You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

269 lines
8.2 KiB

7 years ago
7 years ago
7 years ago
  1. 'use strict'
  2. /* global appconfig, appdata, db, lang, winston */
  3. const fs = require('fs')
  4. module.exports = function (passport) {
  5. // Serialization user methods
  6. passport.serializeUser(function (user, done) {
  7. done(null, user._id)
  8. })
  9. passport.deserializeUser(function (id, done) {
  10. db.User.findById(id).then((user) => {
  11. if (user) {
  12. done(null, user)
  13. } else {
  14. done(new Error(lang.t('auth:errors:usernotfound')), null)
  15. }
  16. return true
  17. }).catch((err) => {
  18. done(err, null)
  19. })
  20. })
  21. // Local Account
  22. if (appconfig.auth.local && appconfig.auth.local.enabled) {
  23. const LocalStrategy = require('passport-local').Strategy
  24. passport.use('local',
  25. new LocalStrategy({
  26. usernameField: 'email',
  27. passwordField: 'password'
  28. },
  29. (uEmail, uPassword, done) => {
  30. db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => {
  31. if (user) {
  32. return user.validatePassword(uPassword).then(() => {
  33. return done(null, user) || true
  34. }).catch((err) => {
  35. return done(err, null)
  36. })
  37. } else {
  38. return done(new Error('INVALID_LOGIN'), null)
  39. }
  40. }).catch((err) => {
  41. done(err, null)
  42. })
  43. }
  44. ))
  45. }
  46. // Google ID
  47. if (appconfig.auth.google && appconfig.auth.google.enabled) {
  48. const GoogleStrategy = require('passport-google-oauth20').Strategy
  49. passport.use('google',
  50. new GoogleStrategy({
  51. clientID: appconfig.auth.google.clientId,
  52. clientSecret: appconfig.auth.google.clientSecret,
  53. callbackURL: appconfig.host + '/login/google/callback'
  54. },
  55. (accessToken, refreshToken, profile, cb) => {
  56. db.User.processProfile(profile).then((user) => {
  57. return cb(null, user) || true
  58. }).catch((err) => {
  59. return cb(err, null) || true
  60. })
  61. }
  62. ))
  63. }
  64. // Microsoft Accounts
  65. if (appconfig.auth.microsoft && appconfig.auth.microsoft.enabled) {
  66. const WindowsLiveStrategy = require('passport-windowslive').Strategy
  67. passport.use('windowslive',
  68. new WindowsLiveStrategy({
  69. clientID: appconfig.auth.microsoft.clientId,
  70. clientSecret: appconfig.auth.microsoft.clientSecret,
  71. callbackURL: appconfig.host + '/login/ms/callback'
  72. },
  73. function (accessToken, refreshToken, profile, cb) {
  74. db.User.processProfile(profile).then((user) => {
  75. return cb(null, user) || true
  76. }).catch((err) => {
  77. return cb(err, null) || true
  78. })
  79. }
  80. ))
  81. }
  82. // Facebook
  83. if (appconfig.auth.facebook && appconfig.auth.facebook.enabled) {
  84. const FacebookStrategy = require('passport-facebook').Strategy
  85. passport.use('facebook',
  86. new FacebookStrategy({
  87. clientID: appconfig.auth.facebook.clientId,
  88. clientSecret: appconfig.auth.facebook.clientSecret,
  89. callbackURL: appconfig.host + '/login/facebook/callback',
  90. profileFields: ['id', 'displayName', 'email']
  91. },
  92. function (accessToken, refreshToken, profile, cb) {
  93. db.User.processProfile(profile).then((user) => {
  94. return cb(null, user) || true
  95. }).catch((err) => {
  96. return cb(err, null) || true
  97. })
  98. }
  99. ))
  100. }
  101. // GitHub
  102. if (appconfig.auth.github && appconfig.auth.github.enabled) {
  103. const GitHubStrategy = require('passport-github2').Strategy
  104. passport.use('github',
  105. new GitHubStrategy({
  106. clientID: appconfig.auth.github.clientId,
  107. clientSecret: appconfig.auth.github.clientSecret,
  108. callbackURL: appconfig.host + '/login/github/callback',
  109. scope: [ 'user:email' ]
  110. },
  111. (accessToken, refreshToken, profile, cb) => {
  112. db.User.processProfile(profile).then((user) => {
  113. return cb(null, user) || true
  114. }).catch((err) => {
  115. return cb(err, null) || true
  116. })
  117. }
  118. ))
  119. }
  120. // Slack
  121. if (appconfig.auth.slack && appconfig.auth.slack.enabled) {
  122. const SlackStrategy = require('passport-slack').Strategy
  123. passport.use('slack',
  124. new SlackStrategy({
  125. clientID: appconfig.auth.slack.clientId,
  126. clientSecret: appconfig.auth.slack.clientSecret,
  127. callbackURL: appconfig.host + '/login/slack/callback'
  128. },
  129. (accessToken, refreshToken, profile, cb) => {
  130. db.User.processProfile(profile).then((user) => {
  131. return cb(null, user) || true
  132. }).catch((err) => {
  133. return cb(err, null) || true
  134. })
  135. }
  136. ))
  137. }
  138. // LDAP
  139. if (appconfig.auth.ldap && appconfig.auth.ldap.enabled) {
  140. const LdapStrategy = require('passport-ldapauth').Strategy
  141. passport.use('ldapauth',
  142. new LdapStrategy({
  143. server: {
  144. url: appconfig.auth.ldap.url,
  145. bindDn: appconfig.auth.ldap.bindDn,
  146. bindCredentials: appconfig.auth.ldap.bindCredentials,
  147. searchBase: appconfig.auth.ldap.searchBase,
  148. searchFilter: appconfig.auth.ldap.searchFilter,
  149. searchAttributes: ['displayName', 'name', 'cn', 'mail'],
  150. tlsOptions: (appconfig.auth.ldap.tlsEnabled) ? {
  151. ca: [
  152. fs.readFileSync(appconfig.auth.ldap.tlsCertPath)
  153. ]
  154. } : {}
  155. },
  156. usernameField: 'email',
  157. passReqToCallback: false
  158. },
  159. (profile, cb) => {
  160. profile.provider = 'ldap'
  161. profile.id = profile.dn
  162. db.User.processProfile(profile).then((user) => {
  163. return cb(null, user) || true
  164. }).catch((err) => {
  165. return cb(err, null) || true
  166. })
  167. }
  168. ))
  169. }
  170. // AZURE AD
  171. if (appconfig.auth.azure && appconfig.auth.azure.enabled) {
  172. const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy
  173. const jwt = require('jsonwebtoken')
  174. passport.use('azure_ad_oauth2',
  175. new AzureAdOAuth2Strategy({
  176. clientID: appconfig.auth.azure.clientId,
  177. clientSecret: appconfig.auth.azure.clientSecret,
  178. callbackURL: appconfig.host + '/login/azure/callback',
  179. resource: appconfig.auth.azure.resource,
  180. tenant: appconfig.auth.azure.tenant
  181. },
  182. (accessToken, refreshToken, params, profile, cb) => {
  183. let waadProfile = jwt.decode(params.id_token)
  184. waadProfile.id = waadProfile.oid
  185. waadProfile.provider = 'azure'
  186. db.User.processProfile(waadProfile).then((user) => {
  187. return cb(null, user) || true
  188. }).catch((err) => {
  189. return cb(err, null) || true
  190. })
  191. }
  192. ))
  193. }
  194. // Create users for first-time
  195. db.onReady.then(() => {
  196. return db.User.findOne({ provider: 'local', email: 'guest' }).then((c) => {
  197. if (c < 1) {
  198. // Create guest account
  199. return db.User.create({
  200. provider: 'local',
  201. email: 'guest',
  202. name: 'Guest',
  203. password: '',
  204. rights: [{
  205. role: 'read',
  206. path: '/',
  207. exact: false,
  208. deny: !appconfig.public
  209. }]
  210. }).then(() => {
  211. winston.info('[AUTH] Guest account created successfully!')
  212. }).catch((err) => {
  213. winston.error('[AUTH] An error occured while creating guest account:')
  214. winston.error(err)
  215. })
  216. }
  217. }).then(() => {
  218. if (process.env.WIKI_JS_HEROKU) {
  219. return db.User.findOne({ provider: 'local', email: process.env.WIKI_ADMIN_EMAIL }).then((c) => {
  220. if (c < 1) {
  221. // Create root admin account (HEROKU ONLY)
  222. return db.User.create({
  223. provider: 'local',
  224. email: process.env.WIKI_ADMIN_EMAIL,
  225. name: 'Administrator',
  226. password: '$2a$04$MAHRw785Xe/Jd5kcKzr3D.VRZDeomFZu2lius4gGpZZ9cJw7B7Mna', // admin123 (default)
  227. rights: [{
  228. role: 'admin',
  229. path: '/',
  230. exact: false,
  231. deny: false
  232. }]
  233. }).then(() => {
  234. winston.info('[AUTH] Root admin account created successfully!')
  235. }).catch((err) => {
  236. winston.error('[AUTH] An error occured while creating root admin account:')
  237. winston.error(err)
  238. })
  239. } else { return true }
  240. })
  241. } else { return true }
  242. })
  243. })
  244. }