EvalueTonSavoir/server/auth/modules/passport-providers/oauth.js

var OAuth2Strategy = require('passport-oauth2')
var authUserAssoc = require('../../../models/authUserAssociation')
var users = require('../../../models/users')
var { hasNestedValue } = require('../../../utils')
var jwt = require('../../../middleware/jwtToken')

class PassportOAuth {
    constructor(passportjs, auth_name) {
        this.passportjs = passportjs
        this.auth_name = auth_name
    }

    register(app, passport, endpoint, name, provider) {
        const cb_url = `${process.env['BACKEND_URL']}${endpoint}/${name}/callback`
        const self = this
        const scope = 'openid profile email offline_access' + ` ${provider.OAUTH_ADD_SCOPE}`;

        passport.use(name, new OAuth2Strategy({
            authorizationURL: provider.OAUTH_AUTHORIZATION_URL,
            tokenURL: provider.OAUTH_TOKEN_URL,
            clientID: provider.OAUTH_CLIENT_ID,
            clientSecret: provider.OAUTH_CLIENT_SECRET,
            callbackURL: cb_url,
            passReqToCallback: true
        },
            async function (req, accessToken, refreshToken, params, profile, done) {
                try {
                    const userInfoResponse = await fetch(provider.OAUTH_USERINFO_URL, {
                        headers: { 'Authorization': `Bearer ${accessToken}` }
                    });
                    const userInfo = await userInfoResponse.json();

                    let received_user = {
                        auth_id: userInfo.sub,
                        email: userInfo.email,
                        name: userInfo.name,
                        roles: []
                    };

                    if (hasNestedValue(userInfo, provider.OAUTH_ROLE_TEACHER_VALUE)) received_user.roles.push('teacher')
                    if (hasNestedValue(userInfo, provider.OAUTH_ROLE_STUDENT_VALUE)) received_user.roles.push('student')

                    const user_association = await authUserAssoc.find_user_association(self.auth_name, received_user.auth_id)

                    let user_account
                    if (user_association) {
                        user_account = await users.getById(user_association.user_id)
                    }
                    else {
                        let user_id = await users.getId(received_user.email)
                        if (user_id) {
                            user_account = await users.getById(user_id);
                        } else {
                            received_user.password = users.generatePassword()
                            user_account = await self.passportjs.register(received_user)
                        }
                        await authUserAssoc.link(self.auth_name, received_user.auth_id, user_account._id)
                    }

                    user_account.name = received_user.name
                    user_account.roles = received_user.roles
                    await users.editUser(user_account)

                    // Store the tokens in the session
                    req.session.oauth2Tokens = {
                        accessToken: accessToken,
                        refreshToken: refreshToken,
                        expiresIn: params.expires_in
                    };

                    return done(null, user_account);
                } catch (error) {
                    console.error(`Erreur dans la strategie OAuth2 '${name}' : ${error}`);
                    return done(error);
                }
            }));

        app.get(`${endpoint}/${name}`, (req, res, next) => {
            passport.authenticate(name, {
                scope: scope,
                prompt: 'consent'
            })(req, res, next);
        });

        app.get(`${endpoint}/${name}/callback`,
            (req, res, next) => {
                passport.authenticate(name, { failureRedirect: '/login' })(req, res, next);
            },
            (req, res) => {
                if (req.user) {
                    self.passportjs.authenticate(req.user, req, res)
                } else {
                    res.status(401).json({ error: "L'authentification a échoué" });
                }
            }
        );
        console.info(`Ajout de la connexion : ${name}(OAuth)`)
    }
}

module.exports = PassportOAuth;
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00			`var OAuth2Strategy = require('passport-oauth2')`
link oauths Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 00:14:55 -04:00			`var authUserAssoc = require('../../../models/authUserAssociation')`
			`var users = require('../../../models/users')`
Adds Oauths parsing Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 10:55:48 -04:00			`var { hasNestedValue } = require('../../../utils')`
jwt token redirect frontend 2024-10-01 12:03:49 -04:00			`var jwt = require('../../../middleware/jwtToken')`
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00
fixes 500 error 2024-09-27 23:02:53 -04:00			`class PassportOAuth {`
Roles done 2024-10-19 13:13:16 -04:00			`constructor(passportjs, auth_name) {`
link oauths Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 00:14:55 -04:00			`this.passportjs = passportjs`
Adds Oauths parsing Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 10:55:48 -04:00			`this.auth_name = auth_name`
link oauths Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 00:14:55 -04:00			`}`

Roles done 2024-10-19 13:13:16 -04:00			`register(app, passport, endpoint, name, provider) {`
			const cb_url = `${process.env['BACKEND_URL']}${endpoint}/${name}/callback`
Adds Oauths parsing Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 10:55:48 -04:00			`const self = this`
Adds debuging informations + fixes url 2024-10-22 13:04:29 -04:00			const scope = 'openid profile email offline_access' + ` ${provider.OAUTH_ADD_SCOPE}`;
Adds Oauths parsing Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 10:55:48 -04:00
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00			`passport.use(name, new OAuth2Strategy({`
Incorporate auth config 2024-09-28 17:08:11 -04:00			`authorizationURL: provider.OAUTH_AUTHORIZATION_URL,`
			`tokenURL: provider.OAUTH_TOKEN_URL,`
			`clientID: provider.OAUTH_CLIENT_ID,`
			`clientSecret: provider.OAUTH_CLIENT_SECRET,`
continued oidc 2024-09-29 18:39:24 -04:00			`callbackURL: cb_url,`
fixes 500 error 2024-09-27 23:02:53 -04:00			`passReqToCallback: true`
			`},`
Roles done 2024-10-19 13:13:16 -04:00			`async function (req, accessToken, refreshToken, params, profile, done) {`
			`try {`
			`const userInfoResponse = await fetch(provider.OAUTH_USERINFO_URL, {`
			headers: { 'Authorization': `Bearer ${accessToken}` }
			`});`
			`const userInfo = await userInfoResponse.json();`
fixes 500 error 2024-09-27 23:02:53 -04:00
Roles done 2024-10-19 13:13:16 -04:00			`let received_user = {`
			`auth_id: userInfo.sub,`
			`email: userInfo.email,`
			`name: userInfo.name,`
			`roles: []`
			`};`
link oauths Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 00:14:55 -04:00
Roles done 2024-10-19 13:13:16 -04:00			`if (hasNestedValue(userInfo, provider.OAUTH_ROLE_TEACHER_VALUE)) received_user.roles.push('teacher')`
			`if (hasNestedValue(userInfo, provider.OAUTH_ROLE_STUDENT_VALUE)) received_user.roles.push('student')`
link oauths Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 00:14:55 -04:00
Roles done 2024-10-19 13:13:16 -04:00			`const user_association = await authUserAssoc.find_user_association(self.auth_name, received_user.auth_id)`

			`let user_account`
			`if (user_association) {`
			`user_account = await users.getById(user_association.user_id)`
			`}`
			`else {`
			`let user_id = await users.getId(received_user.email)`
			`if (user_id) {`
			`user_account = await users.getById(user_id);`
			`} else {`
			`received_user.password = users.generatePassword()`
			`user_account = await self.passportjs.register(received_user)`
			`}`
			`await authUserAssoc.link(self.auth_name, received_user.auth_id, user_account._id)`
centralise login/register methods 2024-10-08 15:45:18 -04:00			`}`
fixes 500 error 2024-09-27 23:02:53 -04:00
Roles done 2024-10-19 13:13:16 -04:00			`user_account.name = received_user.name`
			`user_account.roles = received_user.roles`
			`await users.editUser(user_account)`
Adds Oauths parsing Co-authored-by: roesnerb <roesnerb@users.noreply.github.com> Co-authored-by: MathieuSevignyLavallee <MathieuSevignyLavallee@users.noreply.github.com> 2024-10-01 10:55:48 -04:00
Roles done 2024-10-19 13:13:16 -04:00			`// Store the tokens in the session`
			`req.session.oauth2Tokens = {`
			`accessToken: accessToken,`
			`refreshToken: refreshToken,`
			`expiresIn: params.expires_in`
			`};`
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00
Roles done 2024-10-19 13:13:16 -04:00			`return done(null, user_account);`
			`} catch (error) {`
			console.error(`Erreur dans la strategie OAuth2 '${name}' : ${error}`);
			`return done(error);`
			`}`
			`}));`
fixes 500 error 2024-09-27 23:02:53 -04:00
Incorporate auth config 2024-09-28 17:08:11 -04:00			app.get(`${endpoint}/${name}`, (req, res, next) => {
fixes 500 error 2024-09-27 23:02:53 -04:00			`passport.authenticate(name, {`
Adds debuging informations + fixes url 2024-10-22 13:04:29 -04:00			`scope: scope,`
fixes 500 error 2024-09-27 23:02:53 -04:00			`prompt: 'consent'`
			`})(req, res, next);`
			`});`
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00
Roles done 2024-10-19 13:13:16 -04:00			app.get(`${endpoint}/${name}/callback`,
fixes 500 error 2024-09-27 23:02:53 -04:00			`(req, res, next) => {`
			`passport.authenticate(name, { failureRedirect: '/login' })(req, res, next);`
			`},`
			`(req, res) => {`
			`if (req.user) {`
Roles done 2024-10-19 13:13:16 -04:00			`self.passportjs.authenticate(req.user, req, res)`
fixes 500 error 2024-09-27 23:02:53 -04:00			`} else {`
Incorporate auth config 2024-09-28 17:08:11 -04:00			`res.status(401).json({ error: "L'authentification a échoué" });`
fixes 500 error 2024-09-27 23:02:53 -04:00			`}`
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00			`}`
			`);`
Adds debuging informations + fixes url 2024-10-22 13:04:29 -04:00			console.info(`Ajout de la connexion : ${name}(OAuth)`)
Adds base for OAuth - Still errors 2024-09-24 17:24:32 -04:00			`}`
			`}`
fixes 500 error 2024-09-27 23:02:53 -04:00
continued oidc 2024-09-29 18:39:24 -04:00			`module.exports = PassportOAuth;`