fix: handle removed auth strategies

5 years ago · 4dcf664040
parent e319355017
commit 4dcf664040
4 changed files with 43 additions and 98 deletions
--- a/server/models/authentication.js
+++ b/server/models/authentication.js
@ -93,6 +93,11 @@ module.exports = class Authentication extends Model {
      for (const strategy of dbStrategies) {
        const strategyDef = _.find(WIKI.data.authentication, ['key', strategy.strategyKey])
        if (!strategyDef) {
          await WIKI.models.authentication.query().delete().where('key', strategy.key)
          WIKI.logger.info(`Authentication strategy ${strategy.strategyKey} was removed from disk: [ REMOVED ]`)
          continue
        }
        strategy.config = _.transform(strategyDef.props, (result, value, key) => {
          if (!_.has(result, key)) {
            _.set(result, key, value.default)
--- a/server/modules/authentication/oauth2/authentication.js
+++ b/server/modules/authentication/oauth2/authentication.js
@ -1,32 +0,0 @@
 /* global WIKI */
 // ------------------------------------
 // OAuth2 Account
 // ------------------------------------
 const OAuth2Strategy = require('passport-oauth2').Strategy
 module.exports = {
  init (passport, conf) {
    passport.use('oauth2',
      new OAuth2Strategy({
        authorizationURL: conf.authorizationURL,
        tokenURL: conf.tokenURL,
        clientID: conf.clientId,
        clientSecret: conf.clientSecret,
        callbackURL: conf.callbackURL,
        passReqToCallback: true
      }, async (req, accessToken, refreshToken, profile, cb) => {
        try {
          const user = await WIKI.models.users.processProfile({
            providerKey: req.params.strategy,
            profile
          })
          cb(null, user)
        } catch (err) {
          cb(err, null)
        }
      })
    )
  }
 }
--- a/server/modules/authentication/oauth2/definition.yml
+++ b/server/modules/authentication/oauth2/definition.yml
@ -1,58 +0,0 @@
 key: oauth2
 title: Generic OAuth2
 description: OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service.
 author: requarks.io
 logo: https://static.requarks.io/logo/oauth2.svg
 color: grey darken-4
 website: https://oauth.net/2/
 isAvailable: true
 useForm: false
 props:
  clientId:
    type: String
    title: Client ID
    hint: Application Client ID
    order: 1
  clientSecret:
    type: String
    title: Client Secret
    hint: Application Client Secret
    order: 2
  authorizationURL:
    type: String
    title: Authorization Endpoint URL
    hint: The full URL to the authorization endpoint, used to get an authorization code.
    order: 3
  tokenURL:
    type: String
    title: Token Endpoint URL
    hint: The full URL to the token endpoint, used to get an access token.
    order: 4
  mappingUID:
    title: Unique ID Field Mapping
    type: String
    default: 'id'
    hint: The field storing the user unique identifier, e.g. "id" or "_id".
    maxWidth: 500
    order: 20
  mappingEmail:
    title: Email Field Mapping
    type: String
    default: 'email'
    hint: The field storing the user email, e.g. "email" or "mail".
    maxWidth: 500
    order: 21
  mappingDisplayName:
    title: Display Name Field Mapping
    type: String
    default: 'name'
    hint: The field storing the user display name, e.g. "name", "displayName" or "username".
    maxWidth: 500
    order: 22
  mappingPicture:
    title: Avatar Picture Field Mapping
    type: String
    default: 'pictureUrl'
    hint: The field storing the user avatar picture, e.g. "pictureUrl" or "avatarUrl".
    maxWidth: 500
    order: 23
--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
@ -1,5 +1,5 @@
 key: oidc
-title: Generic OpenID Connect
+title: Generic OpenID Connect / OAuth2
 description: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
 author: requarks.io
 logo: https://static.requarks.io/logo/oidc.svg
@ -12,10 +12,40 @@ scopes:
  - profile
  - email
 props:
-  clientId: String
+  clientId:
-  clientSecret: String
+    type: String
-  authorizationURL: String
+    title: Client ID
-  tokenURL: String
+    hint: Application Client ID
-  issuer: String
+    order: 1
-  userInfoURL: String
+  clientSecret:
-  emailClaim: String
+    type: String
    title: Client Secret
    hint: Application Client Secret
    order: 2
  authorizationURL:
    type: String
    title: Authorization Endpoint URL
    hint: Application Authorization Endpoint URL
    order: 3
  tokenURL:
    type: String
    title: Token Endpoint URL
    hint: Application Token Endpoint URL
    order: 4
  userInfoURL:
    type: String
    title: User Info Endpoint URL
    hint: User Info Endpoint URL
    order: 5
  issuer:
    type: String
    title: Issuer
    hint: Issuer URL
    order: 6
  emailClaim:
    type: String
    title: Email Claim
    hint: Field containing the email address
    default: email
    maxWidth: 500
    order: 7