From a007314229725dadd7c91b00c73957a726737e8d Mon Sep 17 00:00:00 2001 From: Gabriel Matte Date: Tue, 1 Oct 2024 11:37:07 -0400 Subject: [PATCH] fix oidc --- .../auth/modules/passport-providers/oauth.js | 9 +---- .../auth/modules/passport-providers/oidc.js | 38 +++++++++++++++---- server/auth/modules/passportjs.js | 4 +- server/utils.js | 7 ++++ 4 files changed, 42 insertions(+), 16 deletions(-) diff --git a/server/auth/modules/passport-providers/oauth.js b/server/auth/modules/passport-providers/oauth.js index 3545ae9..35ccab1 100644 --- a/server/auth/modules/passport-providers/oauth.js +++ b/server/auth/modules/passport-providers/oauth.js @@ -1,5 +1,4 @@ var OAuth2Strategy = require('passport-oauth2') -var authProvider = require('../../../models/authProvider') var authUserAssoc = require('../../../models/authUserAssociation') var users = require('../../../models/users') var { hasNestedValue } = require('../../../utils') @@ -11,10 +10,6 @@ class PassportOAuth { this.auth_name = auth_name } - async getProviderInfo(auth_name){ - return await authProvider.find(auth_name) - } - register(app, passport,endpoint, name, provider) { const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback` const self = this @@ -44,14 +39,14 @@ class PassportOAuth { if(hasNestedValue(userInfo,provider.OAUTH_ROLE_TEACHER_VALUE)) received_user.roles.push('teacher') if(hasNestedValue(userInfo,provider.OAUTH_ROLE_STUDENT_VALUE)) received_user.roles.push('student') - const user_association = await authUserAssoc.find_user_association(self.auth_name._id,userInfo.sub) + const user_association = await authUserAssoc.find_user_association(self.auth_name._id,received_user.auth_id) let user_account = null if(user_association){ user_account = await users.getById(user_association.user_id) } else { - let user_id = await users.getId(userInfo.email) + let user_id = await users.getId(received_user.email) user_account = user_id ? await users.getById(user_id) : await users.register(received_user.email,"") await authUserAssoc.link(self.auth_name,received_user.auth_id,user_account._id) } diff --git a/server/auth/modules/passport-providers/oidc.js b/server/auth/modules/passport-providers/oidc.js index f678578..ee9816d 100644 --- a/server/auth/modules/passport-providers/oidc.js +++ b/server/auth/modules/passport-providers/oidc.js @@ -1,9 +1,12 @@ var OpenIDConnectStrategy = require('passport-openidconnect') +var authUserAssoc = require('../../../models/authUserAssociation') +var users = require('../../../models/users') +var { hasNestedValue } = require('../../../utils') class PassportOpenIDConnect { - constructor(passportjs,auth_id){ + constructor(passportjs,auth_name){ this.passportjs = passportjs - this.auth_id = auth_id + this.auth_name = auth_name } async getConfigFromConfigURL(name,provider){ @@ -19,6 +22,7 @@ class PassportOpenIDConnect { const config = await this.getConfigFromConfigURL(name,provider) const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback` + const self = this passport.use(name, new OpenIDConnectStrategy({ issuer: config.issuer, @@ -34,15 +38,35 @@ class PassportOpenIDConnect { // patch pour la librairie permet d'obtenir les groupes, PR en cours mais "morte" : https://github.com/jaredhanson/passport-openidconnect/pull/101 async function(req, issuer, profile, times, tok, done) { try { - const user = { - id: profile.id, + const received_user = { + auth_id: profile.id, email: profile.emails[0].value, name: profile.name.givenName, - groups: profile.groups[0].value ?? [] + roles: [] }; - return done(null, user); + + if(hasNestedValue(profile,provider.OIDC_ROLE_TEACHER_VALUE)) received_user.roles.push('teacher') + if(hasNestedValue(profile,provider.OIDC_ROLE_STUDENT_VALUE)) received_user.roles.push('student') + + const user_association = await authUserAssoc.find_user_association(self.auth_name._id,received_user.auth_id) + + let user_account = null + if(user_association){ + user_account = await users.getById(user_association.user_id) + } + else { + let user_id = await users.getId(received_user.email) + user_account = user_id ? await users.getById(user_id) : await users.register(received_user.email,"") + await authUserAssoc.link(self.auth_name,received_user.auth_id,user_account._id) + } + + user_account.name = received_user.name + user_account.roles = received_user.roles + await users.editUser(user_account) + self.passportjs.authenticate(user_account) + + return done(null, user_account); } catch (error) { - } })); diff --git a/server/auth/modules/passportjs.js b/server/auth/modules/passportjs.js index d194349..865f66b 100644 --- a/server/auth/modules/passportjs.js +++ b/server/auth/modules/passportjs.js @@ -52,11 +52,11 @@ class PassportJs{ register(userinfos){ - this.authmanager.register(userinfos) + return this.authmanager.register(userinfos) } authenticate(userinfos){ - this.authmanager.login(userinfos) + return this.authmanager.login(userinfos) } } diff --git a/server/utils.js b/server/utils.js index c2429f4..91f5972 100644 --- a/server/utils.js +++ b/server/utils.js @@ -3,6 +3,13 @@ function hasNestedValue(obj, path, delimiter = "_") { let current = obj; for (const key of keys) { + while(Array.isArray(current) && current.length == 1 && current[0]){ + current = current[0] + } + while(current['value']){ + current = current.value + } + if (current && typeof current === "object") { if (Array.isArray(current)) { const index = current.findIndex(x => x == key)