This commit is contained in:
Rory Powell 2021-07-08 13:12:25 +01:00
parent aa601f3701
commit db9078cebe
6 changed files with 115 additions and 100 deletions

View File

@ -11,14 +11,15 @@ async function authenticate(accessToken, refreshToken, profile, done) {
email: profile._json.email, email: profile._json.email,
oauth2: { oauth2: {
accessToken: accessToken, accessToken: accessToken,
refreshToken: refreshToken refreshToken: refreshToken,
} },
} }
return authenticateThirdParty( return authenticateThirdParty(
thirdPartyUser, thirdPartyUser,
true, // require local accounts to exist true, // require local accounts to exist
done) done
)
} }
/** /**

View File

@ -12,7 +12,6 @@ const { authenticateThirdParty } = require("./third-party-common")
* @param {*} idToken The id_token - always a JWT * @param {*} idToken The id_token - always a JWT
* @param {*} params The response body from requesting an access_token * @param {*} params The response body from requesting an access_token
* @param {*} done The passport callback: err, user, info * @param {*} done The passport callback: err, user, info
* @returns
*/ */
async function authenticate( async function authenticate(
issuer, issuer,
@ -34,14 +33,15 @@ async function authenticate(
email: getEmail(profile, jwtClaims), email: getEmail(profile, jwtClaims),
oauth2: { oauth2: {
accessToken: accessToken, accessToken: accessToken,
refreshToken: refreshToken refreshToken: refreshToken,
} },
} }
return authenticateThirdParty( return authenticateThirdParty(
thirdPartyUser, thirdPartyUser,
false, // don't require local accounts to exist false, // don't require local accounts to exist
done) done
)
} }
/** /**
@ -65,12 +65,15 @@ function getEmail(profile, jwtClaims) {
return username return username
} }
return null; return null
} }
function validEmail(value) { function validEmail(value) {
return ( return (
(value && !!value.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)) value &&
!!value.match(
/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
)
) )
} }
@ -92,7 +95,9 @@ exports.strategyFactory = async function (config, callbackUrl) {
const response = await fetch(configUrl) const response = await fetch(configUrl)
if (!response.ok) { if (!response.ok) {
throw new Error(`Unexpected response when fetching openid-configuration: ${response.statusText}`) throw new Error(
`Unexpected response when fetching openid-configuration: ${response.statusText}`
)
} }
const body = await response.json() const body = await response.json()
@ -110,7 +115,6 @@ exports.strategyFactory = async function (config, callbackUrl) {
}, },
authenticate authenticate
) )
} catch (err) { } catch (err) {
console.error(err) console.error(err)
throw new Error("Error constructing OIDC authentication strategy", err) throw new Error("Error constructing OIDC authentication strategy", err)

View File

@ -16,9 +16,12 @@ exports.authenticateThirdParty = async function (
requireLocalAccount = true, requireLocalAccount = true,
done done
) { ) {
if (!thirdPartyUser.provider) return authError(done, "third party user provider required") if (!thirdPartyUser.provider)
if (!thirdPartyUser.userId) return authError(done, "third party user id required") return authError(done, "third party user provider required")
if (!thirdPartyUser.email) return authError(done, "third party user email required") if (!thirdPartyUser.userId)
return authError(done, "third party user id required")
if (!thirdPartyUser.email)
return authError(done, "third party user email required")
const db = database.getDB(StaticDatabases.GLOBAL.name) const db = database.getDB(StaticDatabases.GLOBAL.name)
@ -32,7 +35,11 @@ exports.authenticateThirdParty = async function (
} catch (err) { } catch (err) {
// abort when not 404 error // abort when not 404 error
if (!err.status || err.status !== 404) { if (!err.status || err.status !== 404) {
return authError(done, "Unexpected error when retrieving existing user", err) return authError(
done,
"Unexpected error when retrieving existing user",
err
)
} }
// check user already exists by email // check user already exists by email
@ -43,7 +50,10 @@ exports.authenticateThirdParty = async function (
const userExists = users.rows.length > 0 const userExists = users.rows.length > 0
if (requireLocalAccount && !userExists) { if (requireLocalAccount && !userExists) {
return authError(done, "Email does not yet exist. You must set up your local budibase account first.") return authError(
done,
"Email does not yet exist. You must set up your local budibase account first."
)
} }
// create the user to save // create the user to save
@ -101,7 +111,7 @@ function constructNewUser(userId, thirdPartyUser) {
provider: thirdPartyUser.provider, provider: thirdPartyUser.provider,
providerType: thirdPartyUser.providerType, providerType: thirdPartyUser.providerType,
email: thirdPartyUser.email, email: thirdPartyUser.email,
roles: {} roles: {},
} }
// persist profile information // persist profile information
@ -110,14 +120,14 @@ function constructNewUser(userId, thirdPartyUser) {
// Is this okay to change? // Is this okay to change?
if (thirdPartyUser.profile) { if (thirdPartyUser.profile) {
user.thirdPartyProfile = { user.thirdPartyProfile = {
...thirdPartyUser.profile._json ...thirdPartyUser.profile._json,
} }
} }
// persist oauth tokens for future use // persist oauth tokens for future use
if (thirdPartyUser.oauth2) { if (thirdPartyUser.oauth2) {
user.oauth2 = { user.oauth2 = {
...thirdPartyUser.oauth2 ...thirdPartyUser.oauth2,
} }
} }