More OAuth work.

This commit is contained in:
Ylian Saint-Hilaire 2020-05-14 01:41:03 -07:00
parent 55f7ba89b1
commit 23f087c460
10 changed files with 166 additions and 58 deletions

View File

@ -2555,6 +2555,7 @@ function mainStart() {
if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.apikey == 'string') && (typeof config.domains[i].authstrategies.twitter.apisecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
}
if ((config.domains[i].sessionrecording != null) && (config.domains[i].sessionrecording.index == true)) { recordingIndex = true; }
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.4 KiB

View File

@ -1891,7 +1891,7 @@
"ru": "Действия учетной записи",
"zh-chs": "帳戶動作",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->0"
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->0"
]
},
{
@ -1948,7 +1948,7 @@
"default-mobile.handlebars->9->154",
"default-mobile.handlebars->9->62",
"default-mobile.handlebars->9->64",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->1->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->1->0",
"default.handlebars->25->1115",
"default.handlebars->25->1117",
"default.handlebars->25->461",
@ -5066,7 +5066,7 @@
"ru": "Смена email",
"zh-chs": "更改電子郵件地址",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->5->changeEmailId->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->5->changeEmailId->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->p2AccountPassActions->accountChangeEmailAddressSpan->0"
]
},
@ -5084,7 +5084,7 @@
"ru": "Смена пароля",
"zh-chs": "更改密碼",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->7->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->7->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->p2AccountPassActions->3"
]
},
@ -7630,7 +7630,7 @@
"ru": "Удалить учетную запись",
"zh-chs": "刪除帳戶",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->9->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->9->0",
"default.handlebars->25->1442",
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->p2AccountPassActions->7"
]
@ -15495,6 +15495,13 @@
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->7->1->4->3"
]
},
{
"en": "Log in using an existing account",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->3",
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->3"
]
},
{
"cs": "Log-X",
"de": "Logarithmische Skala",
@ -16157,7 +16164,7 @@
"ru": "Управление приложением для проверки подлинности",
"zh-chs": "管理身份驗證器應用",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageAuthApp->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageAuthApp->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageAuthApp->1->0"
]
},
@ -16175,7 +16182,7 @@
"ru": "Управление резервными кодами",
"zh-chs": "管理備用碼",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageOtp->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageOtp->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageOtp->1->0"
]
},
@ -16193,7 +16200,7 @@
"ru": "Управление аутентификацией электронной почты",
"zh-chs": "管理電子郵件身份驗證",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageEmail2FA->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageEmail2FA->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageEmail2FA->1->0"
]
},
@ -16207,8 +16214,8 @@
"nl": "Beheer telefoonnummer",
"zh-chs": "管理电话号码",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->managePhoneNumber1->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->1->managePhoneNumber2->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->1->managePhoneNumber2->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->managePhoneNumber1->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->managePhoneNumber2->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->managePhoneNumber1->1->0"
]
@ -23900,6 +23907,40 @@
"default.handlebars->container->column_l->p6->p6info->p2ServerActions->3->p2ServerActionsErrors->0"
]
},
{
"en": "Sign-in using GitHub",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-github",
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-github"
]
},
{
"en": "Sign-in using Google",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-google",
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-google"
]
},
{
"en": "Sign-in using Intel",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-intel"
]
},
{
"en": "Sign-in using Reddit",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-reddit",
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-reddit"
]
},
{
"en": "Sign-in using Twitter",
"xloc": [
"login-mobile.handlebars->container->page_content->column_l->1->1->0->1->loginpanel->1->authStrategies->auth-twitter",
"login.handlebars->container->column_l->centralTable->1->0->logincell->loginpanel->1->authStrategies->auth-twitter"
]
},
{
"cs": "Jednoduchý režim řízený správcem (ACM)",
"de": "Einfacher Admin Control Mode (ACM)",
@ -27958,7 +27999,7 @@
"ru": "Подтвердить email",
"zh-chs": "驗證郵件",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->7->3->verifyEmailId->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->5->3->verifyEmailId->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountActions->3->verifyEmailId->0"
]
},
@ -30992,10 +31033,10 @@
"ru": "✓",
"ko": "✓",
"xloc": [
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageAuthApp->authAppSetupCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageEmail2FA->authEmailSetupCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->manageOtp->authCodesSetupCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->3->managePhoneNumber1->authPhoneNumberCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageAuthApp->authAppSetupCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageEmail2FA->authEmailSetupCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->manageOtp->authCodesSetupCheck->0",
"default-mobile.handlebars->container->page_content->column_l->p3->p3info->1->p3AccountActions->p2AccountSecurity->3->managePhoneNumber1->authPhoneNumberCheck->0",
"default.handlebars->container->column_l->p13->p13filetable->p13bigok->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageAuthApp->0->authAppSetupCheck->0",
"default.handlebars->container->column_l->p2->p2info->p2AccountSecurity->3->manageEmail2FA->0->authEmailSetupCheck->0",

View File

@ -295,6 +295,7 @@
<div id=p3info style="overflow-y:scroll;position:absolute;top:55px;bottom:0px;width:100%">
<div style="margin-left:8px">
<div id="p3AccountActions">
<div id="p2AccountSecurity" style="display:none">
<p><strong>Account Security</strong></p>
<div style="margin-left:9px;margin-bottom:8px">
<div id="managePhoneNumber1" style="margin-top:5px;display:none"><a onclick="account_managePhone()" style="cursor:pointer">Manage phone number</a> <span id="authPhoneNumberCheck"><strong>&#x2713;</strong></span></div>
@ -302,6 +303,7 @@
<div id="manageAuthApp" style="margin-top:5px;display:none"><a onclick="account_manageAuthApp()" style="cursor:pointer">Manage authenticator app</a> <span id="authAppSetupCheck"><strong>&#x2713;</strong></span></div>
<div id="manageOtp" style="margin-top:5px;display:none"><a onclick="account_manageOtp(0)" style="cursor:pointer">Manage backup codes</a> <span id="authCodesSetupCheck"><strong>&#x2713;</strong></span></div>
</div>
</div>
<p><strong>Account Actions</strong></p>
<div style="margin-left:9px;margin-bottom:8px">
<div style="margin-top:5px"><span id="managePhoneNumber2" style="display:none"><a onclick="account_managePhone()" style="cursor:pointer">Manage phone number</a></span></div>
@ -791,6 +793,7 @@
if (serverinfo.timeout) { setInterval(checkIdleSessionTimeout, 10000); checkIdleSessionTimeout(); }
QV('p3AccountActions', ((features & 4) == 0) && (serverinfo.domainauth == false)); // Hide Account Actions if in single user mode or domain authentication
QV('logoutMenuOption', ((features & 4) == 0) && (serverinfo.domainauth == false)); // Hide logout if in single user mode or domain authentication
QV('p2AccountSecurity', ((features & 4) == 0) && (serverinfo.domainauth == false) && ((features & 4096) != 0)); // Hide Account Security if in single user mode or domain authentication, 2 factor auth not supported.
break;
}
case 'authcookie': {

View File

@ -72,6 +72,15 @@
Don&#39;t have an account? <a onclick=xgo(2) style=cursor:pointer>Create one</a>.
</div>
<input id=loginformargs name="urlargs" type="hidden" value="" />
<div id="authStrategies" style="display:none">
<hr />
<div style="margin-bottom:8px">Log in using an existing account</div>
<a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
<a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
<a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
<a id="auth-intel" href="auth-intel" style="display:none"><img src="images/login/intel32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Intel" /></a>
</div>
</form>
</div>
<div id=createpanel style="display:none">
@ -303,6 +312,7 @@
var otpemail = ('{{{otpemail}}}' === 'true');
var otpsms = ('{{{otpsms}}}' === 'true');
var twoFactorCookieDays = parseInt('{{{twoFactorCookieDays}}}');
var authStrategies = '{{{authStrategies}}}'.split(',');
// Display the right server message
var messageid = parseInt('{{{messageid}}}');
@ -354,6 +364,16 @@
QV('createPanelHint', passRequirements.hint === true);
QV('resetpasswordpanelHint', passRequirements.hint === true);
// Setup authentication strategies
if (authStrategies != '') {
QV('authStrategies', true);
if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
if (authStrategies.indexOf('intel') >= 0) { QV('auth-intel', true); }
}
window.onresize = center;
center();
validateLogin();

View File

@ -76,6 +76,7 @@
<a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
<a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
<a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
</div>
</form>
</div>
@ -382,6 +383,7 @@
if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
}
// Display the welcome text

View File

@ -1678,6 +1678,44 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
});
}
// Called when a strategy login occured
// This is called after a succesful Oauth to Twitter, Google, GitHub...
function handleStrategyLogin(req, res) {
const domain = checkUserIpAddress(req, res);
if (domain == null) { return; }
parent.debug('web', 'handleStrategyLogin: ' + JSON.stringify(req.user));
if ((req.user != null) && (req.user.id != null) && (domain.id == req.user.id.split('/')[1])) {
const userid = req.user.id;
var user = obj.users[userid];
if (user == null) {
// Create the user
parent.debug('web', 'handleStrategyLogin: creating new user: ' + userid);
user = { type: 'user', _id: userid, name: req.user.name, email: req.user.email, domain: domain.id };
if (req.user.email != null) { user.email = req.user.email; user.emailVerified = true; }
obj.users[userid] = user;
obj.db.SetUser(user);
// TODO: Event user creation
req.session.userid = req.user.id;
req.session.domainid = domain.id;
} else {
// Login success
var userChange = false;
if ((req.user.name != null) && (req.user.name != user.name)) { user.name = req.user.name; userChange = true; }
if ((req.user.email != null) && (req.user.email != user.email)) { user.email = req.user.email; user.emailVerified = true; userChange = true; }
if (userChange) {
obj.db.SetUser(user);
// TODO: Event user change
}
parent.debug('web', 'handleStrategyLogin: succesful login: ' + userid);
req.session.userid = req.user.id;
req.session.domainid = domain.id;
}
}
//res.redirect(domain.url); // This does not handle cookie correctly.
res.set('Content-Type', 'text/html');
res.end('<html><head><meta http-equiv="refresh" content=0;url="' + domain.url + '"></head><body></body></html>');
}
// Indicates that any request to "/" should render "default" or "login" depending on login state
function handleRootRequest(req, res, direct) {
const domain = checkUserIpAddress(req, res);
@ -1865,7 +1903,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (obj.args.allowhighqualitydesktop !== false) { features += 0x00000200; } // Enable AllowHighQualityDesktop (Default true)
if (obj.args.lanonly == true || obj.args.mpsport == 0) { features += 0x00000400; } // No CIRA
if ((obj.parent.serverSelfWriteAllowed == true) && (user != null) && (user.siteadmin == 0xFFFFFFFF)) { features += 0x00000800; } // Server can self-write (Allows self-update)
if ((parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.nousers !== true)) { features += 0x00001000; } // 2-step login supported
if ((parent.config.settings.no2factorauth !== true) && (domain.auth != 'sspi') && (obj.parent.certificates.CommonName.indexOf('.') != -1) && (obj.args.nousers !== true) && (user._id.split('/')[2][0] != '~')) { features += 0x00001000; } // 2FA login supported
if (domain.agentnoproxy === true) { features += 0x00002000; } // Indicates that agents should be installed without using a HTTP proxy
if ((parent.config.settings.no2factorauth !== true) && domain.yubikey && domain.yubikey.id && domain.yubikey.secret) { features += 0x00004000; } // Indicates Yubikey support
if (domain.geolocation == true) { features += 0x00008000; } // Enable geo-location features
@ -1997,6 +2035,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.apikey == 'string') && (typeof domain.authstrategies.twitter.apisecret == 'string')) { authStrategies.push('twitter'); }
if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) { authStrategies.push('google'); }
if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) { authStrategies.push('github'); }
if ((typeof domain.authstrategies.reddit == 'object') && (typeof domain.authstrategies.reddit.clientid == 'string') && (typeof domain.authstrategies.reddit.clientsecret == 'string')) { authStrategies.push('reddit'); }
if ((typeof domain.authstrategies.intel == 'object') && (typeof domain.authstrategies.intel.clientid == 'string') && (typeof domain.authstrategies.intel.clientsecret == 'string')) { authStrategies.push('intel'); }
}
// Render the login page
@ -3997,19 +4037,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
obj.app.get(url + 'pluginHandler.js', obj.handlePluginJS);
}
// Setup passport if needed
// Setup auth strategies using passport if needed
if (typeof domain.authstrategies == 'object') {
const passport = domain.passport = require('passport');
passport.serializeUser(function (user, done) { done(null, user.id); });
passport.deserializeUser(function (id, done) { done(null, { id: id }); });
obj.app.use(passport.initialize());
// Twitter
if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.apikey == 'string') && (typeof domain.authstrategies.twitter.apisecret == 'string')) {
const TwitterStrategy = require('passport-twitter');
passport.use(new TwitterStrategy({
consumerKey: domain.authstrategies.twitter.apikey,
consumerSecret: domain.authstrategies.twitter.apisecret,
callbackURL: url + 'auth-twitter-callback'
},
passport.use(new TwitterStrategy({ consumerKey: domain.authstrategies.twitter.apikey, consumerSecret: domain.authstrategies.twitter.apisecret, callbackURL: url + 'auth-twitter-callback' },
function (token, tokenSecret, profile, cb) {
var user = { id: 'user/' + domain.id + '/~twitter:' + profile.id, name: profile.displayName };
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
@ -4017,21 +4055,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
));
obj.app.get(url + 'auth-twitter', domain.passport.authenticate('twitter'));
obj.app.get(url + 'auth-twitter-callback',
domain.passport.authenticate('twitter', { failureRedirect: '/' }),
function (req, res) {
// Successful authentication, redirect home.
console.log('Twitter', req.session, req.user);
res.redirect('/');
});
obj.app.get(url + 'auth-twitter-callback', domain.passport.authenticate('twitter', { failureRedirect: '/' }), handleStrategyLogin);
}
// Google
if ((typeof domain.authstrategies.google == 'object') && (typeof domain.authstrategies.google.clientid == 'string') && (typeof domain.authstrategies.google.clientsecret == 'string')) {
const GoogleStrategy = require('passport-google-oauth20');
passport.use(new GoogleStrategy({
clientID: domain.authstrategies.google.clientid,
clientSecret: domain.authstrategies.google.clientsecret,
callbackURL: url + 'auth-google-callback'
},
passport.use(new GoogleStrategy({ clientID: domain.authstrategies.google.clientid, clientSecret: domain.authstrategies.google.clientsecret, callbackURL: url + 'auth-google-callback' },
function (token, tokenSecret, profile, cb) {
var user = { id: 'user/' + domain.id + '/~google:' + profile.id, name: profile.displayName };
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string') && (profile.emails[0].verified == true)) { user.email = profile.emails[0].value; }
@ -4039,21 +4069,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
));
obj.app.get(url + 'auth-google', domain.passport.authenticate('google', { scope: ['profile', 'email'] }));
obj.app.get(url + 'auth-google-callback',
domain.passport.authenticate('google', { failureRedirect: '/' }),
function (req, res) {
// Successful authentication, redirect home.
console.log('Google', req.session, req.user);
res.redirect('/');
});
obj.app.get(url + 'auth-google-callback', domain.passport.authenticate('google', { failureRedirect: '/' }), handleStrategyLogin);
}
// Github
if ((typeof domain.authstrategies.github == 'object') && (typeof domain.authstrategies.github.clientid == 'string') && (typeof domain.authstrategies.github.clientsecret == 'string')) {
const GitHubStrategy = require('passport-github2');
passport.use(new GitHubStrategy({
clientID: domain.authstrategies.github.clientid,
clientSecret: domain.authstrategies.github.clientsecret,
callbackURL: url + 'auth-github-callback'
},
passport.use(new GitHubStrategy({ clientID: domain.authstrategies.github.clientid, clientSecret: domain.authstrategies.github.clientsecret, callbackURL: url + 'auth-github-callback' },
function (token, tokenSecret, profile, cb) {
var user = { id: 'user/' + domain.id + '/~github:' + profile.id, name: profile.displayName };
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
@ -4061,13 +4083,32 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
}
));
obj.app.get(url + 'auth-github', domain.passport.authenticate('github', { scope: ['user:email'] }));
obj.app.get(url + 'auth-github-callback',
domain.passport.authenticate('github', { failureRedirect: '/' }),
function (req, res) {
// Successful authentication, redirect home.
console.log('GitHub', req.session, req.user);
res.redirect('/');
obj.app.get(url + 'auth-github-callback', domain.passport.authenticate('github', { failureRedirect: '/' }), handleStrategyLogin);
}
// Reddit
if ((typeof domain.authstrategies.reddit == 'object') && (typeof domain.authstrategies.reddit.clientid == 'string') && (typeof domain.authstrategies.reddit.clientsecret == 'string')) {
const RedditStrategy = require('passport-reddit');
passport.use(new RedditStrategy.Strategy({ clientID: domain.authstrategies.reddit.clientid, clientSecret: domain.authstrategies.reddit.clientsecret, callbackURL: url + 'auth-reddit-callback' },
function (token, tokenSecret, profile, cb) {
var user = { id: 'user/' + domain.id + '/~reddit:' + profile.id, name: profile.name };
if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
return cb(null, user);
}
));
obj.app.get(url + 'auth-reddit', function(req, res, next) {
domain.passport.authenticate('reddit', { state: 'rcookie', duration: 'permanent' })(req, res, next); // TODO: Replace 'rcookie' with a time-limited cookie
});
obj.app.get(url + 'auth-reddit-callback',
function(req, res, next) {
if (req.query.state == 'rcookie') {
delete req.session.rstate;
domain.passport.authenticate('reddit', { failureRedirect: '/' })(req, res, next);
} else {
delete req.session.rstate;
next(new Error(403));
}
}, handleStrategyLogin);
}
}