fix oidc

2025-08-11 21:23:54 -04:00 · 2024-10-01 11:37:07 -04:00 · 2024-10-01 11:37:07 -04:00 · a007314229
commit a007314229
parent 8f7c0a3ac9
4 changed files with 42 additions and 16 deletions
--- a/server/auth/modules/passport-providers/oauth.js
+++ b/server/auth/modules/passport-providers/oauth.js
@ -1,5 +1,4 @@
 var OAuth2Strategy = require('passport-oauth2')
-var authProvider = require('../../../models/authProvider')
 var authUserAssoc = require('../../../models/authUserAssociation')
 var users = require('../../../models/users')
 var { hasNestedValue } = require('../../../utils')
@ -11,10 +10,6 @@ class PassportOAuth {
        this.auth_name = auth_name
    }

-    async getProviderInfo(auth_name){
-        return await authProvider.find(auth_name)
-    }
-
    register(app, passport,endpoint, name, provider) {
        const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback`
        const self = this
@ -44,14 +39,14 @@ class PassportOAuth {
                if(hasNestedValue(userInfo,provider.OAUTH_ROLE_TEACHER_VALUE)) received_user.roles.push('teacher')
                if(hasNestedValue(userInfo,provider.OAUTH_ROLE_STUDENT_VALUE)) received_user.roles.push('student')

-                const user_association = await authUserAssoc.find_user_association(self.auth_name._id,userInfo.sub)
+                const user_association = await authUserAssoc.find_user_association(self.auth_name._id,received_user.auth_id)

                let user_account = null
                if(user_association){
                    user_account = await users.getById(user_association.user_id)
                } 
                else {
-                    let user_id = await users.getId(userInfo.email)
+                    let user_id = await users.getId(received_user.email)
                    user_account = user_id ? await users.getById(user_id) : await users.register(received_user.email,"")
                    await authUserAssoc.link(self.auth_name,received_user.auth_id,user_account._id)
                }
--- a/server/auth/modules/passport-providers/oidc.js
+++ b/server/auth/modules/passport-providers/oidc.js
@ -1,9 +1,12 @@
 var OpenIDConnectStrategy = require('passport-openidconnect')
+var authUserAssoc = require('../../../models/authUserAssociation')
+var users = require('../../../models/users')
+var { hasNestedValue } = require('../../../utils')

 class PassportOpenIDConnect {
-    constructor(passportjs,auth_id){
+    constructor(passportjs,auth_name){
        this.passportjs = passportjs
-        this.auth_id = auth_id
+        this.auth_name = auth_name
    }

    async getConfigFromConfigURL(name,provider){
@ -19,6 +22,7 @@ class PassportOpenIDConnect {

        const config = await this.getConfigFromConfigURL(name,provider)
        const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback`
+        const self = this

        passport.use(name, new OpenIDConnectStrategy({
            issuer: config.issuer,
@ -34,15 +38,35 @@ class PassportOpenIDConnect {
        // patch pour la librairie permet d'obtenir les groupes, PR en cours mais "morte" : https://github.com/jaredhanson/passport-openidconnect/pull/101
        async function(req, issuer, profile, times, tok, done) {
            try {
-                const user = {
-                    id: profile.id,
+                const received_user = {
+                    auth_id: profile.id,
                    email: profile.emails[0].value,
                    name: profile.name.givenName,
-                    groups: profile.groups[0].value ?? []
+                    roles: []
                };
-                return done(null, user);
-            } catch (error) {

+                if(hasNestedValue(profile,provider.OIDC_ROLE_TEACHER_VALUE)) received_user.roles.push('teacher')
+                if(hasNestedValue(profile,provider.OIDC_ROLE_STUDENT_VALUE)) received_user.roles.push('student')
+    
+                const user_association = await authUserAssoc.find_user_association(self.auth_name._id,received_user.auth_id)
+
+                let user_account = null
+                if(user_association){
+                    user_account = await users.getById(user_association.user_id)
+                } 
+                else {
+                    let user_id = await users.getId(received_user.email)
+                    user_account = user_id ? await users.getById(user_id) : await users.register(received_user.email,"")
+                    await authUserAssoc.link(self.auth_name,received_user.auth_id,user_account._id)
+                }
+
+                user_account.name = received_user.name
+                user_account.roles = received_user.roles
+                await users.editUser(user_account)
+                self.passportjs.authenticate(user_account)
+
+                return done(null, user_account);
+            } catch (error) {
            }
        }));

--- a/server/auth/modules/passportjs.js
+++ b/server/auth/modules/passportjs.js
@ -52,11 +52,11 @@ class PassportJs{


    register(userinfos){
-        this.authmanager.register(userinfos)
+        return this.authmanager.register(userinfos)
    }

    authenticate(userinfos){
-        this.authmanager.login(userinfos)
+        return this.authmanager.login(userinfos)
    }
    
 }
--- a/server/utils.js
+++ b/server/utils.js
@ -3,6 +3,13 @@ function hasNestedValue(obj, path, delimiter = "_") {
  let current = obj;

  for (const key of keys) {
+    while(Array.isArray(current) && current.length == 1 && current[0]){
+      current = current[0]
+    }
+    while(current['value']){
+      current = current.value
+    }
+    
    if (current && typeof current === "object") {
      if (Array.isArray(current)) {
        const index = current.findIndex(x => x == key)