summaryrefslogtreecommitdiffstats
path: root/packages/wekan_oidc
diff options
context:
space:
mode:
Diffstat (limited to 'packages/wekan_oidc')
-rw-r--r--packages/wekan_oidc/.gitignore1
-rw-r--r--packages/wekan_oidc/LICENSE.txt14
-rw-r--r--packages/wekan_oidc/README.md7
-rw-r--r--packages/wekan_oidc/oidc_client.js68
-rw-r--r--packages/wekan_oidc/oidc_configure.html6
-rw-r--r--packages/wekan_oidc/oidc_configure.js17
-rw-r--r--packages/wekan_oidc/oidc_server.js143
-rw-r--r--packages/wekan_oidc/package.js23
8 files changed, 0 insertions, 279 deletions
diff --git a/packages/wekan_oidc/.gitignore b/packages/wekan_oidc/.gitignore
deleted file mode 100644
index 5379d4c3..00000000
--- a/packages/wekan_oidc/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-.versions
diff --git a/packages/wekan_oidc/LICENSE.txt b/packages/wekan_oidc/LICENSE.txt
deleted file mode 100644
index c7be3264..00000000
--- a/packages/wekan_oidc/LICENSE.txt
+++ /dev/null
@@ -1,14 +0,0 @@
-Copyright (C) 2016 SWITCH
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
diff --git a/packages/wekan_oidc/README.md b/packages/wekan_oidc/README.md
deleted file mode 100644
index 8948971c..00000000
--- a/packages/wekan_oidc/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# salleman:oidc package
-
-A Meteor implementation of OpenID Connect Login flow
-
-## Usage and Documentation
-
-Look at the `salleman:accounts-oidc` package for the documentation about using OpenID Connect with Meteor.
diff --git a/packages/wekan_oidc/oidc_client.js b/packages/wekan_oidc/oidc_client.js
deleted file mode 100644
index 744bd841..00000000
--- a/packages/wekan_oidc/oidc_client.js
+++ /dev/null
@@ -1,68 +0,0 @@
-Oidc = {};
-
-// Request OpenID Connect credentials for the user
-// @param options {optional}
-// @param credentialRequestCompleteCallback {Function} Callback function to call on
-// completion. Takes one argument, credentialToken on success, or Error on
-// error.
-Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
- // support both (options, callback) and (callback).
- if (!credentialRequestCompleteCallback && typeof options === 'function') {
- credentialRequestCompleteCallback = options;
- options = {};
- }
-
- var config = ServiceConfiguration.configurations.findOne({service: 'oidc'});
- if (!config) {
- credentialRequestCompleteCallback && credentialRequestCompleteCallback(
- new ServiceConfiguration.ConfigError('Service oidc not configured.'));
- return;
- }
-
- var credentialToken = Random.secret();
- var loginStyle = OAuth._loginStyle('oidc', config, options);
- var scope = config.requestPermissions || ['openid', 'profile', 'email'];
-
- // options
- options = options || {};
- options.client_id = config.clientId;
- options.response_type = options.response_type || 'code';
- options.redirect_uri = OAuth._redirectUri('oidc', config);
- options.state = OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl);
- options.scope = scope.join(' ');
-
- if (config.loginStyle && config.loginStyle == 'popup') {
- options.display = 'popup';
- }
-
- var loginUrl = config.serverUrl + config.authorizationEndpoint;
- // check if the loginUrl already contains a "?"
- var first = loginUrl.indexOf('?') === -1;
- for (var k in options) {
- if (first) {
- loginUrl += '?';
- first = false;
- }
- else {
- loginUrl += '&'
- }
- loginUrl += encodeURIComponent(k) + '=' + encodeURIComponent(options[k]);
- }
-
- //console.log('XXX: loginURL: ' + loginUrl)
-
- options.popupOptions = options.popupOptions || {};
- var popupOptions = {
- width: options.popupOptions.width || 320,
- height: options.popupOptions.height || 450
- };
-
- OAuth.launchLogin({
- loginService: 'oidc',
- loginStyle: loginStyle,
- loginUrl: loginUrl,
- credentialRequestCompleteCallback: credentialRequestCompleteCallback,
- credentialToken: credentialToken,
- popupOptions: popupOptions,
- });
-};
diff --git a/packages/wekan_oidc/oidc_configure.html b/packages/wekan_oidc/oidc_configure.html
deleted file mode 100644
index 49282fc1..00000000
--- a/packages/wekan_oidc/oidc_configure.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<template name="configureLoginServiceDialogForOidc">
- <p>
- You'll need to create an OpenID Connect client configuration with your provider.
- Set App Callbacks URLs to: <span class="url">{{siteUrl}}_oauth/oidc</span>
- </p>
-</template>
diff --git a/packages/wekan_oidc/oidc_configure.js b/packages/wekan_oidc/oidc_configure.js
deleted file mode 100644
index 5eedaa04..00000000
--- a/packages/wekan_oidc/oidc_configure.js
+++ /dev/null
@@ -1,17 +0,0 @@
-Template.configureLoginServiceDialogForOidc.helpers({
- siteUrl: function () {
- return Meteor.absoluteUrl();
- }
-});
-
-Template.configureLoginServiceDialogForOidc.fields = function () {
- return [
- { property: 'clientId', label: 'Client ID'},
- { property: 'secret', label: 'Client Secret'},
- { property: 'serverUrl', label: 'OIDC Server URL'},
- { property: 'authorizationEndpoint', label: 'Authorization Endpoint'},
- { property: 'tokenEndpoint', label: 'Token Endpoint'},
- { property: 'userinfoEndpoint', label: 'Userinfo Endpoint'},
- { property: 'idTokenWhitelistFields', label: 'Id Token Fields'}
- ];
-};
diff --git a/packages/wekan_oidc/oidc_server.js b/packages/wekan_oidc/oidc_server.js
deleted file mode 100644
index fb948c52..00000000
--- a/packages/wekan_oidc/oidc_server.js
+++ /dev/null
@@ -1,143 +0,0 @@
-Oidc = {};
-
-OAuth.registerService('oidc', 2, null, function (query) {
-
- var debug = process.env.DEBUG || false;
- var token = getToken(query);
- if (debug) console.log('XXX: register token:', token);
-
- var accessToken = token.access_token || token.id_token;
- var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));
-
- var userinfo = getUserInfo(accessToken);
- if (debug) console.log('XXX: userinfo:', userinfo);
-
- var serviceData = {};
- serviceData.id = userinfo[process.env.OAUTH2_ID_MAP] || userinfo[id];
- serviceData.username = userinfo[process.env.OAUTH2_USERNAME_MAP] || userinfo[uid];
- serviceData.fullname = userinfo[process.env.OAUTH2_FULLNAME_MAP] || userinfo[displayName];
- serviceData.accessToken = accessToken;
- serviceData.expiresAt = expiresAt;
- serviceData.email = userinfo[process.env.OAUTH2_EMAIL_MAP] || userinfo[email];
-
- if (accessToken) {
- var tokenContent = getTokenContent(accessToken);
- var fields = _.pick(tokenContent, getConfiguration().idTokenWhitelistFields);
- _.extend(serviceData, fields);
- }
-
- if (token.refresh_token)
- serviceData.refreshToken = token.refresh_token;
- if (debug) console.log('XXX: serviceData:', serviceData);
-
- var profile = {};
- profile.name = userinfo[process.env.OAUTH2_FULLNAME_MAP] || userinfo[displayName];
- profile.email = userinfo[process.env.OAUTH2_EMAIL_MAP] || userinfo[email];
- if (debug) console.log('XXX: profile:', profile);
-
- return {
- serviceData: serviceData,
- options: { profile: profile }
- };
-});
-
-var userAgent = "Meteor";
-if (Meteor.release) {
- userAgent += "/" + Meteor.release;
-}
-
-var getToken = function (query) {
- var debug = process.env.DEBUG || false;
- var config = getConfiguration();
- var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint;
- var response;
-
- try {
- response = HTTP.post(
- serverTokenEndpoint,
- {
- headers: {
- Accept: 'application/json',
- "User-Agent": userAgent
- },
- params: {
- code: query.code,
- client_id: config.clientId,
- client_secret: OAuth.openSecret(config.secret),
- redirect_uri: OAuth._redirectUri('oidc', config),
- grant_type: 'authorization_code',
- state: query.state
- }
- }
- );
- } catch (err) {
- throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),
- { response: err.response });
- }
- if (response.data.error) {
- // if the http response was a json object with an error attribute
- throw new Error("Failed to complete handshake with OIDC " + serverTokenEndpoint + ": " + response.data.error);
- } else {
- if (debug) console.log('XXX: getToken response: ', response.data);
- return response.data;
- }
-};
-
-var getUserInfo = function (accessToken) {
- var debug = process.env.DEBUG || false;
- var config = getConfiguration();
- // Some userinfo endpoints use a different base URL than the authorization or token endpoints.
- // This logic allows the end user to override the setting by providing the full URL to userinfo in their config.
- if (config.userinfoEndpoint.includes("https://")) {
- var serverUserinfoEndpoint = config.userinfoEndpoint;
- } else {
- var serverUserinfoEndpoint = config.serverUrl + config.userinfoEndpoint;
- }
- var response;
- try {
- response = HTTP.get(
- serverUserinfoEndpoint,
- {
- headers: {
- "User-Agent": userAgent,
- "Authorization": "Bearer " + accessToken
- }
- }
- );
- } catch (err) {
- throw _.extend(new Error("Failed to fetch userinfo from OIDC " + serverUserinfoEndpoint + ": " + err.message),
- {response: err.response});
- }
- if (debug) console.log('XXX: getUserInfo response: ', response.data);
- return response.data;
-};
-
-var getConfiguration = function () {
- var config = ServiceConfiguration.configurations.findOne({ service: 'oidc' });
- if (!config) {
- throw new ServiceConfiguration.ConfigError('Service oidc not configured.');
- }
- return config;
-};
-
-var getTokenContent = function (token) {
- var content = null;
- if (token) {
- try {
- var parts = token.split('.');
- var header = JSON.parse(new Buffer(parts[0], 'base64').toString());
- content = JSON.parse(new Buffer(parts[1], 'base64').toString());
- var signature = new Buffer(parts[2], 'base64');
- var signed = parts[0] + '.' + parts[1];
- } catch (err) {
- this.content = {
- exp: 0
- };
- }
- }
- return content;
-}
-
-Oidc.retrieveCredential = function (credentialToken, credentialSecret) {
- return OAuth.retrieveCredential(credentialToken, credentialSecret);
-};
diff --git a/packages/wekan_oidc/package.js b/packages/wekan_oidc/package.js
deleted file mode 100644
index faf4a68d..00000000
--- a/packages/wekan_oidc/package.js
+++ /dev/null
@@ -1,23 +0,0 @@
-Package.describe({
- summary: "OpenID Connect (OIDC) flow for Meteor",
- version: "1.0.12",
- name: "wekan-oidc",
- git: "https://github.com/wekan/meteor-accounts-oidc.git",
-});
-
-Package.onUse(function(api) {
- api.use('oauth2@1.1.0', ['client', 'server']);
- api.use('oauth@1.1.0', ['client', 'server']);
- api.use('http@1.1.0', ['server']);
- api.use('underscore@1.0.0', 'client');
- api.use('templating@1.1.0', 'client');
- api.use('random@1.0.0', 'client');
- api.use('service-configuration@1.0.0', ['client', 'server']);
-
- api.export('Oidc');
-
- api.addFiles(['oidc_configure.html', 'oidc_configure.js'], 'client');
-
- api.addFiles('oidc_server.js', 'server');
- api.addFiles('oidc_client.js', 'client');
-});
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-09-21 17:30:18 +0000