jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

oidc: Initial auth against our userdb is working

Browse Source
This commit is contained in:
Johannes Zellner
2023-03-13 17:01:52 +01:00
parent 57689ffdf4
commit 3b9336d3c9
1 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/oidc.js
View File

@@ -10,6 +10,10 @@ const assert = require('assert'),
fs = require('fs'),
path = require('path'),
paths = require('./paths.js'),
BoxError = require('./boxerror.js'),
HttpError = require('connect-lastmile').HttpError,
users = require('./users.js'),
safe = require('safetydance'),
settings = require('./settings.js');
class CloudronAdapter {
@@ -317,14 +321,28 @@ function attachInteractionRoutes(routePrefix, app, provider) {
try {
const { uid, prompt: { name } } = await provider.interactionDetails(req, res);
debug(`route interaction login post uid:${uid} prompt.name:${name} login:${req.body.login}`);
debug(`route interaction login post uid:${uid} prompt.name:${name}`, req.body);
assert.equal(name, 'login');
const account = await Account.findByLogin(req.body.login);
if (!req.body.username || typeof req.body.username !== 'string') return next(new HttpError(400, 'A username must be non-empty string'));
if (!req.body.password || typeof req.body.password !== 'string') return next(new HttpError(400, 'A password must be non-empty string'));
if ('totpToken' in req.body && typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a string' ));
const { username, password, totpToken } = req.body;
const verifyFunc = username.indexOf('@') === -1 ? users.verifyWithUsername : users.verifyWithEmail;
let [error, user] = await safe(verifyFunc(username, password, users.AP_WEBADMIN, { totpToken }));
if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new HttpError(401, error.message));
if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
if (error) return next(new HttpError(500, error));
if (!user) return next(new HttpError(401, 'Unauthorized'));
// TODO we may have to check what else the Account class provides, in which case we have to map those things
const result = {
login: {
accountId: account.accountId,
accountId: user.id,
},
};