Add support to CAS

2020-09-03 03:29:57 +02:00 · 2020-09-03 03:29:57 +02:00 · 4b66bc4129
commit 4b66bc4129
parent 5a42756b12
2 changed files with 70 additions and 1 deletions
--- a/server/config/default.yaml
+++ b/server/config/default.yaml
@ -171,6 +171,18 @@ postfixBounce:
  # allow connections from localhost only
  host: 127.0.0.1

+cas:
+  # enable to use CAS user backend
+  enabled: false
+  urlsso: https://example.cas-server.com
+  # nameTag identifies the attribute to be used for user's full name
+  nameTag: username
+  # mailTag identifies the attribute to be used for user's email address
+  mailTag: mail
+  newUserRole: campaignsAdmin
+  # Global namespace id
+  newUserNamespaceId: 1
+
 # extra options for nodemailer
 nodemailer:
  #textEncoding: base64
--- a/server/lib/passport.js
+++ b/server/lib/passport.js
@ -175,8 +175,65 @@ module.exports.restLogin = (req, res, next) => {
        });
    })(req, res, next);
 };
+let CasStrategy;
+let CasStrategyOpts;
+if (config.cas.enabled) {
+  try {
+    CasStrategy = require('passport-cas2').Strategy;
+    authMode = 'cas';
+    log.info('CAS', 'Found module "passport-cas2". It will be used for CAS auth.');
+    CasStrategyOpts = {
+      casURL: config.cas.urlsso,
+      propertyMap: { 
+        name: config.cas.nameTag,
+        email: config.cas.mailTag
+      }
+    };
+  } catch (exc) {
+    log.info('CAS', 'Module passport-cas2 not installed.');
+  }
+}
+if (CasStrategy) {
+    log.info('Using CAS auth (passport-cas2)');
+    module.exports.authMethod = 'cas';
+    module.exports.isAuthMethodLocal = false;

-if (LdapStrategy) {
+    passport.use(new CasStrategy(CasStrategyOpts, 
+    nodeifyFunction(async (username, profile) => { 
+      try {
+        const user = await users.getByUsername(username);
+
+        return {
+            id: user.id,
+            username: username,
+            name: profile[config.cas.nameTag],
+            email: profile[config.cas.mailTag],
+            role: user.role
+        };
+      } catch (err) {
+        if (err instanceof interoperableErrors.NotFoundError) {
+            const userId = await users.create(contextHelpers.getAdminContext(), {
+                username: username,
+                role: config.cas.newUserRole,
+                namespace: config.cas.newUserNamespaceId
+            });
+
+            return {
+                id: userId,
+                username: username,
+                name: profile[config.cas.nameTag],
+                email: profile[config.cas.mailTag],
+                role: config.cas.newUserRole
+            };
+        } else {
+            throw err;
+        }
+      }
+    }));
+    passport.serializeUser((user, done) => done(null, user));
+    passport.deserializeUser((user, done) => done(null, user));
+
+} else if (LdapStrategy) {
    log.info('Using LDAP auth (passport-' + authMode === 'ldap' ? 'ldapjs' : authMode + ')');
    module.exports.authMethod = 'ldap';
    module.exports.isAuthMethodLocal = false;