gristlabs_grist-core/app/server/lib/DiscourseConnect.ts
Dmitry S 1517dca644 (core) Implement DiscourseConnect to enable easy sign-in to community forum
Summary:
- Update cookie module, to support modern sameSite settings
- Add a new cookie, grist_sid_status with less-sensitive value, to let less-trusted subdomains know if user is signed in
- The new cookie is kept in-sync with the session cookie.
- For a user signed in once, allow auto-signin is appropriate.
- For a user signed in with multiple accounts, show a page to select which account to use.
- Move css stylings for rendering users to a separate module.

Test Plan: Added a test case with a simulated Discourse page to test redirects and account-selection page.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D3047
2021-10-01 11:24:22 -04:00

108 lines
4.6 KiB
TypeScript

/**
* Endpoint to support DiscourseConnect, to allow users to use their Grist logins for the
* Grist Community Forum.
*
* Adds one endpoint:
* - /discourse-connect: sends signed user info in a redirect to DISCOURSE_SITE.
*
* Expects environment variables:
* - DISCOURSE_SITE: URL of the Discourse site to which to redirect back.
* - DISCOURSE_CONNECT_SECRET: Secret for checking and adding signatures.
*
* This follows documentation at
* https://meta.discourse.org/t/discourseconnect-official-single-sign-on-for-discourse-sso/13045
* The recommended Discourse configuration includes:
* - enable discourse connect: true
* - discourse connect url: GRIST_SITE/discourse-connect
* - discourse connect secret: DISCOURSE_CONNECT_SECRET
* - logout redirect (in Users): GRIST_SITE/logout?next=DISCOURSE_SITE
*/
import type {Express, NextFunction, Request, RequestHandler, Response} from 'express';
import type {RequestWithLogin} from 'app/server/lib/Authorizer';
import {expressWrap} from 'app/server/lib/expressWrap';
import * as crypto from 'crypto';
const DISCOURSE_CONNECT_SECRET = process.env.DISCOURSE_CONNECT_SECRET;
const DISCOURSE_SITE = process.env.DISCOURSE_SITE;
// A hook for dependency injection. Allows tests to override these variables on the fly.
export const Deps = {DISCOURSE_CONNECT_SECRET, DISCOURSE_SITE};
// Calculate payload signature using the given secret.
function calcSignature(payload: string, secret: string) {
return crypto.createHmac('sha256', secret).update(payload).digest('hex');
}
// Check configuration and signature of the Discourse nonce in the request.
function checkParams(req: Request, resp: Response, next: NextFunction) {
if (!Deps.DISCOURSE_SITE || !Deps.DISCOURSE_CONNECT_SECRET) {
throw new Error('DiscourseConnect not configured');
}
const payload = String(req.query.sso || '');
const signature = String(req.query.sig || '');
if (calcSignature(payload, Deps.DISCOURSE_CONNECT_SECRET) !== signature) {
throw new Error('Invalid signature for Discourse SSO request');
}
const params = new URLSearchParams(Buffer.from(payload, 'base64').toString('utf8'));
const nonce = params.get('nonce');
if (!nonce) {
throw new Error('Invalid request for Discourse SSO');
}
(req as any).discourseConnectNonce = nonce;
next();
}
// Respond to the DiscourseConnect request by redirecting back to discourse, including the user
// info and a signature into the URL parameters.
function discourseConnect(req: Request, resp: Response) {
const mreq = req as RequestWithLogin;
const nonce: string|undefined = (req as any).discourseConnectNonce;
if (!nonce) {
throw new Error('Invalid request for Discourse SSO');
}
if (!mreq.userIsAuthorized || !mreq.user?.loginEmail) {
throw new Error('User is not authenticated');
}
if (!req.query.user && mreq.users && mreq.users.length > 1) {
const origUrl = new URL(req.originalUrl, `${req.protocol}://${req.get('host')}`);
const redirectUrl = new URL('/welcome/select-account', `${req.protocol}://${req.get('host')}`);
redirectUrl.searchParams.set('next', origUrl.toString());
return resp.redirect(redirectUrl.toString());
}
const responseObj: {[key: string]: string} = {
nonce,
email: mreq.user.loginEmail,
// We don't treat user IDs as secret, so use the same ID with Discourse directly.
external_id: String(mreq.user.id),
// We could specify the username (used for @ mentions), but let Discourse create one for us
// (it bases it on name or email). The user can change it within Discourse.
// username,
name: mreq.user.name,
...(mreq.user.picture ? {avatar_url: mreq.user.picture} : {}),
suppress_welcome_message: 'true',
};
const responseString = new URLSearchParams(responseObj).toString();
const responsePayload = Buffer.from(responseString, 'utf8').toString('base64');
const responseSignature = calcSignature(responsePayload, Deps.DISCOURSE_CONNECT_SECRET!);
const redirectUrl = new URL('/session/sso_login', Deps.DISCOURSE_SITE);
redirectUrl.search = new URLSearchParams({sso: responsePayload, sig: responseSignature}).toString();
return resp.redirect(redirectUrl.toString());
}
/**
* Attach the endpoint for /discourse-connect, as documented at
* https://meta.discourse.org/t/discourseconnect-official-single-sign-on-for-discourse-sso/13045
*/
export function addDiscourseConnectEndpoints(app: Express, options: {
userIdMiddleware: RequestHandler,
redirectToLogin: RequestHandler,
}) {
app.get('/discourse-connect',
expressWrap(checkParams), // Check early, to fail early if Discourse is misconfigured.
options.userIdMiddleware,
options.redirectToLogin,
expressWrap(discourseConnect)
);
}