You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

261 lines
8.1 KiB

7 years ago
7 years ago
7 years ago
  1. 'use strict'
  2. /* global appconfig, appdata, db, lang, winston */
  3. const fs = require('fs')
  4. module.exports = function (passport) {
  5. // Serialization user methods
  6. passport.serializeUser(function (user, done) {
  7. done(null, user._id)
  8. })
  9. passport.deserializeUser(function (id, done) {
  10. db.User.findById(id).then((user) => {
  11. if (user) {
  12. done(null, user)
  13. } else {
  14. done(new Error(lang.t('auth:errors:usernotfound')), null)
  15. }
  16. return true
  17. }).catch((err) => {
  18. done(err, null)
  19. })
  20. })
  21. // Local Account
  22. if (appconfig.auth.local && appconfig.auth.local.enabled) {
  23. const LocalStrategy = require('passport-local').Strategy
  24. passport.use('local',
  25. new LocalStrategy({
  26. usernameField: 'email',
  27. passwordField: 'password'
  28. }, (uEmail, uPassword, done) => {
  29. db.User.findOne({ email: uEmail, provider: 'local' }).then((user) => {
  30. if (user) {
  31. return user.validatePassword(uPassword).then(() => {
  32. return done(null, user) || true
  33. }).catch((err) => {
  34. return done(err, null)
  35. })
  36. } else {
  37. return done(new Error('INVALID_LOGIN'), null)
  38. }
  39. }).catch((err) => {
  40. done(err, null)
  41. })
  42. }
  43. ))
  44. }
  45. // Google ID
  46. if (appconfig.auth.google && appconfig.auth.google.enabled) {
  47. const GoogleStrategy = require('passport-google-oauth20').Strategy
  48. passport.use('google',
  49. new GoogleStrategy({
  50. clientID: appconfig.auth.google.clientId,
  51. clientSecret: appconfig.auth.google.clientSecret,
  52. callbackURL: appconfig.host + '/login/google/callback'
  53. }, (accessToken, refreshToken, profile, cb) => {
  54. db.User.processProfile(profile).then((user) => {
  55. return cb(null, user) || true
  56. }).catch((err) => {
  57. return cb(err, null) || true
  58. })
  59. }
  60. ))
  61. }
  62. // Microsoft Accounts
  63. if (appconfig.auth.microsoft && appconfig.auth.microsoft.enabled) {
  64. const WindowsLiveStrategy = require('passport-windowslive').Strategy
  65. passport.use('windowslive',
  66. new WindowsLiveStrategy({
  67. clientID: appconfig.auth.microsoft.clientId,
  68. clientSecret: appconfig.auth.microsoft.clientSecret,
  69. callbackURL: appconfig.host + '/login/ms/callback'
  70. }, function (accessToken, refreshToken, profile, cb) {
  71. db.User.processProfile(profile).then((user) => {
  72. return cb(null, user) || true
  73. }).catch((err) => {
  74. return cb(err, null) || true
  75. })
  76. }
  77. ))
  78. }
  79. // Facebook
  80. if (appconfig.auth.facebook && appconfig.auth.facebook.enabled) {
  81. const FacebookStrategy = require('passport-facebook').Strategy
  82. passport.use('facebook',
  83. new FacebookStrategy({
  84. clientID: appconfig.auth.facebook.clientId,
  85. clientSecret: appconfig.auth.facebook.clientSecret,
  86. callbackURL: appconfig.host + '/login/facebook/callback',
  87. profileFields: ['id', 'displayName', 'email']
  88. }, function (accessToken, refreshToken, profile, cb) {
  89. db.User.processProfile(profile).then((user) => {
  90. return cb(null, user) || true
  91. }).catch((err) => {
  92. return cb(err, null) || true
  93. })
  94. }
  95. ))
  96. }
  97. // GitHub
  98. if (appconfig.auth.github && appconfig.auth.github.enabled) {
  99. const GitHubStrategy = require('passport-github2').Strategy
  100. passport.use('github',
  101. new GitHubStrategy({
  102. clientID: appconfig.auth.github.clientId,
  103. clientSecret: appconfig.auth.github.clientSecret,
  104. callbackURL: appconfig.host + '/login/github/callback',
  105. scope: ['user:email']
  106. }, (accessToken, refreshToken, profile, cb) => {
  107. db.User.processProfile(profile).then((user) => {
  108. return cb(null, user) || true
  109. }).catch((err) => {
  110. return cb(err, null) || true
  111. })
  112. }
  113. ))
  114. }
  115. // Slack
  116. if (appconfig.auth.slack && appconfig.auth.slack.enabled) {
  117. const SlackStrategy = require('passport-slack').Strategy
  118. passport.use('slack',
  119. new SlackStrategy({
  120. clientID: appconfig.auth.slack.clientId,
  121. clientSecret: appconfig.auth.slack.clientSecret,
  122. callbackURL: appconfig.host + '/login/slack/callback'
  123. }, (accessToken, refreshToken, profile, cb) => {
  124. db.User.processProfile(profile).then((user) => {
  125. return cb(null, user) || true
  126. }).catch((err) => {
  127. return cb(err, null) || true
  128. })
  129. }
  130. ))
  131. }
  132. // LDAP
  133. if (appconfig.auth.ldap && appconfig.auth.ldap.enabled) {
  134. const LdapStrategy = require('passport-ldapauth').Strategy
  135. passport.use('ldapauth',
  136. new LdapStrategy({
  137. server: {
  138. url: appconfig.auth.ldap.url,
  139. bindDn: appconfig.auth.ldap.bindDn,
  140. bindCredentials: appconfig.auth.ldap.bindCredentials,
  141. searchBase: appconfig.auth.ldap.searchBase,
  142. searchFilter: appconfig.auth.ldap.searchFilter,
  143. searchAttributes: ['displayName', 'name', 'cn', 'mail'],
  144. tlsOptions: (appconfig.auth.ldap.tlsEnabled) ? {
  145. ca: [
  146. fs.readFileSync(appconfig.auth.ldap.tlsCertPath)
  147. ]
  148. } : {}
  149. },
  150. usernameField: 'email',
  151. passReqToCallback: false
  152. }, (profile, cb) => {
  153. profile.provider = 'ldap'
  154. profile.id = profile.dn
  155. db.User.processProfile(profile).then((user) => {
  156. return cb(null, user) || true
  157. }).catch((err) => {
  158. return cb(err, null) || true
  159. })
  160. }
  161. ))
  162. }
  163. // AZURE AD
  164. if (appconfig.auth.azure && appconfig.auth.azure.enabled) {
  165. const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy
  166. const jwt = require('jsonwebtoken')
  167. passport.use('azure_ad_oauth2',
  168. new AzureAdOAuth2Strategy({
  169. clientID: appconfig.auth.azure.clientId,
  170. clientSecret: appconfig.auth.azure.clientSecret,
  171. callbackURL: appconfig.host + '/login/azure/callback',
  172. resource: appconfig.auth.azure.resource,
  173. tenant: appconfig.auth.azure.tenant
  174. }, (accessToken, refreshToken, params, profile, cb) => {
  175. let waadProfile = jwt.decode(params.id_token)
  176. waadProfile.id = waadProfile.oid
  177. waadProfile.provider = 'azure'
  178. db.User.processProfile(waadProfile).then((user) => {
  179. return cb(null, user) || true
  180. }).catch((err) => {
  181. return cb(err, null) || true
  182. })
  183. }
  184. ))
  185. }
  186. // Create users for first-time
  187. db.onReady.then(() => {
  188. return db.User.findOne({ provider: 'local', email: 'guest' }).then((c) => {
  189. if (c < 1) {
  190. // Create guest account
  191. return db.User.create({
  192. provider: 'local',
  193. email: 'guest',
  194. name: 'Guest',
  195. password: '',
  196. rights: [{
  197. role: 'read',
  198. path: '/',
  199. exact: false,
  200. deny: !appconfig.public
  201. }]
  202. }).then(() => {
  203. winston.info('[AUTH] Guest account created successfully!')
  204. }).catch((err) => {
  205. winston.error('[AUTH] An error occured while creating guest account:')
  206. winston.error(err)
  207. })
  208. }
  209. }).then(() => {
  210. if (process.env.WIKI_JS_HEROKU) {
  211. return db.User.findOne({ provider: 'local', email: process.env.WIKI_ADMIN_EMAIL }).then((c) => {
  212. if (c < 1) {
  213. // Create root admin account (HEROKU ONLY)
  214. return db.User.create({
  215. provider: 'local',
  216. email: process.env.WIKI_ADMIN_EMAIL,
  217. name: 'Administrator',
  218. password: '$2a$04$MAHRw785Xe/Jd5kcKzr3D.VRZDeomFZu2lius4gGpZZ9cJw7B7Mna', // admin123 (default)
  219. rights: [{
  220. role: 'admin',
  221. path: '/',
  222. exact: false,
  223. deny: false
  224. }]
  225. }).then(() => {
  226. winston.info('[AUTH] Root admin account created successfully!')
  227. }).catch((err) => {
  228. winston.error('[AUTH] An error occured while creating root admin account:')
  229. winston.error(err)
  230. })
  231. } else { return true }
  232. })
  233. } else { return true }
  234. })
  235. })
  236. }