starred/stf-DeviceFarmer
1
0
Fork 0
mirror of https://github.com/DeviceFarmer/stf.git synced 2026-04-18 16:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f54e4020656b1ef4634647e55a18c4bf762e7ae
stf-DeviceFarmer/lib/units/auth/openid.js
Denis Barbaron 2f54e40206 Upgrading STF for security reasons (#813) 
* Upgrading STF for security reasons

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

* update semaphore files

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

* upgrading STF for security reasons v2

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

* update yarn.lock file

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

---------

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
2024-11-22 11:41:20 +01:00

82 lines
2.2 KiB
JavaScript
Raw Blame History

/**
* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
**/
var http = require('http')
var openid = require('openid')
var express = require('express')
var urljoin = require('url-join')
var logger = require('../../util/logger')
var jwtutil = require('../../util/jwtutil')
var urlutil = require('../../util/urlutil')
module.exports = function(options) {
var extensions = [new openid.SimpleRegistration({
email: true
, fullname: true
})]
var relyingParty = new openid.RelyingParty(
urljoin(options.appUrl, '/auth/openid/verify')
, null // Realm (optional, specifies realm for OpenID authentication)
, false // Use stateless verification
, false // Strict mode
, extensions)
var log = logger.createLogger('auth-openid')
var app = express()
app.set('strict routing', true)
app.set('case sensitive routing', true)
app.disable('x-powered-by')
app.get('/', function(req, res) {
res.redirect('/auth/openid/')
})
app.get('/auth/openid/', function(req, res) {
log.info('openid identifier url: %s', options.openid.identifierUrl)
relyingParty.authenticate(options.openid.identifierUrl, false, function(err, authUrl) {
if (err) {
res.send('Authentication failed')
}
else if (!authUrl) {
res.send('Authentication failed')
}
else {
log.info('redirect to authUrl: %s', options.openid.identifierUrl)
res.redirect(authUrl)
}
})
})
app.get('/auth/openid/verify', function(req, res) {
log.setLocalIdentifier(req.ip)
relyingParty.verifyAssertion(req, function(err, result) {
log.info('openid verify assertion')
if (err || !result.authenticated) {
res.send('Authentication failed')
return
}
var email = req.query['openid.sreg.email']
var name = req.query['openid.sreg.fullname']
log.info('Authenticated "%s:%s"', name, email)
var token = jwtutil.encode({
payload: {
email: email
, name: name
}
, secret: options.secret
})
res.redirect(urlutil.addParams(options.appUrl, {jwt: token}))
})
})
http.createServer(app).listen(options.port)
log.info('Listening on port %d', options.port)
}
Reference in New Issue View Git Blame Copy Permalink