diff options
Diffstat (limited to 'lib/web/auth/saml')
-rw-r--r-- | lib/web/auth/saml/index.js | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/lib/web/auth/saml/index.js b/lib/web/auth/saml/index.js index c48b93e2..deb04007 100644 --- a/lib/web/auth/saml/index.js +++ b/lib/web/auth/saml/index.js @@ -10,19 +10,21 @@ const { urlencodedParser } = require('../../utils') const fs = require('fs') const intersection = function (array1, array2) { return array1.filter((n) => array2.includes(n)) } -let samlAuth = module.exports = Router() +const samlAuth = module.exports = Router() passport.use(new SamlStrategy({ callbackUrl: config.serverURL + '/auth/saml/callback', entryPoint: config.saml.idpSsoUrl, issuer: config.saml.issuer || config.serverURL, - privateCert: config.saml.clientCert === undefined ? undefined : (function () { - try { - return fs.readFileSync(config.saml.clientCert, 'utf-8') - } catch (e) { - logger.error(`SAML client certificate: ${e.message}`) - } - }()), + privateCert: config.saml.clientCert === undefined + ? undefined + : (function () { + try { + return fs.readFileSync(config.saml.clientCert, 'utf-8') + } catch (e) { + logger.error(`SAML client certificate: ${e.message}`) + } + }()), cert: (function () { try { return fs.readFileSync(config.saml.idpCert, 'utf-8') @@ -36,7 +38,7 @@ passport.use(new SamlStrategy({ }, function (user, done) { // check authorization if needed if (config.saml.externalGroups && config.saml.groupAttribute) { - var externalGroups = intersection(config.saml.externalGroups, user[config.saml.groupAttribute]) + const externalGroups = intersection(config.saml.externalGroups, user[config.saml.groupAttribute]) if (externalGroups.length > 0) { logger.error('saml permission denied: ' + externalGroups.join(', ')) return done('Permission denied', null) @@ -49,8 +51,8 @@ passport.use(new SamlStrategy({ } } // user creation - var uuid = user[config.saml.attribute.id] || user.nameID - var profile = { + const uuid = user[config.saml.attribute.id] || user.nameID + const profile = { provider: 'saml', id: 'SAML-' + uuid, username: user[config.saml.attribute.username] || user.nameID, @@ -59,7 +61,7 @@ passport.use(new SamlStrategy({ if (profile.emails.length === 0 && config.saml.identifierFormat === 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress') { profile.emails.push(user.nameID) } - var stringifiedProfile = JSON.stringify(profile) + const stringifiedProfile = JSON.stringify(profile) models.User.findOrCreate({ where: { profileid: profile.id.toString() @@ -69,7 +71,7 @@ passport.use(new SamlStrategy({ } }).spread(function (user, created) { if (user) { - var needSave = false + let needSave = false if (user.profile !== stringifiedProfile) { user.profile = stringifiedProfile needSave = true |