yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pass query params to authorize endpoint during OIDC login (#5129)

Browse Source
This commit is contained in:
Hai
2023-04-03 01:55:09 +07:00
committed by GitHub
parent c6068d0fee
commit 2e28a631b6
5 changed files with 47 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/oidc/server/auth/oidc.test.ts Normal file
View File

@@ -0,0 +1,14 @@
import { getTestServer } from "@server/test/support";
const server = getTestServer();
describe("oidc", () => {
it("should pass query params along with auth redirect", async () => {
const res = await server.get("/auth/oidc?myParam=someParam", {
redirect: "manual",
});
const redirectLocation = new URL(res.headers.get("location"));
expect(res.status).toEqual(302);
expect(redirectLocation.searchParams.get("myParam")).toEqual("someParam");
});
});

14
plugins/oidc/server/auth/oidc.ts
View File

@@ -33,6 +33,20 @@ Strategy.prototype.userProfile = async function (accessToken, done) {
}
};
const authorizationParams = Strategy.prototype.authorizationParams;
Strategy.prototype.authorizationParams = function (options) {
return {
...(options.originalQuery || {}),
...(authorizationParams.bind(this)(options) || {}),
};
};
const authenticate = Strategy.prototype.authenticate;
Strategy.prototype.authenticate = function (req, options) {
options.originalQuery = req.query;
authenticate.bind(this)(req, options);
};
if (
env.OIDC_CLIENT_ID &&
env.OIDC_CLIENT_SECRET &&

17
server/routes/api/auth.test.ts
View File

@@ -100,9 +100,10 @@ describe("#auth.config", () => {
const res = await server.post("/api/auth.config");
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.providers.length).toBe(2);
expect(body.data.providers.length).toBe(3);
expect(body.data.providers[0].name).toBe("Slack");
expect(body.data.providers[1].name).toBe("Google");
expect(body.data.providers[1].name).toBe("OpenID Connect");
expect(body.data.providers[2].name).toBe("Google");
});
it("should return available providers for team subdomain", async () => {
@@ -221,9 +222,10 @@ describe("#auth.config", () => {
const res = await server.post("/api/auth.config");
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.providers.length).toBe(2);
expect(body.data.providers.length).toBe(3);
expect(body.data.providers[0].name).toBe("Google");
expect(body.data.providers[1].name).toBe("Slack");
expect(body.data.providers[1].name).toBe("OpenID Connect");
expect(body.data.providers[2].name).toBe("Slack");
});
it("should return email provider for team when guest signin enabled", async () => {
@@ -240,10 +242,11 @@ describe("#auth.config", () => {
const res = await server.post("/api/auth.config");
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.providers.length).toBe(3);
expect(body.data.providers.length).toBe(4);
expect(body.data.providers[0].name).toBe("Slack");
expect(body.data.providers[1].name).toBe("Google");
expect(body.data.providers[2].name).toBe("Email");
expect(body.data.providers[1].name).toBe("OpenID Connect");
expect(body.data.providers[2].name).toBe("Google");
expect(body.data.providers[3].name).toBe("Email");
});
});
});

5
server/routes/api/authenticationProviders/authenticationProviders.test.ts
View File

@@ -133,13 +133,16 @@ describe("#authenticationProviders.list", () => {
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toBe(2);
expect(body.data.length).toBe(3);
expect(body.data[0].name).toBe("slack");
expect(body.data[0].isEnabled).toBe(true);
expect(body.data[0].isConnected).toBe(true);
expect(body.data[1].name).toBe("google");
expect(body.data[1].isEnabled).toBe(false);
expect(body.data[1].isConnected).toBe(false);
expect(body.data[2].name).toBe("oidc");
expect(body.data[2].isEnabled).toBe(false);
expect(body.data[2].isConnected).toBe(false);
});
it("should require authentication", async () => {

7
server/test/env.ts
View File

@@ -10,8 +10,11 @@ env.SLACK_CLIENT_SECRET = "123";
env.AZURE_CLIENT_ID = undefined;
env.AZURE_CLIENT_SECRET = undefined;
env.OIDC_CLIENT_ID = undefined;
env.OIDC_CLIENT_SECRET = undefined;
env.OIDC_CLIENT_ID = "client-id";
env.OIDC_CLIENT_SECRET = "client-secret";
env.OIDC_AUTH_URI = "http://localhost/authorize";
env.OIDC_TOKEN_URI = "http://localhost/token";
env.OIDC_USERINFO_URI = "http://localhost/userinfo";
env.RATE_LIMITER_ENABLED = false;
env.DEPLOYMENT = undefined;