1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Allow oauth schemes provide a custom verify function

This commit is contained in:
Nick O'Leary 2017-04-21 21:17:18 +01:00
parent 7bd0943412
commit fb05960d79
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9

View File

@ -118,6 +118,21 @@ function revoke(req,res) {
});
}
function completeVerify(profile,done) {
Users.authenticate(profile).then(function(user) {
if (user) {
Tokens.create(user.username,"node-red-editor",user.permissions).then(function(tokens) {
log.audit({event: "auth.login",username:user.username,scope:user.permissions});
user.tokens = tokens;
done(null,user);
});
} else {
log.audit({event: "auth.login.fail.oauth",username:profile.id});
done(null,false);
}
});
}
module.exports = {
init: init,
needsPermission: needsPermission,
@ -134,8 +149,11 @@ module.exports = {
revoke: revoke,
oauthStrategy: function(adminApp,strategy) {
var session = require('express-session');
var crypto = require("crypto");
adminApp.use(session({
secret: 'keyboard cat', // TODO: pull this out
// As the session is only used across the life-span of an oauth
// hand-shake, we can use a instance specific random string
secret: crypto.randomBytes(20).toString('hex'),
resave: false,
saveUninitialized:false
}));
@ -144,20 +162,25 @@ module.exports = {
adminApp.use(passport.session());
var options = strategy.options;
passport.use(new strategy.strategy(options,
function(token, tokenSecret, profile, done) {
Users.authenticate(profile).then(function(user) {
if (user) {
Tokens.create(user.username,"node-red-editor",user.permissions).then(function(tokens) {
log.audit({event: "auth.login",username:user.username,scope:user.permissions});
user.tokens = tokens;
done(null,user);
});
function() {
var originalDone = arguments[arguments.length-1];
if (options.verify) {
var args = Array.prototype.slice.call(arguments);
args[args.length-1] = function(err,profile) {
if (err) {
return originalDone(err);
} else {
log.audit({event: "auth.login.fail.oauth",username:profile.id});
done(null,false);
return completeVerify(profile,originalDone);
}
});
};
options.verify.apply(null,args);
} else {
var profile = arguments[arguments.length - 2];
return completeVerify(profile,originalDone);
}
}
));