huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
1da1c4e30a3aab0ff3d2c0fb495c5307f1bb67ae
speckle-server/packages/server/modules/auth/strategies/oidc.js
T
Gergő Jedlicska c6cd4c311d feat(serverinvites): create domain module in server invites (#2401) 
* chore(serverinvites): repository refactor for multiregion

* chore(serverinvites): remove migrated functions from old repository

* chore(serverinvites): refactor serverInviteForToken resolver for multiregion

* chore(serverinvites): invite processing service refactor for multiregion

* chore(serverinvites): subscription refactor for multiregion

* chore(serverinvites): move buildEmailContents to dedicated file

* chore(serverinvites): deleteAllStreamInvites function multiregion refactor

* chore(serverinvites): refactor deleteServerOnlyInvites multiregion repository

* chore(serverinvites): complete repository refactor for multiregion

* feat(serverinvites): create domain module in server invites

* fix(serverinvites): no relative imports

* feat(serverinvites): extract individual types from repository

* feat(serverinvites): move interfaces to operations

* fix(serverinvites): update imports referencing old interfaces file

* fix(serverinvites): type mismatch for insert invite and delete old

* chore(serverinvites): refactor to single repo function

* test(serverinvites): fix tests

* fix(serverinvites): use domain types in all places

* feat(serverinvites): WIP unity

* feat(serverinvites): move to new facory names and types

* feat(serverinvites): fix tests

* fix(serverinvites): use factory name

---------

Co-authored-by: Alessandro Magionami <alessandro.magionami@gmail.com>
2024-06-25 13:24:37 +02:00

164 lines
5.0 KiB
JavaScript
Raw Blame History

/* istanbul ignore file */
'use strict'
const passport = require('passport')
const { Issuer, Strategy } = require('openid-client')
const URL = require('url').URL
const { findOrCreateUser, getUserByEmail } = require('@/modules/core/services/users')
const { getServerInfo } = require('@/modules/core/services/generic')
const {
validateServerInvite,
finalizeInvitedServerRegistration,
resolveAuthRedirectPath
} = require('@/modules/serverinvites/services/inviteProcessingService')
const { logger } = require('@/logging/logging')
const {
getOidcDiscoveryUrl,
getBaseUrl,
getOidcClientId,
getOidcClientSecret,
getOidcName
} = require('@/modules/shared/helpers/envHelper')
const { passportAuthenticate } = require('@/modules/auth/services/passportService')
const { UnverifiedEmailSSOLoginError } = require('@/modules/core/errors/userinput')
const {
deleteServerOnlyInvitesFactory,
updateAllInviteTargetsFactory
} = require('@/modules/serverinvites/repositories/serverInvites')
const db = require('@/db/knex')
const { getNameFromUserInfo } = require('@/modules/auth/domain/logic')
module.exports = async (app, session, sessionStorage, finalizeAuth) => {
const oidcIssuer = await Issuer.discover(getOidcDiscoveryUrl())
const redirectUrl = new URL('/auth/oidc/callback', getBaseUrl()).toString()
const client = new oidcIssuer.Client({
// eslint-disable-next-line camelcase
client_id: getOidcClientId(),
// eslint-disable-next-line camelcase
client_secret: getOidcClientSecret(),
// eslint-disable-next-line camelcase
redirect_uris: [redirectUrl],
// eslint-disable-next-line camelcase
response_types: ['code']
})
passport.use(
'oidc',
new Strategy(
{ client, passReqToCallback: true },
async (req, tokenSet, userinfo, done) => {
req.session.tokenSet = tokenSet
req.session.userinfo = userinfo
const serverInfo = await getServerInfo()
try {
const email = userinfo['email']
const name = getNameFromUserInfo(userinfo)
const user = { email, name }
const existingUser = await getUserByEmail({ email: user.email })
if (existingUser && !existingUser.verified) {
throw new UnverifiedEmailSSOLoginError(undefined, {
info: {
email: user.email
}
})
}
// if there is an existing user, go ahead and log them in (regardless of
// whether the server is invite only or not).
if (existingUser) {
const myUser = await findOrCreateUser({
user,
rawProfile: userinfo
})
return done(null, myUser)
}
// if the server is not invite only, go ahead and log the user in.
if (!serverInfo.inviteOnly) {
const myUser = await findOrCreateUser({
user,
rawProfile: userinfo
})
// process invites
if (myUser.isNewUser) {
await finalizeInvitedServerRegistration({
deleteServerOnlyInvites: deleteServerOnlyInvitesFactory({ db }),
updateAllInviteTargets: updateAllInviteTargetsFactory({ db })
})(user.email, myUser.id)
}
return done(null, myUser)
}
// if the server is invite only and we have no invite id, throw.
if (serverInfo.inviteOnly && !req.session.inviteId) {
throw new Error('This server is invite only. Please provide an invite id.')
}
// validate the invite
const validInvite = await validateServerInvite(
user.email,
req.session.inviteId
)
// create the user
const myUser = await findOrCreateUser({
user: {
...user,
role: validInvite?.serverRole
},
rawProfile: userinfo
})
await finalizeInvitedServerRegistration({
deleteServerOnlyInvites: deleteServerOnlyInvitesFactory({ db }),
updateAllInviteTargets: updateAllInviteTargetsFactory({ db })
})(user.email, myUser.id)
// Resolve redirect path
req.authRedirectPath = resolveAuthRedirectPath(validInvite)
// return to the auth flow
return done(null, {
...myUser,
isInvite: !!validInvite
})
} catch (err) {
logger.error(err)
return done(err, false, { message: err.message })
}
}
)
)
app.get(
'/auth/oidc',
session,
sessionStorage,
passportAuthenticate('oidc', { scope: 'openid profile email' })
)
app.get(
'/auth/oidc/callback',
session,
passportAuthenticate('oidc', {
failureRedirect: '/error?message=Failed to authenticate.'
}),
finalizeAuth
)
return {
id: 'oidc',
name: getOidcName(),
icon: 'mdi-badge-account-horizontal-outline',
color: 'blue darken-3',
url: '/auth/oidc',
callbackUrl: new URL('/auth/oidc/callback', getBaseUrl()).toString()
}
}
Reference in New Issue View Git Blame Copy Permalink