From 5911867b211e23905f67574f4361a5bf7b2956de Mon Sep 17 00:00:00 2001 From: NGPixel Date: Fri, 15 Oct 2021 22:36:30 -0400 Subject: [PATCH] fix: various OAuth2 fixes --- .../authentication/oauth2/authentication.js | 19 ++++++++++----- .../authentication/oauth2/definition.yml | 24 ++++++++++++------- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/server/modules/authentication/oauth2/authentication.js b/server/modules/authentication/oauth2/authentication.js index ea443d97..55b6cd84 100644 --- a/server/modules/authentication/oauth2/authentication.js +++ b/server/modules/authentication/oauth2/authentication.js @@ -3,7 +3,7 @@ const _ = require('lodash') /* global WIKI */ // ------------------------------------ -// OAuth2 Connect Account +// OAuth2 Account // ------------------------------------ const OAuth2Strategy = require('passport-oauth2').Strategy @@ -17,15 +17,15 @@ module.exports = { clientSecret: conf.clientSecret, userInfoURL: conf.userInfoURL, callbackURL: conf.callbackURL, - passReqToCallback: true, + passReqToCallback: true }, async (req, accessToken, refreshToken, profile, cb) => { try { const user = await WIKI.models.users.processProfile({ providerKey: req.params.strategy, profile: { ...profile, - id: _.get(profile, conf.userId), - displayName: _.get(profile, conf.displayName, ''), + id: _.get(profile, conf.userIdClaim), + displayName: _.get(profile, conf.displayNameClaim, '???'), email: _.get(profile, conf.emailClaim) } }) @@ -36,19 +36,26 @@ module.exports = { }) client.userProfile = function (accesstoken, done) { - this._oauth2._useAuthorizationHeaderForGET = true; + this._oauth2._useAuthorizationHeaderForGET = true this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => { if (err) { return done(err) } try { data = JSON.parse(data) - } catch(e) { + } catch (e) { return done(e) } done(null, data) }) } passport.use('oauth2', client) + }, + logout (conf) { + if (!conf.logoutURL) { + return '/' + } else { + return conf.logoutURL + } } } diff --git a/server/modules/authentication/oauth2/definition.yml b/server/modules/authentication/oauth2/definition.yml index b3f8f9cb..3774a2d4 100644 --- a/server/modules/authentication/oauth2/definition.yml +++ b/server/modules/authentication/oauth2/definition.yml @@ -1,6 +1,6 @@ key: oauth2 -title: OAuth2 -description: OAuth 2.0 protocol. +title: Generic OAuth2 +description: OAuth 2.0 is the industry-standard protocol for authorization. author: requarks.io logo: https://static.requarks.io/logo/oauth2.svg color: blue-grey darken-2 @@ -33,23 +33,29 @@ props: title: User Info Endpoint URL hint: User Info Endpoint URL order: 5 - userId: + userIdClaim: type: String - title: ID - hint: User ID + title: ID Claim + hint: Field containing the user ID default: id + maxWidth: 500 order: 6 - displayName: + displayNameClaim: type: String - title: Display Name - hint: Field containing display name + title: Display Name Claim + hint: Field containing user display name default: displayName maxWidth: 500 order: 7 emailClaim: type: String title: Email Claim - hint: Field containing the email address + hint: Field containing the user email address default: email maxWidth: 500 order: 8 + logoutURL: + type: String + title: Logout URL + hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process. + order: 9