mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-23 17:19:37 +02:00
83 lines
3.0 KiB
JavaScript
83 lines
3.0 KiB
JavaScript
import logger from '@overleaf/logger'
|
|
import passport from 'passport'
|
|
import Settings from '@overleaf/settings'
|
|
import { readFilesContentFromEnv, numFromEnv, boolFromEnv } from '../../../utils.mjs'
|
|
import PermissionsManager from '../../../../../app/src/Features/Authorization/PermissionsManager.js'
|
|
import OIDCAuthenticationController from './OIDCAuthenticationController.mjs'
|
|
import { Strategy as OIDCStrategy } from 'passport-openidconnect'
|
|
|
|
const OIDCModuleManager = {
|
|
initSettings() {
|
|
let providerId = process.env.OVERLEAF_OIDC_PROVIDER_ID || 'oidc'
|
|
Settings.oidc = {
|
|
enable: true,
|
|
providerId: providerId,
|
|
identityServiceName: process.env.OVERLEAF_OIDC_IDENTITY_SERVICE_NAME || `Log in with ${Settings.oauthProviders[providerId].name}`,
|
|
attUserId: process.env.OVERLEAF_OIDC_USER_ID_FIELD || 'id',
|
|
attAdmin: process.env.OVERLEAF_OIDC_IS_ADMIN_FIELD,
|
|
valAdmin: process.env.OVERLEAF_OIDC_IS_ADMIN_FIELD_VALUE,
|
|
updateUserDetailsOnLogin: boolFromEnv(process.env.OVERLEAF_OIDC_UPDATE_USER_DETAILS_ON_LOGIN),
|
|
}
|
|
},
|
|
passportSetup(passport, callback) {
|
|
const oidcOptions = {
|
|
issuer: process.env.OVERLEAF_OIDC_ISSUER,
|
|
authorizationURL: process.env.OVERLEAF_OIDC_AUTHORIZATION_URL,
|
|
tokenURL: process.env.OVERLEAF_OIDC_TOKEN_URL,
|
|
userInfoURL: process.env.OVERLEAF_OIDC_USER_INFO_URL,
|
|
clientID: process.env.OVERLEAF_OIDC_CLIENT_ID,
|
|
clientSecret: process.env.OVERLEAF_OIDC_CLIENT_SECRET,
|
|
callbackURL: `${Settings.siteUrl.replace(/\/+$/, '')}/oidc/login/callback`,
|
|
scope: process.env.OVERLEAF_OIDC_SCOPE || 'openid profile email',
|
|
passReqToCallback: true,
|
|
}
|
|
try {
|
|
passport.use(
|
|
new OIDCStrategy(
|
|
oidcOptions,
|
|
OIDCAuthenticationController.doPassportLogin
|
|
)
|
|
)
|
|
callback(null)
|
|
} catch (error) {
|
|
callback(error)
|
|
}
|
|
},
|
|
initPolicy() {
|
|
try {
|
|
PermissionsManager.registerCapability('change-password', { default : true })
|
|
} catch (error) {
|
|
logger.info({}, error.message)
|
|
}
|
|
const oidcPolicyValidator = async ({ user, subscription }) => {
|
|
// If user is not logged in, user.externalAuth is undefined,
|
|
// in this case allow to change password if the user has a hashedPassword
|
|
return user.externalAuth === 'oidc' || (user.externalAuth === undefined && !user.hashedPassword)
|
|
}
|
|
try {
|
|
PermissionsManager.registerPolicy(
|
|
'oidcPolicy',
|
|
{ 'change-password' : false },
|
|
{ validator: oidcPolicyValidator }
|
|
)
|
|
} catch (error) {
|
|
logger.info({}, error.message)
|
|
}
|
|
},
|
|
|
|
getGroupPolicyForUser(user, callback) {
|
|
PermissionsManager.promises.getUserValidationStatus({
|
|
user,
|
|
groupPolicy : { 'oidcPolicy' : true },
|
|
subscription : null
|
|
}).then(userValidationMap => {
|
|
let groupPolicy = Object.fromEntries(userValidationMap)
|
|
callback(null, { groupPolicy })
|
|
}).catch(error => {
|
|
callback(error)
|
|
})
|
|
},
|
|
}
|
|
|
|
export default OIDCModuleManager
|