From 5f3a1b626653d9b6331bfcb673d64324b29e2927 Mon Sep 17 00:00:00 2001 From: Victor Berger Date: Sat, 20 Jun 2020 16:33:57 +0200 Subject: [PATCH] Backport of #278 for 1.6.1 This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger --- docs/configuration.md | 3 ++- lib/config/default.js | 3 ++- lib/config/environment.js | 3 ++- lib/config/hackmdEnvironment.js | 3 ++- lib/web/auth/oauth2/index.js | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 20f853dee..aa6b5191e 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -181,7 +181,7 @@ these are rarely used for various reasons. | config file | environment | example value | description | | ----------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `oauth2` | | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details! | +| `oauth2` | | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ..., scope: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details! | | | `CMD_OAUTH2_USER_PROFILE_URL` | `https://example.com` | Where to retrieve information about a user after successful login. Needs to output JSON. (no default value) Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details on all of the `CMD_OAUTH2...` options. | | | `CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR` | `name` | where to find the username in the JSON from the user profile URL. (no default value) | | | `CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR` | `display-name` | where to find the display-name in the JSON from the user profile URL. (no default value) | @@ -191,6 +191,7 @@ these are rarely used for various reasons. | | `CMD_OAUTH2_CLIENT_ID` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) | | | `CMD_OAUTH2_CLIENT_SECRET` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) | | | `CMD_OAUTH2_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the oAuth2 provider | +| | `CMD_OAUTH2_SCOPE` | `openid email profile` | Scope to request for OIDC (OpenID Connect) providers. | ### SAML Login diff --git a/lib/config/default.js b/lib/config/default.js index 7504fda28..9b852d1e5 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -91,7 +91,8 @@ module.exports = { authorizationURL: undefined, tokenURL: undefined, clientID: undefined, - clientSecret: undefined + clientSecret: undefined, + scope: undefined }, facebook: { clientID: undefined, diff --git a/lib/config/environment.js b/lib/config/environment.js index 219be4995..87a7e3eeb 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -92,7 +92,8 @@ module.exports = { tokenURL: process.env.CMD_OAUTH2_TOKEN_URL, authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL, clientID: process.env.CMD_OAUTH2_CLIENT_ID, - clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET + clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET, + scope: process.env.CMD_OAUTH2_SCOPE }, dropbox: { clientID: process.env.CMD_DROPBOX_CLIENTID, diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js index dcfda0bc1..d4ae77f06 100644 --- a/lib/config/hackmdEnvironment.js +++ b/lib/config/hackmdEnvironment.js @@ -81,7 +81,8 @@ module.exports = { tokenURL: process.env.HMD_OAUTH2_TOKEN_URL, authorizationURL: process.env.HMD_OAUTH2_AUTHORIZATION_URL, clientID: process.env.HMD_OAUTH2_CLIENT_ID, - clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET + clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET, + scope: process.env.HMD_OAUTH2_SCOPE }, dropbox: { clientID: process.env.HMD_DROPBOX_CLIENTID, diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js index 2bd731961..1865ad54c 100644 --- a/lib/web/auth/oauth2/index.js +++ b/lib/web/auth/oauth2/index.js @@ -89,7 +89,8 @@ passport.use(new OAuth2CustomStrategy({ clientID: config.oauth2.clientID, clientSecret: config.oauth2.clientSecret, callbackURL: config.serverURL + '/auth/oauth2/callback', - userProfileURL: config.oauth2.userProfileURL + userProfileURL: config.oauth2.userProfileURL, + scope: config.oauth2.scope }, passportGeneralCallback)) oauth2Auth.get('/auth/oauth2', function (req, res, next) {