codimd/lib/auth/oauth2/index.js

'use strict'

const Router = require('express').Router
const passport = require('passport')

const config = require('../../config')
const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
const { OAuth2CustomStrategy } = require('./strategy')

const oauth2Auth = module.exports = Router()

passport.use(new OAuth2CustomStrategy({
  authorizationURL: config.oauth2.authorizationURL,
  tokenURL: config.oauth2.tokenURL,
  clientID: config.oauth2.clientID,
  clientSecret: config.oauth2.clientSecret,
  callbackURL: config.serverURL + '/auth/oauth2/callback',
  userProfileURL: config.oauth2.userProfileURL,
  state: config.oauth2.state,
  scope: config.oauth2.scope
}, passportGeneralCallback))

oauth2Auth.get('/auth/oauth2', function (req, res, next) {
  setReturnToFromReferer(req)
  passport.authenticate('oauth2')(req, res, next)
})

// github auth callback
oauth2Auth.get('/auth/oauth2/callback',
  passport.authenticate('oauth2', {
    successReturnToOrRedirect: config.serverURL + '/',
    failureRedirect: config.serverURL + '/'
  })
)
Add support for generic OAuth2 providers Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch> 2017-06-27 19:08:05 +02:00			`'use strict'`

			`const Router = require('express').Router`
			`const passport = require('passport')`
fix: extractProfileAttribute not working correctly Signed-off-by: BoHong Li <raccoon@hackmd.io> 2020-02-27 23:49:05 +08:00
refactor: remove web folder Signed-off-by: BoHong Li <raccoon@hackmd.io> 2020-01-05 06:30:23 +08:00			`const config = require('../../config')`
refactor: fix lint warning on lib/auth Signed-off-by: BoHong Li <a60814billy@gmail.com> 2019-04-12 17:58:06 +08:00			`const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')`
fix: extractProfileAttribute not working correctly Signed-off-by: BoHong Li <raccoon@hackmd.io> 2020-02-27 23:49:05 +08:00			`const { OAuth2CustomStrategy } = require('./strategy')`
Add support for generic OAuth2 providers Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch> 2017-06-27 19:08:05 +02:00
refactor: fix lint on lib/web/auth/oauth2/index.js Signed-off-by: BoHong Li <raccoon@hackmd.io> 2019-08-02 00:59:38 +08:00			`const oauth2Auth = module.exports = Router()`
Add support for generic OAuth2 providers Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch> 2017-06-27 19:08:05 +02:00
			`passport.use(new OAuth2CustomStrategy({`
			`authorizationURL: config.oauth2.authorizationURL,`
			`tokenURL: config.oauth2.tokenURL,`
			`clientID: config.oauth2.clientID,`
			`clientSecret: config.oauth2.clientSecret,`
			`callbackURL: config.serverURL + '/auth/oauth2/callback',`
feat: support customize scope in OAuth2 provider Signed-off-by: BoHong Li <raccoon@hackmd.io> 2020-02-28 02:13:58 +08:00			`userProfileURL: config.oauth2.userProfileURL,`
fix: add state parameter for oauth2 state parameter is recommended with oauth2 authentification to mitigate CSRF attacks (see [1]). hydra [2] will throw the following error message if state is missing: description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy." [1]: https://auth0.com/docs/protocols/oauth2/oauth-state [2]: https://www.ory.sh/hydra/ Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com> 2020-05-11 15:57:58 +02:00			`state: config.oauth2.state,`
feat: support customize scope in OAuth2 provider Signed-off-by: BoHong Li <raccoon@hackmd.io> 2020-02-28 02:13:58 +08:00			`scope: config.oauth2.scope`
Add support for generic OAuth2 providers Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch> 2017-06-27 19:08:05 +02:00			`}, passportGeneralCallback))`

			`oauth2Auth.get('/auth/oauth2', function (req, res, next) {`
			`setReturnToFromReferer(req)`
			`passport.authenticate('oauth2')(req, res, next)`
			`})`

			`// github auth callback`
			`oauth2Auth.get('/auth/oauth2/callback',`
			`passport.authenticate('oauth2', {`
Fix typo Signed-off-by: CloudYu <cloudyu322@gmail.com> 2018-11-27 22:13:18 +08:00			`successReturnToOrRedirect: config.serverURL + '/',`
			`failureRedirect: config.serverURL + '/'`
Add support for generic OAuth2 providers Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch> 2017-06-27 19:08:05 +02:00			`})`
			`)`