nodebb-plugin-sso-saml/library.js

(function(module) {
	"use strict";

	var user = module.parent.require('./user'),
		meta = module.parent.require('./meta'),
		db = module.parent.require('../src/database'),
		passport = module.parent.require('passport'),
		passportSAML = require('passport-saml').Strategy,
		fs = module.parent.require('fs'),
		path = module.parent.require('path'),
		nconf = module.parent.require('nconf'),
		async = module.parent.require('async'),
		winston = require('winston');

	var constants = Object.freeze({
		'name': "SAML",
		'admin': {
			'route': '/plugins/sso-saml',
			'icon': 'fa-university'
		}
	});

	var master_config = {};
	var samlObj;

	class SsoSaml {

		init(params, callback) {

			function render(req, res, next) {
				res.render('admin/plugins/sso-saml', {});
			}

			meta.settings.get('sso_saml', function(err, options) {
				console.log('[sso-saml] got options', options);
				master_config = options;
			});

			params.router.get('/admin/plugins/sso-saml', params.middleware.admin.buildHeader, render);
			params.router.get('/api/admin/plugins/sso-saml', render);

			console.log("[sso-saml] init done");
			callback();
		}

		get_config(options, callback) {
			meta.settings.get('sso_saml', function(err, settings) {
			        if (err) {
			            return callback(null, options);
			        }
			        master_config = settings;
			        options.sso_saml = settings;
			        callback(null, options);
			});
		}

		getStrategy(strategies, callback) {

			if (master_config.idp_entry_point && master_config.callback_path && master_config.issuer && master_config.metadata) {
				console.log("creating samlObj");
				samlObj = new passportSAML({
					    path: master_config.callback_path,
					    entryPoint: master_config.idp_entry_point,
					    issuer: master_config.issuer,
					    callbackUrl: nconf.get('url') + master_config.callback_path,
					    disableRequestedAuthnContext: true,
					    identifierFormat: null
					},
					function(profile, done) {
					console.log("[sso-saml] profile, ", profile);
					var user = {
					        nameID: profile.nameID,
					        nameIDFormat: profile.nameIDFormat,
					        sn: profile['urn:oid:2.5.4.4'], // sn
						//sn: profile.sn,
					        cn: profile['urn:oid:2.5.4.42'], // givenname
						//cn: profile.cn,
					        //mail: profile.mail,
					        //eduPersonAffiliation: profile.eduPersonAffiliation,
					        email: profile.mail,
						//email: profile.email,
					        username: profile['urn:oid:1.3.6.1.4.1.5923.1.1.1.2'], // eduPersonNickname
						//username: profile.eduPersonNickname
					    };

					    SAML.login(user,function(err, user) {
							if (err) {
								return done(err);
							}
							done(null, user);
						});
					}
				);
			}

			if (samlObj){

				if (master_config.metadata) {
					params.router.get(master_config.metadata, function(req, res) {
						if (master_config.server_crt){
							var cert = fs.readFileSync(master_config.server_crt, 'utf-8');
							res.header("Content-Type", "application/xml");
							res.send(samlObj.generateServiceProviderMetadata(cert))
						}
						else{
							res.send("No servercrt specified. Please enter it at nodebb admin panel.");
						}
					});
				}

				params.router.post(master_config.callback_path,
					passport.authenticate('saml'),
					function(req, res, next){
						if (master_config.login_redirect_url){
							res.redirect(master_config.login_redirect_url);
						}
						else{
							res.redirect("/");
						}

					}

				);

				if (master_config.logout_url) {

					params.router.get(master_config.logout_url,function(req,res){
						if (req.user && parseInt(req.user.uid, 10) > 0) {
							winston.info('[Auth] Session ' + req.sessionID + ' logout (uid: ' + req.user.uid + ')');

							var ws = module.parent.require('./socket.io');
							ws.logoutUser(req.user.uid);

							req.logout();

							if (master_config.logout_redirect_url){
								res.redirect(master_config.logout_redirect_url);
							}
							else{
								res.redirect("/");
							}
						}


					});
				}

			}
			else {
				console.log("[sso-saml] Cannot create samlObj");
			}


			if (samlObj){

				passport.use(samlObj);

				strategies.push({
					name: 'saml',
					url: '/auth/saml',
					callbackURL: master_config.callback_path,
					icon: constants.admin.icon,
					scope: ''
				});
			}

			callback(null, strategies);
		}

		login(userdata, callback) {

			SAML.getUidBySAMLId(userdata.username, function(err, uid) {
				if(err) {
					return callback(err);
				}

				if (uid !== null) {
					// Existing User
					callback(null, {
						uid: uid
					});
				}
				else {
					console.log(userdata);
					// New User
					user.create({
						username: userdata.username,
						email: userdata.email,
						fullname : userdata.first_name + " " + userdata.last_name

					}, function(err, uid) {
						if(err) {
							return callback(err);
						}
						user.setUserField(uid, 'samlid', userdata.username);
						db.setObjectField('samlid:uid', userdata.username, uid);

						callback(null, {
							uid: uid
						});
					});
				}
			});
		}

		getUidBySAMLId(samlid, callback) {
			db.getObjectField('samlid:uid', samlid, function(err, uid) {
				if (err) {
					return callback(err);
				}
				callback(null, uid);
			});
		}

		addMenuItem(custom_header, callback) {
			custom_header.authentication.push({
				"route": constants.admin.route,
				"icon": constants.admin.icon,
				"name": constants.name
			});

			callback(null, custom_header);
		}

		deleteUserData(uid, callback) {
			async.waterfall([
				async.apply(user.getUserField, uid, 'samlid'),
				function(idToDelete, next) {
					db.deleteObjectField('samlid:uid', idToDelete, next);
				}
			], function(err) {
				if (err) {
					winston.error('[sso-saml] Could not remove user data for uid ' + uid + '. Error: ' + err);
					return callback(err);
				}
				callback(null, uid);
			});
		}
	};

	var SAML = new SsoSaml();
	module.exports = SAML;
}(module));
First commit 2014-09-22 19:38:45 +02:00			`(function(module) {`
			`"use strict";`

			`var user = module.parent.require('./user'),`
			`meta = module.parent.require('./meta'),`
			`db = module.parent.require('../src/database'),`
			`passport = module.parent.require('passport'),`
			`passportSAML = require('passport-saml').Strategy,`
			`fs = module.parent.require('fs'),`
			`path = module.parent.require('path'),`
			`nconf = module.parent.require('nconf'),`
Logout 2014-10-08 13:31:33 +02:00			`async = module.parent.require('async'),`
			`winston = require('winston');`
First commit 2014-09-22 19:38:45 +02:00
			`var constants = Object.freeze({`
			`'name': "SAML",`
			`'admin': {`
			`'route': '/plugins/sso-saml',`
Doc and icons 2014-09-23 11:35:29 +02:00			`'icon': 'fa-university'`
First commit 2014-09-22 19:38:45 +02:00			`}`
			`});`

try to fix configuration logic 2020-04-29 15:00:23 +02:00			`var master_config = {};`
Doc and icons 2014-09-23 11:35:29 +02:00			`var samlObj;`
First commit 2014-09-22 19:38:45 +02:00
syntax error 2020-04-30 13:54:14 +02:00			`class SsoSaml {`
try to fix configuration logic 2020-04-29 15:00:23 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`init(params, callback) {`
try to fix configuration logic 2020-04-29 15:00:23 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`function render(req, res, next) {`
			`res.render('admin/plugins/sso-saml', {});`
			`}`
try to fix configuration logic 2020-04-29 15:00:23 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`meta.settings.get('sso_saml', function(err, options) {`
			`console.log('[sso-saml] got options', options);`
			`master_config = options;`
			`});`
render after saving settings 2020-04-30 10:28:19 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`params.router.get('/admin/plugins/sso-saml', params.middleware.admin.buildHeader, render);`
			`params.router.get('/api/admin/plugins/sso-saml', render);`

			`console.log("[sso-saml] init done");`
			`callback();`
use proper class 2020-04-30 13:45:12 +02:00			`}`
change var SAML definition 2020-04-30 12:47:51 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`get_config(options, callback) {`
change var SAML definition 2020-04-30 12:47:51 +02:00			`meta.settings.get('sso_saml', function(err, settings) {`
			`if (err) {`
			`return callback(null, options);`
			`}`
			`master_config = settings;`
			`options.sso_saml = settings;`
			`callback(null, options);`
			`});`
use proper class 2020-04-30 13:45:12 +02:00			`}`
change var SAML definition 2020-04-30 12:47:51 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`getStrategy(strategies, callback) {`
Doc and icons 2014-09-23 11:35:29 +02:00
I give up 2020-04-30 14:00:02 +02:00			`if (master_config.idp_entry_point && master_config.callback_path && master_config.issuer && master_config.metadata) {`
			`console.log("creating samlObj");`
			`samlObj = new passportSAML({`
			`path: master_config.callback_path,`
			`entryPoint: master_config.idp_entry_point,`
			`issuer: master_config.issuer,`
			`callbackUrl: nconf.get('url') + master_config.callback_path,`
			`disableRequestedAuthnContext: true,`
			`identifierFormat: null`
			`},`
			`function(profile, done) {`
			`console.log("[sso-saml] profile, ", profile);`
			`var user = {`
			`nameID: profile.nameID,`
			`nameIDFormat: profile.nameIDFormat,`
			`sn: profile['urn:oid:2.5.4.4'], // sn`
			`//sn: profile.sn,`
			`cn: profile['urn:oid:2.5.4.42'], // givenname`
			`//cn: profile.cn,`
			`//mail: profile.mail,`
			`//eduPersonAffiliation: profile.eduPersonAffiliation,`
			`email: profile.mail,`
			`//email: profile.email,`
			`username: profile['urn:oid:1.3.6.1.4.1.5923.1.1.1.2'], // eduPersonNickname`
			`//username: profile.eduPersonNickname`
			`};`

			`SAML.login(user,function(err, user) {`
			`if (err) {`
			`return done(err);`
			`}`
			`done(null, user);`
			`});`
			`}`
			`);`
			`}`

			`if (samlObj){`

			`if (master_config.metadata) {`
			`params.router.get(master_config.metadata, function(req, res) {`
			`if (master_config.server_crt){`
			`var cert = fs.readFileSync(master_config.server_crt, 'utf-8');`
			`res.header("Content-Type", "application/xml");`
			`res.send(samlObj.generateServiceProviderMetadata(cert))`
			`}`
			`else{`
			`res.send("No servercrt specified. Please enter it at nodebb admin panel.");`
			`}`
			`});`
			`}`

			`params.router.post(master_config.callback_path,`
			`passport.authenticate('saml'),`
			`function(req, res, next){`
			`if (master_config.login_redirect_url){`
			`res.redirect(master_config.login_redirect_url);`
			`}`
			`else{`
			`res.redirect("/");`
			`}`

			`}`

			`);`

			`if (master_config.logout_url) {`

			`params.router.get(master_config.logout_url,function(req,res){`
			`if (req.user && parseInt(req.user.uid, 10) > 0) {`
			`winston.info('[Auth] Session ' + req.sessionID + ' logout (uid: ' + req.user.uid + ')');`

			`var ws = module.parent.require('./socket.io');`
			`ws.logoutUser(req.user.uid);`

			`req.logout();`

			`if (master_config.logout_redirect_url){`
			`res.redirect(master_config.logout_redirect_url);`
			`}`
			`else{`
			`res.redirect("/");`
			`}`
			`}`


			`});`
			`}`

			`}`
			`else {`
			`console.log("[sso-saml] Cannot create samlObj");`
			`}`

initialize samlObj in getStrategy 2020-04-30 12:18:42 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`if (samlObj){`
Doc and icons 2014-09-23 11:35:29 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`passport.use(samlObj);`
First commit 2014-09-22 19:38:45 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`strategies.push({`
			`name: 'saml',`
			`url: '/auth/saml',`
			`callbackURL: master_config.callback_path,`
			`icon: constants.admin.icon,`
			`scope: ''`
			`});`
			`}`
First commit 2014-09-22 19:38:45 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`callback(null, strategies);`
use proper class 2020-04-30 13:45:12 +02:00			`}`
First commit 2014-09-22 19:38:45 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`login(userdata, callback) {`
First commit 2014-09-22 19:38:45 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`SAML.getUidBySAMLId(userdata.username, function(err, uid) {`
			`if(err) {`
			`return callback(err);`
			`}`
First commit 2014-09-22 19:38:45 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`if (uid !== null) {`
			`// Existing User`
First commit 2014-09-22 19:38:45 +02:00			`callback(null, {`
			`uid: uid`
			`});`
change var SAML definition 2020-04-30 12:47:51 +02:00			`}`
			`else {`
			`console.log(userdata);`
			`// New User`
			`user.create({`
			`username: userdata.username,`
			`email: userdata.email,`
			`fullname : userdata.first_name + " " + userdata.last_name`

			`}, function(err, uid) {`
			`if(err) {`
			`return callback(err);`
			`}`
			`user.setUserField(uid, 'samlid', userdata.username);`
			`db.setObjectField('samlid:uid', userdata.username, uid);`
First commit 2014-09-22 19:38:45 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`callback(null, {`
			`uid: uid`
			`});`
			`});`
			`}`
			`});`
use proper class 2020-04-30 13:45:12 +02:00			`}`
First commit 2014-09-22 19:38:45 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`getUidBySAMLId(samlid, callback) {`
change var SAML definition 2020-04-30 12:47:51 +02:00			`db.getObjectField('samlid:uid', samlid, function(err, uid) {`
			`if (err) {`
			`return callback(err);`
			`}`
			`callback(null, uid);`
			`});`
use proper class 2020-04-30 13:45:12 +02:00			`}`
First commit 2014-09-22 19:38:45 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`addMenuItem(custom_header, callback) {`
change var SAML definition 2020-04-30 12:47:51 +02:00			`custom_header.authentication.push({`
			`"route": constants.admin.route,`
			`"icon": constants.admin.icon,`
			`"name": constants.name`
			`});`
First commit 2014-09-22 19:38:45 +02:00
change var SAML definition 2020-04-30 12:47:51 +02:00			`callback(null, custom_header);`
use proper class 2020-04-30 13:45:12 +02:00			`}`
change var SAML definition 2020-04-30 12:47:51 +02:00
use proper class 2020-04-30 13:45:12 +02:00			`deleteUserData(uid, callback) {`
change var SAML definition 2020-04-30 12:47:51 +02:00			`async.waterfall([`
			`async.apply(user.getUserField, uid, 'samlid'),`
			`function(idToDelete, next) {`
			`db.deleteObjectField('samlid:uid', idToDelete, next);`
			`}`
			`], function(err) {`
			`if (err) {`
			`winston.error('[sso-saml] Could not remove user data for uid ' + uid + '. Error: ' + err);`
			`return callback(err);`
			`}`
			`callback(null, uid);`
			`});`
			`}`
First commit 2014-09-22 19:38:45 +02:00			`};`

use proper class 2020-04-30 13:45:12 +02:00			`var SAML = new SsoSaml();`
First commit 2014-09-22 19:38:45 +02:00			`module.exports = SAML;`
			`}(module));`