 'markdown',
tfaIsActive: false,
isSystem: false,
isActive: true,
isVerified: true
})
// Assign to group(s)
if (provider.autoEnrollGroups.length > 0) {
await user.$relatedQuery('groups').relate(provider.autoEnrollGroups)
}
return user
}
throw new Error('You are not authorized to login.')
} }
static async login (opts, context) { static async login (opts, context) {
@ -227,7 +261,7 @@ module.exports = class User extends Model {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
WIKI.auth.passport.authenticate(opts.strategy, { WIKI.auth.passport.authenticate(opts.strategy, {
session: !strInfo.useForm, session: !strInfo.useForm,
scope: strInfo.scopes ? strInfo.scopes.join(' ') : null scope: strInfo.scopes ? strInfo.scopes : null
}, async (err, user, info) => { }, async (err, user, info) => {
if (err) { return reject(err) } if (err) { return reject(err) }
if (!user) { return reject(new WIKI.Error.AuthLoginFailed()) } if (!user) { return reject(new WIKI.Error.AuthLoginFailed()) }

3
server/modules/authentication/auth0/authentication.js
View File

@ -15,9 +15,8 @@ module.exports = {
clientSecret: conf.clientSecret, clientSecret: conf.clientSecret,
callbackURL: conf.callbackURL callbackURL: conf.callbackURL
}, async (accessToken, refreshToken, extraParams, profile, cb) => { }, async (accessToken, refreshToken, extraParams, profile, cb) => {
console.info(accessToken, refreshToken, extraParams, profile)
try { try {
const user = WIKI.models.users.processProfile({ profile, provider: 'auth0' }) const user = await WIKI.models.users.processProfile({ profile, providerKey: 'auth0' })
cb(null, user) cb(null, user)
} catch (err) { } catch (err) {
cb(err, null) cb(err, null)

21
server/modules/authentication/discord/authentication.js
View File

@ -5,6 +5,7 @@
// ------------------------------------ // ------------------------------------
const DiscordStrategy = require('passport-discord').Strategy const DiscordStrategy = require('passport-discord').Strategy
const _ = require('lodash')
module.exports = { module.exports = {
init (passport, conf) { init (passport, conf) {
@ -14,12 +15,20 @@ module.exports = {
clientSecret: conf.clientSecret, clientSecret: conf.clientSecret,
callbackURL: conf.callbackURL, callbackURL: conf.callbackURL,
scope: 'identify email' scope: 'identify email'
}, function (accessToken, refreshToken, profile, cb) { }, async (accessToken, refreshToken, profile, cb) => {
WIKI.models.users.processProfile(profile).then((user) => { try {
return cb(null, user) || true const user = await WIKI.models.users.processProfile({
}).catch((err) => { profile: {
return cb(err, null) || true ...profile,
}) displayName: profile.username,
picture: `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.png`
},
providerKey: 'discord'
})
cb(null, user)
} catch (err) {
cb(err, null)
}
} }
)) ))
} }

13
server/modules/authentication/discord/definition.yml
View File

@ -5,7 +5,16 @@ author: requarks.io
logo: https://static.requarks.io/logo/discord.svg logo: https://static.requarks.io/logo/discord.svg
color: indigo lighten-2 color: indigo lighten-2
website: https://discordapp.com/ website: https://discordapp.com/
isAvailable: true
useForm: false useForm: false
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2

13
server/modules/authentication/facebook/definition.yml
View File

@ -5,7 +5,16 @@ author: requarks.io
logo: https://static.requarks.io/logo/facebook.svg logo: https://static.requarks.io/logo/facebook.svg
color: indigo color: indigo
website: https://facebook.com/ website: https://facebook.com/
isAvailable: false
useForm: false useForm: false
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2

34
server/modules/authentication/firebase/authentication.js Normal file
View File

@ -0,0 +1,34 @@
/* global WIKI */
// ------------------------------------
// GitHub Account
// ------------------------------------
const GitHubStrategy = require('passport-github2').Strategy
const _ = require('lodash')
module.exports = {
init (passport, conf) {
passport.use('github',
new GitHubStrategy({
clientID: conf.clientId,
clientSecret: conf.clientSecret,
callbackURL: conf.callbackURL,
scope: ['user:email']
}, async (accessToken, refreshToken, profile, cb) => {
try {
const user = await WIKI.models.users.processProfile({
profile: {
...profile,
picture: _.get(profile, 'photos[0].value', '')
},
providerKey: 'github'
})
cb(null, user)
} catch (err) {
cb(err, null)
}
}
))
}
}

11
server/modules/authentication/firebase/definition.yml Normal file
View File

@ -0,0 +1,11 @@
key: firebase
title: Firebase
description: Firebase is Google's mobile platform that helps you quickly develop high-quality apps and grow your business.
author: requarks.io
logo: https://static.requarks.io/logo/firebase.svg
color: yellow darken-3
website: https://firebase.google.com/
isAvailable: false
useForm: false
props: {}

20
server/modules/authentication/github/authentication.js
View File

@ -5,6 +5,7 @@
// ------------------------------------ // ------------------------------------
const GitHubStrategy = require('passport-github2').Strategy const GitHubStrategy = require('passport-github2').Strategy
const _ = require('lodash')
module.exports = { module.exports = {
init (passport, conf) { init (passport, conf) {
@ -14,12 +15,19 @@ module.exports = {
clientSecret: conf.clientSecret, clientSecret: conf.clientSecret,
callbackURL: conf.callbackURL, callbackURL: conf.callbackURL,
scope: ['user:email'] scope: ['user:email']
}, (accessToken, refreshToken, profile, cb) => { }, async (accessToken, refreshToken, profile, cb) => {
WIKI.models.users.processProfile(profile).then((user) => { try {
return cb(null, user) || true const user = await WIKI.models.users.processProfile({
}).catch((err) => { profile: {
return cb(err, null) || true ...profile,
}) picture: _.get(profile, 'photos[0].value', '')
},
providerKey: 'github'
})
cb(null, user)
} catch (err) {
cb(err, null)
}
} }
)) ))
} }

14
server/modules/authentication/github/definition.yml
View File

@ -5,7 +5,17 @@ author: requarks.io
logo: https://static.requarks.io/logo/github.svg logo: https://static.requarks.io/logo/github.svg
color: grey darken-3 color: grey darken-3
website: https://github.com website: https://github.com
isAvailable: true
useForm: false useForm: false
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2

13
server/modules/authentication/google/definition.yml
View File

@ -5,7 +5,16 @@ author: requarks.io
logo: https://static.requarks.io/logo/google.svg logo: https://static.requarks.io/logo/google.svg
color: red darken-1 color: red darken-1
website: https://console.developers.google.com/ website: https://console.developers.google.com/
isAvailable: false
useForm: false useForm: false
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2

20
server/modules/authentication/microsoft/authentication.js
View File

@ -13,12 +13,20 @@ module.exports = {
clientID: conf.clientId, clientID: conf.clientId,
clientSecret: conf.clientSecret, clientSecret: conf.clientSecret,
callbackURL: conf.callbackURL callbackURL: conf.callbackURL
}, function (accessToken, refreshToken, profile, cb) { }, async (accessToken, refreshToken, profile, cb) => {
WIKI.models.users.processProfile(profile).then((user) => { console.info(profile)
return cb(null, user) || true try {
}).catch((err) => { const user = await WIKI.models.users.processProfile({
return cb(err, null) || true profile: {
}) ...profile,
picture: _.get(profile, 'photos[0].value', '')
},
providerKey: 'microsoft'
})
cb(null, user)
} catch (err) {
cb(err, null)
}
} }
)) ))
} }

17
server/modules/authentication/microsoft/definition.yml
View File

@ -5,7 +5,20 @@ author: requarks.io
logo: https://static.requarks.io/logo/microsoft.svg logo: https://static.requarks.io/logo/microsoft.svg
color: blue color: blue
website: https://apps.dev.microsoft.com/ website: https://apps.dev.microsoft.com/
isAvailable: false
useForm: false useForm: false
scopes:
- openid
- profile
- email
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2

25
server/modules/authentication/slack/authentication.js
View File

@ -4,7 +4,8 @@
// Slack Account // Slack Account
// ------------------------------------ // ------------------------------------
const SlackStrategy = require('passport-slack').Strategy const SlackStrategy = require('@aoberoi/passport-slack').default.Strategy
const _ = require('lodash')
module.exports = { module.exports = {
init (passport, conf) { init (passport, conf) {
@ -12,13 +13,21 @@ module.exports = {
new SlackStrategy({ new SlackStrategy({
clientID: conf.clientId, clientID: conf.clientId,
clientSecret: conf.clientSecret, clientSecret: conf.clientSecret,
callbackURL: conf.callbackURL callbackURL: conf.callbackURL,
}, (accessToken, refreshToken, profile, cb) => { team: conf.team
WIKI.models.users.processProfile(profile).then((user) => { }, async (accessToken, scopes, team, extra, { user: userProfile }, cb) => {
return cb(null, user) || true try {
}).catch((err) => { const user = await WIKI.models.users.processProfile({
return cb(err, null) || true profile: {
}) ...userProfile,
picture: _.get(userProfile, 'image_48', '')
},
providerKey: 'slack'
})
cb(null, user)
} catch (err) {
cb(err, null)
}
} }
)) ))
} }

22
server/modules/authentication/slack/definition.yml
View File

@ -5,7 +5,25 @@ author: requarks.io
logo: https://static.requarks.io/logo/slack.svg logo: https://static.requarks.io/logo/slack.svg
color: green color: green
website: https://api.slack.com/docs/oauth website: https://api.slack.com/docs/oauth
isAvailable: true
useForm: false useForm: false
scope:
- identity.basic
- identity.email
- identity.avatar
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2
team:
type: String
title: Team / Workspace ID
hint: Optional - Your unique team (workspace) identifier
order: 3

13
server/modules/authentication/twitch/definition.yml
View File

@ -5,7 +5,16 @@ author: requarks.io
logo: https://static.requarks.io/logo/twitch.svg logo: https://static.requarks.io/logo/twitch.svg
color: indigo darken-2 color: indigo darken-2
website: https://dev.twitch.tv/docs/authentication/ website: https://dev.twitch.tv/docs/authentication/
isAvailable: false
useForm: false useForm: false
props: props:
clientId: String clientId:
clientSecret: String type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2