fix: handle removed auth strategies

4dcf6640 · NGPixel · e3193550 · 4dcf6640 · e3193550 · e3193550
Commit 4dcf6640 authored Aug 30, 2020 by NGPixel
4 changed files
--- a/server/models/authentication.js
+++ b/server/models/authentication.js
@@ -93,6 +93,11 @@ module.exports = class Authentication extends Model {

      for (const strategy of dbStrategies) {
        const strategyDef = _.find(WIKI.data.authentication, ['key', strategy.strategyKey])
+        if (!strategyDef) {
+          await WIKI.models.authentication.query().delete().where('key', strategy.key)
+          WIKI.logger.info(`Authentication strategy ${strategy.strategyKey} was removed from disk: [ REMOVED ]`)
+          continue
+        }
        strategy.config = _.transform(strategyDef.props, (result, value, key) => {
          if (!_.has(result, key)) {
            _.set(result, key, value.default)

--- a/server/modules/authentication/oauth2/authentication.js
+++ b/server/modules/authentication/oauth2/authentication.js
-/* global WIKI */
-
-// ------------------------------------
-// OAuth2 Account
-// ------------------------------------
-
-const OAuth2Strategy = require('passport-oauth2').Strategy
-
-module.exports = {
-  init (passport, conf) {
-    passport.use('oauth2',
-      new OAuth2Strategy({
-        authorizationURL: conf.authorizationURL,
-        tokenURL: conf.tokenURL,
-        clientID: conf.clientId,
-        clientSecret: conf.clientSecret,
-        callbackURL: conf.callbackURL,
-        passReqToCallback: true
-      }, async (req, accessToken, refreshToken, profile, cb) => {
-        try {
-          const user = await WIKI.models.users.processProfile({
-            providerKey: req.params.strategy,
-            profile
-          })
-          cb(null, user)
-        } catch (err) {
-          cb(err, null)
-        }
-      })
-    )
-  }
-}
--- a/server/modules/authentication/oauth2/definition.yml
+++ b/server/modules/authentication/oauth2/definition.yml
-key: oauth2
-title: Generic OAuth2
-description: OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service.
-author: requarks.io
-logo: https://static.requarks.io/logo/oauth2.svg
-color: grey darken-4
-website: https://oauth.net/2/
-isAvailable: true
-useForm: false
-props:
-  clientId:
-    type: String
-    title: Client ID
-    hint: Application Client ID
-    order: 1
-  clientSecret:
-    type: String
-    title: Client Secret
-    hint: Application Client Secret
-    order: 2
-  authorizationURL:
-    type: String
-    title: Authorization Endpoint URL
-    hint: The full URL to the authorization endpoint, used to get an authorization code.
-    order: 3
-  tokenURL:
-    type: String
-    title: Token Endpoint URL
-    hint: The full URL to the token endpoint, used to get an access token.
-    order: 4
-  mappingUID:
-    title: Unique ID Field Mapping
-    type: String
-    default: 'id'
-    hint: The field storing the user unique identifier, e.g. "id" or "_id".
-    maxWidth: 500
-    order: 20
-  mappingEmail:
-    title: Email Field Mapping
-    type: String
-    default: 'email'
-    hint: The field storing the user email, e.g. "email" or "mail".
-    maxWidth: 500
-    order: 21
-  mappingDisplayName:
-    title: Display Name Field Mapping
-    type: String
-    default: 'name'
-    hint: The field storing the user display name, e.g. "name", "displayName" or "username".
-    maxWidth: 500
-    order: 22
-  mappingPicture:
-    title: Avatar Picture Field Mapping
-    type: String
-    default: 'pictureUrl'
-    hint: The field storing the user avatar picture, e.g. "pictureUrl" or "avatarUrl".
-    maxWidth: 500
-    order: 23
--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
 key: oidc
-title: Generic OpenID Connect
+title: Generic OpenID Connect / OAuth2
 description: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
 author: requarks.io
 logo: https://static.requarks.io/logo/oidc.svg
@@ -12,10 +12,40 @@ scopes:
  - profile
  - email
 props:
-  clientId: String
-  clientSecret: String
-  authorizationURL: String
-  tokenURL: String
-  issuer: String
-  userInfoURL: String
-  emailClaim: String
+  clientId:
+    type: String
+    title: Client ID
+    hint: Application Client ID
+    order: 1
+  clientSecret:
+    type: String
+    title: Client Secret
+    hint: Application Client Secret
+    order: 2
+  authorizationURL:
+    type: String
+    title: Authorization Endpoint URL
+    hint: Application Authorization Endpoint URL
+    order: 3
+  tokenURL:
+    type: String
+    title: Token Endpoint URL
+    hint: Application Token Endpoint URL
+    order: 4
+  userInfoURL:
+    type: String
+    title: User Info Endpoint URL
+    hint: User Info Endpoint URL
+    order: 5
+  issuer:
+    type: String
+    title: Issuer
+    hint: Issuer URL
+    order: 6
+  emailClaim:
+    type: String
+    title: Email Claim
+    hint: Field containing the email address
+    default: email
+    maxWidth: 500
+    order: 7