feat: add support of hd auth parameter to work with G Suite domains (#4010)

* Add support of hd google auth parameter - to work with G Suite domains * Style-fix * fix: google auth hostedDomain hint Co-authored-by: Nicolas Giard <github@ngpixel.com>
2021-05-25 01:04:11 +03:00 · 2021-05-25 01:04:11 +03:00 · ee8006892e
commit ee8006892e
parent 2ffeaed0d6
2 changed files with 36 additions and 20 deletions
--- a/server/modules/authentication/google/authentication.js
+++ b/server/modules/authentication/google/authentication.js
@ -9,27 +9,38 @@ const _ = require('lodash')
 module.exports = {
  init (passport, conf) {
-    passport.use('google',
+    const strategy = new GoogleStrategy({
-      new GoogleStrategy({
+      clientID: conf.clientId,
-        clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
-        clientSecret: conf.clientSecret,
+      callbackURL: conf.callbackURL,
-        callbackURL: conf.callbackURL,
+      passReqToCallback: true
-        passReqToCallback: true
+    }, async (req, accessToken, refreshToken, profile, cb) => {
-      }, async (req, accessToken, refreshToken, profile, cb) => {
+      try {
-        try {
+        if (conf.hostedDomain && conf.hostedDomain != profile._json.hd) {
-          const user = await WIKI.models.users.processProfile({
+          throw new Error('Google authentication should have been performed with domain ' + conf.hostedDomain)
            providerKey: req.params.strategy,
            profile: {
              ...profile,
              picture: _.get(profile, 'photos[0].value', '')
            }
          })
          cb(null, user)
        } catch (err) {
          cb(err, null)
        }
-      })
+        const user = await WIKI.models.users.processProfile({
-    )
+          providerKey: req.params.strategy,
          profile: {
            ...profile,
            picture: _.get(profile, 'photos[0].value', '')
          }
        })
        cb(null, user)
      } catch (err) {
        cb(err, null)
      }
    })
    if (conf.hostedDomain) {
      strategy.authorizationParams = function(options) {
        return {
          hd: conf.hostedDomain
        }
      }
    }
    passport.use('google', strategy)
  },
  logout (conf) {
    return '/'
--- a/server/modules/authentication/google/definition.yml
+++ b/server/modules/authentication/google/definition.yml
@ -22,3 +22,8 @@ props:
    title: Client Secret
    hint: Application Client Secret
    order: 2
  hostedDomain:
    type: String
    title: Hosted Domain
    hint: (optional) Only for G Suite hosted domain. Leave empty otherwise.
    order: 3