mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-30 03:16:12 +03:00
Fixed OAuth/SAML when used in multi-domain.
This commit is contained in:
parent
e6798f2b7d
commit
41701153d3
Binary file not shown.
42
webserver.js
42
webserver.js
@ -4199,8 +4199,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
return cb(null, user);
|
return cb(null, user);
|
||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-twitter', domain.passport.authenticate('twitter'));
|
obj.app.get(url + 'auth-twitter', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
|
if (domain.passport == null) { next(); return; }
|
||||||
|
domain.passport.authenticate('twitter')(req, res, next);
|
||||||
|
});
|
||||||
obj.app.get(url + 'auth-twitter-callback', function (req, res, next) {
|
obj.app.get(url + 'auth-twitter-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
||||||
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
||||||
@ -4225,8 +4230,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
return cb(null, user);
|
return cb(null, user);
|
||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-google', domain.passport.authenticate('google', { scope: ['profile', 'email'] }));
|
obj.app.get(url + 'auth-google', function (req, res, next) {
|
||||||
obj.app.get(url + 'auth-google-callback', domain.passport.authenticate('google', { failureRedirect: '/' }), handleStrategyLogin);
|
var domain = getDomain(req);
|
||||||
|
if (domain.passport == null) { next(); return; }
|
||||||
|
domain.passport.authenticate('google', { scope: ['profile', 'email'] })(req, res, next);
|
||||||
|
});
|
||||||
|
obj.app.get(url + 'auth-google-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
|
if (domain.passport == null) { next(); return; }
|
||||||
|
domain.passport.authenticate('google', { failureRedirect: '/' })(req, res, next);
|
||||||
|
}, handleStrategyLogin);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Github
|
// Github
|
||||||
@ -4240,8 +4253,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
return cb(null, user);
|
return cb(null, user);
|
||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-github', domain.passport.authenticate('github', { scope: ['user:email'] }));
|
obj.app.get(url + 'auth-github', function (req, res, next) {
|
||||||
obj.app.get(url + 'auth-github-callback', domain.passport.authenticate('github', { failureRedirect: '/' }), handleStrategyLogin);
|
var domain = getDomain(req);
|
||||||
|
if (domain.passport == null) { next(); return; }
|
||||||
|
domain.passport.authenticate('github', { scope: ['user:email'] })(req, res, next);
|
||||||
|
});
|
||||||
|
obj.app.get(url + 'auth-github-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
|
if (domain.passport == null) { next(); return; }
|
||||||
|
domain.passport.authenticate('github', { failureRedirect: '/' })(req, res, next);
|
||||||
|
}, handleStrategyLogin);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reddit
|
// Reddit
|
||||||
@ -4256,11 +4277,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-reddit', function (req, res, next) {
|
obj.app.get(url + 'auth-reddit', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
|
req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
|
||||||
domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next);
|
domain.passport.authenticate('reddit', { state: req.session.rstate, duration: 'permanent' })(req, res, next);
|
||||||
});
|
});
|
||||||
obj.app.get(url + 'auth-reddit-callback', function (req, res, next) {
|
obj.app.get(url + 'auth-reddit-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
||||||
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
||||||
@ -4302,11 +4325,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-azure', function (req, res, next) {
|
obj.app.get(url + 'auth-azure', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
|
req.session.rstate = obj.crypto.randomBytes(32).toString('hex');
|
||||||
domain.passport.authenticate('azure', { state: req.session.rstate })(req, res, next);
|
domain.passport.authenticate('azure', { state: req.session.rstate })(req, res, next);
|
||||||
});
|
});
|
||||||
obj.app.get(url + 'auth-azure-callback', function (req, res, next) {
|
obj.app.get(url + 'auth-azure-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
|
||||||
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
// This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
|
||||||
@ -4350,10 +4375,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-saml', function (req, res, next) {
|
obj.app.get(url + 'auth-saml', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
||||||
});
|
});
|
||||||
obj.app.post(url + 'auth-saml-callback', function (req, res, next) {
|
obj.app.post(url + 'auth-saml-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
||||||
}, handleStrategyLogin);
|
}, handleStrategyLogin);
|
||||||
@ -4382,15 +4409,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
else if ((typeof profile.FirstName == 'string') && (typeof profile.LastName == 'string')) { user.name = profile.FirstName + ' ' + profile.LastName; }
|
else if ((typeof profile.FirstName == 'string') && (typeof profile.LastName == 'string')) { user.name = profile.FirstName + ' ' + profile.LastName; }
|
||||||
if (typeof profile.email == 'string') { user.email = profile.email; }
|
if (typeof profile.email == 'string') { user.email = profile.email; }
|
||||||
else if (typeof profile.EmailAddress == 'string') { user.email = profile.EmailAddress; }
|
else if (typeof profile.EmailAddress == 'string') { user.email = profile.EmailAddress; }
|
||||||
console.log(user);
|
|
||||||
return done(null, user);
|
return done(null, user);
|
||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-intel', function (req, res, next) {
|
obj.app.get(url + 'auth-intel', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
||||||
});
|
});
|
||||||
obj.app.post(url + 'auth-intel-callback', function (req, res, next) {
|
obj.app.post(url + 'auth-intel-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
||||||
}, handleStrategyLogin);
|
}, handleStrategyLogin);
|
||||||
@ -4421,10 +4449,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||||||
}
|
}
|
||||||
));
|
));
|
||||||
obj.app.get(url + 'auth-jumpcloud', function (req, res, next) {
|
obj.app.get(url + 'auth-jumpcloud', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
||||||
});
|
});
|
||||||
obj.app.post(url + 'auth-jumpcloud-callback', function (req, res, next) {
|
obj.app.post(url + 'auth-jumpcloud-callback', function (req, res, next) {
|
||||||
|
var domain = getDomain(req);
|
||||||
if (domain.passport == null) { next(); return; }
|
if (domain.passport == null) { next(); return; }
|
||||||
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
domain.passport.authenticate('saml', { failureRedirect: '/', failureFlash: true })(req, res, next);
|
||||||
}, handleStrategyLogin);
|
}, handleStrategyLogin);
|
||||||
|
Loading…
Reference in New Issue
Block a user