feat: add support of hd auth parameter to work with G Suite domains (#4010)

* Add support of hd google auth parameter - to work with G Suite domains * Style-fix * fix: google auth hostedDomain hint Co-authored-by: Nicolas Giard <github@ngpixel.com>
2021-05-25 01:04:11 +03:00 · 2021-05-25 01:04:11 +03:00 · ee8006892e
commit ee8006892e
parent 2ffeaed0d6
2 changed files with 36 additions and 20 deletions
--- a/server/modules/authentication/google/authentication.js
+++ b/server/modules/authentication/google/authentication.js
@ -9,27 +9,38 @@ const _ = require('lodash')

 module.exports = {
  init (passport, conf) {
-    passport.use('google',
-      new GoogleStrategy({
-        clientID: conf.clientId,
-        clientSecret: conf.clientSecret,
-        callbackURL: conf.callbackURL,
-        passReqToCallback: true
-      }, async (req, accessToken, refreshToken, profile, cb) => {
-        try {
-          const user = await WIKI.models.users.processProfile({
-            providerKey: req.params.strategy,
-            profile: {
-              ...profile,
-              picture: _.get(profile, 'photos[0].value', '')
-            }
-          })
-          cb(null, user)
-        } catch (err) {
-          cb(err, null)
+    const strategy = new GoogleStrategy({
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL,
+      passReqToCallback: true
+    }, async (req, accessToken, refreshToken, profile, cb) => {
+      try {
+        if (conf.hostedDomain && conf.hostedDomain != profile._json.hd) {
+          throw new Error('Google authentication should have been performed with domain ' + conf.hostedDomain)
        }
-      })
-    )
+        const user = await WIKI.models.users.processProfile({
+          providerKey: req.params.strategy,
+          profile: {
+            ...profile,
+            picture: _.get(profile, 'photos[0].value', '')
+          }
+        })
+        cb(null, user)
+      } catch (err) {
+        cb(err, null)
+      }
+    })
+
+    if (conf.hostedDomain) {
+      strategy.authorizationParams = function(options) {
+        return {
+          hd: conf.hostedDomain
+        }
+      }
+    }
+
+    passport.use('google', strategy)
  },
  logout (conf) {
    return '/'
--- a/server/modules/authentication/google/definition.yml
+++ b/server/modules/authentication/google/definition.yml
@ -22,3 +22,8 @@ props:
    title: Client Secret
    hint: Application Client Secret
    order: 2
+  hostedDomain:
+    type: String
+    title: Hosted Domain
+    hint: (optional) Only for G Suite hosted domain. Leave empty otherwise.
+    order: 3