richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
220 Commits
3 Branches
120 Tags
80 MiB
Tree: ddcbce054a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ddcbce054a'
${ noResults }
wiki/libs/auth.js

219 lines
6.5 KiB
Raw Normal View History

Merged core back into main project
7 years ago
Install fixes
7 years ago
Merged core back into main project
7 years ago
Install fixes
7 years ago
Merged core back into main project
7 years ago
Install fixes
7 years ago
Merged core back into main project
7 years ago
  1. 'use strict'
  3. /* global appconfig, appdata, db, winston */
  5. const LocalStrategy = require('passport-local').Strategy
  6. const GoogleStrategy = require('passport-google-oauth20').Strategy
  7. const WindowsLiveStrategy = require('passport-windowslive').Strategy
  8. const FacebookStrategy = require('passport-facebook').Strategy
  9. const GitHubStrategy = require('passport-github2').Strategy
  10. const SlackStrategy = require('passport-slack').Strategy
  11. const LdapStrategy = require('passport-ldapauth').Strategy
  12. const fs = require('fs')
  14. module.exports = function (passport) {
  15. // Serialization user methods
  17. passport.serializeUser(function (user, done) {
  18. done(null, user._id)
  19. })
  21. passport.deserializeUser(function (id, done) {
  22. db.User.findById(id).then((user) => {
  23. if (user) {
  24. done(null, user)
  25. } else {
  26. done(new Error('User not found.'), null)
  27. }
  28. return true
  29. }).catch((err) => {
  30. done(err, null)
  31. })
  32. })
  34. // Local Account
  36. if (!appdata.capabilities.manyAuthProviders || (appconfig.auth.local && appconfig.auth.local.enabled)) {
  37. passport.use('local',
  38. new LocalStrategy({
  39. usernameField: 'email',
  40. passwordField: 'password'
  41. },
  42. (uEmail, uPassword, done) => {
  43. db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => {
  44. if (user) {
  45. return user.validatePassword(uPassword).then(() => {
  46. return done(null, user) || true
  47. }).catch((err) => {
  48. return done(err, null)
  49. })
  50. } else {
  51. return done(new Error('INVALID_LOGIN'), null)
  52. }
  53. }).catch((err) => {
  54. done(err, null)
  55. })
  56. }
  57. ))
  58. }
  60. // Google ID
  62. if (appdata.capabilities.manyAuthProviders && appconfig.auth.google && appconfig.auth.google.enabled) {
  63. passport.use('google',
  64. new GoogleStrategy({
  65. clientID: appconfig.auth.google.clientId,
  66. clientSecret: appconfig.auth.google.clientSecret,
  67. callbackURL: appconfig.host + '/login/google/callback'
  68. },
  69. (accessToken, refreshToken, profile, cb) => {
  70. db.User.processProfile(profile).then((user) => {
  71. return cb(null, user) || true
  72. }).catch((err) => {
  73. return cb(err, null) || true
  74. })
  75. }
  76. ))
  77. }
  79. // Microsoft Accounts
  81. if (appdata.capabilities.manyAuthProviders && appconfig.auth.microsoft && appconfig.auth.microsoft.enabled) {
  82. passport.use('windowslive',
  83. new WindowsLiveStrategy({
  84. clientID: appconfig.auth.microsoft.clientId,
  85. clientSecret: appconfig.auth.microsoft.clientSecret,
  86. callbackURL: appconfig.host + '/login/ms/callback'
  87. },
  88. function (accessToken, refreshToken, profile, cb) {
  89. db.User.processProfile(profile).then((user) => {
  90. return cb(null, user) || true
  91. }).catch((err) => {
  92. return cb(err, null) || true
  93. })
  94. }
  95. ))
  96. }
  98. // Facebook
  100. if (appdata.capabilities.manyAuthProviders && appconfig.auth.facebook && appconfig.auth.facebook.enabled) {
  101. passport.use('facebook',
  102. new FacebookStrategy({
  103. clientID: appconfig.auth.facebook.clientId,
  104. clientSecret: appconfig.auth.facebook.clientSecret,
  105. callbackURL: appconfig.host + '/login/facebook/callback',
  106. profileFields: ['id', 'displayName', 'email']
  107. },
  108. function (accessToken, refreshToken, profile, cb) {
  109. db.User.processProfile(profile).then((user) => {
  110. return cb(null, user) || true
  111. }).catch((err) => {
  112. return cb(err, null) || true
  113. })
  114. }
  115. ))
  116. }
  118. // GitHub
  120. if (appdata.capabilities.manyAuthProviders && appconfig.auth.github && appconfig.auth.github.enabled) {
  121. passport.use('github',
  122. new GitHubStrategy({
  123. clientID: appconfig.auth.github.clientId,
  124. clientSecret: appconfig.auth.github.clientSecret,
  125. callbackURL: appconfig.host + '/login/github/callback',
  126. scope: [ 'user:email' ]
  127. },
  128. (accessToken, refreshToken, profile, cb) => {
  129. db.User.processProfile(profile).then((user) => {
  130. return cb(null, user) || true
  131. }).catch((err) => {
  132. return cb(err, null) || true
  133. })
  134. }
  135. ))
  136. }
  138. // Slack
  140. if (appdata.capabilities.manyAuthProviders && appconfig.auth.slack && appconfig.auth.slack.enabled) {
  141. passport.use('slack',
  142. new SlackStrategy({
  143. clientID: appconfig.auth.slack.clientId,
  144. clientSecret: appconfig.auth.slack.clientSecret,
  145. callbackURL: appconfig.host + '/login/slack/callback'
  146. },
  147. (accessToken, refreshToken, profile, cb) => {
  148. db.User.processProfile(profile).then((user) => {
  149. return cb(null, user) || true
  150. }).catch((err) => {
  151. return cb(err, null) || true
  152. })
  153. }
  154. ))
  155. }
  157. // LDAP
  159. if (appdata.capabilities.manyAuthProviders && appconfig.auth.ldap && appconfig.auth.ldap.enabled) {
  160. passport.use('ldapauth',
  161. new LdapStrategy({
  162. server: {
  163. url: appconfig.auth.ldap.url,
  164. bindDn: appconfig.auth.ldap.bindDn,
  165. bindCredentials: appconfig.auth.ldap.bindCredentials,
  166. searchBase: appconfig.auth.ldap.searchBase,
  167. searchFilter: appconfig.auth.ldap.searchFilter,
  168. searchAttributes: ['displayName', 'name', 'cn', 'mail'],
  169. tlsOptions: (appconfig.auth.ldap.tlsEnabled) ? {
  170. ca: [
  171. fs.readFileSync(appconfig.auth.ldap.tlsCertPath)
  172. ]
  173. } : {}
  174. },
  175. usernameField: 'email',
  176. passReqToCallback: false
  177. },
  178. (profile, cb) => {
  179. profile.provider = 'ldap'
  180. profile.id = profile.dn
  181. db.User.processProfile(profile).then((user) => {
  182. return cb(null, user) || true
  183. }).catch((err) => {
  184. return cb(err, null) || true
  185. })
  186. }
  187. ))
  188. }
  190. // Create users for first-time
  192. db.onReady.then(() => {
  193. db.User.findOne({ provider: 'local', email: 'guest' }).then((c) => {
  194. if (c < 1) {
  195. // Create guest account
  197. return db.User.create({
  198. provider: 'local',
  199. email: 'guest',
  200. name: 'Guest',
  201. password: '',
  202. rights: [{
  203. role: 'read',
  204. path: '/',
  205. exact: false,
  206. deny: !appconfig.public
  207. }]
  208. }).then(() => {
  209. winston.info('[AUTH] Guest account created successfully!')
  210. }).catch((err) => {
  211. winston.error('[AUTH] An error occured while creating guest account:')
  212. winston.error(err)
  213. })
  214. }
  215. })
  217. return true
  218. })
  219. }