richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
405 Commits
3 Branches
119 Tags
73 MiB
Tree: d590c67d50
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd590c67d50'
${ noResults }
wiki/server/libs/auth.js

269 lines
8.2 KiB
Raw Normal View History

Merged core back into main project
7 years ago
chore: removed global eslint references
7 years ago
Merged core back into main project
7 years ago
feat: Authentication localization
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
feat: use of env vars anywhere in config files
7 years ago
Azure AD support + defaultReadAccess option + All Pages UI work
7 years ago
Merged core back into main project
7 years ago
fix: automatic root admin creation if heroku
7 years ago
Merged core back into main project
7 years ago
Install fixes
7 years ago
Merged core back into main project
7 years ago
Install fixes
7 years ago
Merged core back into main project
7 years ago
Install fixes
7 years ago
Merged core back into main project
7 years ago
fix: automatic root admin creation if heroku
7 years ago
Merged core back into main project
7 years ago
fix: automatic root admin creation if heroku
7 years ago
Merged core back into main project
7 years ago
  1. 'use strict'
  3. /* global appconfig, appdata, db, lang, winston */
  5. const fs = require('fs')
  7. module.exports = function (passport) {
  8. // Serialization user methods
  10. passport.serializeUser(function (user, done) {
  11. done(null, user._id)
  12. })
  14. passport.deserializeUser(function (id, done) {
  15. db.User.findById(id).then((user) => {
  16. if (user) {
  17. done(null, user)
  18. } else {
  19. done(new Error(lang.t('auth:errors:usernotfound')), null)
  20. }
  21. return true
  22. }).catch((err) => {
  23. done(err, null)
  24. })
  25. })
  27. // Local Account
  29. if (appconfig.auth.local && appconfig.auth.local.enabled) {
  30. const LocalStrategy = require('passport-local').Strategy
  31. passport.use('local',
  32. new LocalStrategy({
  33. usernameField: 'email',
  34. passwordField: 'password'
  35. },
  36. (uEmail, uPassword, done) => {
  37. db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => {
  38. if (user) {
  39. return user.validatePassword(uPassword).then(() => {
  40. return done(null, user) || true
  41. }).catch((err) => {
  42. return done(err, null)
  43. })
  44. } else {
  45. return done(new Error('INVALID_LOGIN'), null)
  46. }
  47. }).catch((err) => {
  48. done(err, null)
  49. })
  50. }
  51. ))
  52. }
  54. // Google ID
  56. if (appconfig.auth.google && appconfig.auth.google.enabled) {
  57. const GoogleStrategy = require('passport-google-oauth20').Strategy
  58. passport.use('google',
  59. new GoogleStrategy({
  60. clientID: appconfig.auth.google.clientId,
  61. clientSecret: appconfig.auth.google.clientSecret,
  62. callbackURL: appconfig.host + '/login/google/callback'
  63. },
  64. (accessToken, refreshToken, profile, cb) => {
  65. db.User.processProfile(profile).then((user) => {
  66. return cb(null, user) || true
  67. }).catch((err) => {
  68. return cb(err, null) || true
  69. })
  70. }
  71. ))
  72. }
  74. // Microsoft Accounts
  76. if (appconfig.auth.microsoft && appconfig.auth.microsoft.enabled) {
  77. const WindowsLiveStrategy = require('passport-windowslive').Strategy
  78. passport.use('windowslive',
  79. new WindowsLiveStrategy({
  80. clientID: appconfig.auth.microsoft.clientId,
  81. clientSecret: appconfig.auth.microsoft.clientSecret,
  82. callbackURL: appconfig.host + '/login/ms/callback'
  83. },
  84. function (accessToken, refreshToken, profile, cb) {
  85. db.User.processProfile(profile).then((user) => {
  86. return cb(null, user) || true
  87. }).catch((err) => {
  88. return cb(err, null) || true
  89. })
  90. }
  91. ))
  92. }
  94. // Facebook
  96. if (appconfig.auth.facebook && appconfig.auth.facebook.enabled) {
  97. const FacebookStrategy = require('passport-facebook').Strategy
  98. passport.use('facebook',
  99. new FacebookStrategy({
  100. clientID: appconfig.auth.facebook.clientId,
  101. clientSecret: appconfig.auth.facebook.clientSecret,
  102. callbackURL: appconfig.host + '/login/facebook/callback',
  103. profileFields: ['id', 'displayName', 'email']
  104. },
  105. function (accessToken, refreshToken, profile, cb) {
  106. db.User.processProfile(profile).then((user) => {
  107. return cb(null, user) || true
  108. }).catch((err) => {
  109. return cb(err, null) || true
  110. })
  111. }
  112. ))
  113. }
  115. // GitHub
  117. if (appconfig.auth.github && appconfig.auth.github.enabled) {
  118. const GitHubStrategy = require('passport-github2').Strategy
  119. passport.use('github',
  120. new GitHubStrategy({
  121. clientID: appconfig.auth.github.clientId,
  122. clientSecret: appconfig.auth.github.clientSecret,
  123. callbackURL: appconfig.host + '/login/github/callback',
  124. scope: [ 'user:email' ]
  125. },
  126. (accessToken, refreshToken, profile, cb) => {
  127. db.User.processProfile(profile).then((user) => {
  128. return cb(null, user) || true
  129. }).catch((err) => {
  130. return cb(err, null) || true
  131. })
  132. }
  133. ))
  134. }
  136. // Slack
  138. if (appconfig.auth.slack && appconfig.auth.slack.enabled) {
  139. const SlackStrategy = require('passport-slack').Strategy
  140. passport.use('slack',
  141. new SlackStrategy({
  142. clientID: appconfig.auth.slack.clientId,
  143. clientSecret: appconfig.auth.slack.clientSecret,
  144. callbackURL: appconfig.host + '/login/slack/callback'
  145. },
  146. (accessToken, refreshToken, profile, cb) => {
  147. db.User.processProfile(profile).then((user) => {
  148. return cb(null, user) || true
  149. }).catch((err) => {
  150. return cb(err, null) || true
  151. })
  152. }
  153. ))
  154. }
  156. // LDAP
  158. if (appconfig.auth.ldap && appconfig.auth.ldap.enabled) {
  159. const LdapStrategy = require('passport-ldapauth').Strategy
  160. passport.use('ldapauth',
  161. new LdapStrategy({
  162. server: {
  163. url: appconfig.auth.ldap.url,
  164. bindDn: appconfig.auth.ldap.bindDn,
  165. bindCredentials: appconfig.auth.ldap.bindCredentials,
  166. searchBase: appconfig.auth.ldap.searchBase,
  167. searchFilter: appconfig.auth.ldap.searchFilter,
  168. searchAttributes: ['displayName', 'name', 'cn', 'mail'],
  169. tlsOptions: (appconfig.auth.ldap.tlsEnabled) ? {
  170. ca: [
  171. fs.readFileSync(appconfig.auth.ldap.tlsCertPath)
  172. ]
  173. } : {}
  174. },
  175. usernameField: 'email',
  176. passReqToCallback: false
  177. },
  178. (profile, cb) => {
  179. profile.provider = 'ldap'
  180. profile.id = profile.dn
  181. db.User.processProfile(profile).then((user) => {
  182. return cb(null, user) || true
  183. }).catch((err) => {
  184. return cb(err, null) || true
  185. })
  186. }
  187. ))
  188. }
  190. // AZURE AD
  192. if (appconfig.auth.azure && appconfig.auth.azure.enabled) {
  193. const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy
  194. const jwt = require('jsonwebtoken')
  195. passport.use('azure_ad_oauth2',
  196. new AzureAdOAuth2Strategy({
  197. clientID: appconfig.auth.azure.clientId,
  198. clientSecret: appconfig.auth.azure.clientSecret,
  199. callbackURL: appconfig.host + '/login/azure/callback',
  200. resource: appconfig.auth.azure.resource,
  201. tenant: appconfig.auth.azure.tenant
  202. },
  203. (accessToken, refreshToken, params, profile, cb) => {
  204. let waadProfile = jwt.decode(params.id_token)
  205. waadProfile.id = waadProfile.oid
  206. waadProfile.provider = 'azure'
  207. db.User.processProfile(waadProfile).then((user) => {
  208. return cb(null, user) || true
  209. }).catch((err) => {
  210. return cb(err, null) || true
  211. })
  212. }
  213. ))
  214. }
  216. // Create users for first-time
  218. db.onReady.then(() => {
  219. return db.User.findOne({ provider: 'local', email: 'guest' }).then((c) => {
  220. if (c < 1) {
  221. // Create guest account
  223. return db.User.create({
  224. provider: 'local',
  225. email: 'guest',
  226. name: 'Guest',
  227. password: '',
  228. rights: [{
  229. role: 'read',
  230. path: '/',
  231. exact: false,
  232. deny: !appconfig.public
  233. }]
  234. }).then(() => {
  235. winston.info('[AUTH] Guest account created successfully!')
  236. }).catch((err) => {
  237. winston.error('[AUTH] An error occured while creating guest account:')
  238. winston.error(err)
  239. })
  240. }
  241. }).then(() => {
  242. if (process.env.WIKI_JS_HEROKU) {
  243. return db.User.findOne({ provider: 'local', email: process.env.WIKI_ADMIN_EMAIL }).then((c) => {
  244. if (c < 1) {
  245. // Create root admin account (HEROKU ONLY)
  247. return db.User.create({
  248. provider: 'local',
  249. email: process.env.WIKI_ADMIN_EMAIL,
  250. name: 'Administrator',
  251. password: '$2a$04$MAHRw785Xe/Jd5kcKzr3D.VRZDeomFZu2lius4gGpZZ9cJw7B7Mna', // admin123 (default)
  252. rights: [{
  253. role: 'admin',
  254. path: '/',
  255. exact: false,
  256. deny: false
  257. }]
  258. }).then(() => {
  259. winston.info('[AUTH] Root admin account created successfully!')
  260. }).catch((err) => {
  261. winston.error('[AUTH] An error occured while creating root admin account:')
  262. winston.error(err)
  263. })
  264. } else { return true }
  265. })
  266. } else { return true }
  267. })
  268. })
  269. }