4 лет назад · b97fe61290
--- a/packages/app/package.json
+++ b/packages/app/package.json
@@ -98,6 +98,7 @@
 
				     "express-session": "^1.16.1",
			
 
				     "express-validator": "^6.1.1",
			
 
				     "express-webpack-assets": "^0.1.0",
			
 
				+    "got": "^8.3.2",
			
 
				     "graceful-fs": "^4.1.11",
			
 
				     "helmet": "^4.6.0",
			
 
				     "http-errors": "~1.8.0",
			
@@ -129,6 +130,7 @@
 
				     "passport-local": "^1.0.0",
			
 
				     "passport-saml": "^3.2.0",
			
 
				     "passport-twitter": "^1.0.4",
			
 
				+    "p-retry": "^4.0.0",
			
 
				     "prom-client": "^13.0.0",
			
 
				     "re2": "^1.17.1",
			
 
				     "react-card-flip": "^1.0.10",
			
--- a/packages/app/src/server/service/passport.ts
+++ b/packages/app/src/server/service/passport.ts
@@ -383,14 +383,14 @@ class PassportService implements S2sMessageHandlable {
 
				     const { configManager } = this.crowi;
			
 
				 
			
 
				     // get configurations
			
 
				-    const isUserBind          = configManager.getConfig('crowi', 'security:passport-ldap:isUserBind');
			
 
				-    const serverUrl           = configManager.getConfig('crowi', 'security:passport-ldap:serverUrl');
			
 
				-    const bindDN              = configManager.getConfig('crowi', 'security:passport-ldap:bindDN');
			
 
				-    const bindCredentials     = configManager.getConfig('crowi', 'security:passport-ldap:bindDNPassword');
			
 
				-    const searchFilter        = configManager.getConfig('crowi', 'security:passport-ldap:searchFilter') || '(uid={{username}})';
			
 
				-    const groupSearchBase     = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchBase');
			
 
				-    const groupSearchFilter   = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchFilter');
			
 
				-    const groupDnProperty     = configManager.getConfig('crowi', 'security:passport-ldap:groupDnProperty') || 'uid';
			
 
				+    const isUserBind = configManager.getConfig('crowi', 'security:passport-ldap:isUserBind');
			
 
				+    const serverUrl = configManager.getConfig('crowi', 'security:passport-ldap:serverUrl');
			
 
				+    const bindDN = configManager.getConfig('crowi', 'security:passport-ldap:bindDN');
			
 
				+    const bindCredentials = configManager.getConfig('crowi', 'security:passport-ldap:bindDNPassword');
			
 
				+    const searchFilter = configManager.getConfig('crowi', 'security:passport-ldap:searchFilter') || '(uid={{username}})';
			
 
				+    const groupSearchBase = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchBase');
			
 
				+    const groupSearchFilter = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchFilter');
			
 
				+    const groupDnProperty = configManager.getConfig('crowi', 'security:passport-ldap:groupDnProperty') || 'uid';
			
 
				     /* eslint-enable no-multi-spaces */
			
 
				 
			
 
				     // parse serverUrl
			
@@ -682,14 +682,14 @@ class PassportService implements S2sMessageHandlable {
 
				         client,
			
 
				         params: { scope: 'openid email profile' },
			
 
				       },
			
 
				-      ((tokenset, userinfo, done) => {
			
 
				-        if (userinfo) {
			
 
				-          return done(null, userinfo);
			
 
				-        }
			
 
				+        ((tokenset, userinfo, done) => {
			
 
				+          if (userinfo) {
			
 
				+            return done(null, userinfo);
			
 
				+          }
			
 
				 
			
 
				-        return done(null, false);
			
 
				+          return done(null, false);
			
 
				 
			
 
				-      })));
			
 
				+        })));
			
 
				 
			
 
				       this.isOidcStrategySetup = true;
			
 
				       logger.debug('OidcStrategy: setup is done');
			
@@ -734,22 +734,24 @@ class PassportService implements S2sMessageHandlable {
 
				    * @returns instance of OIDCIssuer
			
 
				    */
			
 
				   async getOIDCIssuerInstace(issuerHost) {
			
 
				+    const OIDC_TIMEOUT_MULTIPLIER = parseInt(process.env.OIDC_TIMEOUT_MULTIPLIER || 'NaN') || 1.5;
			
 
				+    const OIDC_DISCOVERY_RETRIES = parseInt(process.env.OIDC_DISCOVERY_RETRIES || 'NaN') || 3;
			
 
				     const oidcIssuerHostReady = await this.isOidcHostReachable(issuerHost);
			
 
				     if (!oidcIssuerHostReady) {
			
 
				       logger.error('OidcStrategy: setup failed: OIDC Issur host unreachable');
			
 
				       return;
			
 
				     }
			
 
				-    const oidcIssuer = await pRetry(async() => {
			
 
				+    const oidcIssuer = await pRetry(async () => {
			
 
				       return OIDCIssuer.discover(issuerHost);
			
 
				     }, {
			
 
				       onFailedAttempt: (error) => {
			
 
				         // get current OIDCIssuer.defaultHttpOptions.timeout
			
 
				         const oidcOptionTimeout = OIDCIssuer.defaultHttpOptions.timeout;
			
 
				         // Increases OIDCIssuer.defaultHttpOptions.timeout by multiply with 1.5
			
 
				-        OIDCIssuer.defaultHttpOptions = { timeout: oidcOptionTimeout * 1.5 };
			
 
				+        OIDCIssuer.defaultHttpOptions = { timeout: oidcOptionTimeout * OIDC_TIMEOUT_MULTIPLIER };
			
 
				         logger.debug(`OidcStrategy: setup attempt ${error.attemptNumber} failed with error: ${error}. Retrying ...`);
			
 
				       },
			
 
				-      retries: 3,
			
 
				+      retries: OIDC_DISCOVERY_RETRIES,
			
 
				     }).catch((error) => {
			
 
				       logger.error(`OidcStrategy: setup failed with error: ${error} `);
			
 
				     });
			
@@ -1001,7 +1003,7 @@ class PassportService implements S2sMessageHandlable {
 
				       // eslint-disable-next-line @typescript-eslint/no-explicit-any
			
 
				       done(null, (user as any).id);
			
 
				     });
			
 
				-    passport.deserializeUser(async(id, done) => {
			
 
				+    passport.deserializeUser(async (id, done) => {
			
 
				       try {
			
 
				         const user = await User.findById(id);
			
 
				         if (user == null) {