Trang chủ Khám phá Trợ giúp
Đăng nhập
mirrors
/
wikijs
mirror of https://github.com/Requarks/wiki.git
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

feat: fix + enable OIDC auth method (#2282)

* fix: pass userinfo URL in oidc strategy

The userinfo URL from the definition was not being provided to the
passport strategy, which resulted in a type error trying to resolve the
user's profile. Furthermore, the name of the defined URL was
inconsistent with all other authentication method URLs.

* fix: pass all necessary scopes to oidc auth method

When no scopes are provided, passport-openidconnect uses only `openid`,
which does not contain the username or email address. Include `profile`
and `email` to ensure the necessary claims are included.

* fix: update oidc method to call processProfile correctly

Now the profile object and providerKey are passed to processProfile. The
usernameClaim no longer has any use as the email address is the
username.

* fix: mark oidc authentication method as available
Dan Nicholson 4 năm trước cách đây
mục cha
95b6a7ad82
commit
d5d368cd33
2 tập tin đã thay đổi với 20 bổ sung13 xóa
Split View Hiển thị tình trạng sai khác
  1. 14 11
      server/modules/authentication/oidc/authentication.js
  2. 6 2
      server/modules/authentication/oidc/definition.yml

+ 14 - 11
server/modules/authentication/oidc/authentication.js
Xem Tập Tin 

@@ -17,18 +17,21 @@ module.exports = {
 
         clientID: conf.clientId,
 
         clientSecret: conf.clientSecret,
 
         issuer: conf.issuer,
 
+        userInfoURL: conf.userInfoURL,
 
         callbackURL: conf.callbackURL
 
-      }, (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, cb) => {
 
-        WIKI.models.users.processProfile({
 
-          id: jwtClaims.sub,
 
-          provider: 'oidc',
 
-          email: _.get(jwtClaims, conf.emailClaim),
 
-          name: _.get(jwtClaims, conf.usernameClaim)
 
-        }).then((user) => {
 
-          return cb(null, user) || true
 
-        }).catch((err) => {
 
-          return cb(err, null) || true
 
-        })
 
+      }, async (iss, sub, profile, cb) => {
 
+        try {
 
+          const user = await WIKI.models.users.processProfile({
 
+            profile: {
 
+              ...profile,
 
+              email: _.get(profile, '_json.' + conf.emailClaim)
 
+            },
 
+            providerKey: 'oidc'
 
+          })
 
+          cb(null, user)
 
+        } catch(err) {
 
+          cb(err, null)
 
+        }
 
       })
 
     )
 
   }

+ 6 - 2
server/modules/authentication/oidc/definition.yml
Xem Tập Tin 

@@ -5,13 +5,17 @@ author: requarks.io
 
 logo: https://static.requarks.io/logo/oidc.svg
 
 color: blue-grey darken-2
 
 website: http://openid.net/connect/
 
+isAvailable: true
 
 useForm: false
 
+scopes:
 
+  - openid
 
+  - profile
 
+  - email
 
 props:
 
   clientId: String
 
   clientSecret: String
 
   authorizationURL: String
 
   tokenURL: String
 
   issuer: String
 
-  userInfoUrl: String
 
+  userInfoURL: String
 
   emailClaim: String
 
-  usernameClaim: String