Add OpenID to CodiMD
With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
32af96aa37
commit
9f9c4089be
8 changed files with 91 additions and 4 deletions
|
@ -145,5 +145,6 @@ module.exports = {
|
||||||
email: true,
|
email: true,
|
||||||
allowEmailRegister: true,
|
allowEmailRegister: true,
|
||||||
allowGravatar: true,
|
allowGravatar: true,
|
||||||
allowPDFExport: true
|
allowPDFExport: true,
|
||||||
|
openID: true
|
||||||
}
|
}
|
||||||
|
|
|
@ -123,5 +123,6 @@ module.exports = {
|
||||||
email: toBooleanConfig(process.env.CMD_EMAIL),
|
email: toBooleanConfig(process.env.CMD_EMAIL),
|
||||||
allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
|
allowEmailRegister: toBooleanConfig(process.env.CMD_ALLOW_EMAIL_REGISTER),
|
||||||
allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
|
allowGravatar: toBooleanConfig(process.env.CMD_ALLOW_GRAVATAR),
|
||||||
allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT)
|
allowPDFExport: toBooleanConfig(process.env.CMD_ALLOW_PDF_EXPORT),
|
||||||
|
openID: toBooleanConfig(process.env.CMD_OPENID)
|
||||||
}
|
}
|
||||||
|
|
|
@ -96,6 +96,7 @@ config.isGoogleEnable = config.google.clientID && config.google.clientSecret
|
||||||
config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
|
config.isDropboxEnable = config.dropbox.clientID && config.dropbox.clientSecret
|
||||||
config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
|
config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSecret
|
||||||
config.isEmailEnable = config.email
|
config.isEmailEnable = config.email
|
||||||
|
config.isOpenIDEnable = config.openID
|
||||||
config.isGitHubEnable = config.github.clientID && config.github.clientSecret
|
config.isGitHubEnable = config.github.clientID && config.github.clientSecret
|
||||||
config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
|
config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
|
||||||
config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
|
config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
|
||||||
|
|
|
@ -88,6 +88,7 @@ function showIndex (req, res, next) {
|
||||||
email: config.isEmailEnable,
|
email: config.isEmailEnable,
|
||||||
allowEmailRegister: config.allowEmailRegister,
|
allowEmailRegister: config.allowEmailRegister,
|
||||||
allowPDFExport: config.allowPDFExport,
|
allowPDFExport: config.allowPDFExport,
|
||||||
|
openID: config.isOpenIDEnable,
|
||||||
signin: authStatus,
|
signin: authStatus,
|
||||||
infoMessage: req.flash('info'),
|
infoMessage: req.flash('info'),
|
||||||
errorMessage: req.flash('error'),
|
errorMessage: req.flash('error'),
|
||||||
|
@ -142,7 +143,8 @@ function responseCodiMD (res, note) {
|
||||||
oauth2: config.isOAuth2Enable,
|
oauth2: config.isOAuth2Enable,
|
||||||
email: config.isEmailEnable,
|
email: config.isEmailEnable,
|
||||||
allowEmailRegister: config.allowEmailRegister,
|
allowEmailRegister: config.allowEmailRegister,
|
||||||
allowPDFExport: config.allowPDFExport
|
allowPDFExport: config.allowPDFExport,
|
||||||
|
openID: config.isOpenIDEnable
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -45,6 +45,7 @@ if (config.isLDAPEnable) authRouter.use(require('./ldap'))
|
||||||
if (config.isSAMLEnable) authRouter.use(require('./saml'))
|
if (config.isSAMLEnable) authRouter.use(require('./saml'))
|
||||||
if (config.isOAuth2Enable) authRouter.use(require('./oauth2'))
|
if (config.isOAuth2Enable) authRouter.use(require('./oauth2'))
|
||||||
if (config.isEmailEnable) authRouter.use(require('./email'))
|
if (config.isEmailEnable) authRouter.use(require('./email'))
|
||||||
|
if (config.isOpenIDEnable) authRouter.use(require('./openid'))
|
||||||
|
|
||||||
// logout
|
// logout
|
||||||
authRouter.get('/logout', function (req, res) {
|
authRouter.get('/logout', function (req, res) {
|
||||||
|
|
61
lib/web/auth/openid/index.js
Normal file
61
lib/web/auth/openid/index.js
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
const Router = require('express').Router
|
||||||
|
const passport = require('passport')
|
||||||
|
const OpenIDStrategy = require('@passport-next/passport-openid').Strategy
|
||||||
|
const config = require('../../../config')
|
||||||
|
const models = require('../../../models')
|
||||||
|
const logger = require('../../../logger')
|
||||||
|
const {urlencodedParser} = require('../../utils')
|
||||||
|
const {setReturnToFromReferer} = require('../utils')
|
||||||
|
|
||||||
|
let openIDAuth = module.exports = Router()
|
||||||
|
|
||||||
|
passport.use(new OpenIDStrategy({
|
||||||
|
returnURL: config.serverURL + '/auth/openid/callback',
|
||||||
|
realm: config.serverURL,
|
||||||
|
profile: true
|
||||||
|
}, function (openid, profile, done) {
|
||||||
|
var stringifiedProfile = JSON.stringify(profile)
|
||||||
|
models.User.findOrCreate({
|
||||||
|
where: {
|
||||||
|
profileid: openid
|
||||||
|
},
|
||||||
|
defaults: {
|
||||||
|
profile: stringifiedProfile
|
||||||
|
}
|
||||||
|
}).spread(function (user, created) {
|
||||||
|
if (user) {
|
||||||
|
var needSave = false
|
||||||
|
if (user.profile !== stringifiedProfile) {
|
||||||
|
user.profile = stringifiedProfile
|
||||||
|
needSave = true
|
||||||
|
}
|
||||||
|
if (needSave) {
|
||||||
|
user.save().then(function () {
|
||||||
|
if (config.debug) { logger.info('user login: ' + user.id) }
|
||||||
|
return done(null, user)
|
||||||
|
})
|
||||||
|
} else {
|
||||||
|
if (config.debug) { logger.info('user login: ' + user.id) }
|
||||||
|
return done(null, user)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}).catch(function (err) {
|
||||||
|
logger.error('auth callback failed: ' + err)
|
||||||
|
return done(err, null)
|
||||||
|
})
|
||||||
|
}))
|
||||||
|
|
||||||
|
openIDAuth.post('/auth/openid', urlencodedParser, function (req, res, next) {
|
||||||
|
setReturnToFromReferer(req)
|
||||||
|
passport.authenticate('openid')(req, res, next)
|
||||||
|
})
|
||||||
|
|
||||||
|
// openID auth callback
|
||||||
|
openIDAuth.get('/auth/openid/callback',
|
||||||
|
passport.authenticate('openid', {
|
||||||
|
successReturnToOrRedirect: config.serverurl + '/',
|
||||||
|
failureRedirect: config.serverurl + '/'
|
||||||
|
})
|
||||||
|
)
|
|
@ -15,6 +15,7 @@
|
||||||
"doctoc": "doctoc --title='# Table of Contents' README.md"
|
"doctoc": "doctoc --title='# Table of Contents' README.md"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
"@passport-next/passport-openid": "^1.0.0",
|
||||||
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
|
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
|
||||||
"archiver": "^2.1.1",
|
"archiver": "^2.1.1",
|
||||||
"async": "^2.1.4",
|
"async": "^2.1.4",
|
||||||
|
|
|
@ -78,7 +78,26 @@
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
<% } %>
|
<% } %>
|
||||||
<% if((facebook || twitter || github || gitlab || mattermost || dropbox || google || ldap || oauth2) && email) { %>
|
<% if((facebook || twitter || github || gitlab || mattermost || dropbox || google || ldap || oauth2) && openID) { %>
|
||||||
|
<hr>
|
||||||
|
<% }%>
|
||||||
|
<% if(openID) { %>
|
||||||
|
<h4>OpenID</h4>
|
||||||
|
<form data-toggle="validator" role="form" class="form-horizontal" method="post" enctype="application/x-www-form-urlencoded">
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
<input type="text" class="form-control" name="openid_identifier" placeholder="OpenID" required>
|
||||||
|
<span class="help-block control-label with-errors" style="display: inline;"></span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
<button type="submit" class="btn btn-primary" formaction="<%- url %>/auth/openid">Sign in</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
<% } %>
|
||||||
|
<% if((facebook || twitter || github || gitlab || mattermost || dropbox || google || ldap || oauth2 || openID) && email) { %>
|
||||||
<hr>
|
<hr>
|
||||||
<% }%>
|
<% }%>
|
||||||
<% if(email) { %>
|
<% if(email) { %>
|
||||||
|
|
Loading…
Reference in a new issue