From 56c4ed1f108fa734a5ace0b80618b9478a33658e Mon Sep 17 00:00:00 2001 From: Bruno Roesner Date: Sat, 28 Sep 2024 12:51:56 -0400 Subject: [PATCH 1/5] added passportjs-openid package --- server/package-lock.json | 17 +++++++++++++++++ server/package.json | 1 + 2 files changed, 18 insertions(+) diff --git a/server/package-lock.json b/server/package-lock.json index 55196fc..46dcbb2 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -21,6 +21,7 @@ "passport": "^0.7.0", "passport-oauth2": "^1.8.0", "passport-openid-oauth20": "^1.2.6", + "passport-openidconnect": "^0.1.2", "socket.io": "^4.7.2", "socket.io-client": "^4.7.2" }, @@ -4699,6 +4700,22 @@ "passport-oauth2": "^1.5.0" } }, + "node_modules/passport-openidconnect": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/passport-openidconnect/-/passport-openidconnect-0.1.2.tgz", + "integrity": "sha512-JX3rTyW+KFZ/E9OF/IpXJPbyLO9vGzcmXB5FgSP2jfL3LGKJPdV7zUE8rWeKeeI/iueQggOeFa3onrCmhxXZTg==", + "dependencies": { + "oauth": "0.10.x", + "passport-strategy": "1.x.x" + }, + "engines": { + "node": ">= 0.6.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/jaredhanson" + } + }, "node_modules/passport-strategy": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", diff --git a/server/package.json b/server/package.json index b0bf7a3..aa537f2 100644 --- a/server/package.json +++ b/server/package.json @@ -25,6 +25,7 @@ "passport": "^0.7.0", "passport-oauth2": "^1.8.0", "passport-openid-oauth20": "^1.2.6", + "passport-openidconnect": "^0.1.2", "socket.io": "^4.7.2", "socket.io-client": "^4.7.2" }, From fbca8cb193af53919dbd33f103127811c01e7307 Mon Sep 17 00:00:00 2001 From: Bruno Roesner Date: Sat, 28 Sep 2024 14:03:15 -0400 Subject: [PATCH 2/5] added openidconnect provider --- .../auth/modules/passport-providers/oidc.js | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 server/auth/modules/passport-providers/oidc.js diff --git a/server/auth/modules/passport-providers/oidc.js b/server/auth/modules/passport-providers/oidc.js new file mode 100644 index 0000000..abb0f86 --- /dev/null +++ b/server/auth/modules/passport-providers/oidc.js @@ -0,0 +1,69 @@ +var OpenIDConnectStrategy = require('passport-openidconnect') + +class PassportOpenIDConnect { + register(app, passport, name, provider) { + passport.use(name, new OpenIDConnectStrategy({ + issuer: provider.issuer_url, + authorizationURL: provider.authorization_url, + tokenURL: provider.token_url, + userInfoURL: provider.userinfo_url, + clientID: provider.client_id, + clientSecret: provider.client_secret, + callbackURL: `http://localhost/api/auth/${name}/callback`, + passReqToCallback: true + }, + async function(req, issuer, accessToken, refreshToken, params, profile, done) { + try { + const userInfo = (await fetch(provider.userinfo_url, { + headers: { 'Authorization': `Bearer ${accessToken}` } + })) + .json(); + + const user = { + id: userInfo.sub, + email: userInfo.email, + name: userInfo.name, + accessToken: accessToken, + refreshToken: refreshToken, + expiresIn: params.expires_in + }; + + // Store the tokens in the session + req.session.oauth2Tokens = { + accessToken: accessToken, + refreshToken: refreshToken, + expiresIn: params.expires_in + }; + + return done(null, user); + } catch (error) { + } + })); + + app.get(`/api/auth/${name}`, (req, res, next) => { + passport.authenticate(name, { + scope: provider.scopes.join(' ') ?? 'openid profile email offline_access', + prompt: 'consent' + }) (req, res, next); + }); + + app.get(`/api/auth/${name}/callback`, (req, res, next) => { + passport.authenticate(name, { + failureRedirect: '/login' + }) (req, res, next); + }, + + (req, res) => { + if (req.user) { + res.json(req.user); + } + else { + // create error in errorCodes.js + res.status(401).json({ error: 'Authentication failed' }); + } + } + ); + } +} + +module.exports = PassportOpenIDConnect; From bb9d1d4bcc3abeb94f148df012dd6855b882b7c8 Mon Sep 17 00:00:00 2001 From: Bruno Roesner Date: Sat, 28 Sep 2024 20:16:29 -0400 Subject: [PATCH 3/5] added rest of oidc (kind of) --- .../auth/modules/passport-providers/oidc.js | 83 +++--- server/package-lock.json | 247 ++++++++++++++++-- server/package.json | 5 +- 3 files changed, 267 insertions(+), 68 deletions(-) diff --git a/server/auth/modules/passport-providers/oidc.js b/server/auth/modules/passport-providers/oidc.js index abb0f86..546e8d9 100644 --- a/server/auth/modules/passport-providers/oidc.js +++ b/server/auth/modules/passport-providers/oidc.js @@ -1,65 +1,62 @@ var OpenIDConnectStrategy = require('passport-openidconnect') class PassportOpenIDConnect { - register(app, passport, name, provider) { + + async getConfigFromConfigURL(name,provider){ + try{ + const config = await fetch(provider.OIDC_CONFIG_URL) + return await config.json() + } catch (error) { + console.error(`Les informations de connexions de la connexion OIDC ${name} n'ont pu être chargées.`) + } + } + + async register(app, passport,endpoint, name, provider) { + + const config = await this.getConfigFromConfigURL(name,provider) + passport.use(name, new OpenIDConnectStrategy({ - issuer: provider.issuer_url, - authorizationURL: provider.authorization_url, - tokenURL: provider.token_url, - userInfoURL: provider.userinfo_url, - clientID: provider.client_id, - clientSecret: provider.client_secret, - callbackURL: `http://localhost/api/auth/${name}/callback`, - passReqToCallback: true + issuer: config.issuer, + authorizationURL: config.authorization_endpoint, + tokenURL: config.token_endpoint, + userInfoURL: config.userinfo_endpoint, + clientID: provider.OIDC_CLIENT_ID, + clientSecret: provider.OIDC_CLIENT_SECRET, + // callbackURL: `http://localhost:4400/api/auth/${name}/callback`, + callbackURL: `{endpoint}/${name}/callback`, + passReqToCallback: true, + scope: 'openid profile email ' + `${provider.OIDC_ADD_SCOPE}`, }, - async function(req, issuer, accessToken, refreshToken, params, profile, done) { + // patch pour la librairie permet d'obtenir les groupes, PR en cours mais "morte" : https://github.com/jaredhanson/passport-openidconnect/pull/101 + async function(req, issuer, profile, times, tok, done) { try { - const userInfo = (await fetch(provider.userinfo_url, { - headers: { 'Authorization': `Bearer ${accessToken}` } - })) - .json(); - const user = { - id: userInfo.sub, - email: userInfo.email, - name: userInfo.name, - accessToken: accessToken, - refreshToken: refreshToken, - expiresIn: params.expires_in + id: profile.id, + email: profile.emails[0].value, + name: profile.name.givenName, }; - - // Store the tokens in the session - req.session.oauth2Tokens = { - accessToken: accessToken, - refreshToken: refreshToken, - expiresIn: params.expires_in - }; - - return done(null, user); + return cb(null, user); } catch (error) { } })); - app.get(`/api/auth/${name}`, (req, res, next) => { + app.get(`${endpoint}/${name}`, (req, res, next) => { passport.authenticate(name, { - scope: provider.scopes.join(' ') ?? 'openid profile email offline_access', + scope: 'openid profile email offline_access'+ ` ${provider.OAUTH_ADD_SCOPE}`, prompt: 'consent' - }) (req, res, next); + })(req, res, next); }); - app.get(`/api/auth/${name}/callback`, (req, res, next) => { - passport.authenticate(name, { - failureRedirect: '/login' - }) (req, res, next); + app.get(`${endpoint}/${name}/callback`, + (req, res, next) => { + passport.authenticate(name, { failureRedirect: '/login' })(req, res, next); }, - (req, res) => { if (req.user) { - res.json(req.user); - } - else { - // create error in errorCodes.js - res.status(401).json({ error: 'Authentication failed' }); + res.json(req.user) + console.info(`L'utilisateur '${req.user.name}' vient de se connecter`) + } else { + res.status(401).json({ error: "L'authentification a échoué" }); } } ); diff --git a/server/package-lock.json b/server/package-lock.json index 46dcbb2..ff47fa6 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -7,6 +7,7 @@ "": { "name": "ets-pfe004-evaluetonsavoir-backend", "version": "1.0.0", + "hasInstallScript": true, "license": "MIT", "dependencies": { "bcrypt": "^5.1.1", @@ -22,6 +23,7 @@ "passport-oauth2": "^1.8.0", "passport-openid-oauth20": "^1.2.6", "passport-openidconnect": "^0.1.2", + "patch-package": "^8.0.0", "socket.io": "^4.7.2", "socket.io-client": "^4.7.2" }, @@ -1317,6 +1319,11 @@ "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", "dev": true }, + "node_modules/@yarnpkg/lockfile": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz", + "integrity": "sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==" + }, "node_modules/abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -1393,7 +1400,6 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, "dependencies": { "color-convert": "^2.0.1" }, @@ -1465,6 +1471,14 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", "dev": true }, + "node_modules/at-least-node": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", + "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", + "engines": { + "node": ">= 4.0.0" + } + }, "node_modules/babel-jest": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", @@ -1660,7 +1674,6 @@ "version": "3.0.3", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", - "dev": true, "dependencies": { "fill-range": "^7.1.1" }, @@ -1806,7 +1819,6 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "dev": true, "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -1822,7 +1834,6 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "dev": true, "engines": { "node": ">=8" } @@ -1831,7 +1842,6 @@ "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dev": true, "dependencies": { "has-flag": "^4.0.0" }, @@ -1887,7 +1897,6 @@ "version": "3.9.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==", - "dev": true, "funding": [ { "type": "github", @@ -1938,7 +1947,6 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, "dependencies": { "color-name": "~1.1.4" }, @@ -1949,8 +1957,7 @@ "node_modules/color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, "node_modules/color-support": { "version": "1.1.3", @@ -2118,7 +2125,6 @@ "version": "7.0.3", "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", - "dev": true, "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -2596,7 +2602,6 @@ "version": "7.1.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", - "dev": true, "dependencies": { "to-regex-range": "^5.0.1" }, @@ -2634,6 +2639,14 @@ "node": ">=8" } }, + "node_modules/find-yarn-workspace-root": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "integrity": "sha512-1IMnbjt4KzsQfnhnzNd8wUEgXZ44IzZaZmnLYx7D5FZlaHt2gW20Cri8Q+E/t5tIj4+epTBub+2Zxu/vNILzqQ==", + "dependencies": { + "micromatch": "^4.0.2" + } + }, "node_modules/form-data": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", @@ -2679,6 +2692,20 @@ "node": ">= 0.6" } }, + "node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/fs-minipass": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", @@ -2858,8 +2885,7 @@ "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", - "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", - "dev": true + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" }, "node_modules/has-flag": { "version": "3.0.0", @@ -3088,6 +3114,20 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/is-extglob": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", @@ -3130,7 +3170,6 @@ "version": "7.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", - "dev": true, "engines": { "node": ">=0.12.0" } @@ -3147,6 +3186,17 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "dependencies": { + "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", @@ -3155,8 +3205,7 @@ "node_modules/isexe": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", - "dev": true + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" }, "node_modules/istanbul-lib-coverage": { "version": "3.2.2", @@ -3963,6 +4012,28 @@ "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", "dev": true }, + "node_modules/json-stable-stringify": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify/-/json-stable-stringify-1.1.1.tgz", + "integrity": "sha512-SU/971Kt5qVQfJpyDveVhQ/vya+5hvrjClFOcr8c0Fq5aODJjMwutrOfCU+eCnVD5gpx1Q3fEqkyom77zH1iIg==", + "dependencies": { + "call-bind": "^1.0.5", + "isarray": "^2.0.5", + "jsonify": "^0.0.1", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/json-stable-stringify/node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, "node_modules/json5": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", @@ -3975,6 +4046,25 @@ "node": ">=6" } }, + "node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/jsonify": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.1.tgz", + "integrity": "sha512-2/Ki0GcmuqSrgFyelQq9M05y7PS0mEwuIzrf3f1fPqkVDVRvZrPZtVSMHxdgo8Aq0sxAOb/cr2aqqA3LeWHVPg==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/jsonwebtoken": { "version": "9.0.2", "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", @@ -4020,6 +4110,14 @@ "safe-buffer": "^5.0.1" } }, + "node_modules/klaw-sync": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/klaw-sync/-/klaw-sync-6.0.0.tgz", + "integrity": "sha512-nIeuVSzdCCs6TDPTqI8w1Yre34sSq7AkZ4B3sfOBbI2CgVSB4Du4aLQijFU2+lhAFCwt9+42Hel6lQNIv6AntQ==", + "dependencies": { + "graceful-fs": "^4.1.11" + } + }, "node_modules/kleur": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", @@ -4165,7 +4263,6 @@ "version": "4.0.8", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", - "dev": true, "dependencies": { "braces": "^3.0.3", "picomatch": "^2.3.1" @@ -4552,6 +4649,14 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "engines": { + "node": ">= 0.4" + } + }, "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -4594,6 +4699,29 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/open": { + "version": "7.4.2", + "resolved": "https://registry.npmjs.org/open/-/open-7.4.2.tgz", + "integrity": "sha512-MVHddDVweXZF3awtlAS+6pgKLlm/JgxZ90+/NBurBoQctVOOB/zDdVjcyPzQ+0laDGbsWgrRkflI65sQeOgT9Q==", + "dependencies": { + "is-docker": "^2.0.0", + "is-wsl": "^2.1.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/os-tmpdir": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "integrity": "sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/p-limit": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", @@ -4724,6 +4852,55 @@ "node": ">= 0.4.0" } }, + "node_modules/patch-package": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/patch-package/-/patch-package-8.0.0.tgz", + "integrity": "sha512-da8BVIhzjtgScwDJ2TtKsfT5JFWz1hYoBl9rUQ1f38MC2HwnEIkK8VN3dKMKcP7P7bvvgzNDbfNHtx3MsQb5vA==", + "dependencies": { + "@yarnpkg/lockfile": "^1.1.0", + "chalk": "^4.1.2", + "ci-info": "^3.7.0", + "cross-spawn": "^7.0.3", + "find-yarn-workspace-root": "^2.0.0", + "fs-extra": "^9.0.0", + "json-stable-stringify": "^1.0.2", + "klaw-sync": "^6.0.0", + "minimist": "^1.2.6", + "open": "^7.4.2", + "rimraf": "^2.6.3", + "semver": "^7.5.3", + "slash": "^2.0.0", + "tmp": "^0.0.33", + "yaml": "^2.2.2" + }, + "bin": { + "patch-package": "index.js" + }, + "engines": { + "node": ">=14", + "npm": ">5" + } + }, + "node_modules/patch-package/node_modules/rimraf": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", + "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", + "deprecated": "Rimraf versions prior to v4 are no longer supported", + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + } + }, + "node_modules/patch-package/node_modules/slash": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-2.0.0.tgz", + "integrity": "sha512-ZYKh3Wh2z1PpEXWr0MpSBZ0V6mZHAQfYevttO11c51CaWjGTaadiKZ+wVt1PbMlDV5qhMFslpZCemhwOK7C89A==", + "engines": { + "node": ">=6" + } + }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", @@ -4745,7 +4922,6 @@ "version": "3.1.1", "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", - "dev": true, "engines": { "node": ">=8" } @@ -4776,7 +4952,6 @@ "version": "2.3.1", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", - "dev": true, "engines": { "node": ">=8.6" }, @@ -5154,7 +5329,6 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", - "dev": true, "dependencies": { "shebang-regex": "^3.0.0" }, @@ -5166,7 +5340,6 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", - "dev": true, "engines": { "node": ">=8" } @@ -5605,6 +5778,17 @@ "node": ">=8" } }, + "node_modules/tmp": { + "version": "0.0.33", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==", + "dependencies": { + "os-tmpdir": "~1.0.2" + }, + "engines": { + "node": ">=0.6.0" + } + }, "node_modules/tmpl": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", @@ -5624,7 +5808,6 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "dev": true, "dependencies": { "is-number": "^7.0.0" }, @@ -5728,6 +5911,14 @@ "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.25.3.tgz", "integrity": "sha512-Ga1jfYwRn7+cP9v8auvEXN1rX3sWqlayd4HP7OKk4mZWylEmu3KzXDUGrQUN6Ol7qo1gPvB2e5gX6udnyEPgdA==" }, + "node_modules/universalify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", + "engines": { + "node": ">= 10.0.0" + } + }, "node_modules/unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", @@ -5834,7 +6025,6 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "dev": true, "dependencies": { "isexe": "^2.0.0" }, @@ -5938,6 +6128,17 @@ "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, + "node_modules/yaml": { + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.5.1.tgz", + "integrity": "sha512-bLQOjaX/ADgQ20isPJRvF0iRUHIxVhYvr53Of7wGcWlO2jvtUlH5m87DsmulFVxRpNLOnI4tB6p/oh8D7kpn9Q==", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14" + } + }, "node_modules/yargs": { "version": "17.7.2", "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", diff --git a/server/package.json b/server/package.json index aa537f2..c5015d0 100644 --- a/server/package.json +++ b/server/package.json @@ -7,7 +7,8 @@ "build": "webpack --config webpack.config.js", "start": "node app.js", "dev": "nodemon app.js", - "test": "jest" + "test": "jest", + "postinstall": "patch-package" }, "keywords": [], "author": "", @@ -24,8 +25,8 @@ "nodemailer": "^6.9.9", "passport": "^0.7.0", "passport-oauth2": "^1.8.0", - "passport-openid-oauth20": "^1.2.6", "passport-openidconnect": "^0.1.2", + "patch-package": "^8.0.0", "socket.io": "^4.7.2", "socket.io-client": "^4.7.2" }, From 813ea5944b5a7270ef1abae659ed240205e15eb0 Mon Sep 17 00:00:00 2001 From: Bruno Roesner Date: Sun, 29 Sep 2024 18:39:24 -0400 Subject: [PATCH 4/5] continued oidc --- server/.env.example | 5 ++++- server/app.js | 6 ++++++ server/auth/modules/passport-providers/oauth.js | 5 +++-- server/auth/modules/passport-providers/oidc.js | 7 ++++--- server/package-lock.json | 9 --------- server/patches/passport-openidconnect+0.1.2.patch | 12 ++++++++++++ 6 files changed, 29 insertions(+), 15 deletions(-) create mode 100644 server/patches/passport-openidconnect+0.1.2.patch diff --git a/server/.env.example b/server/.env.example index 59c14fc..8553a4b 100644 --- a/server/.env.example +++ b/server/.env.example @@ -15,4 +15,7 @@ JWT_SECRET=TOKEN! # Pour creer les liens images SESSION_Secret='session_secret' -FRONTEND_URL=http://localhost:5173 + +SITE_URL=http://localhost +FRONTEND_PORT=5173 +USE_PORTS=false diff --git a/server/app.js b/server/app.js index 73d9c53..ecf1319 100644 --- a/server/app.js +++ b/server/app.js @@ -17,6 +17,12 @@ const authRouter = require('./routers/auth.js') // Setup environement dotenv.config(); + +// Setup urls from configs +const use_ports = (process.env['USE_PORTS']).toLocaleLowerCase() == "true" +process.env['FRONTEND_URL'] = process.env['SITE_URL'] + (use_ports ? `:${process.env['FRONTEND_PORT']}`:"") +process.env['BACKEND_URL'] = process.env['SITE_URL'] + (use_ports ? `:${process.env['PORT']}`:"") + const db = require('./config/db.js'); const errorHandler = require("./middleware/errorHandler.js"); diff --git a/server/auth/modules/passport-providers/oauth.js b/server/auth/modules/passport-providers/oauth.js index 2b828e7..a38dc44 100644 --- a/server/auth/modules/passport-providers/oauth.js +++ b/server/auth/modules/passport-providers/oauth.js @@ -2,12 +2,13 @@ var OAuth2Strategy = require('passport-oauth2') class PassportOAuth { register(app, passport,endpoint, name, provider) { + const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback` passport.use(name, new OAuth2Strategy({ authorizationURL: provider.OAUTH_AUTHORIZATION_URL, tokenURL: provider.OAUTH_TOKEN_URL, clientID: provider.OAUTH_CLIENT_ID, clientSecret: provider.OAUTH_CLIENT_SECRET, - callbackURL: `${endpoint}/${name}/callback`, + callbackURL: cb_url, passReqToCallback: true }, async function(req, accessToken, refreshToken, params, profile, done) { @@ -64,4 +65,4 @@ class PassportOAuth { } } -module.exports = PassportOAuth; \ No newline at end of file +module.exports = PassportOAuth; diff --git a/server/auth/modules/passport-providers/oidc.js b/server/auth/modules/passport-providers/oidc.js index 546e8d9..7f7ffa2 100644 --- a/server/auth/modules/passport-providers/oidc.js +++ b/server/auth/modules/passport-providers/oidc.js @@ -14,6 +14,7 @@ class PassportOpenIDConnect { async register(app, passport,endpoint, name, provider) { const config = await this.getConfigFromConfigURL(name,provider) + const cb_url =`${process.env['BACKEND_URL']}${endpoint}/${name}/callback` passport.use(name, new OpenIDConnectStrategy({ issuer: config.issuer, @@ -22,8 +23,7 @@ class PassportOpenIDConnect { userInfoURL: config.userinfo_endpoint, clientID: provider.OIDC_CLIENT_ID, clientSecret: provider.OIDC_CLIENT_SECRET, - // callbackURL: `http://localhost:4400/api/auth/${name}/callback`, - callbackURL: `{endpoint}/${name}/callback`, + callbackURL: cb_url, passReqToCallback: true, scope: 'openid profile email ' + `${provider.OIDC_ADD_SCOPE}`, }, @@ -35,8 +35,9 @@ class PassportOpenIDConnect { email: profile.emails[0].value, name: profile.name.givenName, }; - return cb(null, user); + return done(null, user); } catch (error) { + } })); diff --git a/server/package-lock.json b/server/package-lock.json index ff47fa6..7c21c41 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -21,7 +21,6 @@ "nodemailer": "^6.9.9", "passport": "^0.7.0", "passport-oauth2": "^1.8.0", - "passport-openid-oauth20": "^1.2.6", "passport-openidconnect": "^0.1.2", "patch-package": "^8.0.0", "socket.io": "^4.7.2", @@ -4820,14 +4819,6 @@ "url": "https://github.com/sponsors/jaredhanson" } }, - "node_modules/passport-openid-oauth20": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/passport-openid-oauth20/-/passport-openid-oauth20-1.2.6.tgz", - "integrity": "sha512-L9OMSH/sT73gvk0TLU2UaWb1Gk5KqQB4c9penDTtpZGw6czzznaiA+xPzOAygGtqAIcfQXbW0d3e/UItxjoODQ==", - "dependencies": { - "passport-oauth2": "^1.5.0" - } - }, "node_modules/passport-openidconnect": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/passport-openidconnect/-/passport-openidconnect-0.1.2.tgz", diff --git a/server/patches/passport-openidconnect+0.1.2.patch b/server/patches/passport-openidconnect+0.1.2.patch new file mode 100644 index 0000000..e386741 --- /dev/null +++ b/server/patches/passport-openidconnect+0.1.2.patch @@ -0,0 +1,12 @@ +diff --git a/node_modules/passport-openidconnect/lib/profile.js b/node_modules/passport-openidconnect/lib/profile.js +index eeabf4e..8abe391 100644 +--- a/node_modules/passport-openidconnect/lib/profile.js ++++ b/node_modules/passport-openidconnect/lib/profile.js +@@ -17,6 +17,7 @@ exports.parse = function(json) { + if (json.middle_name) { profile.name.middleName = json.middle_name; } + } + if (json.email) { profile.emails = [ { value: json.email } ]; } ++ if (json.groups) { profile.groups = [ { value: json.groups } ]; } + + return profile; + }; From e45b0804ee74669dc61861a706b8f983f365fdf7 Mon Sep 17 00:00:00 2001 From: Bruno Roesner Date: Sun, 29 Sep 2024 18:44:16 -0400 Subject: [PATCH 5/5] changed env variables in docker compose --- docker-compose.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 947fb2a..c5d30c1 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -22,7 +22,10 @@ services: SENDER_EMAIL: infoevaluetonsavoir@gmail.com EMAIL_PSW: 'vvml wmfr dkzb vjzb' JWT_SECRET: haQdgd2jp09qb897GeBZyJetC8ECSpbFJe - FRONTEND_URL: "http://localhost:5173" + SESSION_Secret: 'lookMomImQuizzing' + SITE_URL: http://localhost + FRONTEND_PORT: 5173 + USE_PORTS: false volumes: - ./server/auth_config.json:/usr/src/app/serveur/config/auth_config.json depends_on: