public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Passport CAS Strategy

Browse source
This commit is contained in:
joker-x 2020-09-06 02:26:48 +02:00
parent 4b66bc4129
commit 28938b679b
2 changed files with 27 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/config/default.yaml
View file

@ -174,7 +174,7 @@ postfixBounce:
cas: cas:
# enable to use CAS user backend # enable to use CAS user backend
enabled: false enabled: false
urlsso: https://example.cas-server.com url: https://example.cas-server.com
# nameTag identifies the attribute to be used for user's full name # nameTag identifies the attribute to be used for user's full name
nameTag: username nameTag: username
# mailTag identifies the attribute to be used for user's email address # mailTag identifies the attribute to be used for user's email address

41
server/lib/passport.js
View file

@ -148,6 +148,9 @@ module.exports.restLogout = (req, res) => {
res.json(); res.json();
}; };
module.exports.casLogin = passport.authenticate('cas', { failureRedirect: '/login' });
module.exports.restLogin = (req, res, next) => { module.exports.restLogin = (req, res, next) => {
passport.authenticate(authMode, (err, user, info) => { passport.authenticate(authMode, (err, user, info) => {
if (err) { if (err) {
@ -176,19 +179,11 @@ module.exports.restLogin = (req, res, next) => {
})(req, res, next); })(req, res, next);
}; };
let CasStrategy; let CasStrategy;
let CasStrategyOpts; if (config.cas && config.cas.enabled === true) {
if (config.cas.enabled) {
try { try {
CasStrategy = require('passport-cas2').Strategy; CasStrategy = require('passport-cas2').Strategy;
authMode = 'cas'; authMode = 'cas';
log.info('CAS', 'Found module "passport-cas2". It will be used for CAS auth.'); log.info('CAS', 'Found module "passport-cas2". It will be used for CAS auth.');
CasStrategyOpts = {
casURL: config.cas.urlsso,
propertyMap: {
name: config.cas.nameTag,
email: config.cas.mailTag
}
};
} catch (exc) { } catch (exc) {
log.info('CAS', 'Module passport-cas2 not installed.'); log.info('CAS', 'Module passport-cas2 not installed.');
} }
@ -198,16 +193,23 @@ if (CasStrategy) {
module.exports.authMethod = 'cas'; module.exports.authMethod = 'cas';
module.exports.isAuthMethodLocal = false; module.exports.isAuthMethodLocal = false;
passport.use(new CasStrategy(CasStrategyOpts, const cas = new CasStrategy({
casURL: config.cas.url,
propertyMap: {
displayName: config.cas.nameTag,
emails: config.cas.mailTag
}
},
nodeifyFunction(async (username, profile) => { nodeifyFunction(async (username, profile) => {
try { try {
const user = await users.getByUsername(username); const user = await users.getByUsername(username);
log.info('CAS', 'Old User: '+JSON.stringify(profile));
return { return {
id: user.id, id: user.id,
username: username, username: username,
name: profile[config.cas.nameTag], name: profile.displayName,
email: profile[config.cas.mailTag], email: profile.emails[0].value,
role: user.role role: user.role
}; };
} catch (err) { } catch (err) {
@ -215,14 +217,17 @@ if (CasStrategy) {
const userId = await users.create(contextHelpers.getAdminContext(), { const userId = await users.create(contextHelpers.getAdminContext(), {
username: username, username: username,
role: config.cas.newUserRole, role: config.cas.newUserRole,
namespace: config.cas.newUserNamespaceId namespace: config.cas.newUserNamespaceId,
name: profile.displayName,
email: profile.emails[0].value
}); });
log.info('CAS', 'New User: '+JSON.stringify(profile));
return { return {
id: userId, id: userId,
username: username, username: username,
name: profile[config.cas.nameTag], name: profile.displayName,
email: profile[config.cas.mailTag], email: profile.emails[0].value,
role: config.cas.newUserRole role: config.cas.newUserRole
}; };
} else { } else {
@ -230,9 +235,15 @@ if (CasStrategy) {
} }
} }
})); }));
passport.use(cas);
passport.serializeUser((user, done) => done(null, user)); passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((user, done) => done(null, user)); passport.deserializeUser((user, done) => done(null, user));
module.exports.authenticateCas = passport.authenticate('cas', { failureRedirect: '/login?cas-login-error' });
module.exports.logoutCas = function (req, res) {
cas.logout(req, res, config.www.trustedUrlBase+'/login?cas-logout-success');
};
} else if (LdapStrategy) { } else if (LdapStrategy) {
log.info('Using LDAP auth (passport-' + authMode === 'ldap' ? 'ldapjs' : authMode + ')'); log.info('Using LDAP auth (passport-' + authMode === 'ldap' ? 'ldapjs' : authMode + ')');
module.exports.authMethod = 'ldap'; module.exports.authMethod = 'ldap';