diff options
author | Christoph Witzany | 2017-10-29 11:16:40 +0100 |
---|---|---|
committer | Christoph Witzany | 2017-10-31 10:34:51 +0100 |
commit | 5cda55086acfc1000f0a0062045db50ad415db59 (patch) | |
tree | 4cad35c71d521507013f33bcd730143847234fb6 /lib | |
parent | dad5798472406aad08b1b1c5433f314fdaa679e7 (diff) |
Add mattermost authentication
Diffstat (limited to '')
-rw-r--r-- | lib/config/default.js | 5 | ||||
-rw-r--r-- | lib/config/dockerSecret.js | 4 | ||||
-rw-r--r-- | lib/config/environment.js | 5 | ||||
-rw-r--r-- | lib/config/index.js | 1 | ||||
-rw-r--r-- | lib/models/user.js | 9 | ||||
-rwxr-xr-x | lib/response.js | 1 | ||||
-rw-r--r-- | lib/web/auth/index.js | 1 | ||||
-rw-r--r-- | lib/web/auth/mattermost/index.js | 49 |
8 files changed, 75 insertions, 0 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index e7e2e4b3..273bad02 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -74,6 +74,11 @@ module.exports = { clientSecret: undefined, scope: undefined }, + mattermost: { + baseURL: undefined, + clientID: undefined, + clientSecret: undefined + }, dropbox: { clientID: undefined, clientSecret: undefined diff --git a/lib/config/dockerSecret.js b/lib/config/dockerSecret.js index eea2fafd..ac54fd19 100644 --- a/lib/config/dockerSecret.js +++ b/lib/config/dockerSecret.js @@ -38,6 +38,10 @@ if (fs.existsSync(basePath)) { clientID: getSecret('gitlab_clientID'), clientSecret: getSecret('gitlab_clientSecret') }, + mattermost: { + clientID: getSecret('mattermost_clientID'), + clientSecret: getSecret('mattermost_clientSecret') + }, dropbox: { clientID: getSecret('dropbox_clientID'), clientSecret: getSecret('dropbox_clientSecret') diff --git a/lib/config/environment.js b/lib/config/environment.js index 6f33d140..0c272f05 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -49,6 +49,11 @@ module.exports = { clientSecret: process.env.HMD_GITLAB_CLIENTSECRET, scope: process.env.HMD_GITLAB_SCOPE }, + mattermost: { + baseURL: process.env.HMD_MATTERMOST_BASEURL, + clientID: process.env.HMD_MATTERMOST_CLIENTID, + clientSecret: process.env.HMD_MATTERMOST_CLIENTSECRET + }, dropbox: { clientID: process.env.HMD_DROPBOX_CLIENTID, clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET diff --git a/lib/config/index.js b/lib/config/index.js index dfad28ed..addd8ba6 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -90,6 +90,7 @@ config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSe config.isEmailEnable = config.email config.isGitHubEnable = config.github.clientID && config.github.clientSecret config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret +config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret config.isLDAPEnable = config.ldap.url config.isPDFExportEnable = config.allowpdfexport diff --git a/lib/models/user.js b/lib/models/user.js index e59b86cc..27566def 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -111,6 +111,15 @@ module.exports = function (sequelize, DataTypes) { photo = letterAvatars(profile.username) } break + case 'mattermost': + photo = profile.avatarUrl + if (photo) { + if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400') + else photo = photo.replace(/(\?s=)\d*$/i, '$196') + } else { + photo = letterAvatars(profile.username) + } + break case 'dropbox': // no image api provided, use gravatar photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0].value) diff --git a/lib/response.js b/lib/response.js index 9e39ffb5..0c6a95ea 100755 --- a/lib/response.js +++ b/lib/response.js @@ -64,6 +64,7 @@ function showIndex (req, res, next) { twitter: config.isTwitterEnable, github: config.isGitHubEnable, gitlab: config.isGitLabEnable, + mattermost: config.isMattermostEnable, dropbox: config.isDropboxEnable, google: config.isGoogleEnable, ldap: config.isLDAPEnable, diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js index b5ca8434..4b618101 100644 --- a/lib/web/auth/index.js +++ b/lib/web/auth/index.js @@ -33,6 +33,7 @@ if (config.isFacebookEnable) authRouter.use(require('./facebook')) if (config.isTwitterEnable) authRouter.use(require('./twitter')) if (config.isGitHubEnable) authRouter.use(require('./github')) if (config.isGitLabEnable) authRouter.use(require('./gitlab')) +if (config.isMattermostEnable) authRouter.use(require('./mattermost')) if (config.isDropboxEnable) authRouter.use(require('./dropbox')) if (config.isGoogleEnable) authRouter.use(require('./google')) if (config.isLDAPEnable) authRouter.use(require('./ldap')) diff --git a/lib/web/auth/mattermost/index.js b/lib/web/auth/mattermost/index.js new file mode 100644 index 00000000..9ccf3de5 --- /dev/null +++ b/lib/web/auth/mattermost/index.js @@ -0,0 +1,49 @@ +'use strict' + +const Router = require('express').Router +const passport = require('passport') +const Mattermost = require('mattermost') +const OAuthStrategy = require('passport-oauth2').Strategy +const config = require('../../../config') +const {setReturnToFromReferer, passportGeneralCallback} = require('../utils') + +const mattermost = new Mattermost.Client() + +let mattermostAuth = module.exports = Router() + +let mattermostStrategy = new OAuthStrategy({ + authorizationURL: config.mattermost.baseURL + '/oauth/authorize', + tokenURL: config.mattermost.baseURL + '/oauth/access_token', + clientID: config.mattermost.clientID, + clientSecret: config.mattermost.clientSecret, + callbackURL: config.serverurl + '/auth/mattermost/callback' +}, passportGeneralCallback) + +mattermostStrategy.userProfile = (accessToken, done) => { + mattermost.setUrl(config.mattermost.baseURL) + mattermost.token = accessToken + mattermost.useHeaderToken() + mattermost.getMe( + (data) => { + done(null, data) + }, + (err) => { + done(err) + } + ) +} + +passport.use(mattermostStrategy) + +mattermostAuth.get('/auth/mattermost', function (req, res, next) { + setReturnToFromReferer(req) + passport.authenticate('oauth2')(req, res, next) +}) + +// mattermost auth callback +mattermostAuth.get('/auth/mattermost/callback', + passport.authenticate('oauth2', { + successReturnToOrRedirect: config.serverurl + '/', + failureRedirect: config.serverurl + '/' + }) +) |