From 4b66bc412986153aa3d60a244b6e142aedf25c56 Mon Sep 17 00:00:00 2001
From: joker-x <ivan@sinanimodelucro.org>
Date: Thu, 3 Sep 2020 03:29:57 +0200
Subject: [PATCH] Add support to CAS

---
 server/config/default.yaml | 12 ++++++++
 server/lib/passport.js     | 59 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/server/config/default.yaml b/server/config/default.yaml
index 14b07bf9..00c89f30 100644
--- a/server/config/default.yaml
+++ b/server/config/default.yaml
@@ -171,6 +171,18 @@ postfixBounce:
   # allow connections from localhost only
   host: 127.0.0.1
 
+cas:
+  # enable to use CAS user backend
+  enabled: false
+  urlsso: https://example.cas-server.com
+  # nameTag identifies the attribute to be used for user's full name
+  nameTag: username
+  # mailTag identifies the attribute to be used for user's email address
+  mailTag: mail
+  newUserRole: campaignsAdmin
+  # Global namespace id
+  newUserNamespaceId: 1
+
 # extra options for nodemailer
 nodemailer:
   #textEncoding: base64
diff --git a/server/lib/passport.js b/server/lib/passport.js
index d5784464..efbc3033 100644
--- a/server/lib/passport.js
+++ b/server/lib/passport.js
@@ -175,8 +175,65 @@ module.exports.restLogin = (req, res, next) => {
         });
     })(req, res, next);
 };
+let CasStrategy;
+let CasStrategyOpts;
+if (config.cas.enabled) {
+  try {
+    CasStrategy = require('passport-cas2').Strategy;
+    authMode = 'cas';
+    log.info('CAS', 'Found module "passport-cas2". It will be used for CAS auth.');
+    CasStrategyOpts = {
+      casURL: config.cas.urlsso,
+      propertyMap: { 
+        name: config.cas.nameTag,
+        email: config.cas.mailTag
+      }
+    };
+  } catch (exc) {
+    log.info('CAS', 'Module passport-cas2 not installed.');
+  }
+}
+if (CasStrategy) {
+    log.info('Using CAS auth (passport-cas2)');
+    module.exports.authMethod = 'cas';
+    module.exports.isAuthMethodLocal = false;
 
-if (LdapStrategy) {
+    passport.use(new CasStrategy(CasStrategyOpts, 
+    nodeifyFunction(async (username, profile) => { 
+      try {
+        const user = await users.getByUsername(username);
+
+        return {
+            id: user.id,
+            username: username,
+            name: profile[config.cas.nameTag],
+            email: profile[config.cas.mailTag],
+            role: user.role
+        };
+      } catch (err) {
+        if (err instanceof interoperableErrors.NotFoundError) {
+            const userId = await users.create(contextHelpers.getAdminContext(), {
+                username: username,
+                role: config.cas.newUserRole,
+                namespace: config.cas.newUserNamespaceId
+            });
+
+            return {
+                id: userId,
+                username: username,
+                name: profile[config.cas.nameTag],
+                email: profile[config.cas.mailTag],
+                role: config.cas.newUserRole
+            };
+        } else {
+            throw err;
+        }
+      }
+    }));
+    passport.serializeUser((user, done) => done(null, user));
+    passport.deserializeUser((user, done) => done(null, user));
+
+} else if (LdapStrategy) {
     log.info('Using LDAP auth (passport-' + authMode === 'ldap' ? 'ldapjs' : authMode + ')');
     module.exports.authMethod = 'ldap';
     module.exports.isAuthMethodLocal = false;