forked from openiap/opencore
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdashboardAuth.ts
More file actions
91 lines (83 loc) · 3.59 KB
/
Copy pathdashboardAuth.ts
File metadata and controls
91 lines (83 loc) · 3.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import * as express from "express";
import * as passport from "passport";
import * as SAMLStrategy from "passport-saml";
import * as url from "url";
import * as winston from "winston";
import * as bodyParser from "body-parser";
import { Config } from "./Config";
interface IVerifyFunction { (error: any, profile: any): void; }
export class Provider {
public provider: string = "";
public id: string = "";
public name: string = "";
public issuer: string = "";
public saml_federation_metadata: string = "";
public consumerKey: string;
public consumerSecret: string;
}
// tslint:disable-next-line: class-name
export class samlauthstrategyoptions {
public callbackUrl: string = "auth/strategy/callback/";
public logoutUrl: string = "";
public entryPoint: string = "";
public issuer: string = "";
public cert: string = null;
public audience: string = null;
public signatureAlgorithm: string = "sha256";
public callbackMethod: string = "POST";
public verify: any;
}
export class dashboardAuth {
private static _logger: winston.Logger;
private static samlStrategy: any;
static async samlverify(profile: any, done: IVerifyFunction): Promise<void> {
if (profile !== null && profile !== undefined) {
profile.token2 = profile.getAssertionXml();
}
done(null, profile);
}
static async RegisterProvider(app: express.Express, baseurl: string) {
var metadata: any = await Config.parse_federation_metadata(Config.saml_federation_metadata);
this.samlStrategy = dashboardAuth.CreateSAMLStrategy(app, "uisaml", metadata.cert,
metadata.identityProviderUrl, Config.saml_issuer, baseurl);
}
static async CreateSAMLStrategy(app: express.Express, key: string, cert: string, singin_url: string, issuer: string, baseurl: string): Promise<passport.Strategy> {
var strategy: passport.Strategy = null;
var options: samlauthstrategyoptions = new samlauthstrategyoptions();
options.entryPoint = singin_url;
options.cert = cert;
options.issuer = issuer;
(options as any).acceptedClockSkewMs = 5000;
options.callbackUrl = url.parse(baseurl).protocol + "//" + url.parse(baseurl).host + "/uisaml/";
options.logoutUrl = url.parse(singin_url).protocol + "//" + url.parse(singin_url).host + "/logout/";
options.verify = (dashboardAuth.samlverify).bind(this);
strategy = new SAMLStrategy.Strategy(options, options.verify);
passport.use(key, strategy);
strategy.name = key;
// this._logger.info(options.callbackUrl);
app.post("/uisaml/", passport.authenticate(key, {
successRedirect: '/ui/',
failureRedirect: '/uisaml/',
failureFlash: false
}));
app.use("/uisaml/", passport.authenticate(key, {
successRedirect: '/ui/',
failureRedirect: '/uisaml/',
failureFlash: false
}));
// app.use("/" + key,
// bodyParser.urlencoded({ extended: false }),
// passport.authenticate(key, { failureRedirect: "/" + key, failureFlash: true }),
// function (req: any, res: any): void {
// var originalUrl2: any = req.cookies.originalUrl2;
// if (originalUrl2 !== undefined && originalUrl2 !== null) {
// res.cookie("originalUrl2", "", { expires: new Date() });
// res.redirect(originalUrl2);
// } else {
// res.redirect("/ui/");
// }
// }
// );
return strategy;
}
}