modified serialization and deserialization of users to only use the useres id, only creating oidc related enpoints, if oidc is configured

2025-08-14 13:47:16 +02:00 · 2022-02-09 16:49:17 +01:00 · 2022-02-09 16:49:17 +01:00 · 4b93882494
commit 4b93882494
parent cd3feee583
2 changed files with 13 additions and 21 deletions
--- a/server/Auth.js
+++ b/server/Auth.js
@ -2,6 +2,7 @@ const bcrypt = require('bcryptjs')
 const jwt = require('jsonwebtoken')
 const Logger = require('./Logger')
 const User = require('./objects/User')
+const { getId } = require('./utils/index')

 class Auth {
  constructor(db) {
@ -216,7 +217,6 @@ class Auth {

  async handleOIDCVerification(issuer, profile, cb) {
    Logger.debug(`[Auth] handleOIDCVerification ${issuer}`)
-
    let user = this.db.users.find(u => u.id === profile.id)
    if (!user && this.db.SSOSettings.createNewUser) {
      // create a user
--- a/server/Server.js
+++ b/server/Server.js
@ -140,16 +140,16 @@ class Server {
  passportInit() {
    if (this.db.SSOSettings.isOIDCConfigured) {
      Logger.debug(`[Server] passportInit OIDC is configured - init`)
-
      passport.serializeUser((user, next) => {
-        next(null, user);
+        next(null, {userId: user.id});
      })
      passport.deserializeUser((obj, next) => {
+        this.db.users.find(u => u.id === obj.userId)
        next(null, obj);
      })

      // Initialize passport OIDC verification
-      passport.use(new OidcStrategy(this.db.SSOSettings.getOIDCSettings(), this.auth.handleOIDCVerification))
+      passport.use(new OidcStrategy(this.db.SSOSettings.getOIDCSettings(), this.auth.handleOIDCVerification.bind(this.auth)))
    } else {
      Logger.debug(`[Server] passportInit OIDC not configured`)
    }
@ -260,23 +260,15 @@ class Server {

    app.post('/logout', this.authMiddleware.bind(this), this.logout.bind(this))

-    app.get("/oidc/login", (() => {
-      if (!this.db.SSOSettings.isOIDCConfigured) return (req, res) => res.redirect("/");
-      return passport.authenticate('openidconnect')
-    })())
-
-    app.get("/oidc/callback",
-      (() => {
-        if (!this.db.SSOSettings.isOIDCConfigured) return (req, res) => res.redirect("/");
-        return passport.authenticate('openidconnect', { failureRedirect: '/oidc/login', failureMessage: true }),
-          async (req, res) => {
-            const token = this.auth.generateAccessToken({ userId: req.user.id })
-            res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
-
-            res.redirect('/');
-          }
-      })()
-    )
+    if (this.db.SSOSettings.isOIDCConfigured) {
+      app.get("/oidc/login", passport.authenticate('openidconnect'))
+      app.get("/oidc/callback", passport.authenticate('openidconnect', { failureRedirect: '/login', failureMessage: true }),
+        async (req, res) => {
+          res.cookie('sso', true, { httpOnly: false /* TODO: Set secure: true */ });
+          res.redirect('/');
+        }
+      )
+    }

    app.get('/ping', (req, res) => {
      Logger.info('Recieved ping')