From 505ed2678985f7786af43c5aaa47989825f5f34d Mon Sep 17 00:00:00 2001 From: Christian Ulrich Date: Thu, 30 Apr 2020 12:47:51 +0200 Subject: [PATCH] change var SAML definition --- library.js | 368 +++++++++++++++++++++++++++-------------------------- 1 file changed, 185 insertions(+), 183 deletions(-) diff --git a/library.js b/library.js index a3274c6..aefb543 100644 --- a/library.js +++ b/library.js @@ -21,222 +21,224 @@ }); var master_config = {}; - var SAML = {}; var samlObj; - SAML.init = function(params, callback) { + var SAML = { - function render(req, res, next) { - res.render('admin/plugins/sso-saml', {}); - } + init: function(params, callback) { - meta.settings.get('sso_saml', function(err, options) { - console.log('[sso-saml] got options', options); - master_config = options; - }); - - params.router.get('/admin/plugins/sso-saml', params.middleware.admin.buildHeader, render); - params.router.get('/api/admin/plugins/sso-saml', render); - - console.log("[sso-saml] init done"); - callback(); - }; - - SAML.get_config = function(options, callback) { - meta.settings.get('sso_saml', function(err, settings) { - if (err) { - return callback(null, options); - } - master_config = settings; - options.sso_saml = settings; - callback(null, options); - }); - }; - - SAML.initSaml = function() { - if (master_config.idp_entry_point && master_config.callback_path && master_config.issuer && master_config.metadata) { - console.log("creating samlObj"); - samlObj = new passportSAML({ - path: master_config.callback_path, - entryPoint: master_config.idp_entry_point, - issuer: master_config.issuer, - callbackUrl: nconf.get('url') + master_config.callback_path, - disableRequestedAuthnContext: true, - identifierFormat: null - }, - function(profile, done) { - console.log("[sso-saml] profile, ", profile); - var user = { - nameID: profile.nameID, - nameIDFormat: profile.nameIDFormat, - sn: profile['urn:oid:2.5.4.4'], // sn - //sn: profile.sn, - cn: profile['urn:oid:2.5.4.42'], // givenname - //cn: profile.cn, - //mail: profile.mail, - //eduPersonAffiliation: profile.eduPersonAffiliation, - email: profile.mail, - //email: profile.email, - username: profile['urn:oid:1.3.6.1.4.1.5923.1.1.1.2'], // eduPersonNickname - //username: profile.eduPersonNickname - }; - - SAML.login(user,function(err, user) { - if (err) { - return done(err); - } - done(null, user); - }); - } - ); - } - - if (samlObj){ - - if (master_config.metadata) { - params.router.get(master_config.metadata, function(req, res) { - if (master_config.server_crt){ - var cert = fs.readFileSync(master_config.server_crt, 'utf-8'); - res.header("Content-Type", "application/xml"); - res.send(samlObj.generateServiceProviderMetadata(cert)) - } - else{ - res.send("No servercrt specified. Please enter it at nodebb admin panel."); - } - }); + function render(req, res, next) { + res.render('admin/plugins/sso-saml', {}); } - params.router.post(master_config.callback_path, - passport.authenticate('saml'), - function(req, res, next){ - if (master_config.login_redirect_url){ - res.redirect(master_config.login_redirect_url); - } - else{ - res.redirect("/"); - } + meta.settings.get('sso_saml', function(err, options) { + console.log('[sso-saml] got options', options); + master_config = options; + }); + params.router.get('/admin/plugins/sso-saml', params.middleware.admin.buildHeader, render); + params.router.get('/api/admin/plugins/sso-saml', render); + + console.log("[sso-saml] init done"); + callback(); + }, + + get_config: function(options, callback) { + meta.settings.get('sso_saml', function(err, settings) { + if (err) { + return callback(null, options); + } + master_config = settings; + options.sso_saml = settings; + callback(null, options); + }); + }, + + initSaml: function() { + if (master_config.idp_entry_point && master_config.callback_path && master_config.issuer && master_config.metadata) { + console.log("creating samlObj"); + samlObj = new passportSAML({ + path: master_config.callback_path, + entryPoint: master_config.idp_entry_point, + issuer: master_config.issuer, + callbackUrl: nconf.get('url') + master_config.callback_path, + disableRequestedAuthnContext: true, + identifierFormat: null + }, + function(profile, done) { + console.log("[sso-saml] profile, ", profile); + var user = { + nameID: profile.nameID, + nameIDFormat: profile.nameIDFormat, + sn: profile['urn:oid:2.5.4.4'], // sn + //sn: profile.sn, + cn: profile['urn:oid:2.5.4.42'], // givenname + //cn: profile.cn, + //mail: profile.mail, + //eduPersonAffiliation: profile.eduPersonAffiliation, + email: profile.mail, + //email: profile.email, + username: profile['urn:oid:1.3.6.1.4.1.5923.1.1.1.2'], // eduPersonNickname + //username: profile.eduPersonNickname + }; + + SAML.login(user,function(err, user) { + if (err) { + return done(err); + } + done(null, user); + }); + } + ); + } + + if (samlObj){ + + if (master_config.metadata) { + params.router.get(master_config.metadata, function(req, res) { + if (master_config.server_crt){ + var cert = fs.readFileSync(master_config.server_crt, 'utf-8'); + res.header("Content-Type", "application/xml"); + res.send(samlObj.generateServiceProviderMetadata(cert)) + } + else{ + res.send("No servercrt specified. Please enter it at nodebb admin panel."); + } + }); } - ); - - if (master_config.logout_url) { - - params.router.get(master_config.logout_url,function(req,res){ - if (req.user && parseInt(req.user.uid, 10) > 0) { - winston.info('[Auth] Session ' + req.sessionID + ' logout (uid: ' + req.user.uid + ')'); - - var ws = module.parent.require('./socket.io'); - ws.logoutUser(req.user.uid); - - req.logout(); - - if (master_config.logout_redirect_url){ - res.redirect(master_config.logout_redirect_url); + params.router.post(master_config.callback_path, + passport.authenticate('saml'), + function(req, res, next){ + if (master_config.login_redirect_url){ + res.redirect(master_config.login_redirect_url); } else{ res.redirect("/"); } + } + ); - }); - } + if (master_config.logout_url) { - } - else { - console.log("[sso-saml] Cannot create samlObj"); - } - }; + params.router.get(master_config.logout_url,function(req,res){ + if (req.user && parseInt(req.user.uid, 10) > 0) { + winston.info('[Auth] Session ' + req.sessionID + ' logout (uid: ' + req.user.uid + ')'); - SAML.getStrategy = function(strategies, callback) { + var ws = module.parent.require('./socket.io'); + ws.logoutUser(req.user.uid); - SAML.initSaml(); + req.logout(); - if (samlObj){ - - passport.use(samlObj); + if (master_config.logout_redirect_url){ + res.redirect(master_config.logout_redirect_url); + } + else{ + res.redirect("/"); + } + } - strategies.push({ - name: 'saml', - url: '/auth/saml', - callbackURL: master_config.callback_path, - icon: constants.admin.icon, - scope: '' - }); - } - callback(null, strategies); - }; + }); + } - SAML.login = function(userdata, callback) { - - SAML.getUidBySAMLId(userdata.username, function(err, uid) { - if(err) { - return callback(err); - } - - if (uid !== null) { - // Existing User - callback(null, { - uid: uid - }); } else { - console.log(userdata); - // New User - user.create({ - username: userdata.username, - email: userdata.email, - fullname : userdata.first_name + " " + userdata.last_name - - }, function(err, uid) { - if(err) { - return callback(err); - } - user.setUserField(uid, 'samlid', userdata.username); - db.setObjectField('samlid:uid', userdata.username, uid); + console.log("[sso-saml] Cannot create samlObj"); + } + }, + getStrategy: function(strategies, callback) { + + this.initSaml(); + + if (samlObj){ + + passport.use(samlObj); + + strategies.push({ + name: 'saml', + url: '/auth/saml', + callbackURL: master_config.callback_path, + icon: constants.admin.icon, + scope: '' + }); + } + + callback(null, strategies); + }, + + login: function(userdata, callback) { + + SAML.getUidBySAMLId(userdata.username, function(err, uid) { + if(err) { + return callback(err); + } + + if (uid !== null) { + // Existing User callback(null, { uid: uid }); - }); - } - }); - }; + } + else { + console.log(userdata); + // New User + user.create({ + username: userdata.username, + email: userdata.email, + fullname : userdata.first_name + " " + userdata.last_name - SAML.getUidBySAMLId = function(samlid, callback) { - db.getObjectField('samlid:uid', samlid, function(err, uid) { - if (err) { - return callback(err); - } - callback(null, uid); - }); - }; + }, function(err, uid) { + if(err) { + return callback(err); + } + user.setUserField(uid, 'samlid', userdata.username); + db.setObjectField('samlid:uid', userdata.username, uid); - SAML.addMenuItem = function(custom_header, callback) { - custom_header.authentication.push({ - "route": constants.admin.route, - "icon": constants.admin.icon, - "name": constants.name - }); + callback(null, { + uid: uid + }); + }); + } + }); + }, - callback(null, custom_header); - }; + getUidBySAMLId: function(samlid, callback) { + db.getObjectField('samlid:uid', samlid, function(err, uid) { + if (err) { + return callback(err); + } + callback(null, uid); + }); + }, - SAML.deleteUserData = function(uid, callback) { - async.waterfall([ - async.apply(user.getUserField, uid, 'samlid'), - function(idToDelete, next) { - db.deleteObjectField('samlid:uid', idToDelete, next); - } - ], function(err) { - if (err) { - winston.error('[sso-saml] Could not remove user data for uid ' + uid + '. Error: ' + err); - return callback(err); - } - callback(null, uid); - }); + addMenuItem: function(custom_header, callback) { + custom_header.authentication.push({ + "route": constants.admin.route, + "icon": constants.admin.icon, + "name": constants.name + }); + + callback(null, custom_header); + }, + + deleteUserData: function(uid, callback) { + async.waterfall([ + async.apply(user.getUserField, uid, 'samlid'), + function(idToDelete, next) { + db.deleteObjectField('samlid:uid', idToDelete, next); + } + ], function(err) { + if (err) { + winston.error('[sso-saml] Could not remove user data for uid ' + uid + '. Error: ' + err); + return callback(err); + } + callback(null, uid); + }); + } }; module.exports = SAML;