Add OpenID to CodiMD

With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2025-05-15 07:34:42 -04:00 · 2017-08-31 23:33:55 +02:00 · 2017-08-31 23:33:55 +02:00 · 9f9c4089be
commit 9f9c4089be
parent 32af96aa37
8 changed files with 91 additions and 4 deletions
--- a/lib/web/auth/index.js
+++ b/lib/web/auth/index.js
@ -45,6 +45,7 @@ if (config.isLDAPEnable) authRouter.use(require('./ldap'))
 if (config.isSAMLEnable) authRouter.use(require('./saml'))
 if (config.isOAuth2Enable) authRouter.use(require('./oauth2'))
 if (config.isEmailEnable) authRouter.use(require('./email'))
+if (config.isOpenIDEnable) authRouter.use(require('./openid'))

 // logout
 authRouter.get('/logout', function (req, res) {
--- a/lib/web/auth/openid/index.js
+++ b/lib/web/auth/openid/index.js
@ -0,0 +1,61 @@
+'use strict'
+
+const Router = require('express').Router
+const passport = require('passport')
+const OpenIDStrategy = require('@passport-next/passport-openid').Strategy
+const config = require('../../../config')
+const models = require('../../../models')
+const logger = require('../../../logger')
+const {urlencodedParser} = require('../../utils')
+const {setReturnToFromReferer} = require('../utils')
+
+let openIDAuth = module.exports = Router()
+
+passport.use(new OpenIDStrategy({
+  returnURL: config.serverURL + '/auth/openid/callback',
+  realm: config.serverURL,
+  profile: true
+}, function (openid, profile, done) {
+  var stringifiedProfile = JSON.stringify(profile)
+  models.User.findOrCreate({
+    where: {
+      profileid: openid
+    },
+    defaults: {
+      profile: stringifiedProfile
+    }
+  }).spread(function (user, created) {
+    if (user) {
+      var needSave = false
+      if (user.profile !== stringifiedProfile) {
+        user.profile = stringifiedProfile
+        needSave = true
+      }
+      if (needSave) {
+        user.save().then(function () {
+          if (config.debug) { logger.info('user login: ' + user.id) }
+          return done(null, user)
+        })
+      } else {
+        if (config.debug) { logger.info('user login: ' + user.id) }
+        return done(null, user)
+      }
+    }
+  }).catch(function (err) {
+    logger.error('auth callback failed: ' + err)
+    return done(err, null)
+  })
+}))
+
+openIDAuth.post('/auth/openid', urlencodedParser, function (req, res, next) {
+  setReturnToFromReferer(req)
+  passport.authenticate('openid')(req, res, next)
+})
+
+// openID auth callback
+openIDAuth.get('/auth/openid/callback',
+  passport.authenticate('openid', {
+    successReturnToOrRedirect: config.serverurl + '/',
+    failureRedirect: config.serverurl + '/'
+  })
+)