From 813ea5944b5a7270ef1abae659ed240205e15eb0 Mon Sep 17 00:00:00 2001 From: Bruno Roesner Date: Sun, 29 Sep 2024 18:39:24 -0400 Subject: [PATCH] continued oidc --- server/.env.example | 5 ++++- server/app.js | 6 ++++++ server/auth/modules/passport-providers/oauth.js | 5 +++-- server/auth/modules/passport-providers/oidc.js | 7 ++++--- server/package-lock.json | 9 --------- server/patches/passport-openidconnect+0.1.2.patch | 12 ++++++++++++ 6 files changed, 29 insertions(+), 15 deletions(-) create mode 100644 server/patches/passport-openidconnect+0.1.2.patch diff --git a/server/.env.example b/server/.env.example index 59c14fc..8553a4b 100644 --- a/server/.env.example +++ b/server/.env.example @@ -15,4 +15,7 @@ JWT_SECRET=TOKEN! # Pour creer les liens images SESSION_Secret='session_secret' -FRONTEND_URL=http://localhost:5173 + +SITE_URL=http://localhost +FRONTEND_PORT=5173 +USE_PORTS=false diff --git a/server/app.js b/server/app.js index 73d9c53..ecf1319 100644 --- a/server/app.js +++ b/server/app.js @@ -17,6 +17,12 @@ const authRouter = require('./routers/auth.js') // Setup environement dotenv.config(); + +// Setup urls from configs +const use_ports = (process.env['USE_PORTS']).toLocaleLowerCase() == "true" +process.env['FRONTEND_URL'] = process.env['SITE_URL'] + (use_ports ? `:${process.env['FRONTEND_PORT']}`:"") +process.env['BACKEND_URL'] = process.env['SITE_URL'] + (use_ports ? `:${process.env['PORT']}`:"") + const db = require('./config/db.js'); const errorHandler = require("./middleware/errorHandler.js"); diff --git a/server/auth/modules/passport-providers/oauth.js b/server/auth/modules/passport-providers/oauth.js index 2b828e7..a38dc44 100644 --- a/server/auth/modules/passport-providers/oauth.js +++ b/server/auth/modules/passport-providers/oauth.js @@ -2,12 +2,13 @@ var OAuth2Strategy = require('passport-oauth2') class PassportOAuth { register(app, passport,endpoint, name, provider) { + const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback` passport.use(name, new OAuth2Strategy({ authorizationURL: provider.OAUTH_AUTHORIZATION_URL, tokenURL: provider.OAUTH_TOKEN_URL, clientID: provider.OAUTH_CLIENT_ID, clientSecret: provider.OAUTH_CLIENT_SECRET, - callbackURL: `${endpoint}/${name}/callback`, + callbackURL: cb_url, passReqToCallback: true }, async function(req, accessToken, refreshToken, params, profile, done) { @@ -64,4 +65,4 @@ class PassportOAuth { } } -module.exports = PassportOAuth; \ No newline at end of file +module.exports = PassportOAuth; diff --git a/server/auth/modules/passport-providers/oidc.js b/server/auth/modules/passport-providers/oidc.js index 546e8d9..7f7ffa2 100644 --- a/server/auth/modules/passport-providers/oidc.js +++ b/server/auth/modules/passport-providers/oidc.js @@ -14,6 +14,7 @@ class PassportOpenIDConnect { async register(app, passport,endpoint, name, provider) { const config = await this.getConfigFromConfigURL(name,provider) + const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback` passport.use(name, new OpenIDConnectStrategy({ issuer: config.issuer, @@ -22,8 +23,7 @@ class PassportOpenIDConnect { userInfoURL: config.userinfo_endpoint, clientID: provider.OIDC_CLIENT_ID, clientSecret: provider.OIDC_CLIENT_SECRET, - // callbackURL: `http://localhost:4400/api/auth/${name}/callback`, - callbackURL: `{endpoint}/${name}/callback`, + callbackURL: cb_url, passReqToCallback: true, scope: 'openid profile email ' + `${provider.OIDC_ADD_SCOPE}`, }, @@ -35,8 +35,9 @@ class PassportOpenIDConnect { email: profile.emails[0].value, name: profile.name.givenName, }; - return cb(null, user); + return done(null, user); } catch (error) { + } })); diff --git a/server/package-lock.json b/server/package-lock.json index ff47fa6..7c21c41 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -21,7 +21,6 @@ "nodemailer": "^6.9.9", "passport": "^0.7.0", "passport-oauth2": "^1.8.0", - "passport-openid-oauth20": "^1.2.6", "passport-openidconnect": "^0.1.2", "patch-package": "^8.0.0", "socket.io": "^4.7.2", @@ -4820,14 +4819,6 @@ "url": "https://github.com/sponsors/jaredhanson" } }, - "node_modules/passport-openid-oauth20": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/passport-openid-oauth20/-/passport-openid-oauth20-1.2.6.tgz", - "integrity": "sha512-L9OMSH/sT73gvk0TLU2UaWb1Gk5KqQB4c9penDTtpZGw6czzznaiA+xPzOAygGtqAIcfQXbW0d3e/UItxjoODQ==", - "dependencies": { - "passport-oauth2": "^1.5.0" - } - }, "node_modules/passport-openidconnect": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/passport-openidconnect/-/passport-openidconnect-0.1.2.tgz", diff --git a/server/patches/passport-openidconnect+0.1.2.patch b/server/patches/passport-openidconnect+0.1.2.patch new file mode 100644 index 0000000..e386741 --- /dev/null +++ b/server/patches/passport-openidconnect+0.1.2.patch @@ -0,0 +1,12 @@ +diff --git a/node_modules/passport-openidconnect/lib/profile.js b/node_modules/passport-openidconnect/lib/profile.js +index eeabf4e..8abe391 100644 +--- a/node_modules/passport-openidconnect/lib/profile.js ++++ b/node_modules/passport-openidconnect/lib/profile.js +@@ -17,6 +17,7 @@ exports.parse = function(json) { + if (json.middle_name) { profile.name.middleName = json.middle_name; } + } + if (json.email) { profile.emails = [ { value: json.email } ]; } ++ if (json.groups) { profile.groups = [ { value: json.groups } ]; } + + return profile; + };