Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Add support for OpenID connect!!

Browse Source
This commit is contained in:
garrettmills
2020-08-13 01:56:33 -05:00
parent 455e78bf14
commit d75944644a
21 changed files with 1313 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/Application.model.js
View File

@@ -10,6 +10,7 @@ class ApplicationModel extends Model {
saml_service_provider_ids: [String],
ldap_client_ids: [String],
oauth_client_ids: [String],
openid_client_ids: [String],
}
}
@@ -22,6 +23,7 @@ class ApplicationModel extends Model {
saml_service_provider_ids: this.saml_service_provider_ids,
ldap_client_ids: this.ldap_client_ids,
oauth_client_ids: this.oauth_client_ids,
openid_client_ids: this.openid_client_ids,
}
}
}

2
app/models/auth/AppPassword.model.js
View File

@@ -1,6 +1,6 @@
const { Model } = require('flitter-orm')
const bcrypt = require('bcrypt')
const uuid = require('uuid/v4')
const uuid = require('uuid').v4
class AppPasswordModel extends Model {
static get schema() {

2
app/models/auth/MFAToken.model.js
View File

@@ -1,7 +1,7 @@
const { Model } = require('flitter-orm')
const speakeasy = require('speakeasy')
const MFARecoveryCode = require('./MFARecoveryCode.model')
const uuid = require('uuid/v4')
const uuid = require('uuid').v4
class MFATokenModel extends Model {
static get services() {

33
app/models/auth/User.model.js
View File

@@ -6,7 +6,7 @@ const MFAToken = require('./MFAToken.model')
const PasswordReset = require('./PasswordReset.model')
const AppAuthorization = require('./AppAuthorization.model')
const AppPassword = require('./AppPassword.model')
const uuid = require('uuid/v4')
const uuid = require('uuid').v4
/*
* Auth user model. This inherits fields and methods from the default
@@ -197,6 +197,37 @@ class User extends AuthUser {
get dn() {
return LDAP.parseDN(`uid=${this.uid},${this.ldap_server.auth_dn().format(this.configs.get('ldap:server.format'))}`)
}
// The following are used by OpenID connect
async claims(use, scope) {
return {
sub: this.id,
email: this.email,
email_verified: true, // TODO
family_name: this.last_name,
given_name: this.first_name,
locale: 'en_US', // TODO
name: `${this.first_name} ${this.last_name}`,
preferred_username: this.uid,
username: this.uid,
}
}
static async findByLogin(login) {
return this.findOne({
active: true,
uid: login,
})
}
static async findAccount(ctx, id, token) {
return this.findById(id)
}
get accountId() {
return this.id
}
}
module.exports = exports = User

2
app/models/oauth/Client.model.js
View File

@@ -1,5 +1,5 @@
const { Model } = require('flitter-orm')
const uuid = require('uuid/v4')
const uuid = require('uuid').v4
/*
* OAuth2 Client Model

44
app/models/openid/Client.model.js Normal file
View File

@@ -0,0 +1,44 @@
const { Model } = require('flitter-orm')
const uuid = require('uuid').v4
class ClientModel extends Model {
static get services() {
return [...super.services, 'models']
}
static get schema() {
return {
payload: {
client_id: { type: String, default: uuid },
client_secret: { type: String, default: uuid },
client_name: String,
grant_types: [String],
redirect_uris: [String],
},
}
}
to_api() {
const vals = ['client_id', 'client_secret', 'client_name', 'grant_types']
const val = {}
for ( const item of vals ) {
val[item] = this.payload[item]
}
val.redirect_uri = this.payload?.redirect_uris?.[0]
val.id = this.id
return val
}
async save() {
await super.save()
this.payload.client_id = this.id
return super.save()
}
async application() {
const Application = this.models.get('Application')
return Application.findOne({ active: true, oauth_client_ids: this.id })
}
}
module.exports = exports = ClientModel

2
app/models/saml/SessionParticipant.model.js
View File

@@ -1,5 +1,5 @@
const { Model } = require('flitter-orm')
const uuid = require('uuid/v4')
const uuid = require('uuid').v4
class SessionParticipantModel extends Model {
static get schema() {