Login/logout bugfix for OIDC strategy. (#5920)

* add extra logging

* fix how strategy is saved
This commit is contained in:
mstrhakr 2024-03-10 03:44:18 -04:00 committed by GitHub
parent fbe1445691
commit dfc08b05a9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -6655,6 +6655,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Setup auth strategies using passport if needed
if (typeof domain.authstrategies == 'object') {
parent.authLog('setupHTTPHandlers', `Setting up authentication strategies login and callback URLs for ${domain.id == '' ? 'root' : '"' + domain.id + '"'} domain.`);
// Twitter
if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.twitter) != 0) {
obj.app.get(url + 'auth-twitter', function (req, res, next) {
@ -6733,8 +6734,9 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Setup OpenID Connect URLs
if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.oidc) != 0) {
obj.app.get(url + 'auth-oidc', function (req, res, next) {
let authURL = url + 'auth-oidc'
parent.authLog('setupHTTPHandlers', `OIDC: Authorization URL: ${authURL}`);
obj.app.get(authURL, function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
domain.passport.authenticate(`oidc-${domain.id}`, { failureRedirect: '/', failureFlash: true })(req, res, next);
@ -6747,6 +6749,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
} else {
redirectPath = url + 'auth-oidc-callback'
}
parent.authLog('setupHTTPHandlers', `OIDC: Callback URL: ${redirectPath}`);
obj.app.get(redirectPath, obj.bodyParser.urlencoded({ extended: false }), function (req, res, next) {
var domain = getDomain(req);
if (domain.passport == null) { next(); return; }
@ -7303,7 +7306,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Setup OpenID Connect Authentication Strategy
if (obj.common.validateObject(domain.authstrategies.oidc)) {
parent.authLog('setupDomainAuthStrategy', `OIDC: Setting up strategy for domain: ${domain.id}`);
parent.authLog('setupDomainAuthStrategy', `OIDC: Setting up strategy for domain: ${domain.id == null ? 'default' : domain.id}`);
// Ensure required objects exist
let initStrategy = domain.authstrategies.oidc
if (typeof initStrategy.issuer == 'string') { initStrategy.issuer = { 'issuer': initStrategy.issuer } }
@ -7384,11 +7387,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
// Setup strategy and save configs for later
passport.use('oidc-' + domain.id, new strategy.obj.openidClient.Strategy(strategy.options, oidcCallback));
if (domain.dns == null) {
parent.config.domains[''].authstrategies.oidc = strategy;
} else if (typeof parent.config.domains[domain.id].authstrategies.oidc == 'object') {
parent.config.domains[domain.id].authstrategies.oidc = strategy;
}
parent.debug('verbose', 'OIDC: Saved Configuration: ' + JSON.stringify(strategy));
if (preset) { parent.authLog('setupDomainAuthStrategy', 'OIDC: ' + preset.toUpperCase() + ': Setup Complete'); }
else { parent.authLog('setupDomainAuthStrategy', 'OIDC: Setup Complete'); }
@ -7465,6 +7464,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
try {
if (!strategy.issuer.end_session_endpoint) {
strategy.issuer.end_session_endpoint = strategy.obj.client.endSessionUrl({ 'id_token_hint': tokenset })
parent.authLog('oidcCallback', `OIDC: Discovered end_session_endpoint: ${strategy.issuer.end_session_endpoint}`);
}
} catch (err) {
let error = new Error('OIDC: Discovering end_session_endpoint failed. Using Default.', { cause: err });