From 9966a97bd34090091f5bda1ea78ed57700b268c5 Mon Sep 17 00:00:00 2001 From: Nick Date: Sat, 20 Jul 2019 00:16:29 -0400 Subject: [PATCH] feat: azure ad auth (wip) --- client/components/admin/admin-dashboard.vue | 4 +- client/components/admin/admin-users.vue | 2 +- dev/build/Dockerfile | 4 +- package.json | 2 +- .../authentication/azure/authentication.js | 24 ++-- .../authentication/azure/definition.yml | 25 +++-- yarn.lock | 104 +++++++++++++++--- 7 files changed, 123 insertions(+), 42 deletions(-) diff --git a/client/components/admin/admin-dashboard.vue b/client/components/admin/admin-dashboard.vue index e87285a8..555c26e4 100644 --- a/client/components/admin/admin-dashboard.vue +++ b/client/components/admin/admin-dashboard.vue @@ -52,7 +52,7 @@ .subheading Wiki.js {{info.currentVersion}} .body-2(v-if='isLatestVersion') {{$t('admin:dashboard.versionLatest')}} .body-2(v-else) {{$t('admin:dashboard.versionNew', { version: info.latestVersion })}} - v-flex(xs12) + v-flex(xs12, xl6) v-card.radius-7 v-card-title.subheading(:class='$vuetify.dark ? `grey darken-2` : `grey lighten-5`') Recent Pages v-data-table.pb-2( @@ -69,7 +69,7 @@ td.grey--text.text--darken-2(width='250') .caption: strong Updated {{ props.item.updatedAt | moment('from') }} .caption Created {{ props.item.createdAt | moment('calendar') }} - v-flex(xs12) + v-flex(xs12, xl6) v-card.radius-7 v-card-title.subheading(:class='$vuetify.dark ? `grey darken-2` : `grey lighten-5`') Most Popular Pages v-data-table.pb-2( diff --git a/client/components/admin/admin-users.vue b/client/components/admin/admin-users.vue index e0f37890..bf3bced0 100644 --- a/client/components/admin/admin-users.vue +++ b/client/components/admin/admin-users.vue @@ -10,7 +10,7 @@ v-spacer v-btn.animated.fadeInDown.wait-p2s(outline, color='grey', large, @click='refresh') v-icon refresh - v-btn.animated.fadeInDown(color='primary', large, depressed, @click='createUser', disabled) + v-btn.animated.fadeInDown(color='primary', large, depressed, @click='createUser') v-icon(left) add span New User v-card.wiki-form.mt-3.animated.fadeInUp diff --git a/dev/build/Dockerfile b/dev/build/Dockerfile index dc1fef97..eebf0074 100644 --- a/dev/build/Dockerfile +++ b/dev/build/Dockerfile @@ -1,7 +1,7 @@ # ==================== # --- Build Assets --- # ==================== -FROM node:10.15-alpine AS assets +FROM node:10.16-alpine AS assets RUN apk add yarn g++ make python --no-cache @@ -23,7 +23,7 @@ RUN yarn --production --frozen-lockfile --non-interactive # =============== # --- Release --- # =============== -FROM node:10.15-alpine +FROM node:10.16-alpine LABEL maintainer="requarks.io" RUN apk add bash curl git openssh gnupg sqlite --no-cache && \ diff --git a/package.json b/package.json index c0d27efb..34085096 100644 --- a/package.json +++ b/package.json @@ -117,7 +117,7 @@ "objection": "1.6.9", "passport": "0.4.0", "passport-auth0": "1.1.0", - "passport-azure-ad-oauth2": "0.0.4", + "passport-azure-ad": "4.1.0", "passport-cas": "0.1.1", "passport-discord": "0.1.3", "passport-dropbox-oauth2": "1.1.0", diff --git a/server/modules/authentication/azure/authentication.js b/server/modules/authentication/azure/authentication.js index f6227e9a..45d165c6 100644 --- a/server/modules/authentication/azure/authentication.js +++ b/server/modules/authentication/azure/authentication.js @@ -4,23 +4,21 @@ // Azure AD Account // ------------------------------------ -const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy +const OIDCStrategy = require('passport-azure-ad').OIDCStrategy module.exports = { init (passport, conf) { - const jwt = require('jsonwebtoken') - passport.use('azure_ad_oauth2', - new AzureAdOAuth2Strategy({ + passport.use('azure', + new OIDCStrategy({ + identityMetadata: conf.entryPoint, clientID: conf.clientId, - clientSecret: conf.clientSecret, - callbackURL: conf.callbackURL, - resource: conf.resource, - tenant: conf.tenant - }, (accessToken, refreshToken, params, profile, cb) => { - console.info(params, profile) - let waadProfile = jwt.decode(params.id_token) - waadProfile.id = waadProfile.oid - waadProfile.provider = 'azure' + redirectUrl: conf.callbackURL, + responseType: 'id_token', + responseMode: 'form_post', + scope: ['profile', 'email', 'openid'], + allowHttpForRedirectUrl: WIKI.IS_DEBUG + }, (iss, sub, profile, cb) => { + console.info(iss, sub, profile) // WIKI.models.users.processProfile(waadProfile).then((user) => { // return cb(null, user) || true // }).catch((err) => { diff --git a/server/modules/authentication/azure/definition.yml b/server/modules/authentication/azure/definition.yml index c0386539..5c4ebc51 100644 --- a/server/modules/authentication/azure/definition.yml +++ b/server/modules/authentication/azure/definition.yml @@ -5,14 +5,21 @@ author: requarks.io logo: https://static.requarks.io/logo/azure.svg color: blue darken-3 website: https://azure.microsoft.com/services/active-directory/ -isAvailable: false +isAvailable: true useForm: false +scopes: + - profile + - email + - openid props: - clientId: String - clientSecret: String - resource: - type: String, - default: '00000002-0000-0000-c000-000000000000' - tenant: - type: String, - default: YOUR_TENANT.onmicrosoft.com + entryPoint: + type: String + title: Identity Metadata Endpoint + hint: The metadata endpoint provided by the Microsoft Identity Portal that provides the keys and other important information at runtime. + order: 1 + clientId: + type: String + title: Client ID + hint: The client ID of your application in AAD (Azure Active Directory) + order: 2 + diff --git a/yarn.lock b/yarn.lock index e76d2481..1ba45184 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2646,7 +2646,7 @@ asap@~2.0.3: resolved "https://registry.yarnpkg.com/asap/-/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46" integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY= -asn1.js@^4.0.0: +asn1.js@^4.0.0, asn1.js@^4.5.2: version "4.10.1" resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.1.tgz#b9c2bf5805f1e64aadeed6df3a2bfafb5a73f5a0" integrity sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw== @@ -2725,6 +2725,11 @@ async-retry@^1.2.1: dependencies: retry "0.12.0" +async@1.5.2, async@^1.5.2: + version "1.5.2" + resolved "https://registry.yarnpkg.com/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a" + integrity sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo= + async@2.6.1, async@>=0.6.0, async@^2.1.4, async@^2.1.5, async@^2.6.1: version "2.6.1" resolved "https://registry.yarnpkg.com/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610" @@ -3026,7 +3031,7 @@ base64-js@^1.0.2: resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.0.tgz#cab1e6118f051095e58b5281aea8c1cd22bfc0e3" integrity sha512-ccav/yGvoa80BQDljCxsmmQ3Xvx60/UpBIij5QN21W3wBi/hhIC9OoO+KLpu9IJTS9j4DRVJ3aDDF9cMSoa2lw== -base64url@3.x.x: +base64url@3.x.x, base64url@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d" integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A== @@ -3391,7 +3396,7 @@ builtin-status-codes@^3.0.0: resolved "https://registry.yarnpkg.com/builtin-status-codes/-/builtin-status-codes-3.0.0.tgz#85982878e21b98e1c66425e03d0174788f569ee8" integrity sha1-hZgoeOIbmOHGZCXgPQF0eI9Wnug= -bunyan@^1.8.3: +bunyan@^1.8.0, bunyan@^1.8.3: version "1.8.12" resolved "https://registry.yarnpkg.com/bunyan/-/bunyan-1.8.12.tgz#f150f0f6748abdd72aeae84f04403be2ef113797" integrity sha1-8VDw9nSKvdcq6uhPBEA74u8RN5c= @@ -3478,6 +3483,14 @@ cache-loader@4.0.1: neo-async "^2.6.1" schema-utils "^1.0.0" +cache-manager@^2.0.0: + version "2.10.0" + resolved "https://registry.yarnpkg.com/cache-manager/-/cache-manager-2.10.0.tgz#278e9f8784e5d7e6617bfe350358c8ccd17387bf" + integrity sha512-IuPx05r5L0uZyBDYicB2Llld1o+/1WYjoHUnrC0TNQejMAnkoYxYS9Y8Uwr+lIBytDiyu7dwwmBCup2M9KugwQ== + dependencies: + async "1.5.2" + lru-cache "4.0.0" + caller-callsite@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/caller-callsite/-/caller-callsite-2.0.0.tgz#847e0fce0a223750a9a027c54b33731ad3154134" @@ -5207,6 +5220,19 @@ elliptic@^6.0.0: minimalistic-assert "^1.0.0" minimalistic-crypto-utils "^1.0.0" +elliptic@^6.2.3: + version "6.5.0" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.0.tgz#2b8ed4c891b7de3200e14412a5b8248c7af505ca" + integrity sha512-eFOJTMyCYb7xtE/caJ6JJu+bhi67WCYNbkGSknu20pmM8Ke/bqOfdnZWxyoGN26JgfxTbXrsCkEw4KheCT/KGg== + dependencies: + bn.js "^4.4.0" + brorand "^1.0.1" + hash.js "^1.0.0" + hmac-drbg "^1.0.0" + inherits "^2.0.1" + minimalistic-assert "^1.0.0" + minimalistic-crypto-utils "^1.0.0" + emoji-regex@8.0.0: version "8.0.0" resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" @@ -8041,6 +8067,15 @@ jwa@^1.4.1: ecdsa-sig-formatter "1.0.11" safe-buffer "^5.0.1" +jwk-to-pem@^1.2.6: + version "1.2.6" + resolved "https://registry.yarnpkg.com/jwk-to-pem/-/jwk-to-pem-1.2.6.tgz#d507cece40089c5248e09ec68266a2030a9c6325" + integrity sha1-1QfOzkAInFJI4J7GgmaiAwqcYyU= + dependencies: + asn1.js "^4.5.2" + elliptic "^6.2.3" + safe-buffer "^5.0.1" + jws@3.x.x, jws@^3.1.5: version "3.2.1" resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.1.tgz#d79d4216a62c9afa0a3d5e8b5356d75abdeb2be5" @@ -8049,7 +8084,7 @@ jws@3.x.x, jws@^3.1.5: jwa "^1.2.0" safe-buffer "^5.0.1" -jws@^3.2.2: +jws@^3.1.3, jws@^3.2.2: version "3.2.2" resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304" integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA== @@ -8453,6 +8488,11 @@ lodash@4.x, lodash@^4.0.0, lodash@^4.13.1, lodash@^4.14.0, lodash@^4.15.0, lodas resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.13.tgz#0bdc3a6adc873d2f4e0c4bac285df91b64fc7b93" integrity sha512-vm3/XWXfWtRua0FkUyEHBZy8kCPjErNBT9fJx8Zvs+U6zjqPbTUOpkaoum3O5uiA8sm+yNMHXfYkTUHFoMxFNA== +lodash@^4.11.2: + version "4.17.15" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548" + integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A== + log-update@2.3.x: version "2.3.0" resolved "https://registry.yarnpkg.com/log-update/-/log-update-2.3.0.tgz#88328fd7d1ce7938b29283746f0b1bc126b24708" @@ -8508,6 +8548,14 @@ lower-case@^1.1.1: resolved "https://registry.yarnpkg.com/lower-case/-/lower-case-1.1.4.tgz#9a2cabd1b9e8e0ae993a4bf7d5875c39c42e8eac" integrity sha1-miyr0bno4K6ZOkv31YdcOcQujqw= +lru-cache@4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-4.0.0.tgz#b5cbf01556c16966febe54ceec0fb4dc90df6c28" + integrity sha1-tcvwFVbBaWb+vlTO7A+03JDfbCg= + dependencies: + pseudomap "^1.0.1" + yallist "^2.0.0" + lru-cache@^4.0.1, lru-cache@^4.1.2, lru-cache@^4.1.3: version "4.1.5" resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-4.1.5.tgz#8bbe50ea85bed59bc9e33dcab8235ee9bcf443cd" @@ -9531,6 +9579,11 @@ oauth-sign@~0.9.0: resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455" integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ== +oauth@0.9.14: + version "0.9.14" + resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.14.tgz#c5748883a40b53de30ade9cabf2100414b8a0971" + integrity sha1-xXSIg6QLU94wrenKvyEAQUuKCXE= + oauth@0.9.x: version "0.9.15" resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.15.tgz#bd1fefaf686c96b75475aed5196412ff60cfb9c1" @@ -9943,12 +9996,22 @@ passport-auth0@1.1.0: request "^2.61.0" xtend "^4.0.0" -passport-azure-ad-oauth2@0.0.4: - version "0.0.4" - resolved "https://registry.yarnpkg.com/passport-azure-ad-oauth2/-/passport-azure-ad-oauth2-0.0.4.tgz#1a09d8869efd4afd095116e228941961b3a5c120" - integrity sha1-GgnYhp79Sv0JURbiKJQZYbOlwSA= - dependencies: - passport-oauth "1.0.x" +passport-azure-ad@4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/passport-azure-ad/-/passport-azure-ad-4.1.0.tgz#ddcd1b52f3ddffdaf1dc2f1f656517fd69c41f5c" + integrity sha512-MFzC753ziIDLr3zE6W5zK/DbfdjGlqIuY942hP1B1EsfcaK3L62/g1l+G5F4fOcKLAToWo2U4zFo5fLOGnfATw== + dependencies: + async "^1.5.2" + base64url "^3.0.0" + bunyan "^1.8.0" + cache-manager "^2.0.0" + jwk-to-pem "^1.2.6" + jws "^3.1.3" + lodash "^4.11.2" + oauth "0.9.14" + passport "^0.3.2" + request "^2.72.0" + valid-url "^1.0.6" passport-cas@0.1.1: version "0.1.1" @@ -10074,7 +10137,7 @@ passport-oauth2@1.x.x, passport-oauth2@^1.1.2, passport-oauth2@^1.2.0: uid2 "0.0.x" utils-merge "1.x.x" -passport-oauth@1.0.0, passport-oauth@1.0.x, passport-oauth@^1.0.0: +passport-oauth@1.0.0, passport-oauth@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/passport-oauth/-/passport-oauth-1.0.0.tgz#90aff63387540f02089af28cdad39ea7f80d77df" integrity sha1-kK/2M4dUDwIImvKM2tOep/gNd98= @@ -10136,6 +10199,14 @@ passport@0.4.0: passport-strategy "1.x.x" pause "0.0.1" +passport@^0.3.2: + version "0.3.2" + resolved "https://registry.yarnpkg.com/passport/-/passport-0.3.2.tgz#9dd009f915e8fe095b0124a01b8f82da07510102" + integrity sha1-ndAJ+RXo/glbASSgG4+C2gdRAQI= + dependencies: + passport-strategy "1.x.x" + pause "0.0.1" + path-browserify@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-0.0.0.tgz#a0b870729aae214005b7d5032ec2cbbb0fb4451a" @@ -11527,7 +11598,7 @@ prr@~1.0.1: resolved "https://registry.yarnpkg.com/prr/-/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476" integrity sha1-0/wRS6BplaRexok/SEzrHXj19HY= -pseudomap@^1.0.2: +pseudomap@^1.0.1, pseudomap@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3" integrity sha1-8FKijacOYYkX7wqKw0wa5aaChrM= @@ -12302,7 +12373,7 @@ request-promise@4.2.4: stealthy-require "^1.1.1" tough-cookie "^2.3.3" -request@2.88.0, "request@>= 2.52.0", request@^2.61.0, request@^2.75.0, request@^2.87.0, request@^2.88.0: +request@2.88.0, "request@>= 2.52.0", request@^2.61.0, request@^2.72.0, request@^2.75.0, request@^2.87.0, request@^2.88.0: version "2.88.0" resolved "https://registry.yarnpkg.com/request/-/request-2.88.0.tgz#9c2fca4f7d35b592efe57c7f0a55e81052124fef" integrity sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg== @@ -14185,6 +14256,11 @@ v8flags@^3.1.3: dependencies: homedir-polyfill "^1.0.1" +valid-url@^1.0.6: + version "1.0.9" + resolved "https://registry.yarnpkg.com/valid-url/-/valid-url-1.0.9.tgz#1c14479b40f1397a75782f115e4086447433a200" + integrity sha1-HBRHm0DxOXp1eC8RXkCGRHQzogA= + validate-npm-package-license@^3.0.1: version "3.0.4" resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a" @@ -14939,7 +15015,7 @@ y18n@^4.0.0: resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b" integrity sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w== -yallist@^2.1.2: +yallist@^2.0.0, yallist@^2.1.2: version "2.1.2" resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52" integrity sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=