mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 22:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(saml): adapt for new package @node-saml/passport-saml

Browse source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2025-02-14 01:53:41 +01:00
parent 38578f2b4c
commit 1a5030dbc1
1 changed files with 99 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

42
lib/web/auth/saml/index.js
View file

@ -2,7 +2,7 @@
const Router = require('express').Router const Router = require('express').Router
const passport = require('passport') const passport = require('passport')
const SamlStrategy = require('passport-saml').Strategy const SamlStrategy = require('@node-saml/passport-saml').Strategy
const config = require('../../../config') const config = require('../../../config')
const models = require('../../../models') const models = require('../../../models')
const logger = require('../../../logger') const logger = require('../../../logger')
@ -12,7 +12,9 @@ const intersection = function (array1, array2) { return array1.filter((n) => arr
const samlAuth = module.exports = Router() const samlAuth = module.exports = Router()
passport.use(new SamlStrategy({ passport.use(
new SamlStrategy(
{
callbackUrl: config.serverURL + '/auth/saml/callback', callbackUrl: config.serverURL + '/auth/saml/callback',
entryPoint: config.saml.idpSsoUrl, entryPoint: config.saml.idpSsoUrl,
issuer: config.saml.issuer || config.serverURL, issuer: config.saml.issuer || config.serverURL,
@ -25,7 +27,7 @@ passport.use(new SamlStrategy({
logger.error(`SAML client certificate: ${e.message}`) logger.error(`SAML client certificate: ${e.message}`)
} }
}()), }()),
cert: (function () { idpCert: (function () {
try { try {
return fs.readFileSync(config.saml.idpCert, 'utf-8') return fs.readFileSync(config.saml.idpCert, 'utf-8')
} catch (e) { } catch (e) {
@ -35,7 +37,9 @@ passport.use(new SamlStrategy({
}()), }()),
identifierFormat: config.saml.identifierFormat, identifierFormat: config.saml.identifierFormat,
disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext disableRequestedAuthnContext: config.saml.disableRequestedAuthnContext
}, function (user, done) { },
// sign-in
function (user, done) {
// check authorization if needed // check authorization if needed
if (config.saml.externalGroups && config.saml.groupAttribute) { if (config.saml.externalGroups && config.saml.groupAttribute) {
const externalGroups = intersection(config.saml.externalGroups, user[config.saml.groupAttribute]) const externalGroups = intersection(config.saml.externalGroups, user[config.saml.groupAttribute])
@ -90,20 +94,38 @@ passport.use(new SamlStrategy({
logger.error('saml auth failed: ' + err.message) logger.error('saml auth failed: ' + err.message)
return done(err, null) return done(err, null)
}) })
})) },
// logout
function (profile, done) {
return done(null, profile)
}
)
)
samlAuth.get('/auth/saml', samlAuth.get('/auth/saml',
passport.authenticate('saml', { passport.authenticate('saml', {
successReturnToOrRedirect: config.serverURL + '/', failureRedirect: config.serverURL + '/',
failureRedirect: config.serverURL + '/' failureFlash: true
}) }),
function (req, res) {
res.redirect('/')
}
) )
samlAuth.post('/auth/saml/callback', urlencodedParser, samlAuth.use('/auth/saml/callback', urlencodedParser,
function (req, res, next) {
if (req.method !== 'GET' && req.method !== 'POST') {
return res.status(405).end()
}
return next()
},
passport.authenticate('saml', { passport.authenticate('saml', {
successReturnToOrRedirect: config.serverURL + '/', successReturnToOrRedirect: config.serverURL + '/',
failureRedirect: config.serverURL + '/' failureRedirect: config.serverURL + '/'
}) }),
function (req, res) {
res.redirect('/')
}
) )
samlAuth.get('/auth/saml/metadata', function (req, res) { samlAuth.get('/auth/saml/metadata', function (req, res) {