mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-03-09 15:40:18 +00:00
Migrate to openid client (#5856)
* Create forksync.yml * update oidc to use openid-client * update oidc module requirements * working oidc+ includes all oauth2 clients automatically migrated. azure will need some kind of fix for the uid * update openid-client install checks * created overarching schema for OIDC * bug fixs for azure login * update schema prepare schema for unified oidc module * update 'oidc' to strategy variable * working azure+ groups groups from azure are in, you can use memberOf or transitiveMemberOf in config (Graphs API) * clean up old config import + working google oidc previous config map was recursive nonsense, changed to multiple IFs * added convertStrArray * de-expanded scope put all other auth strategies back to normal and fixed oidc strategy * swap back to using authlog debugger * Update meshcentral-config-schema.json * working google oidc + groups * working azure+groups (again) * init oidc docs very incomplete but basic config is present * add oidc * more work on docs * add scope and claim options plus fixed a few bugs and faults in my logic used logs correctly * further cleanup debug * more debug cleanup * continue documentation push fixed minor debug bugs also * more work on docs missing links, need to get azure preset docs, probably more. * done with docs its good enough for now * minor fix + presets get correct icon * fix google oidc not visible at login * fix bug with emailVerified property * fix logout bug + debug cleanup * fix strategy logout bug +cleanup * fixed preset login icon * fix alert + fix schema * terminate lines * Dutch language update 1.0.85 line up polish translation * Fixed guest web relay session revocation (#4667) * Updated French translation. * Add hook to allow adding custom api endpoints to Express routing * Updated German translation. * Update meshcentral-config-schema.json (change formatting) This way it is easier to edit and maintain * Fixed schema. * fix meshcentral-config-schema.json * add language selector to login (#5648) * add language selector to login * add showLanguageSelect to pick top or bottom boxe * remove additionalProperties: false in schema to allow comments #5697 Signed-off-by: si458 <simonsmith5521@gmail.com> * fix notes in docs * Fix web relay session handling and redirection due to bad merge * Added option to check HTTP origin. * add links and fix typo * move groups after strategy * Update version split in docs * Fix preset issuer URL in OIDC strategy * Update clientid and clientsecret to client_id and client_secret * Update meshcentral-config-schema.json and fix bad rebase * Update meshcentral-config-schema.json * fix bad rebase * fix bad rebase * Add 'connect-flash' to passport dependencies * Remove unnecessary passport dependencies - fix bad rebase * Fix auth strategy bug and remove console.log statement * Set groupType to the preset name if it exists, otherwise use the strategy name * remove finally block from * Refactor authentication logging in handleStrategyLogin to include strategy name --------- Signed-off-by: si458 <simonsmith5521@gmail.com> Co-authored-by: petervanv <58996467+petervanv@users.noreply.github.com> Co-authored-by: Ylian Saint-Hilaire <ysainthilaire@hotmail.com> Co-authored-by: Martin Mädler <martin.maedler@gmail.com> Co-authored-by: Fausto Gutierrez <28719096+faustogut@users.noreply.github.com> Co-authored-by: Simon Smith <simonsmith5521@gmail.com>
This commit is contained in:
mstrhakr
GitHub
parent
436a3cb9be
commit
4be5b7273e
11 changed files with 2220 additions and 872 deletions
|
|
@ -90,7 +90,9 @@
|
|||
<a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
|
||||
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
|
||||
<a id="auth-azure" href="auth-azure" style="display:none"><img src="images/login/azure32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Azure" /></a>
|
||||
<a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
|
||||
<a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
|
||||
<a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
|
||||
<a id="auth-oidc-google" href="auth-oidc" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Google using OpenID Connect" /></a>
|
||||
<a id="auth-jumpcloud" href="auth-jumpcloud" style="display:none"><img src="images/login/jumpcloud32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using JumpCloud" /></a>
|
||||
<a id="auth-intel" href="auth-intel" style="display:none"><img src="images/login/intel32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Intel" /></a>
|
||||
<a id="auth-saml" href="auth-saml" style="display:none"><img src="images/login/generic32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Single Sign-in" /></a>
|
||||
|
|
@ -400,6 +402,8 @@
|
|||
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
|
||||
if (authStrategies.indexOf('azure') >= 0) { QV('auth-azure', true); }
|
||||
if (authStrategies.indexOf('oidc') >= 0) { QV('auth-oidc', true); }
|
||||
if (authStrategies.indexOf('oidc-azure') >= 0) { QV('auth-oidc-azure', true); }
|
||||
if (authStrategies.indexOf('oidc-google') >= 0) { QV('auth-oidc-google', true); }
|
||||
if (authStrategies.indexOf('jumpcloud') >= 0) { QV('auth-jumpcloud', true); }
|
||||
if (authStrategies.indexOf('intel') >= 0) { QV('auth-intel', true); }
|
||||
if (authStrategies.indexOf('saml') >= 0) { QV('auth-saml', true); }
|
||||
|
|
|
|||
|
|
@ -84,6 +84,8 @@
|
|||
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" srcset="images/login/reddit64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
|
||||
<a id="auth-azure" href="auth-azure" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Azure" /></a>
|
||||
<a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
|
||||
<a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
|
||||
<a id="auth-oidc-google" href="auth-oidc" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Google using OpenID Connect" /></a>
|
||||
<a id="auth-jumpcloud" href="auth-jumpcloud" style="display:none"><img src="images/login/jumpcloud32.png" srcset="images/login/jumpcloud64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using JumpCloud" /></a>
|
||||
<a id="auth-intel" href="auth-intel" style="display:none"><img src="images/login/intel32.png" srcset="images/login/intel64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Intel" /></a>
|
||||
<a id="auth-saml" href="auth-saml" style="display:none"><img src="images/login/generic32.png" srcset="images/login/generic64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Single Sign-in" /></a>
|
||||
|
|
@ -425,6 +427,8 @@
|
|||
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
|
||||
if (authStrategies.indexOf('azure') >= 0) { QV('auth-azure', true); }
|
||||
if (authStrategies.indexOf('oidc') >= 0) { QV('auth-oidc', true); }
|
||||
if (authStrategies.indexOf('oidc-azure') >= 0) { QV('auth-oidc-azure', true); }
|
||||
if (authStrategies.indexOf('oidc-google') >= 0) { QV('auth-oidc-google', true); }
|
||||
if (authStrategies.indexOf('jumpcloud') >= 0) { QV('auth-jumpcloud', true); }
|
||||
if (authStrategies.indexOf('intel') >= 0) { QV('auth-intel', true); }
|
||||
if (authStrategies.indexOf('saml') >= 0) { QV('auth-saml', true); }
|
||||
|
|
|
|||
|
|
@ -107,6 +107,8 @@
|
|||
<a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" srcset="images/login/reddit64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
|
||||
<a id="auth-azure" href="auth-azure" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Azure" /></a>
|
||||
<a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
|
||||
<a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
|
||||
<a id="auth-oidc-google" href="auth-oidc" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Google using OpenID Connect" /></a>
|
||||
<a id="auth-jumpcloud" href="auth-jumpcloud" style="display:none"><img src="images/login/jumpcloud32.png" srcset="images/login/jumpcloud64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using JumpCloud" /></a>
|
||||
<a id="auth-intel" href="auth-intel" style="display:none"><img src="images/login/intel32.png" srcset="images/login/intel64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Intel" /></a>
|
||||
<a id="auth-saml" href="auth-saml" style="display:none"><img src="images/login/generic32.png" srcset="images/login/generic64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Single Sign-in" /></a>
|
||||
|
|
@ -509,6 +511,8 @@
|
|||
if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
|
||||
if (authStrategies.indexOf('azure') >= 0) { QV('auth-azure', true); }
|
||||
if (authStrategies.indexOf('oidc') >= 0) { QV('auth-oidc', true); }
|
||||
if (authStrategies.indexOf('oidc-azure') >= 0) { QV('auth-oidc-azure', true); }
|
||||
if (authStrategies.indexOf('oidc-google') >= 0) { QV('auth-oidc-google', true); }
|
||||
if (authStrategies.indexOf('jumpcloud') >= 0) { QV('auth-jumpcloud', true); }
|
||||
if (authStrategies.indexOf('intel') >= 0) { QV('auth-intel', true); }
|
||||
if (authStrategies.indexOf('saml') >= 0) { QV('auth-saml', true); }
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue