|
|
@@ -1,4 +1,4 @@
|
|
|
-const debug = require('debug')('growi:service:PassportService');
|
|
|
+const logger = require('@alias/logger')('growi:service:PassportService');
|
|
|
const urljoin = require('url-join');
|
|
|
const luceneQueryParser = require('lucene-query-parser');
|
|
|
const passport = require('passport');
|
|
|
@@ -159,7 +159,7 @@ class PassportService {
|
|
|
this[func.setup]();
|
|
|
}
|
|
|
catch (err) {
|
|
|
- debug(err);
|
|
|
+ logger.debug(err);
|
|
|
this[func.reset]();
|
|
|
}
|
|
|
|
|
|
@@ -171,7 +171,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetLocalStrategy() {
|
|
|
- debug('LocalStrategy: reset');
|
|
|
+ logger.debug('LocalStrategy: reset');
|
|
|
passport.unuse('local');
|
|
|
this.isLocalStrategySetup = false;
|
|
|
}
|
|
|
@@ -194,7 +194,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('LocalStrategy: setting up..');
|
|
|
+ logger.debug('LocalStrategy: setting up..');
|
|
|
|
|
|
const User = this.crowi.model('User');
|
|
|
|
|
|
@@ -217,7 +217,7 @@ class PassportService {
|
|
|
));
|
|
|
|
|
|
this.isLocalStrategySetup = true;
|
|
|
- debug('LocalStrategy: setup is done');
|
|
|
+ logger.debug('LocalStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -226,7 +226,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetLdapStrategy() {
|
|
|
- debug('LdapStrategy: reset');
|
|
|
+ logger.debug('LdapStrategy: reset');
|
|
|
passport.unuse('ldapauth');
|
|
|
this.isLdapStrategySetup = false;
|
|
|
}
|
|
|
@@ -250,11 +250,11 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('LdapStrategy: setting up..');
|
|
|
+ logger.debug('LdapStrategy: setting up..');
|
|
|
|
|
|
passport.use(new LdapStrategy(this.getLdapConfigurationFunc(config, { passReqToCallback: true }),
|
|
|
(req, ldapAccountInfo, done) => {
|
|
|
- debug('LDAP authentication has succeeded', ldapAccountInfo);
|
|
|
+ logger.debug('LDAP authentication has succeeded', ldapAccountInfo);
|
|
|
|
|
|
// store ldapAccountInfo to req
|
|
|
req.ldapAccountInfo = ldapAccountInfo;
|
|
|
@@ -263,7 +263,7 @@ class PassportService {
|
|
|
}));
|
|
|
|
|
|
this.isLdapStrategySetup = true;
|
|
|
- debug('LdapStrategy: setup is done');
|
|
|
+ logger.debug('LdapStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -335,23 +335,23 @@ class PassportService {
|
|
|
// see: https://regex101.com/r/0tuYBB/1
|
|
|
const match = serverUrl.match(/(ldaps?:\/\/[^/]+)\/(.*)?/);
|
|
|
if (match == null || match.length < 1) {
|
|
|
- debug('LdapStrategy: serverUrl is invalid');
|
|
|
+ logger.debug('LdapStrategy: serverUrl is invalid');
|
|
|
return (req, callback) => { callback({ message: 'serverUrl is invalid' }) };
|
|
|
}
|
|
|
const url = match[1];
|
|
|
const searchBase = match[2] || '';
|
|
|
|
|
|
- debug(`LdapStrategy: url=${url}`);
|
|
|
- debug(`LdapStrategy: searchBase=${searchBase}`);
|
|
|
- debug(`LdapStrategy: isUserBind=${isUserBind}`);
|
|
|
+ logger.debug(`LdapStrategy: url=${url}`);
|
|
|
+ logger.debug(`LdapStrategy: searchBase=${searchBase}`);
|
|
|
+ logger.debug(`LdapStrategy: isUserBind=${isUserBind}`);
|
|
|
if (!isUserBind) {
|
|
|
- debug(`LdapStrategy: bindDN=${bindDN}`);
|
|
|
- debug(`LdapStrategy: bindCredentials=${bindCredentials}`);
|
|
|
+ logger.debug(`LdapStrategy: bindDN=${bindDN}`);
|
|
|
+ logger.debug(`LdapStrategy: bindCredentials=${bindCredentials}`);
|
|
|
}
|
|
|
- debug(`LdapStrategy: searchFilter=${searchFilter}`);
|
|
|
- debug(`LdapStrategy: groupSearchBase=${groupSearchBase}`);
|
|
|
- debug(`LdapStrategy: groupSearchFilter=${groupSearchFilter}`);
|
|
|
- debug(`LdapStrategy: groupDnProperty=${groupDnProperty}`);
|
|
|
+ logger.debug(`LdapStrategy: searchFilter=${searchFilter}`);
|
|
|
+ logger.debug(`LdapStrategy: groupSearchBase=${groupSearchBase}`);
|
|
|
+ logger.debug(`LdapStrategy: groupSearchFilter=${groupSearchFilter}`);
|
|
|
+ logger.debug(`LdapStrategy: groupDnProperty=${groupDnProperty}`);
|
|
|
|
|
|
return (req, callback) => {
|
|
|
// get credentials from form data
|
|
|
@@ -385,7 +385,7 @@ class PassportService {
|
|
|
passwordField: PassportService.PASSWORD_FIELD,
|
|
|
server: serverOpt,
|
|
|
}, opts);
|
|
|
- debug('ldap configuration: ', mergedOpts);
|
|
|
+ logger.debug('ldap configuration: ', mergedOpts);
|
|
|
|
|
|
// store configuration to req
|
|
|
req.ldapConfiguration = mergedOpts;
|
|
|
@@ -412,7 +412,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('GoogleStrategy: setting up..');
|
|
|
+ logger.debug('GoogleStrategy: setting up..');
|
|
|
passport.use(
|
|
|
new GoogleStrategy(
|
|
|
{
|
|
|
@@ -434,7 +434,7 @@ class PassportService {
|
|
|
);
|
|
|
|
|
|
this.isGoogleStrategySetup = true;
|
|
|
- debug('GoogleStrategy: setup is done');
|
|
|
+ logger.debug('GoogleStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -443,7 +443,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetGoogleStrategy() {
|
|
|
- debug('GoogleStrategy: reset');
|
|
|
+ logger.debug('GoogleStrategy: reset');
|
|
|
passport.unuse('google');
|
|
|
this.isGoogleStrategySetup = false;
|
|
|
}
|
|
|
@@ -460,7 +460,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('GitHubStrategy: setting up..');
|
|
|
+ logger.debug('GitHubStrategy: setting up..');
|
|
|
passport.use(
|
|
|
new GitHubStrategy(
|
|
|
{
|
|
|
@@ -482,7 +482,7 @@ class PassportService {
|
|
|
);
|
|
|
|
|
|
this.isGitHubStrategySetup = true;
|
|
|
- debug('GitHubStrategy: setup is done');
|
|
|
+ logger.debug('GitHubStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -491,7 +491,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetGitHubStrategy() {
|
|
|
- debug('GitHubStrategy: reset');
|
|
|
+ logger.debug('GitHubStrategy: reset');
|
|
|
passport.unuse('github');
|
|
|
this.isGitHubStrategySetup = false;
|
|
|
}
|
|
|
@@ -508,7 +508,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('TwitterStrategy: setting up..');
|
|
|
+ logger.debug('TwitterStrategy: setting up..');
|
|
|
passport.use(
|
|
|
new TwitterStrategy(
|
|
|
{
|
|
|
@@ -530,7 +530,7 @@ class PassportService {
|
|
|
);
|
|
|
|
|
|
this.isTwitterStrategySetup = true;
|
|
|
- debug('TwitterStrategy: setup is done');
|
|
|
+ logger.debug('TwitterStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -539,7 +539,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetTwitterStrategy() {
|
|
|
- debug('TwitterStrategy: reset');
|
|
|
+ logger.debug('TwitterStrategy: reset');
|
|
|
passport.unuse('twitter');
|
|
|
this.isTwitterStrategySetup = false;
|
|
|
}
|
|
|
@@ -556,7 +556,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('OidcStrategy: setting up..');
|
|
|
+ logger.debug('OidcStrategy: setting up..');
|
|
|
|
|
|
// setup client
|
|
|
// extend oidc request timeouts
|
|
|
@@ -568,7 +568,7 @@ class PassportService {
|
|
|
? urljoin(this.crowi.appService.getSiteUrl(), '/passport/oidc/callback')
|
|
|
: configManager.getConfig('crowi', 'security:passport-oidc:callbackUrl'); // DEPRECATED: backward compatible with v3.2.3 and below
|
|
|
const oidcIssuer = await OIDCIssuer.discover(issuerHost);
|
|
|
- debug('Discovered issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);
|
|
|
+ logger.debug('Discovered issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);
|
|
|
|
|
|
const authorizationEndpoint = configManager.getConfig('crowi', 'security:passport-oidc:authorizationEndpoint');
|
|
|
if (authorizationEndpoint) {
|
|
|
@@ -602,7 +602,7 @@ class PassportService {
|
|
|
if (jwksUri) {
|
|
|
oidcIssuer.metadata.jwks_uri = jwksUri;
|
|
|
}
|
|
|
- debug('Configured issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);
|
|
|
+ logger.debug('Configured issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);
|
|
|
|
|
|
const client = new oidcIssuer.Client({
|
|
|
client_id: clientId,
|
|
|
@@ -625,7 +625,7 @@ class PassportService {
|
|
|
})));
|
|
|
|
|
|
this.isOidcStrategySetup = true;
|
|
|
- debug('OidcStrategy: setup is done');
|
|
|
+ logger.debug('OidcStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -634,7 +634,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetOidcStrategy() {
|
|
|
- debug('OidcStrategy: reset');
|
|
|
+ logger.debug('OidcStrategy: reset');
|
|
|
passport.unuse('oidc');
|
|
|
this.isOidcStrategySetup = false;
|
|
|
}
|
|
|
@@ -651,7 +651,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('SamlStrategy: setting up..');
|
|
|
+ logger.debug('SamlStrategy: setting up..');
|
|
|
passport.use(
|
|
|
new SamlStrategy(
|
|
|
{
|
|
|
@@ -673,7 +673,7 @@ class PassportService {
|
|
|
);
|
|
|
|
|
|
this.isSamlStrategySetup = true;
|
|
|
- debug('SamlStrategy: setup is done');
|
|
|
+ logger.debug('SamlStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -682,7 +682,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetSamlStrategy() {
|
|
|
- debug('SamlStrategy: reset');
|
|
|
+ logger.debug('SamlStrategy: reset');
|
|
|
passport.unuse('saml');
|
|
|
this.isSamlStrategySetup = false;
|
|
|
}
|
|
|
@@ -718,15 +718,15 @@ class PassportService {
|
|
|
verifySAMLResponseByABLCRule(response) {
|
|
|
const rule = this.crowi.configManager.getConfig('crowi', 'security:passport-saml:ABLCRule');
|
|
|
if (rule == null) {
|
|
|
- debug('There is no ABLCRule.');
|
|
|
+ logger.debug('There is no ABLCRule.');
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
const luceneRule = this.parseABLCRule(rule);
|
|
|
- debug({ 'Parsed Rule': JSON.stringify(luceneRule, null, 2) });
|
|
|
+ logger.debug({ 'Parsed Rule': JSON.stringify(luceneRule, null, 2) });
|
|
|
|
|
|
const attributes = this.extractAttributesFromSAMLResponse(response);
|
|
|
- debug({ 'Extracted Attributes': JSON.stringify(attributes, null, 2) });
|
|
|
+ logger.debug({ 'Extracted Attributes': JSON.stringify(attributes, null, 2) });
|
|
|
|
|
|
return this.evaluateRuleForSamlAttributes(attributes, luceneRule);
|
|
|
}
|
|
|
@@ -827,7 +827,7 @@ class PassportService {
|
|
|
* @memberof PassportService
|
|
|
*/
|
|
|
resetBasicStrategy() {
|
|
|
- debug('BasicStrategy: reset');
|
|
|
+ logger.debug('BasicStrategy: reset');
|
|
|
passport.unuse('basic');
|
|
|
this.isBasicStrategySetup = false;
|
|
|
}
|
|
|
@@ -849,7 +849,7 @@ class PassportService {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- debug('BasicStrategy: setting up..');
|
|
|
+ logger.debug('BasicStrategy: setting up..');
|
|
|
|
|
|
passport.use(new BasicStrategy(
|
|
|
(userId, password, done) => {
|
|
|
@@ -861,7 +861,7 @@ class PassportService {
|
|
|
));
|
|
|
|
|
|
this.isBasicStrategySetup = true;
|
|
|
- debug('BasicStrategy: setup is done');
|
|
|
+ logger.debug('BasicStrategy: setup is done');
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -875,7 +875,7 @@ class PassportService {
|
|
|
throw new Error('serializer/deserializer have already been set up');
|
|
|
}
|
|
|
|
|
|
- debug('setting up serializer and deserializer');
|
|
|
+ logger.debug('setting up serializer and deserializer');
|
|
|
|
|
|
const User = this.crowi.model('User');
|
|
|
|
Yuki Takei