1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Allow oauth schemes provide a custom verify function

This commit is contained in:
Nick O'Leary 2017-04-21 21:17:18 +01:00
parent 7bd0943412
commit fb05960d79
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9

View File

@ -118,6 +118,21 @@ function revoke(req,res) {
}); });
} }
function completeVerify(profile,done) {
Users.authenticate(profile).then(function(user) {
if (user) {
Tokens.create(user.username,"node-red-editor",user.permissions).then(function(tokens) {
log.audit({event: "auth.login",username:user.username,scope:user.permissions});
user.tokens = tokens;
done(null,user);
});
} else {
log.audit({event: "auth.login.fail.oauth",username:profile.id});
done(null,false);
}
});
}
module.exports = { module.exports = {
init: init, init: init,
needsPermission: needsPermission, needsPermission: needsPermission,
@ -134,8 +149,11 @@ module.exports = {
revoke: revoke, revoke: revoke,
oauthStrategy: function(adminApp,strategy) { oauthStrategy: function(adminApp,strategy) {
var session = require('express-session'); var session = require('express-session');
var crypto = require("crypto");
adminApp.use(session({ adminApp.use(session({
secret: 'keyboard cat', // TODO: pull this out // As the session is only used across the life-span of an oauth
// hand-shake, we can use a instance specific random string
secret: crypto.randomBytes(20).toString('hex'),
resave: false, resave: false,
saveUninitialized:false saveUninitialized:false
})); }));
@ -144,20 +162,25 @@ module.exports = {
adminApp.use(passport.session()); adminApp.use(passport.session());
var options = strategy.options; var options = strategy.options;
passport.use(new strategy.strategy(options, passport.use(new strategy.strategy(options,
function(token, tokenSecret, profile, done) { function() {
Users.authenticate(profile).then(function(user) { var originalDone = arguments[arguments.length-1];
if (user) { if (options.verify) {
Tokens.create(user.username,"node-red-editor",user.permissions).then(function(tokens) { var args = Array.prototype.slice.call(arguments);
log.audit({event: "auth.login",username:user.username,scope:user.permissions}); args[args.length-1] = function(err,profile) {
user.tokens = tokens; if (err) {
done(null,user); return originalDone(err);
}); } else {
} else { return completeVerify(profile,originalDone);
log.audit({event: "auth.login.fail.oauth",username:profile.id}); }
done(null,false); };
} options.verify.apply(null,args);
}); } else {
var profile = arguments[arguments.length - 2];
return completeVerify(profile,originalDone);
}
} }
)); ));