Return custom endpoints configuration #179

enonic · Mar 5, 2024 · 1f5476e · 1f5476e
1 parent f08f76e
commit 1f5476e
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 16 deletions.
diff --git a/src/main/resources/idprovider/idprovider.js b/src/main/resources/idprovider/idprovider.js
@@ -68,6 +68,10 @@ function handleAuthenticationResponse(req) {
     }
 
     const idProviderConfig = configLib.getIdProviderConfig();
+    if (!idProviderConfig.clientSecret) {
+        throw `Missing clientSecret configuration for ${idProviderConfig._idProviderName} ID Provider`;
+    }
+
     const code = params.code;
 
     //https://tools.ietf.org/html/rfc6749#section-2.3.1
@@ -170,6 +174,9 @@ exports.logout = logout;
 
 exports.autoLogin = function (req) {
     const idProviderConfig = configLib.getIdProviderConfig();
+    if (!idProviderConfig.jwksUri) {
+        return;
+    }
 
     const jwtToken = extractJwtToken(req, idProviderConfig);
     log.debug(`AutoLogin: JWT Token: ${jwtToken}`);

diff --git a/src/main/resources/lib/configFile/configProvider.js b/src/main/resources/lib/configFile/configProvider.js
@@ -25,8 +25,12 @@ exports.getIdProviderConfig = function (idProviderName) {
         displayName: rawIdProviderConfig[`${idProviderKeyBase}.displayName`] || null,
         description: rawIdProviderConfig[`${idProviderKeyBase}.description`] || null,
 
-        oidcWellKnownEndpoint: required(rawIdProviderConfig[`${idProviderKeyBase}.oidcWellKnownEndpoint`], 'oidcWellKnownEndpoint',
-            idProviderName),
+        oidcWellKnownEndpoint: rawIdProviderConfig[`${idProviderKeyBase}.oidcWellKnownEndpoint`] || null,
+        issuer: rawIdProviderConfig[`${idProviderKeyBase}.issuer`] || null,
+        authorizationUrl: rawIdProviderConfig[`${idProviderKeyBase}.authorizationUrl`] || null,
+        tokenUrl: rawIdProviderConfig[`${idProviderKeyBase}.tokenUrl`] || null,
+        userinfoUrl: rawIdProviderConfig[`${idProviderKeyBase}.userinfoUrl`] || null,
+        jwksUri: rawIdProviderConfig[`${idProviderKeyBase}.jwksUri`] || null,
         useUserinfo: defaultBooleanTrue(rawIdProviderConfig[`${idProviderKeyBase}.useUserinfo`]),
         method: rawIdProviderConfig[`${idProviderKeyBase}.method`] || 'post',
         scopes: parseStringArray(rawIdProviderConfig[`${idProviderKeyBase}.scopes`]).join(' ') || 'profile email',
@@ -51,14 +55,16 @@ exports.getIdProviderConfig = function (idProviderName) {
         additionalEndpoints: extractPropertiesToArray(rawIdProviderConfig, `${idProviderKeyBase}.additionalEndpoints.`,
             ADDITIONAL_ENDPOINTS),
         autoLogin: {
-            createUser: defaultBooleanTrue(rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.createUser`]),
+            createUsers: defaultBooleanTrue(rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.createUsers`]),
             createSession: rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.createSession`] === 'true' || false,
             wsHeader: rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.wsHeader`] === 'true' || false,
             allowedAudience: parseStringArray(rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.allowedAudience`]),
         },
     };
 
-    takeConfigurationFromWellKnownEndpoint(config);
+    if (config.oidcWellKnownEndpoint != null) {
+        takeConfigurationFromWellKnownEndpoint(config);
+    }
 
     validate(config, idProviderName);
 

diff --git a/src/main/resources/lib/login.js b/src/main/resources/lib/login.js
@@ -18,7 +18,7 @@ function login(token, tokenClaims, isAutoLogin) {
     let claims = isAutoLogin? tokenClaims : resolveClaims(idProviderConfig, token, tokenClaims);
     let wasUserCreated = false;
     if (!user) {
-        if (!isAutoLogin || idProviderConfig.autoLogin.createUser) {
+        if (!isAutoLogin || idProviderConfig.autoLogin.createUsers) {
             if (isAutoLogin) {
                 claims = resolveClaims(idProviderConfig, token, tokenClaims);
             }

diff --git a/src/test/resources/lib/configFile/configIdProvider-test.js b/src/test/resources/lib/configFile/configIdProvider-test.js
@@ -29,7 +29,11 @@ exports.testValidConfig = () => {
                 'idprovider.myidp.displayName': 'displayName',
                 'idprovider.myidp.description': 'description',
 
-                'idprovider.myidp.oidcWellKnownEndpoint': 'wellKnownEndpoint',
+                'idprovider.myidp.issuer': 'custom_issuer',
+                'idprovider.myidp.authorizationUrl': 'custom_authorizationUrl',
+                'idprovider.myidp.tokenUrl': 'custom_tokenUrl',
+                'idprovider.myidp.userinfoUrl': 'custom_userinfoUrl',
+                'idprovider.myidp.jwksUri': 'custom_jwksUri',
                 'idprovider.myidp.useUserinfo': 'false',
                 'idprovider.myidp.method': 'post',
                 'idprovider.myidp.scopes': 'name  profile email     nikname',
@@ -56,7 +60,7 @@ exports.testValidConfig = () => {
 
                 'idprovider.myidp.rules.forceEmailVerification': 'true',
 
-                'idprovider.myidp.autoLogin.createUser': 'true',
+                'idprovider.myidp.autoLogin.createUsers': 'true',
                 'idprovider.myidp.autoLogin.createSession': 'true',
                 'idprovider.myidp.autoLogin.wsHeader': 'false',
                 'idprovider.myidp.autoLogin.allowedAudience': 'audience1 audience2   audience3      audience4',
@@ -70,12 +74,11 @@ exports.testValidConfig = () => {
 
     test.assertEquals('displayName', config.displayName);
     test.assertEquals('description', config.description);
-    test.assertEquals('wellKnownEndpoint', config.oidcWellKnownEndpoint);
-    test.assertEquals('issuer', config.issuer);
-    test.assertEquals('authorizationUrl', config.authorizationUrl);
-    test.assertEquals('tokenUrl', config.tokenUrl);
-    test.assertEquals('jwksUri', config.jwksUri);
-    test.assertEquals('userinfoUrl', config.userinfoUrl);
+    test.assertEquals('custom_issuer', config.issuer);
+    test.assertEquals('custom_authorizationUrl', config.authorizationUrl);
+    test.assertEquals('custom_tokenUrl', config.tokenUrl);
+    test.assertEquals('custom_userinfoUrl', config.userinfoUrl);
+    test.assertEquals('custom_jwksUri', config.jwksUri);
     test.assertFalse(config.useUserinfo);
     test.assertEquals('post', config.method);
     test.assertEquals('name profile email nikname', config.scopes);
@@ -96,7 +99,7 @@ exports.testValidConfig = () => {
 
     test.assertTrue(config.rules.forceEmailVerification);
 
-    test.assertTrue(config.autoLogin.createUser);
+    test.assertTrue(config.autoLogin.createUsers);
     test.assertTrue(config.autoLogin.createSession);
     test.assertFalse(config.autoLogin.wsHeader);
     test.assertJsonEquals(['audience1', 'audience2', 'audience3', 'audience4'], config.autoLogin.allowedAudience);
@@ -148,14 +151,14 @@ exports.testDefaultConfigWithRequiredOptions = () => {
 
     test.assertFalse(config.rules.forceEmailVerification);
 
-    test.assertTrue(config.autoLogin.createUser);
+    test.assertTrue(config.autoLogin.createUsers);
     test.assertFalse(config.autoLogin.createSession);
     test.assertFalse(config.autoLogin.wsHeader);
     test.assertJsonEquals([], config.autoLogin.allowedAudience);
 };
 
 exports.testValidateRequiredOptions = () => {
-    const options = ['oidcWellKnownEndpoint', 'issuer', 'authorizationUrl', 'tokenUrl'];
+    const options = ['issuer', 'authorizationUrl', 'tokenUrl'];
     const idProviderName = 'myidp';
     const configuration = {};