EvalueTonSavoir/server/auth/modules/passport-providers/oidc.js

var OpenIDConnectStrategy = require('passport-openidconnect')
const model = require("../../../models/users");

class PassportOpenIDConnect {

    async getConfigFromConfigURL(name,provider){
        try{
            const config = await fetch(provider.OIDC_CONFIG_URL)
            return await config.json()
        } catch (error) {
            console.error(`Les informations de connexions de la connexion OIDC ${name} n'ont pu être chargées.`)
        }
    }

    async register(app, passport,endpoint, name, provider) {

        const config = await this.getConfigFromConfigURL(name,provider)
        const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback`

        passport.use(name, new OpenIDConnectStrategy({
            issuer: config.issuer,
            authorizationURL: config.authorization_endpoint,
            tokenURL: config.token_endpoint,
            userInfoURL: config.userinfo_endpoint,
            clientID: provider.OIDC_CLIENT_ID,
            clientSecret: provider.OIDC_CLIENT_SECRET,
            callbackURL: cb_url,
            passReqToCallback: true,
            scope: 'openid profile email ' + `${provider.OIDC_ADD_SCOPE}`,
        },
        // patch pour la librairie permet d'obtenir les groupes, PR en cours mais "morte" : https://github.com/jaredhanson/passport-openidconnect/pull/101
        async function(req, issuer, profile, times, tok, done) {
            try {
                let role;
                if (profile.groups[0].value.includes(provider.OIDC_ROLE_TEACHER_VALUE)) {
                    role = "teacher";
                } else if (profile.groups[0].value.includes(provider.OIDC_ROLE_STUDENT_VALUE)) {
                    role = "student";
                } else {
                    role = "anonymous";
                }

                const user = {
                    id: profile.id,
                    email: profile.emails[0].value,
                    name: profile.name.givenName,
                    groups: profile.groups[0].value ?? [],
                    role: role
                };
                return done(null, user);
            } catch (error) {
                
            }
        }));

        app.get(`${endpoint}/${name}`, (req, res, next) => {
            passport.authenticate(name, {
                scope: 'openid profile email offline_access'+ ` ${provider.OAUTH_ADD_SCOPE}`,
                prompt: 'consent'
            })(req, res, next);
        });

        app.get(`${endpoint}/${name}/callback`, 
            (req, res, next) => {
                passport.authenticate(name, { failureRedirect: '/login' })(req, res, next);
            },
            (req, res) => {
                if (req.user) {
                    res.json(req.user)
                    console.info(`L'utilisateur '${req.user.name}' vient de se connecter`)
                } else {
                    res.status(401).json({ error: "L'authentification a échoué" });
                }
            }
        );
    }
}

module.exports = PassportOpenIDConnect;
added openidconnect provider 2024-09-28 14:03:15 -04:00			`var OpenIDConnectStrategy = require('passport-openidconnect')`
Add permissions with providers 2024-10-01 00:52:25 -04:00			`const model = require("../../../models/users");`
added openidconnect provider 2024-09-28 14:03:15 -04:00
			`class PassportOpenIDConnect {`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00
			`async getConfigFromConfigURL(name,provider){`
			`try{`
			`const config = await fetch(provider.OIDC_CONFIG_URL)`
			`return await config.json()`
			`} catch (error) {`
			console.error(`Les informations de connexions de la connexion OIDC ${name} n'ont pu être chargées.`)
			`}`
			`}`

			`async register(app, passport,endpoint, name, provider) {`

			`const config = await this.getConfigFromConfigURL(name,provider)`
continued oidc 2024-09-29 18:39:24 -04:00			const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00
added openidconnect provider 2024-09-28 14:03:15 -04:00			`passport.use(name, new OpenIDConnectStrategy({`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			`issuer: config.issuer,`
			`authorizationURL: config.authorization_endpoint,`
			`tokenURL: config.token_endpoint,`
			`userInfoURL: config.userinfo_endpoint,`
			`clientID: provider.OIDC_CLIENT_ID,`
			`clientSecret: provider.OIDC_CLIENT_SECRET,`
continued oidc 2024-09-29 18:39:24 -04:00			`callbackURL: cb_url,`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			`passReqToCallback: true,`
			scope: 'openid profile email ' + `${provider.OIDC_ADD_SCOPE}`,
added openidconnect provider 2024-09-28 14:03:15 -04:00			`},`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			`// patch pour la librairie permet d'obtenir les groupes, PR en cours mais "morte" : https://github.com/jaredhanson/passport-openidconnect/pull/101`
			`async function(req, issuer, profile, times, tok, done) {`
added openidconnect provider 2024-09-28 14:03:15 -04:00			`try {`
Add permissions oidc auth 2024-10-01 01:09:12 -04:00			`let role;`
			`if (profile.groups[0].value.includes(provider.OIDC_ROLE_TEACHER_VALUE)) {`
			`role = "teacher";`
			`} else if (profile.groups[0].value.includes(provider.OIDC_ROLE_STUDENT_VALUE)) {`
			`role = "student";`
			`} else {`
			`role = "anonymous";`
			`}`

added openidconnect provider 2024-09-28 14:03:15 -04:00			`const user = {`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			`id: profile.id,`
			`email: profile.emails[0].value,`
			`name: profile.name.givenName,`
Add permissions oidc auth 2024-10-01 01:09:12 -04:00			`groups: profile.groups[0].value ?? [],`
			`role: role`
added openidconnect provider 2024-09-28 14:03:15 -04:00			`};`
continued oidc 2024-09-29 18:39:24 -04:00			`return done(null, user);`
added openidconnect provider 2024-09-28 14:03:15 -04:00			`} catch (error) {`
continued oidc 2024-09-29 18:39:24 -04:00
added openidconnect provider 2024-09-28 14:03:15 -04:00			`}`
			`}));`

added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			app.get(`${endpoint}/${name}`, (req, res, next) => {
added openidconnect provider 2024-09-28 14:03:15 -04:00			`passport.authenticate(name, {`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			scope: 'openid profile email offline_access'+ ` ${provider.OAUTH_ADD_SCOPE}`,
added openidconnect provider 2024-09-28 14:03:15 -04:00			`prompt: 'consent'`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			`})(req, res, next);`
added openidconnect provider 2024-09-28 14:03:15 -04:00			`});`

added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			app.get(`${endpoint}/${name}/callback`,
			`(req, res, next) => {`
			`passport.authenticate(name, { failureRedirect: '/login' })(req, res, next);`
added openidconnect provider 2024-09-28 14:03:15 -04:00			`},`
			`(req, res) => {`
			`if (req.user) {`
added rest of oidc (kind of) 2024-09-28 20:16:29 -04:00			`res.json(req.user)`
			console.info(`L'utilisateur '${req.user.name}' vient de se connecter`)
			`} else {`
			`res.status(401).json({ error: "L'authentification a échoué" });`
added openidconnect provider 2024-09-28 14:03:15 -04:00			`}`
			`}`
			`);`
			`}`
			`}`

			`module.exports = PassportOpenIDConnect;`