|
|
'use strict'
/* global appconfig, appdata, db, lang, winston */
const fs = require('fs')
module.exports = function (passport) { // Serialization user methods
passport.serializeUser(function (user, done) { done(null, user._id) })
passport.deserializeUser(function (id, done) { db.User.findById(id).then((user) => { if (user) { done(null, user) } else { done(new Error(lang.t('auth:errors:usernotfound')), null) } return true }).catch((err) => { done(err, null) }) })
// Local Account
if (appconfig.auth.local && appconfig.auth.local.enabled) { const LocalStrategy = require('passport-local').Strategy passport.use('local', new LocalStrategy({ usernameField: 'email', passwordField: 'password' }, (uEmail, uPassword, done) => { db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => { if (user) { return user.validatePassword(uPassword).then(() => { return done(null, user) || true }).catch((err) => { return done(err, null) }) } else { return done(new Error('INVALID_LOGIN'), null) } }).catch((err) => { done(err, null) }) } )) }
// Google ID
if (appconfig.auth.google && appconfig.auth.google.enabled) { const GoogleStrategy = require('passport-google-oauth20').Strategy passport.use('google', new GoogleStrategy({ clientID: appconfig.auth.google.clientId, clientSecret: appconfig.auth.google.clientSecret, callbackURL: appconfig.host + '/login/google/callback' }, (accessToken, refreshToken, profile, cb) => { db.User.processProfile(profile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// Microsoft Accounts
if (appconfig.auth.microsoft && appconfig.auth.microsoft.enabled) { const WindowsLiveStrategy = require('passport-windowslive').Strategy passport.use('windowslive', new WindowsLiveStrategy({ clientID: appconfig.auth.microsoft.clientId, clientSecret: appconfig.auth.microsoft.clientSecret, callbackURL: appconfig.host + '/login/ms/callback' }, function (accessToken, refreshToken, profile, cb) { db.User.processProfile(profile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// Facebook
if (appconfig.auth.facebook && appconfig.auth.facebook.enabled) { const FacebookStrategy = require('passport-facebook').Strategy passport.use('facebook', new FacebookStrategy({ clientID: appconfig.auth.facebook.clientId, clientSecret: appconfig.auth.facebook.clientSecret, callbackURL: appconfig.host + '/login/facebook/callback', profileFields: ['id', 'displayName', 'email'] }, function (accessToken, refreshToken, profile, cb) { db.User.processProfile(profile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// GitHub
if (appconfig.auth.github && appconfig.auth.github.enabled) { const GitHubStrategy = require('passport-github2').Strategy passport.use('github', new GitHubStrategy({ clientID: appconfig.auth.github.clientId, clientSecret: appconfig.auth.github.clientSecret, callbackURL: appconfig.host + '/login/github/callback', scope: [ 'user:email' ] }, (accessToken, refreshToken, profile, cb) => { db.User.processProfile(profile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// Slack
if (appconfig.auth.slack && appconfig.auth.slack.enabled) { const SlackStrategy = require('passport-slack').Strategy passport.use('slack', new SlackStrategy({ clientID: appconfig.auth.slack.clientId, clientSecret: appconfig.auth.slack.clientSecret, callbackURL: appconfig.host + '/login/slack/callback' }, (accessToken, refreshToken, profile, cb) => { db.User.processProfile(profile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// LDAP
if (appconfig.auth.ldap && appconfig.auth.ldap.enabled) { const LdapStrategy = require('passport-ldapauth').Strategy passport.use('ldapauth', new LdapStrategy({ server: { url: appconfig.auth.ldap.url, bindDn: appconfig.auth.ldap.bindDn, bindCredentials: appconfig.auth.ldap.bindCredentials, searchBase: appconfig.auth.ldap.searchBase, searchFilter: appconfig.auth.ldap.searchFilter, searchAttributes: ['displayName', 'name', 'cn', 'mail'], tlsOptions: (appconfig.auth.ldap.tlsEnabled) ? { ca: [ fs.readFileSync(appconfig.auth.ldap.tlsCertPath) ] } : {} }, usernameField: 'email', passReqToCallback: false }, (profile, cb) => { profile.provider = 'ldap' profile.id = profile.dn db.User.processProfile(profile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// AZURE AD
if (appconfig.auth.azure && appconfig.auth.azure.enabled) { const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy const jwt = require('jsonwebtoken') passport.use('azure_ad_oauth2', new AzureAdOAuth2Strategy({ clientID: appconfig.auth.azure.clientId, clientSecret: appconfig.auth.azure.clientSecret, callbackURL: appconfig.host + '/login/azure/callback', resource: appconfig.auth.azure.resource, tenant: appconfig.auth.azure.tenant }, (accessToken, refreshToken, params, profile, cb) => { let waadProfile = jwt.decode(params.id_token) waadProfile.id = waadProfile.oid waadProfile.provider = 'azure' db.User.processProfile(waadProfile).then((user) => { return cb(null, user) || true }).catch((err) => { return cb(err, null) || true }) } )) }
// Create users for first-time
db.onReady.then(() => { return db.User.findOne({ provider: 'local', email: 'guest' }).then((c) => { if (c < 1) { // Create guest account
return db.User.create({ provider: 'local', email: 'guest', name: 'Guest', password: '', rights: [{ role: 'read', path: '/', exact: false, deny: !appconfig.public }] }).then(() => { winston.info('[AUTH] Guest account created successfully!') }).catch((err) => { winston.error('[AUTH] An error occured while creating guest account:') winston.error(err) }) } }).then(() => { if (process.env.WIKI_JS_HEROKU) { return db.User.findOne({ provider: 'local', email: process.env.WIKI_ADMIN_EMAIL }).then((c) => { if (c < 1) { // Create root admin account (HEROKU ONLY)
return db.User.create({ provider: 'local', email: process.env.WIKI_ADMIN_EMAIL, name: 'Administrator', password: '$2a$04$MAHRw785Xe/Jd5kcKzr3D.VRZDeomFZu2lius4gGpZZ9cJw7B7Mna', // admin123 (default)
rights: [{ role: 'admin', path: '/', exact: false, deny: false }] }).then(() => { winston.info('[AUTH] Root admin account created successfully!') }).catch((err) => { winston.error('[AUTH] An error occured while creating root admin account:') winston.error(err) }) } else { return true } }) } else { return true } }) }) }
|