| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- const _ = require('lodash')
- /* global WIKI */
- // ------------------------------------
- // OpenID Connect Account
- // ------------------------------------
- const OpenIDConnectStrategy = require('passport-openidconnect').Strategy
- module.exports = {
- init (passport, conf) {
- passport.use(conf.key,
- new OpenIDConnectStrategy({
- authorizationURL: conf.authorizationURL,
- tokenURL: conf.tokenURL,
- clientID: conf.clientId,
- clientSecret: conf.clientSecret,
- issuer: conf.issuer,
- userInfoURL: conf.userInfoURL,
- callbackURL: conf.callbackURL,
- passReqToCallback: true
- }, async (req, iss, uiProfile, idProfile, context, idToken, accessToken, refreshToken, params, cb) => {
- const profile = Object.assign({}, idProfile, uiProfile)
- try {
- const user = await WIKI.models.users.processProfile({
- providerKey: req.params.strategy,
- profile: {
- ...profile,
- email: _.get(profile, '_json.' + conf.emailClaim)
- }
- })
- if (conf.mapGroups) {
- const groups = _.get(profile, '_json.' + conf.groupsClaim)
- if (groups && _.isArray(groups)) {
- const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)
- const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)
- for (const groupId of _.difference(expectedGroups, currentGroups)) {
- await user.$relatedQuery('groups').relate(groupId)
- }
- for (const groupId of _.difference(currentGroups, expectedGroups)) {
- await user.$relatedQuery('groups').unrelate().where('groupId', groupId)
- }
- }
- }
- cb(null, user)
- } catch (err) {
- cb(err, null)
- }
- })
- )
- },
- logout (conf) {
- if (!conf.logoutURL) {
- return '/'
- } else {
- return conf.logoutURL
- }
- }
- }
|
