hedgedoc/lib/web/auth, branch cindy Hedgedoc with support for CindyScript Linter: Fix all lint errors 2021-02-15T11:15:14+00:00 Philip Molares 2021-02-15T08:42:51+00:00 136d895d155f28c2e75b3af206549acaa2a354ed Signed-off-by: Philip Molares <philip.molares@udo.edu> 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Fix SAML auth error logging 2021-02-11T21:00:22+00:00 David Mehren 2021-02-11T21:00:08+00:00 4655e9c785f6af0639c0d1a2dadaf06271c56234 As stated in https://github.com/node-saml/passport-saml/blob/master/CHANGELOG.md#v200-2020-11-03 and the corresponding PR https://github.com/node-saml/passport-saml/pull/412 passport-saml now always throws error objects instead of strings. This fixes our error logging to accommodate this change. Signed-off-by: David Mehren <git@herrmehren.de> 
As stated in https://github.com/node-saml/passport-saml/blob/master/CHANGELOG.md#v200-2020-11-03
and the corresponding PR https://github.com/node-saml/passport-saml/pull/412
passport-saml now always throws error objects instead of strings.
This fixes our error logging to accommodate this change.

Signed-off-by: David Mehren <git@herrmehren.de>
Fix crash when OAuth2 config parameters are missing 2020-11-30T14:04:30+00:00 David Mehren 2020-11-30T14:04:30+00:00 cc7fa947bfb4043bd4b97b0040e82daef892f365 If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash. This commit adds handling of these cases and improves error logging in `checkAuthorization`. Fixes #608 Signed-off-by: David Mehren <git@herrmehren.de> 
If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash.

This commit adds handling of these cases and improves error logging in `checkAuthorization`.

Fixes #608

Signed-off-by: David Mehren <git@herrmehren.de>
Add oauth2 authorization 2020-11-25T18:23:55+00:00 Joachim Mathes 2020-11-21T19:26:12+00:00 729b387536d2bcf43a20b2ddead4bffdfd342d2a Signed-off-by: Joachim Mathes <joachim_mathes@web.de> 
Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
Generic OAuth2: Set state: true 2020-10-22T20:50:34+00:00 Dexter Chua 2020-06-16T08:45:23+00:00 a88b4aff2a904cd2351002784817d54120766ad8 The OAuth2 specification RECOMMENDS setting the state to protect against CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to authenticate without the state set. This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f. Signed-off-by: haslersn <sebastian.hasler@gmx.net> 
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.

This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f.

Signed-off-by: haslersn <sebastian.hasler@gmx.net>
saml: make logger print actual error message 2020-07-11T19:21:01+00:00 Simeon Keske 2020-05-18T11:29:05+00:00 a134aa3f35d083bb36340562f61c8d19ea9a9027 Signed-off-by: Simeon Keske <git@n0emis.eu> Signed-off-by: Leo Maroni <git@em0lar.de> 
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
add error handling to saml-certs 2020-07-11T19:21:00+00:00 Simeon Keske 2020-05-06T14:28:34+00:00 bab0409ed09496ee1b997c40f62e6d8b0ad83013 Signed-off-by: Simeon Keske <git@n0emis.eu> Signed-off-by: Leo Maroni <git@em0lar.de> 
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
allow to set a saml client certificate 2020-07-11T19:19:49+00:00 Simeon Keske 2020-04-29T16:27:00+00:00 17f0067ab2553fdfd4c7b4043440c9a3e325929c Signed-off-by: Simeon Keske <git@n0emis.eu> 
Signed-off-by: Simeon Keske <git@n0emis.eu>
Backport of #278 for 1.6.1 2020-06-20T14:48:25+00:00 Victor Berger 2020-06-20T14:33:57+00:00 5f3a1b626653d9b6331bfcb673d64324b29e2927 This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org> 
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.

Signed-off-by: Victor Berger <victor.berger@m4x.org>
Add Google oauth variable: hostedDomain 2020-02-08T07:57:22+00:00 ike 2020-02-07T00:51:58+00:00 197223dc81267efb22a63872a42f839b2276e1b6 Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com> 
Which is part of `passport-google-oauth2`.
It could be used as whitelist to a domain supported by google oauth.
Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3

Signed-off-by: ike <developer@ikewat.com>