wikijs-fork/server/modules/authentication/oauth2/authentication.js
Aurélien Lajoie 1da80eaab8
feat: oauth2 add groups mapping (#6053)
Co-authored-by: Nicolas Giard <github@ngpixel.com>
2023-01-29 18:08:13 -05:00

77 lines
2.3 KiB
JavaScript

const _ = require('lodash')
/* global WIKI */
// ------------------------------------
// OAuth2 Account
// ------------------------------------
const OAuth2Strategy = require('passport-oauth2').Strategy
module.exports = {
init (passport, conf) {
var client = new OAuth2Strategy({
authorizationURL: conf.authorizationURL,
tokenURL: conf.tokenURL,
clientID: conf.clientId,
clientSecret: conf.clientSecret,
userInfoURL: conf.userInfoURL,
callbackURL: conf.callbackURL,
passReqToCallback: true,
scope: conf.scope,
state: conf.enableCSRFProtection
}, async (req, accessToken, refreshToken, profile, cb) => {
try {
const user = await WIKI.models.users.processProfile({
providerKey: req.params.strategy,
profile: {
...profile,
id: _.get(profile, conf.userIdClaim),
displayName: _.get(profile, conf.displayNameClaim, '???'),
email: _.get(profile, conf.emailClaim)
}
})
if (conf.mapGroups) {
const groups = _.get(profile, conf.groupsClaim)
if (groups && _.isArray(groups)) {
const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)
const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)
for (const groupId of _.difference(expectedGroups, currentGroups)) {
await user.$relatedQuery('groups').relate(groupId)
}
for (const groupId of _.difference(currentGroups, expectedGroups)) {
await user.$relatedQuery('groups').unrelate().where('groupId', groupId)
}
}
}
cb(null, user)
} catch (err) {
cb(err, null)
}
})
client.userProfile = function (accesstoken, done) {
this._oauth2._useAuthorizationHeaderForGET = !conf.useQueryStringForAccessToken
this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => {
if (err) {
return done(err)
}
try {
data = JSON.parse(data)
} catch (e) {
return done(e)
}
done(null, data)
})
}
passport.use(conf.key, client)
},
logout (conf) {
if (!conf.logoutURL) {
return '/'
} else {
return conf.logoutURL
}
}
}