From b0e73700d61da32ee156edec9b8cccb5c680dbad Mon Sep 17 00:00:00 2001
From: Jeffrey <jeff@jjakt.monster>
Date: Fri, 1 Sep 2023 06:28:39 -0500
Subject: [PATCH] - added the ability to skip user info - added error handling
 if values are missing.

---
 .../api/controllers/access-tokens/exchange.js   | 17 ++++++++++++++++-
 server/config/custom.js                         |  1 +
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/server/api/controllers/access-tokens/exchange.js b/server/api/controllers/access-tokens/exchange.js
index 73907817..04ba58d8 100644
--- a/server/api/controllers/access-tokens/exchange.js
+++ b/server/api/controllers/access-tokens/exchange.js
@@ -5,7 +5,11 @@ const { getRemoteAddress } = require('../../../utils/remoteAddress');
 
 const Errors = {
   INVALID_TOKEN: {
-    invalidToken: 'Invalid email or username',
+    invalidToken: 'Access Token is invalid',
+  },
+  MISSING_VALUES: {
+    missingValues:
+      'Unable to retrieve required values. Verify the access token or UserInfo endpoint has email, username and name claims',
   },
 };
 
@@ -54,6 +58,9 @@ const validateAndDecodeToken = async (accessToken, options) => {
 };
 
 const getUserInfo = async (accessToken, options) => {
+  if (sails.config.custom.oidcSkipUserInfo) {
+    return {};
+  }
   const issuer = await openidClient.Issuer.discover(options.issuer);
   const oidcClient = new issuer.Client({
     client_id: 'irrelevant',
@@ -88,6 +95,9 @@ module.exports = {
     invalidToken: {
       responseType: 'unauthorized',
     },
+    missingValues: {
+      responseType: 'unauthorized',
+    },
   },
 
   async fn(inputs) {
@@ -115,6 +125,11 @@ module.exports = {
       locked: true,
     };
 
+    if (!newUser.email || !newUser.username || !newUser.name) {
+      sails.log.error(Errors.MISSING_VALUES.missingValues);
+      throw Errors.MISSING_VALUES;
+    }
+
     const identityProviderUser = await IdentityProviderUser.findOne({
       where: {
         issuer: oidcUser.iss,
diff --git a/server/config/custom.js b/server/config/custom.js
index 6ec7276a..4d21b642 100644
--- a/server/config/custom.js
+++ b/server/config/custom.js
@@ -39,4 +39,5 @@ module.exports.custom = {
   oidcredirectUri: process.env.OIDC_REDIRECT_URI,
   oidcJwksUri: process.env.OIDC_JWKS_URI,
   oidcScopes: process.env.OIDC_SCOPES || 'openid profile email',
+  oidcSkipUserInfo: process.env.OIDC_SKIP_USER_INFO === 'true',
 };