-
Notifications
You must be signed in to change notification settings - Fork 125
/
Copy pathopen_id.ts
154 lines (136 loc) · 4.28 KB
/
open_id.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
import type { NextFunction, Request, Response } from "express";
import openIDEncryption from "./encryption/open_id_encryption.js";
import sqlInit from "./sql_init.js";
import options from "./options.js";
import type { Session } from "express-openid-connect";
import sql from "./sql.js";
import config from "./config.js";
function checkOpenIDConfig() {
let missingVars: string[] = []
if (config.MultiFactorAuthentication.oauthBaseUrl === "") {
missingVars.push("oauthBaseUrl");
}
if (config.MultiFactorAuthentication.oauthClientId === "") {
missingVars.push("oauthClientId");
}
if (config.MultiFactorAuthentication.oauthClientSecret === "") {
missingVars.push("oauthClientSecret");
}
return missingVars;
}
function isOpenIDEnabled() {
return !(checkOpenIDConfig().length > 0) && options.getOptionOrNull('mfaMethod') === 'oauth';
}
function isUserSaved() {
const data = sql.getValue<string>("SELECT isSetup FROM user_data;");
return data === "true" ? true : false;
}
function getUsername() {
const username = sql.getValue<string>("SELECT username FROM user_data;");
return username;
}
function getUserEmail() {
const email = sql.getValue<string>("SELECT email FROM user_data;");
return email;
}
function clearSavedUser() {
sql.execute("DELETE FROM user_data");
options.setOption("userSubjectIdentifierSaved", false);
return {
success: true,
message: "Account data removed."
};
}
function getOAuthStatus() {
return {
success: true,
name: getUsername(),
email: getUserEmail(),
enabled: isOpenIDEnabled(),
missingVars: checkOpenIDConfig()
};
}
function isTokenValid(req: Request, res: Response, next: NextFunction) {
const userStatus = openIDEncryption.isSubjectIdentifierSaved();
if (req.oidc !== undefined) {
const result = req.oidc
.fetchUserInfo()
.then((result) => {
return {
success: true,
message: "Token is valid",
user: userStatus,
};
})
.catch((result) => {
return {
success: false,
message: "Token is not valid",
user: userStatus,
};
});
return result;
} else {
return {
success: false,
message: "Token not set up",
user: userStatus,
};
}
}
function generateOAuthConfig() {
const authRoutes = {
callback: "/callback",
login: "/authenticate",
postLogoutRedirect: "/login",
logout: "/logout",
};
const logoutParams = {
};
const authConfig = {
authRequired: false,
auth0Logout: false,
baseURL: config.MultiFactorAuthentication.oauthBaseUrl,
clientID: config.MultiFactorAuthentication.oauthClientId,
issuerBaseURL: "https://accounts.google.com",
secret: config.MultiFactorAuthentication.oauthClientSecret,
clientSecret: config.MultiFactorAuthentication.oauthClientSecret,
authorizationParams: {
response_type: "code",
scope: "openid profile email",
access_type: "offline",
prompt: "consent",
state: "random_state_" + Math.random().toString(36).substring(2)
},
routes: authRoutes,
idpLogout: true,
logoutParams: logoutParams,
afterCallback: async (req: Request, res: Response, session: Session) => {
if (!sqlInit.isDbInitialized()) return session;
if (!req.oidc.user) {
console.log("user invalid!");
return session;
}
openIDEncryption.saveUser(
req.oidc.user.sub.toString(),
req.oidc.user.name.toString(),
req.oidc.user.email.toString()
);
req.session.loggedIn = true;
req.session.lastAuthState = {
totpEnabled: false,
ssoEnabled: true
};
return session;
},
};
return authConfig;
}
export default {
generateOAuthConfig,
getOAuthStatus,
isOpenIDEnabled,
clearSavedUser,
isTokenValid,
isUserSaved,
};