Add support for OpenID connect!!

2020-08-13 01:56:33 -05:00
parent 455e78bf14
commit d75944644a
21 changed files with 1313 additions and 19 deletions
--- a/app/controllers/api/v1/App.controller.js
+++ b/app/controllers/api/v1/App.controller.js
@@ -115,6 +115,28 @@ class AppController extends Controller {
            application.oauth_client_ids = oauth_client_ids
        }

+        // Verify OpenID client IDs
+        const OpenIDClient = this.models.get('openid:Client')
+        if ( req.body.openid_client_ids ) {
+            const parsed = typeof req.body.openid_client_ids === 'string' ? this.utility.infer(req.body.openid_client_ids) : req.body.openid_client_ids
+            const openid_client_ids = Array.isArray(parsed) ? parsed : [parsed]
+            for ( const id of openid_client_ids ) {
+                const client = await OpenIDClient.findById(id)
+                if ( !client )
+                    return res.status(400)
+                        .message(`${req.T('api.invalid_oauth_client_id')} ${id}`)
+                        .api()
+
+                const other_assoc_app = await Application.findOne({ openid_client_ids: client.id })
+                if ( other_assoc_app )
+                    return res.status(400) // TODO translate this
+                        .message(`The OpenID Connect client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`)
+                        .api()
+            }
+
+            application.openid_client_ids = openid_client_ids
+        }
+
        // Verify SAML service provider IDs
        const ServiceProvider = this.models.get('saml:ServiceProvider')
        if ( req.body.saml_service_provider_ids ) {
@@ -220,6 +242,28 @@ class AppController extends Controller {
            application.oauth_client_ids = oauth_client_ids
        } else application.oauth_client_ids = []

+        // Verify OpenID client IDs
+        const OpenIDClient = this.models.get('openid:Client')
+        if ( req.body.openid_client_ids ) {
+            const parsed = typeof req.body.openid_client_ids === 'string' ? this.utility.infer(req.body.openid_client_ids) : req.body.openid_client_ids
+            const openid_client_ids = Array.isArray(parsed) ? parsed : [parsed]
+            for ( const id of openid_client_ids ) {
+                const client = await OpenIDClient.findById(id)
+                if ( !client )
+                    return res.status(400)
+                        .message(`${req.T('api.invalid_oauth_client_id')} ${id}`)
+                        .api()
+
+                const other_assoc_app = await Application.findOne({ openid_client_ids: client.id })
+                if ( other_assoc_app && other_assoc_app.id !== application.id )
+                    return res.status(400) // TODO translate this
+                        .message(`The OpenID Connect client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`)
+                        .api()
+            }
+
+            application.openid_client_ids = openid_client_ids
+        } else application.openid_client_ids = []
+
        // Verify SAML service provider IDs
        const ServiceProvider = this.models.get('saml:ServiceProvider')
        if ( req.body.saml_service_provider_ids ) {
--- a/app/controllers/api/v1/Reflect.controller.js
+++ b/app/controllers/api/v1/Reflect.controller.js
@@ -1,5 +1,5 @@
 const { Controller } = require('libflitter')
-const uuid = require('uuid/v4')
+const uuid = require('uuid').v4

 class ReflectController extends Controller {
    static get services() {