wiki/server/models/authentication.js

const Model = require('objection').Model
const fs = require('fs-extra')
const path = require('path')
const _ = require('lodash')
const yaml = require('js-yaml')
const commonHelper = require('../helpers/common')

/* global WIKI */

/**
 * Authentication model
 */
module.exports = class Authentication extends Model {
  static get tableName() { return 'authentication' }
  static get idColumn() { return 'key' }

  static get jsonSchema () {
    return {
      type: 'object',
      required: ['key', 'isEnabled'],

      properties: {
        key: {type: 'string'},
        isEnabled: {type: 'boolean'},
        selfRegistration: {type: 'boolean'}
      }
    }
  }

  static get jsonAttributes() {
    return ['config', 'domainWhitelist', 'autoEnrollGroups']
  }

  static async getStrategy(key) {
    return WIKI.models.authentication.query().findOne({ key })
  }

  static async getStrategies(isEnabled) {
    const strategies = await WIKI.models.authentication.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})
    return _.sortBy(strategies.map(str => ({
      ...str,
      domainWhitelist: _.get(str.domainWhitelist, 'v', []),
      autoEnrollGroups: _.get(str.autoEnrollGroups, 'v', [])
    })), ['key'])
  }

  static async getStrategiesForLegacyClient() {
    const strategies = await WIKI.models.authentication.query().select('key', 'selfRegistration').where({ isEnabled: true })
    let formStrategies = []
    let socialStrategies = []

    for (let stg of strategies) {
      const stgInfo = _.find(WIKI.data.authentication, ['key', stg.key]) || {}
      if (stgInfo.useForm) {
        formStrategies.push({
          key: stg.key,
          title: stgInfo.title
        })
      } else {
        socialStrategies.push({
          ...stgInfo,
          ...stg,
          icon: await fs.readFile(path.join(WIKI.ROOTPATH, `assets/svg/auth-icon-${stg.key}.svg`), 'utf8').catch(err => {
            if (err.code === 'ENOENT') {
              return null
            }
            throw err
          })
        })
      }
    }

    return {
      formStrategies,
      socialStrategies
    }
  }

  static async refreshStrategiesFromDisk() {
    let trx
    try {
      const dbStrategies = await WIKI.models.authentication.query()

      // -> Fetch definitions from disk
      const authDirs = await fs.readdir(path.join(WIKI.SERVERPATH, 'modules/authentication'))
      let diskStrategies = []
      for (let dir of authDirs) {
        const def = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/authentication', dir, 'definition.yml'), 'utf8')
        diskStrategies.push(yaml.safeLoad(def))
      }
      WIKI.data.authentication = diskStrategies.map(strategy => ({
        ...strategy,
        props: commonHelper.parseModuleProps(strategy.props)
      }))

      let newStrategies = []
      for (let strategy of WIKI.data.authentication) {
        if (!_.some(dbStrategies, ['key', strategy.key])) {
          newStrategies.push({
            key: strategy.key,
            isEnabled: false,
            config: _.transform(strategy.props, (result, value, key) => {
              _.set(result, key, value.default)
              return result
            }, {}),
            selfRegistration: false,
            domainWhitelist: { v: [] },
            autoEnrollGroups: { v: [] }
          })
        } else {
          const strategyConfig = _.get(_.find(dbStrategies, ['key', strategy.key]), 'config', {})
          await WIKI.models.authentication.query().patch({
            config: _.transform(strategy.props, (result, value, key) => {
              if (!_.has(result, key)) {
                _.set(result, key, value.default)
              }
              return result
            }, strategyConfig)
          }).where('key', strategy.key)
        }
      }
      if (newStrategies.length > 0) {
        trx = await WIKI.models.Objection.transaction.start(WIKI.models.knex)
        for (let strategy of newStrategies) {
          await WIKI.models.authentication.query(trx).insert(strategy)
        }
        await trx.commit()
        WIKI.logger.info(`Loaded ${newStrategies.length} new authentication strategies: [ OK ]`)
      } else {
        WIKI.logger.info(`No new authentication strategies found: [ SKIPPED ]`)
      }
    } catch (err) {
      WIKI.logger.error(`Failed to scan or load new authentication providers: [ FAILED ]`)
      WIKI.logger.error(err)
      if (trx) {
        trx.rollback()
      }
    }
  }
}
refactor: remove config namespaces 7 years ago			`const Model = require('objection').Model`
feat: authentication module refactor + added CAS module 6 years ago			`const fs = require('fs-extra')`
refactor: remove config namespaces 7 years ago			`const path = require('path')`
			`const _ = require('lodash')`
feat: authentication module refactor + added CAS module 6 years ago			`const yaml = require('js-yaml')`
feat: core improvements + local fs provider + UI fixes 6 years ago			`const commonHelper = require('../helpers/common')`
refactor: remove config namespaces 7 years ago
			`/* global WIKI */`

			`/**`
			`* Authentication model`
			`*/`
			`module.exports = class Authentication extends Model {`
			`static get tableName() { return 'authentication' }`
fix: mssql initial migration crash 6 years ago			`static get idColumn() { return 'key' }`
refactor: remove config namespaces 7 years ago
			`static get jsonSchema () {`
			`return {`
			`type: 'object',`
feat: authentication improvements 6 years ago			`required: ['key', 'isEnabled'],`
refactor: remove config namespaces 7 years ago
			`properties: {`
			`key: {type: 'string'},`
			`isEnabled: {type: 'boolean'},`
fix: JSON fields handling for MariaDB 6 years ago			`selfRegistration: {type: 'boolean'}`
refactor: remove config namespaces 7 years ago			`}`
			`}`
			`}`

fix: JSON fields handling for MariaDB 6 years ago			`static get jsonAttributes() {`
			`return ['config', 'domainWhitelist', 'autoEnrollGroups']`
			`}`

feat: register server-side validation + forgot password UI 6 years ago			`static async getStrategy(key) {`
			`return WIKI.models.authentication.query().findOne({ key })`
			`}`

feat: auth jwt, permissions, login ui (wip) 6 years ago			`static async getStrategies(isEnabled) {`
			`const strategies = await WIKI.models.authentication.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})`
			`return _.sortBy(strategies.map(str => ({`
feat: auth self-registration config + gql grouping 6 years ago			`...str,`
			`domainWhitelist: _.get(str.domainWhitelist, 'v', []),`
			`autoEnrollGroups: _.get(str.autoEnrollGroups, 'v', [])`
feat: admin general + verify account 6 years ago			`})), ['key'])`
refactor: remove config namespaces 7 years ago			`}`

fix: legacy login errors + logout button 5 years ago			`static async getStrategiesForLegacyClient() {`
			`const strategies = await WIKI.models.authentication.query().select('key', 'selfRegistration').where({ isEnabled: true })`
			`let formStrategies = []`
			`let socialStrategies = []`

			`for (let stg of strategies) {`
			`const stgInfo = _.find(WIKI.data.authentication, ['key', stg.key]) \|\| {}`
			`if (stgInfo.useForm) {`
			`formStrategies.push({`
			`key: stg.key,`
			`title: stgInfo.title`
			`})`
			`} else {`
			`socialStrategies.push({`
			`...stgInfo,`
			`...stg,`
			icon: await fs.readFile(path.join(WIKI.ROOTPATH, `assets/svg/auth-icon-${stg.key}.svg`), 'utf8').catch(err => {
			`if (err.code === 'ENOENT') {`
			`return null`
			`}`
			`throw err`
			`})`
			`})`
			`}`
			`}`

			`return {`
			`formStrategies,`
			`socialStrategies`
			`}`
			`}`

refactor: remove config namespaces 7 years ago			`static async refreshStrategiesFromDisk() {`
fix: mysql + sqlite incompatible queries 6 years ago			`let trx`
refactor: remove config namespaces 7 years ago			`try {`
feat: core improvements + local fs provider + UI fixes 6 years ago			`const dbStrategies = await WIKI.models.authentication.query()`
feat: authentication module refactor + added CAS module 6 years ago
			`// -> Fetch definitions from disk`
			`const authDirs = await fs.readdir(path.join(WIKI.SERVERPATH, 'modules/authentication'))`
			`let diskStrategies = []`
			`for (let dir of authDirs) {`
			`const def = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/authentication', dir, 'definition.yml'), 'utf8')`
			`diskStrategies.push(yaml.safeLoad(def))`
			`}`
feat: authentication improvements 6 years ago			`WIKI.data.authentication = diskStrategies.map(strategy => ({`
			`...strategy,`
			`props: commonHelper.parseModuleProps(strategy.props)`
			`}))`
feat: authentication module refactor + added CAS module 6 years ago
refactor: remove config namespaces 7 years ago			`let newStrategies = []`
feat: authentication improvements 6 years ago			`for (let strategy of WIKI.data.authentication) {`
refactor: remove config namespaces 7 years ago			`if (!_.some(dbStrategies, ['key', strategy.key])) {`
			`newStrategies.push({`
			`key: strategy.key,`
			`isEnabled: false,`
feat: auth + storage config improvements 6 years ago			`config: _.transform(strategy.props, (result, value, key) => {`
feat: authentication improvements 6 years ago			`_.set(result, key, value.default)`
refactor: remove config namespaces 7 years ago			`return result`
feat: auth self-registration config + gql grouping 6 years ago			`}, {}),`
			`selfRegistration: false,`
			`domainWhitelist: { v: [] },`
			`autoEnrollGroups: { v: [] }`
refactor: remove config namespaces 7 years ago			`})`
feat: authentication improvements 6 years ago			`} else {`
			`const strategyConfig = _.get(_.find(dbStrategies, ['key', strategy.key]), 'config', {})`
			`await WIKI.models.authentication.query().patch({`
			`config: _.transform(strategy.props, (result, value, key) => {`
			`if (!_.has(result, key)) {`
			`_.set(result, key, value.default)`
			`}`
			`return result`
			`}, strategyConfig)`
			`}).where('key', strategy.key)`
refactor: remove config namespaces 7 years ago			`}`
feat: authentication improvements 6 years ago			`}`
refactor: remove config namespaces 7 years ago			`if (newStrategies.length > 0) {`
fix: mysql + sqlite incompatible queries 6 years ago			`trx = await WIKI.models.Objection.transaction.start(WIKI.models.knex)`
			`for (let strategy of newStrategies) {`
			`await WIKI.models.authentication.query(trx).insert(strategy)`
			`}`
			`await trx.commit()`
refactor: remove config namespaces 7 years ago			WIKI.logger.info(`Loaded ${newStrategies.length} new authentication strategies: [ OK ]`)
			`} else {`
			WIKI.logger.info(`No new authentication strategies found: [ SKIPPED ]`)
			`}`
			`} catch (err) {`
			WIKI.logger.error(`Failed to scan or load new authentication providers: [ FAILED ]`)
			`WIKI.logger.error(err)`
fix: mysql + sqlite incompatible queries 6 years ago			`if (trx) {`
			`trx.rollback()`
			`}`
refactor: remove config namespaces 7 years ago			`}`
			`}`
			`}`