From 1f5476e912eb74d166accb322cc13ae932101d4f Mon Sep 17 00:00:00 2001 From: Anatol Sialitski Date: Mon, 4 Mar 2024 15:04:46 +0100 Subject: [PATCH] Return custom endpoints configuration #179 --- src/main/resources/idprovider/idprovider.js | 7 ++++++ .../lib/configFile/configProvider.js | 14 ++++++++--- src/main/resources/lib/login.js | 2 +- .../lib/configFile/configIdProvider-test.js | 25 +++++++++++-------- 4 files changed, 32 insertions(+), 16 deletions(-) diff --git a/src/main/resources/idprovider/idprovider.js b/src/main/resources/idprovider/idprovider.js index 604c53e..224bfab 100644 --- a/src/main/resources/idprovider/idprovider.js +++ b/src/main/resources/idprovider/idprovider.js @@ -68,6 +68,10 @@ function handleAuthenticationResponse(req) { } const idProviderConfig = configLib.getIdProviderConfig(); + if (!idProviderConfig.clientSecret) { + throw `Missing clientSecret configuration for ${idProviderConfig._idProviderName} ID Provider`; + } + const code = params.code; //https://tools.ietf.org/html/rfc6749#section-2.3.1 @@ -170,6 +174,9 @@ exports.logout = logout; exports.autoLogin = function (req) { const idProviderConfig = configLib.getIdProviderConfig(); + if (!idProviderConfig.jwksUri) { + return; + } const jwtToken = extractJwtToken(req, idProviderConfig); log.debug(`AutoLogin: JWT Token: ${jwtToken}`); diff --git a/src/main/resources/lib/configFile/configProvider.js b/src/main/resources/lib/configFile/configProvider.js index cffefb9..5aa2d70 100644 --- a/src/main/resources/lib/configFile/configProvider.js +++ b/src/main/resources/lib/configFile/configProvider.js @@ -25,8 +25,12 @@ exports.getIdProviderConfig = function (idProviderName) { displayName: rawIdProviderConfig[`${idProviderKeyBase}.displayName`] || null, description: rawIdProviderConfig[`${idProviderKeyBase}.description`] || null, - oidcWellKnownEndpoint: required(rawIdProviderConfig[`${idProviderKeyBase}.oidcWellKnownEndpoint`], 'oidcWellKnownEndpoint', - idProviderName), + oidcWellKnownEndpoint: rawIdProviderConfig[`${idProviderKeyBase}.oidcWellKnownEndpoint`] || null, + issuer: rawIdProviderConfig[`${idProviderKeyBase}.issuer`] || null, + authorizationUrl: rawIdProviderConfig[`${idProviderKeyBase}.authorizationUrl`] || null, + tokenUrl: rawIdProviderConfig[`${idProviderKeyBase}.tokenUrl`] || null, + userinfoUrl: rawIdProviderConfig[`${idProviderKeyBase}.userinfoUrl`] || null, + jwksUri: rawIdProviderConfig[`${idProviderKeyBase}.jwksUri`] || null, useUserinfo: defaultBooleanTrue(rawIdProviderConfig[`${idProviderKeyBase}.useUserinfo`]), method: rawIdProviderConfig[`${idProviderKeyBase}.method`] || 'post', scopes: parseStringArray(rawIdProviderConfig[`${idProviderKeyBase}.scopes`]).join(' ') || 'profile email', @@ -51,14 +55,16 @@ exports.getIdProviderConfig = function (idProviderName) { additionalEndpoints: extractPropertiesToArray(rawIdProviderConfig, `${idProviderKeyBase}.additionalEndpoints.`, ADDITIONAL_ENDPOINTS), autoLogin: { - createUser: defaultBooleanTrue(rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.createUser`]), + createUsers: defaultBooleanTrue(rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.createUsers`]), createSession: rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.createSession`] === 'true' || false, wsHeader: rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.wsHeader`] === 'true' || false, allowedAudience: parseStringArray(rawIdProviderConfig[`${idProviderKeyBase}.autoLogin.allowedAudience`]), }, }; - takeConfigurationFromWellKnownEndpoint(config); + if (config.oidcWellKnownEndpoint != null) { + takeConfigurationFromWellKnownEndpoint(config); + } validate(config, idProviderName); diff --git a/src/main/resources/lib/login.js b/src/main/resources/lib/login.js index bc037ce..4f06ca0 100644 --- a/src/main/resources/lib/login.js +++ b/src/main/resources/lib/login.js @@ -18,7 +18,7 @@ function login(token, tokenClaims, isAutoLogin) { let claims = isAutoLogin? tokenClaims : resolveClaims(idProviderConfig, token, tokenClaims); let wasUserCreated = false; if (!user) { - if (!isAutoLogin || idProviderConfig.autoLogin.createUser) { + if (!isAutoLogin || idProviderConfig.autoLogin.createUsers) { if (isAutoLogin) { claims = resolveClaims(idProviderConfig, token, tokenClaims); } diff --git a/src/test/resources/lib/configFile/configIdProvider-test.js b/src/test/resources/lib/configFile/configIdProvider-test.js index 016b44b..8742553 100644 --- a/src/test/resources/lib/configFile/configIdProvider-test.js +++ b/src/test/resources/lib/configFile/configIdProvider-test.js @@ -29,7 +29,11 @@ exports.testValidConfig = () => { 'idprovider.myidp.displayName': 'displayName', 'idprovider.myidp.description': 'description', - 'idprovider.myidp.oidcWellKnownEndpoint': 'wellKnownEndpoint', + 'idprovider.myidp.issuer': 'custom_issuer', + 'idprovider.myidp.authorizationUrl': 'custom_authorizationUrl', + 'idprovider.myidp.tokenUrl': 'custom_tokenUrl', + 'idprovider.myidp.userinfoUrl': 'custom_userinfoUrl', + 'idprovider.myidp.jwksUri': 'custom_jwksUri', 'idprovider.myidp.useUserinfo': 'false', 'idprovider.myidp.method': 'post', 'idprovider.myidp.scopes': 'name profile email nikname', @@ -56,7 +60,7 @@ exports.testValidConfig = () => { 'idprovider.myidp.rules.forceEmailVerification': 'true', - 'idprovider.myidp.autoLogin.createUser': 'true', + 'idprovider.myidp.autoLogin.createUsers': 'true', 'idprovider.myidp.autoLogin.createSession': 'true', 'idprovider.myidp.autoLogin.wsHeader': 'false', 'idprovider.myidp.autoLogin.allowedAudience': 'audience1 audience2 audience3 audience4', @@ -70,12 +74,11 @@ exports.testValidConfig = () => { test.assertEquals('displayName', config.displayName); test.assertEquals('description', config.description); - test.assertEquals('wellKnownEndpoint', config.oidcWellKnownEndpoint); - test.assertEquals('issuer', config.issuer); - test.assertEquals('authorizationUrl', config.authorizationUrl); - test.assertEquals('tokenUrl', config.tokenUrl); - test.assertEquals('jwksUri', config.jwksUri); - test.assertEquals('userinfoUrl', config.userinfoUrl); + test.assertEquals('custom_issuer', config.issuer); + test.assertEquals('custom_authorizationUrl', config.authorizationUrl); + test.assertEquals('custom_tokenUrl', config.tokenUrl); + test.assertEquals('custom_userinfoUrl', config.userinfoUrl); + test.assertEquals('custom_jwksUri', config.jwksUri); test.assertFalse(config.useUserinfo); test.assertEquals('post', config.method); test.assertEquals('name profile email nikname', config.scopes); @@ -96,7 +99,7 @@ exports.testValidConfig = () => { test.assertTrue(config.rules.forceEmailVerification); - test.assertTrue(config.autoLogin.createUser); + test.assertTrue(config.autoLogin.createUsers); test.assertTrue(config.autoLogin.createSession); test.assertFalse(config.autoLogin.wsHeader); test.assertJsonEquals(['audience1', 'audience2', 'audience3', 'audience4'], config.autoLogin.allowedAudience); @@ -148,14 +151,14 @@ exports.testDefaultConfigWithRequiredOptions = () => { test.assertFalse(config.rules.forceEmailVerification); - test.assertTrue(config.autoLogin.createUser); + test.assertTrue(config.autoLogin.createUsers); test.assertFalse(config.autoLogin.createSession); test.assertFalse(config.autoLogin.wsHeader); test.assertJsonEquals([], config.autoLogin.allowedAudience); }; exports.testValidateRequiredOptions = () => { - const options = ['oidcWellKnownEndpoint', 'issuer', 'authorizationUrl', 'tokenUrl']; + const options = ['issuer', 'authorizationUrl', 'tokenUrl']; const idProviderName = 'myidp'; const configuration = {};