|
@@ -383,14 +383,14 @@ class PassportService implements S2sMessageHandlable {
|
|
|
const { configManager } = this.crowi;
|
|
const { configManager } = this.crowi;
|
|
|
|
|
|
|
|
// get configurations
|
|
// get configurations
|
|
|
- const isUserBind = configManager.getConfig('crowi', 'security:passport-ldap:isUserBind');
|
|
|
|
|
- const serverUrl = configManager.getConfig('crowi', 'security:passport-ldap:serverUrl');
|
|
|
|
|
- const bindDN = configManager.getConfig('crowi', 'security:passport-ldap:bindDN');
|
|
|
|
|
- const bindCredentials = configManager.getConfig('crowi', 'security:passport-ldap:bindDNPassword');
|
|
|
|
|
- const searchFilter = configManager.getConfig('crowi', 'security:passport-ldap:searchFilter') || '(uid={{username}})';
|
|
|
|
|
- const groupSearchBase = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchBase');
|
|
|
|
|
- const groupSearchFilter = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchFilter');
|
|
|
|
|
- const groupDnProperty = configManager.getConfig('crowi', 'security:passport-ldap:groupDnProperty') || 'uid';
|
|
|
|
|
|
|
+ const isUserBind = configManager.getConfig('crowi', 'security:passport-ldap:isUserBind');
|
|
|
|
|
+ const serverUrl = configManager.getConfig('crowi', 'security:passport-ldap:serverUrl');
|
|
|
|
|
+ const bindDN = configManager.getConfig('crowi', 'security:passport-ldap:bindDN');
|
|
|
|
|
+ const bindCredentials = configManager.getConfig('crowi', 'security:passport-ldap:bindDNPassword');
|
|
|
|
|
+ const searchFilter = configManager.getConfig('crowi', 'security:passport-ldap:searchFilter') || '(uid={{username}})';
|
|
|
|
|
+ const groupSearchBase = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchBase');
|
|
|
|
|
+ const groupSearchFilter = configManager.getConfig('crowi', 'security:passport-ldap:groupSearchFilter');
|
|
|
|
|
+ const groupDnProperty = configManager.getConfig('crowi', 'security:passport-ldap:groupDnProperty') || 'uid';
|
|
|
/* eslint-enable no-multi-spaces */
|
|
/* eslint-enable no-multi-spaces */
|
|
|
|
|
|
|
|
// parse serverUrl
|
|
// parse serverUrl
|
|
@@ -682,14 +682,14 @@ class PassportService implements S2sMessageHandlable {
|
|
|
client,
|
|
client,
|
|
|
params: { scope: 'openid email profile' },
|
|
params: { scope: 'openid email profile' },
|
|
|
},
|
|
},
|
|
|
- ((tokenset, userinfo, done) => {
|
|
|
|
|
- if (userinfo) {
|
|
|
|
|
- return done(null, userinfo);
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ ((tokenset, userinfo, done) => {
|
|
|
|
|
+ if (userinfo) {
|
|
|
|
|
+ return done(null, userinfo);
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- return done(null, false);
|
|
|
|
|
|
|
+ return done(null, false);
|
|
|
|
|
|
|
|
- })));
|
|
|
|
|
|
|
+ })));
|
|
|
|
|
|
|
|
this.isOidcStrategySetup = true;
|
|
this.isOidcStrategySetup = true;
|
|
|
logger.debug('OidcStrategy: setup is done');
|
|
logger.debug('OidcStrategy: setup is done');
|
|
@@ -734,22 +734,24 @@ class PassportService implements S2sMessageHandlable {
|
|
|
* @returns instance of OIDCIssuer
|
|
* @returns instance of OIDCIssuer
|
|
|
*/
|
|
*/
|
|
|
async getOIDCIssuerInstace(issuerHost) {
|
|
async getOIDCIssuerInstace(issuerHost) {
|
|
|
|
|
+ const OIDC_TIMEOUT_MULTIPLIER = parseInt(process.env.OIDC_TIMEOUT_MULTIPLIER || 'NaN') || 1.5;
|
|
|
|
|
+ const OIDC_DISCOVERY_RETRIES = parseInt(process.env.OIDC_DISCOVERY_RETRIES || 'NaN') || 3;
|
|
|
const oidcIssuerHostReady = await this.isOidcHostReachable(issuerHost);
|
|
const oidcIssuerHostReady = await this.isOidcHostReachable(issuerHost);
|
|
|
if (!oidcIssuerHostReady) {
|
|
if (!oidcIssuerHostReady) {
|
|
|
logger.error('OidcStrategy: setup failed: OIDC Issur host unreachable');
|
|
logger.error('OidcStrategy: setup failed: OIDC Issur host unreachable');
|
|
|
return;
|
|
return;
|
|
|
}
|
|
}
|
|
|
- const oidcIssuer = await pRetry(async() => {
|
|
|
|
|
|
|
+ const oidcIssuer = await pRetry(async () => {
|
|
|
return OIDCIssuer.discover(issuerHost);
|
|
return OIDCIssuer.discover(issuerHost);
|
|
|
}, {
|
|
}, {
|
|
|
onFailedAttempt: (error) => {
|
|
onFailedAttempt: (error) => {
|
|
|
// get current OIDCIssuer.defaultHttpOptions.timeout
|
|
// get current OIDCIssuer.defaultHttpOptions.timeout
|
|
|
const oidcOptionTimeout = OIDCIssuer.defaultHttpOptions.timeout;
|
|
const oidcOptionTimeout = OIDCIssuer.defaultHttpOptions.timeout;
|
|
|
// Increases OIDCIssuer.defaultHttpOptions.timeout by multiply with 1.5
|
|
// Increases OIDCIssuer.defaultHttpOptions.timeout by multiply with 1.5
|
|
|
- OIDCIssuer.defaultHttpOptions = { timeout: oidcOptionTimeout * 1.5 };
|
|
|
|
|
|
|
+ OIDCIssuer.defaultHttpOptions = { timeout: oidcOptionTimeout * OIDC_TIMEOUT_MULTIPLIER };
|
|
|
logger.debug(`OidcStrategy: setup attempt ${error.attemptNumber} failed with error: ${error}. Retrying ...`);
|
|
logger.debug(`OidcStrategy: setup attempt ${error.attemptNumber} failed with error: ${error}. Retrying ...`);
|
|
|
},
|
|
},
|
|
|
- retries: 3,
|
|
|
|
|
|
|
+ retries: OIDC_DISCOVERY_RETRIES,
|
|
|
}).catch((error) => {
|
|
}).catch((error) => {
|
|
|
logger.error(`OidcStrategy: setup failed with error: ${error} `);
|
|
logger.error(`OidcStrategy: setup failed with error: ${error} `);
|
|
|
});
|
|
});
|
|
@@ -1001,7 +1003,7 @@ class PassportService implements S2sMessageHandlable {
|
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
|
done(null, (user as any).id);
|
|
done(null, (user as any).id);
|
|
|
});
|
|
});
|
|
|
- passport.deserializeUser(async(id, done) => {
|
|
|
|
|
|
|
+ passport.deserializeUser(async (id, done) => {
|
|
|
try {
|
|
try {
|
|
|
const user = await User.findById(id);
|
|
const user = await User.findById(id);
|
|
|
if (user == null) {
|
|
if (user == null) {
|
Taichi Masuyama