ref: Refactoring

server/api/controllers/access-tokens/exchange-using-oidc.js

@@ -1,8 +1,8 @@
 const { getRemoteAddress } = require('../../../utils/remoteAddress');
 
 const Errors = {
-  INVALID_TOKEN: {
-    invalidToken: 'Invalid token',
+  INVALID_CODE_OR_NONCE: {
+    invalidCodeOrNonce: 'Invalid code or nonce',
   },
   EMAIL_ALREADY_IN_USE: {
     emailAlreadyInUse: 'Email already in use',
@@ -28,7 +28,7 @@ module.exports = {
   },
 
   exits: {
-    invalidToken: {
+    invalidCodeOrNonce: {
       responseType: 'unauthorized',
     },
     emailAlreadyInUse: {
@@ -46,10 +46,10 @@ module.exports = {
     const remoteAddress = getRemoteAddress(this.req);
 
     const user = await sails.helpers.users
-      .getOrCreateOneByOidcToken(inputs.code, inputs.nonce)
-      .intercept('invalidToken', () => {
-        sails.log.warn(`Invalid token! (IP: ${remoteAddress})`);
-        return Errors.INVALID_TOKEN;
+      .getOrCreateOneUsingOidc(inputs.code, inputs.nonce)
+      .intercept('invalidCodeOrNonce', () => {
+        sails.log.warn(`Invalid code or nonce! (IP: ${remoteAddress})`);
+        return Errors.INVALID_CODE_OR_NONCE;
       })
       .intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
       .intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)

server/api/controllers/show-config.js

@@ -1,20 +1,21 @@
 module.exports = {
   fn() {
-    const oidcClient = sails.hooks.oidc.isActive() ? sails.hooks.oidc.getClient() : null;
+    let oidc = null;
+    if (sails.hooks.oidc.isActive()) {
+      const oidcClient = sails.hooks.oidc.getClient();
+
+      oidc = {
+        authorizationUrl: oidcClient.authorizationUrl({
+          scope: sails.config.custom.oidcScopes,
+          response_mode: 'fragment',
+        }),
+        endSessionUrl: oidcClient.issuer.end_session_endpoint ? oidcClient.endSessionUrl({}) : null,
+      };
+    }
+
     return {
       item: {
-        oidc:
-          sails.config.custom.oidcIssuer !== ''
-            ? {
-                authorizationUrl: oidcClient.authorizationUrl({
-                  scope: sails.config.custom.oidcScopes,
-                  response_mode: 'fragment',
-                }),
-                endSessionUrl: oidcClient.issuer.end_session_endpoint
-                  ? oidcClient.endSessionUrl({})
-                  : null,
-              }
-            : null,
+        oidc,
       },
     };
   },

server/api/helpers/users/get-or-create-one-using-oidc.js

@@ -11,7 +11,7 @@ module.exports = {
   },
 
   exits: {
-    invalidToken: {},
+    invalidCodeOrNonce: {},
     missingValues: {},
     emailAlreadyInUse: {},
     usernameAlreadyInUse: {},
@@ -23,14 +23,14 @@ module.exports = {
     let userInfo;
     try {
       const tokenSet = await client.callback(
-        `${sails.config.custom.baseUrl}/oidc-callback`,
+        sails.config.custom.oidcRedirectUri,
         { code: inputs.code },
         { nonce: inputs.nonce },
       );
       userInfo = await client.userinfo(tokenSet);
     } catch (e) {
       sails.log.warn(`Error while exchanging OIDC code: ${e}`);
-      throw 'invalidToken';
+      throw 'invalidCodeOrNonce';
     }
 
     if (!userInfo.email || !userInfo.name) {
@@ -73,7 +73,7 @@ module.exports = {
     } else {
       // If no IDP/User mapping exists, search for the user by email.
       user = await sails.helpers.users.getOne({
-        email: values.email,
+        email: values.email.toLowerCase(),
       });
 
       // Otherwise, create a new user.

server/api/hooks/oidc/index.js

@@ -15,7 +15,7 @@ module.exports = function oidcServiceHook(sails) {
         client = new issuer.Client({
           client_id: sails.config.custom.oidcClientId,
           client_secret: sails.config.custom.oidcClientSecret,
-          redirect_uris: [`${sails.config.custom.baseUrl}/oidc-callback`],
+          redirect_uris: [sails.config.custom.oidcRedirectUri],
           response_types: ['code'],
         });
         sails.log.info('OIDC hook has been loaded successfully');