fix oidc issue url

skadefro · skadefro · commit 4e1d603b51e8 · 2021-02-20T20:15:00.000+01:00
diff --git a/OpenFlow/src/Config.ts b/OpenFlow/src/Config.ts
@@ -154,6 +154,7 @@ export class Config {
     public static oauth_token_cache_seconds: number = parseInt(Config.getEnv("oauth_token_cache_seconds", "60000"));
     public static oauth_access_token_lifetime: number = parseInt(Config.getEnv("oauth_access_token_lifetime", "604800"));
     public static oauth_refresh_token_lifetime: number = parseInt(Config.getEnv("oauth_refresh_token_lifetime", "604800"));
+    public static oidc_cookie_key: string = Config.getEnv("oidc_cookie_key", "Y6SPiXCxDhAJbN7cbydMw5eX1wIrdy8PiWApqEcguss=");
     public static api_rate_limit: boolean = Config.parseBoolean(Config.getEnv("api_rate_limit", "true"));
     public static api_rate_limit_points: number = parseInt(Config.getEnv("api_rate_limit_points", "60"));
     public static api_rate_limit_duration: number = parseInt(Config.getEnv("api_rate_limit_duration", "1"));
diff --git a/OpenFlow/src/DatabaseConnection.ts b/OpenFlow/src/DatabaseConnection.ts
@@ -158,10 +158,15 @@ export class DatabaseConnection {
         });
         this._logger.info(`Really connected to mongodb`);
         // this.cli = await MongoClient.connect(this.mongodburl, { autoReconnect: false, useNewUrlParser: true });
-        this.cli.on("error", (error) => {
+        const errEvent = (error) => {
             this.isConnected = false;
             this._logger.error(error);
-        });
+        }
+        this.cli
+            .on('error', errEvent)
+            .on('parseError', errEvent)
+            .on('timeout', errEvent)
+            .on('close', errEvent);
         this.db = this.cli.db(this._dbname);
         this.isConnected = true;
     }
diff --git a/OpenFlow/src/Messages/Message.ts b/OpenFlow/src/Messages/Message.ts
@@ -19,6 +19,7 @@ import { amqpwrapper } from "../amqpwrapper";
 import { WebSocketServerClient } from "../WebSocketServerClient";
 import { DBHelper } from "../DBHelper";
 import { WebSocketServer } from "../WebSocketServer";
+import { OAuthProvider } from "../OAuthProvider";
 const request = require("request");
 const got = require("got");
 const { RateLimiterMemory } = require('rate-limiter-flexible')
@@ -765,7 +766,7 @@ export class Message {
             msg = SigninMessage.assign(this.data);
             let tuser: TokenUser = null;
             let user: User = null;
-            if (msg.jwt !== null && msg.jwt !== undefined) {
+            if (!NoderedUtil.IsNullEmpty(msg.jwt)) {
                 type = "jwtsignin";
                 tuser = Crypt.verityToken(msg.jwt);
                 if (tuser.impostor !== null && tuser.impostor !== undefined && tuser.impostor !== "") {
@@ -791,12 +792,30 @@ export class Message {
                 if (impostor !== "") {
                     tuser.impostor = impostor;
                 }
-            } else if (msg.rawAssertion !== null && msg.rawAssertion !== undefined) {
-                type = "samltoken";
-                user = await LoginProvider.validateToken(msg.rawAssertion);
-                // refresh, for roles and stuff
-                if (user !== null && user != undefined) { tuser = TokenUser.From(user); }
-                msg.rawAssertion = "";
+            } else if (!NoderedUtil.IsNullEmpty(msg.rawAssertion)) {
+                let AccessToken = null;
+                let User = null;
+                try {
+                    AccessToken = await OAuthProvider.instance.oidc.AccessToken.find(msg.rawAssertion);
+                    if(!NoderedUtil.IsNullUndefinded(AccessToken)) {
+                        User = await OAuthProvider.instance.oidc.Account.findAccount(null, AccessToken.accountId);
+                        console.log('User:', User);
+                    }
+                    console.log('AccessToken:', AccessToken);
+                } catch (error) {
+                    console.error(error);                    
+                }
+                if(!NoderedUtil.IsNullUndefinded(AccessToken)) {
+                    user = User.user;
+                    console.log('User:', user);
+                    if (user !== null && user != undefined) { tuser = TokenUser.From(user); }
+                } else {
+                    type = "samltoken";
+                    user = await LoginProvider.validateToken(msg.rawAssertion);
+                    // refresh, for roles and stuff
+                    if (user !== null && user != undefined) { tuser = TokenUser.From(user); }
+                    msg.rawAssertion = "";
+                }
             } else {
                 user = await Auth.ValidateByPassword(msg.username, msg.password);
                 tuser = null;
diff --git a/OpenFlow/src/OAuthProvider.ts b/OpenFlow/src/OAuthProvider.ts
@@ -112,12 +112,12 @@ export class OAuthProvider {
                 // cli.grant_types = cli.grants;
                 // if (cli.grant_types == null) cli.grant_types = ['authorization_code'];
                 if (cli.grant_types == null) cli.grant_types = ['implicit', 'authorization_code'];
-                console.log(cli.post_logout_redirect_uri)
+                console.log(cli.clientId + " " + cli.token_endpoint_auth_method);
 
 
                 // cli.redirect_uris.push("https://localhost.openiap.io/")
             });
-            const provider = new Provider("https://localhost.openiap.io/oidc", {
+            const provider = new Provider(Config.baseurl() + "oidc", {
                 clients: instance.clients,
                 adapter: MongoAdapter,
                 formats: {
@@ -156,10 +156,19 @@ export class OAuthProvider {
                 // findAccount: this.FindAccount,
                 // findAccount: this.findAccount,
                 findAccount: Account.findAccount,
+                // cookies: {
+                //     long: { signed: false, maxAge: 0, path: '/' },
+                //     keys: ["Y6SPiXCxDhAJbN7cbydMw5eX1wIrdy8PiWApqEcguss="], // node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+                //     short: {
+                //         signed: false,
+                //         path: '/',
+                //     },
+                // },
                 cookies: {
                     short: {
                         path: '/',
                     },
+                    keys: [Config.oidc_cookie_key], // node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
                 },
             });
             provider.proxy = true;
@@ -201,7 +210,7 @@ export class OAuthProvider {
                     res.send('[]');
                     return;
                 }
-                if (req.originalUrl.startsWith("/oidc/auth?access_type=online")) {
+                if (req.originalUrl.startsWith("/oidc/auth")) {
                     const _session = req.cookies["_session"];
                     const session = req.cookies["session"];
                     var session1 = await this.instance.oidc.Session.find(_session)
@@ -226,12 +235,19 @@ export class OAuthProvider {
             instance.app.use('/oidccb', async (req, res, next) => {
                 try {
 
+                    var test = await this.instance.oidc.interactionDetails(req, res);
                     const {
                         uid, prompt, params, session,
                     } = await this.instance.oidc.interactionDetails(req, res);
                     var r = req;
                     var u = req.user;
-                    if (req.isAuthenticated()) {
+                    const isAuthenticated:boolean = req.isAuthenticated();
+                    console.log("isAuthenticated: " + isAuthenticated)
+                    if (isAuthenticated) {
+                        // if(!NoderedUtil.IsNullEmpty(test.returnTo) ) {
+                        //     res.redirect(test.returnTo);
+                        //     return;                            
+                        // }
                     } else {
                         res.cookie("originalUrl", "/oidccb", { maxAge: 900000, httpOnly: true });
                         res.redirect('/login');
diff --git a/OpenFlow/src/public/WebSocketClientService.ts b/OpenFlow/src/public/WebSocketClientService.ts
@@ -3,6 +3,7 @@ import { WebSocketClient, TokenUser, NoderedUtil } from "@openiap/openflow-api";
 interface IHashTable<T> {
     [key: string]: T;
 }
+declare type onSignedinCallback = (user: TokenUser) => void;
 export class WebSocketClientService {
     static $inject = ["$rootScope", "$location", "$window"];
     constructor(
@@ -168,8 +169,7 @@ export class WebSocketClientService {
         };
         xhr.send();
     }
-
-    onSignedin(callback) {
+    public onSignedin(callback:onSignedinCallback) {
         if (this.user !== null) {
             callback(this.user);
             return;
diff --git a/OpenFlowNodeRED/package.json b/OpenFlowNodeRED/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openiap/nodered",
-  "version": "1.1.183",
+  "version": "1.1.184",
   "description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",
   "main": "index.js",
   "scripts": {
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.183
+1.1.184
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openiap/openflow",
-  "version": "1.1.183",
+  "version": "1.1.184",
   "description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",
   "main": "index.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@openiap/nodered",`
`3`		`- "version": "1.1.183",`
	`3`	`+ "version": "1.1.184",`
`4`	`4`	`"description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@openiap/openflow",`
`3`		`- "version": "1.1.183",`
	`3`	`+ "version": "1.1.184",`
`4`	`4`	`"description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`