3. nodebb-plugin-sso-saml do not working

nodebb-plugin-sso-saml do not working

  • torresfeng

    nodebb v1.10.1

    code:

    (function(module) {
    "use strict";

    var user = module.parent.require('./user'),
	meta = module.parent.require('./meta'),
	db = module.parent.require('../src/database'),
	passport = module.parent.require('passport'),
	passportSAML = require('passport-saml').Strategy,
	fs = module.parent.require('fs'),
	path = module.parent.require('path'),
	nconf = module.parent.require('nconf'),
	async = module.parent.require('async'),
	winston = require('winston');

var constants = Object.freeze({
	'name': "SAML",
	'admin': {
		'route': '/plugins/sso-saml',
		'icon': 'fa-university'
	}
});

var SAML = {};
var samlObj;

if (meta.config['sso:saml:idpentrypoint'] && meta.config['sso:saml:callbackpath']&& meta.config["sso:saml:metadata"] && meta.config["sso:saml:issuer"]) {

	console.log(nconf.get('url'));
	
	samlObj = new passportSAML({
		    path: meta.config['sso:saml:callbackpath'],
		    entryPoint: meta.config['sso:saml:idpentrypoint'],
		    issuer: meta.config['sso:saml:issuer'],
		    callbackUrl: nconf.get('url') + meta.config['sso:saml:callbackpath'],
		    disableRequestedAuthnContext: true,
		    identifierFormat: null
	  	},
	  	function(profile, done) {
		console.log(profile,'zheli');	
	    	var user = {
		        nameID: profile.nameID,
		        nameIDFormat: profile.nameIDFormat,
		        sn: profile['urn:oid:2.5.4.4'], // sn
			//sn: profile.sn,
		        cn: profile['urn:oid:2.5.4.42'], // givenname
			//cn: profile.cn,
		        //mail: profile.mail,
		        //eduPersonAffiliation: profile.eduPersonAffiliation,
		        email: profile.mail,
			//email: profile.email,
		        username: profile['urn:oid:1.3.6.1.4.1.5923.1.1.1.2'], // eduPersonNickname
			//username: profile.eduPersonNickname
		    };

		    SAML.login(user,function(err, user) {
				if (err) {
					return done(err);
				}
				done(null, user);
			});
	  	}
	);
}
else{
	console.log("No config info")
	console.log(meta.config);
}


SAML.init = function(params,callback) {
	// app, middleware, controllers, callback
	var app = params.router;
	var middleware = params.middleware;
	var controllers = params.controllers;		

	function render(req, res, next) {
		res.render('admin/plugins/sso-saml', {});
	}

	app.get('/admin/plugins/sso-saml', middleware.admin.buildHeader, render);
	app.get('/api/admin/plugins/sso-saml', render);
	console.log(456);
	console.log(samlObj);

	if (samlObj){
		if (meta.config["sso:saml:metadata"]) {
			app.get(meta.config["sso:saml:metadata"], function(req, res) {
				console.log(123);
				if (meta.config["sso:saml:servercrt"]){
					 var cert = fs.readFileSync(meta.config["sso:saml:servercrt"], 'utf-8');
				  	res.header("Content-Type", "application/xml");
				  	res.send(samlObj.generateServiceProviderMetadata(cert))	
				}
				else{
					res.send("No servercrt specified. Please enter it at nodebb admin panel.");
				}
			});	
		}
		
		app.post(meta.config['sso:saml:callbackpath'],
			passport.authenticate('saml'),
			function(req, res, next){
				if (meta.config['sso:saml:loginsuccessredirecturl']){
					res.redirect(meta.config['sso:saml:loginsuccessredirecturl']);
				}
				else{
					res.redirect("/");
				}
				
			}
	
		);

		if (meta.config['sso:saml:logouturl']) {

			app.get(meta.config['sso:saml:logouturl'],function(req,res){
				if (req.user && parseInt(req.user.uid, 10) > 0) {
					winston.info('[Auth] Session ' + req.sessionID + ' logout (uid: ' + req.user.uid + ')');

					var ws = module.parent.require('./socket.io');
					ws.logoutUser(req.user.uid);

					req.logout();

					if (meta.config['sso:saml:logoutredirecturl']){
						res.redirect(meta.config['sso:saml:logoutredirecturl']);
					}
					else{
						res.redirect("/");
					}
				}
				

			});
		}
		
	}

	callback();
};

SAML.getStrategy = function(strategies, callback) {

	console.log("filter:auth.init...");

	console.log(strategies);

	if (samlObj){
	
		passport.use(samlObj);

		strategies.push({
			name: 'saml',
			url: '/auth/saml',
			callbackURL: meta.config['sso:saml:callbackpath'],
			icon: constants.admin.icon,
			scope: ''
		});
	}

	callback(null, strategies);
};

SAML.login = function(userdata, callback) {

	SAML.getUidBySAMLId(userdata.username, function(err, uid) {
		if(err) {
			return callback(err);
		}

		if (uid !== null) {
			// Existing User
			callback(null, {
			 	uid: uid
			});
		}
		else {
			console.log(userdata);
			// New User
			user.create({
				username: userdata.username,
				email: userdata.email,
				fullname : userdata.first_name + " " + userdata.last_name
						
			}, function(err, uid) {
				if(err) {
					return callback(err);
				}
				user.setUserField(uid, 'samlid', userdata.username);
				db.setObjectField('samlid:uid', userdata.username, uid);

				callback(null, {
					uid: uid
				});
			});
		}
	});
};

SAML.getUidBySAMLId = function(samlid, callback) {
	db.getObjectField('samlid:uid', samlid, function(err, uid) {
		if (err) {
			return callback(err);
		}
		callback(null, uid);
	});
};

SAML.addMenuItem = function(custom_header, callback) {
	custom_header.authentication.push({
		"route": constants.admin.route,
		"icon": constants.admin.icon,
		"name": constants.name
	});

	callback(null, custom_header);
};

SAML.deleteUserData = function(uid, callback) {
	async.waterfall([
		async.apply(user.getUserField, uid, 'samlid'),
		function(idToDelete, next) {
			db.deleteObjectField('samlid:uid', idToDelete, next);
		}
	], function(err) {
		if (err) {
			winston.error('[sso-saml] Could not remove user data for uid ' + uid + '. Error: ' + err);
			return callback(err);
		}
		callback(null, uid);
	});
};

module.exports = SAML;

    }(module));

    0
Log in to reply
 

Suggested Topics

  • mashler


    NodeBB Plugins  

    4
  • hek


    NodeBB Plugins  

    3
  • E


    NodeBB Plugins  

    2
  • mani


    NodeBB Plugins  

    14
  • Tanner


    NodeBB Plugins  

    1
| |
Copyright © 2018 NodeBB | Contributors