mirror of
https://github.com/plankanban/planka.git
synced 2025-07-19 13:19:44 +02:00
ref: Refactoring, fix linting
This commit is contained in:
Maksim Eltyshev
parent
d45cbeb0fb
commit
0cc9408857
8 changed files with 35 additions and 19 deletions
|
|
@ -29,7 +29,11 @@ services:
|
||||||
# - OIDC_ISSUER=
|
# - OIDC_ISSUER=
|
||||||
# - OIDC_CLIENT_ID=
|
# - OIDC_CLIENT_ID=
|
||||||
# - OIDC_CLIENT_SECRET=
|
# - OIDC_CLIENT_SECRET=
|
||||||
|
# - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
|
||||||
|
# - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
|
||||||
# - OIDC_SCOPES=openid email profile
|
# - OIDC_SCOPES=openid email profile
|
||||||
|
# - OIDC_RESPONSE_MODE=fragment
|
||||||
|
# - OIDC_USE_DEFAULT_RESPONSE_MODE=true
|
||||||
# - OIDC_ADMIN_ROLES=admin
|
# - OIDC_ADMIN_ROLES=admin
|
||||||
# - OIDC_EMAIL_ATTRIBUTE=email
|
# - OIDC_EMAIL_ATTRIBUTE=email
|
||||||
# - OIDC_NAME_ATTRIBUTE=name
|
# - OIDC_NAME_ATTRIBUTE=name
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,11 @@ services:
|
||||||
# - OIDC_ISSUER=
|
# - OIDC_ISSUER=
|
||||||
# - OIDC_CLIENT_ID=
|
# - OIDC_CLIENT_ID=
|
||||||
# - OIDC_CLIENT_SECRET=
|
# - OIDC_CLIENT_SECRET=
|
||||||
|
# - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
|
||||||
|
# - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
|
||||||
# - OIDC_SCOPES=openid email profile
|
# - OIDC_SCOPES=openid email profile
|
||||||
|
# - OIDC_RESPONSE_MODE=fragment
|
||||||
|
# - OIDC_USE_DEFAULT_RESPONSE_MODE=true
|
||||||
# - OIDC_ADMIN_ROLES=admin
|
# - OIDC_ADMIN_ROLES=admin
|
||||||
# - OIDC_EMAIL_ATTRIBUTE=email
|
# - OIDC_EMAIL_ATTRIBUTE=email
|
||||||
# - OIDC_NAME_ATTRIBUTE=name
|
# - OIDC_NAME_ATTRIBUTE=name
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,11 @@ SECRET_KEY=notsecretkey
|
||||||
# OIDC_ISSUER=
|
# OIDC_ISSUER=
|
||||||
# OIDC_CLIENT_ID=
|
# OIDC_CLIENT_ID=
|
||||||
# OIDC_CLIENT_SECRET=
|
# OIDC_CLIENT_SECRET=
|
||||||
|
# OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
|
||||||
|
# OIDC_USERINFO_SIGNED_RESPONSE_ALG=
|
||||||
# OIDC_SCOPES=openid email profile
|
# OIDC_SCOPES=openid email profile
|
||||||
|
# OIDC_RESPONSE_MODE=fragment
|
||||||
|
# OIDC_USE_DEFAULT_RESPONSE_MODE=true
|
||||||
# OIDC_ADMIN_ROLES=admin
|
# OIDC_ADMIN_ROLES=admin
|
||||||
# OIDC_EMAIL_ATTRIBUTE=email
|
# OIDC_EMAIL_ATTRIBUTE=email
|
||||||
# OIDC_NAME_ATTRIBUTE=name
|
# OIDC_NAME_ATTRIBUTE=name
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,9 @@ const Errors = {
|
||||||
INVALID_CODE_OR_NONCE: {
|
INVALID_CODE_OR_NONCE: {
|
||||||
invalidCodeOrNonce: 'Invalid code or nonce',
|
invalidCodeOrNonce: 'Invalid code or nonce',
|
||||||
},
|
},
|
||||||
|
INVALID_USERINFO_SIGNATURE: {
|
||||||
|
invalidUserinfoSignature: 'Invalid signature on userinfo due to client misconfiguration',
|
||||||
|
},
|
||||||
EMAIL_ALREADY_IN_USE: {
|
EMAIL_ALREADY_IN_USE: {
|
||||||
emailAlreadyInUse: 'Email already in use',
|
emailAlreadyInUse: 'Email already in use',
|
||||||
},
|
},
|
||||||
|
|
@ -13,9 +16,6 @@ const Errors = {
|
||||||
MISSING_VALUES: {
|
MISSING_VALUES: {
|
||||||
missingValues: 'Unable to retrieve required values (email, name)',
|
missingValues: 'Unable to retrieve required values (email, name)',
|
||||||
},
|
},
|
||||||
INVALID_USERINFO_SIGNATURE: {
|
|
||||||
invalidUserInfoSignature: "Invalid signature on userInfo due to client misconfiguration"
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
|
|
@ -34,6 +34,9 @@ module.exports = {
|
||||||
invalidCodeOrNonce: {
|
invalidCodeOrNonce: {
|
||||||
responseType: 'unauthorized',
|
responseType: 'unauthorized',
|
||||||
},
|
},
|
||||||
|
invalidUserinfoSignature: {
|
||||||
|
responseType: 'unauthorized',
|
||||||
|
},
|
||||||
emailAlreadyInUse: {
|
emailAlreadyInUse: {
|
||||||
responseType: 'conflict',
|
responseType: 'conflict',
|
||||||
},
|
},
|
||||||
|
|
@ -43,9 +46,6 @@ module.exports = {
|
||||||
missingValues: {
|
missingValues: {
|
||||||
responseType: 'unprocessableEntity',
|
responseType: 'unprocessableEntity',
|
||||||
},
|
},
|
||||||
invalidUserInfoSignature: {
|
|
||||||
responseType: 'unauthorized',
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
|
|
||||||
async fn(inputs) {
|
async fn(inputs) {
|
||||||
|
|
@ -57,7 +57,7 @@ module.exports = {
|
||||||
sails.log.warn(`Invalid code or nonce! (IP: ${remoteAddress})`);
|
sails.log.warn(`Invalid code or nonce! (IP: ${remoteAddress})`);
|
||||||
return Errors.INVALID_CODE_OR_NONCE;
|
return Errors.INVALID_CODE_OR_NONCE;
|
||||||
})
|
})
|
||||||
.intercept('invalidUserInfoSignature', () => Errors.INVALID_USERINFO_SIGNATURE)
|
.intercept('invalidUserinfoSignature', () => Errors.INVALID_USERINFO_SIGNATURE)
|
||||||
.intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
|
.intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
|
||||||
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)
|
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)
|
||||||
.intercept('missingValues', () => Errors.MISSING_VALUES);
|
.intercept('missingValues', () => Errors.MISSING_VALUES);
|
||||||
|
|
|
||||||
|
|
@ -4,16 +4,16 @@ module.exports = {
|
||||||
if (sails.hooks.oidc.isActive()) {
|
if (sails.hooks.oidc.isActive()) {
|
||||||
const oidcClient = sails.hooks.oidc.getClient();
|
const oidcClient = sails.hooks.oidc.getClient();
|
||||||
|
|
||||||
const authorizationParameters = {
|
const authorizationUrlParams = {
|
||||||
scope: sails.config.custom.oidcScopes,
|
scope: sails.config.custom.oidcScopes,
|
||||||
}
|
};
|
||||||
|
|
||||||
if(!sails.config.custom.oidcDefaultResponseMode) {
|
if (!sails.config.custom.oidcUseDefaultResponseMode) {
|
||||||
authorizationParameters.response_mode = sails.config.custom.oidcResponseMode
|
authorizationUrlParams.response_mode = sails.config.custom.oidcResponseMode;
|
||||||
}
|
}
|
||||||
|
|
||||||
oidc = {
|
oidc = {
|
||||||
authorizationUrl: oidcClient.authorizationUrl(authorizationParameters),
|
authorizationUrl: oidcClient.authorizationUrl(authorizationUrlParams),
|
||||||
endSessionUrl: oidcClient.issuer.end_session_endpoint ? oidcClient.endSessionUrl({}) : null,
|
endSessionUrl: oidcClient.issuer.end_session_endpoint ? oidcClient.endSessionUrl({}) : null,
|
||||||
isEnforced: sails.config.custom.oidcEnforced,
|
isEnforced: sails.config.custom.oidcEnforced,
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -11,8 +11,8 @@ module.exports = {
|
||||||
},
|
},
|
||||||
|
|
||||||
exits: {
|
exits: {
|
||||||
invalidUserInfoSignature: {},
|
|
||||||
invalidCodeOrNonce: {},
|
invalidCodeOrNonce: {},
|
||||||
|
invalidUserinfoSignature: {},
|
||||||
missingValues: {},
|
missingValues: {},
|
||||||
emailAlreadyInUse: {},
|
emailAlreadyInUse: {},
|
||||||
usernameAlreadyInUse: {},
|
usernameAlreadyInUse: {},
|
||||||
|
|
@ -35,10 +35,14 @@ module.exports = {
|
||||||
);
|
);
|
||||||
userInfo = await client.userinfo(tokenSet);
|
userInfo = await client.userinfo(tokenSet);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e instanceof SyntaxError && e.message.includes('Unexpected token e in JSON at position 0')) {
|
if (
|
||||||
sails.log.warn('Error while exchanging OIDC code: userInfo response is signed.');
|
e instanceof SyntaxError &&
|
||||||
throw 'invalidUserInfoSignature';
|
e.message.includes('Unexpected token e in JSON at position 0')
|
||||||
|
) {
|
||||||
|
sails.log.warn('Error while exchanging OIDC code: userinfo response is signed');
|
||||||
|
throw 'invalidUserinfoSignature';
|
||||||
}
|
}
|
||||||
|
|
||||||
sails.log.warn(`Error while exchanging OIDC code: ${e}`);
|
sails.log.warn(`Error while exchanging OIDC code: ${e}`);
|
||||||
throw 'invalidCodeOrNonce';
|
throw 'invalidCodeOrNonce';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,10 +31,10 @@ module.exports = function defineOidcHook(sails) {
|
||||||
redirect_uris: [sails.config.custom.oidcRedirectUri],
|
redirect_uris: [sails.config.custom.oidcRedirectUri],
|
||||||
response_types: ['code'],
|
response_types: ['code'],
|
||||||
userinfo_signed_response_alg: sails.config.custom.oidcUserinfoSignedResponseAlg,
|
userinfo_signed_response_alg: sails.config.custom.oidcUserinfoSignedResponseAlg,
|
||||||
}
|
};
|
||||||
|
|
||||||
if (sails.config.custom.oidcIdTokenSignedResponseAlg) {
|
if (sails.config.custom.oidcIdTokenSignedResponseAlg) {
|
||||||
metadata.id_token_signed_response_alg = sails.config.custom.oidcIdTokenSignedResponseAlg
|
metadata.id_token_signed_response_alg = sails.config.custom.oidcIdTokenSignedResponseAlg;
|
||||||
}
|
}
|
||||||
|
|
||||||
client = new issuer.Client(metadata);
|
client = new issuer.Client(metadata);
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@ module.exports.custom = {
|
||||||
oidcUserinfoSignedResponseAlg: process.env.OIDC_USERINFO_SIGNED_RESPONSE_ALG,
|
oidcUserinfoSignedResponseAlg: process.env.OIDC_USERINFO_SIGNED_RESPONSE_ALG,
|
||||||
oidcScopes: process.env.OIDC_SCOPES || 'openid email profile',
|
oidcScopes: process.env.OIDC_SCOPES || 'openid email profile',
|
||||||
oidcResponseMode: process.env.OIDC_RESPONSE_MODE || 'fragment',
|
oidcResponseMode: process.env.OIDC_RESPONSE_MODE || 'fragment',
|
||||||
oidcDefaultResponseMode: process.env.OIDC_DEFAULT_RESPONSE_MODE === 'true',
|
oidcUseDefaultResponseMode: process.env.OIDC_USE_DEFAULT_RESPONSE_MODE === 'true',
|
||||||
oidcAdminRoles: process.env.OIDC_ADMIN_ROLES ? process.env.OIDC_ADMIN_ROLES.split(',') : [],
|
oidcAdminRoles: process.env.OIDC_ADMIN_ROLES ? process.env.OIDC_ADMIN_ROLES.split(',') : [],
|
||||||
oidcEmailAttribute: process.env.OIDC_EMAIL_ATTRIBUTE || 'email',
|
oidcEmailAttribute: process.env.OIDC_EMAIL_ATTRIBUTE || 'email',
|
||||||
oidcNameAttribute: process.env.OIDC_NAME_ATTRIBUTE || 'name',
|
oidcNameAttribute: process.env.OIDC_NAME_ATTRIBUTE || 'name',
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue