feat(auth): add OIDC database handler and endpoint

Author: jescalada

package-lock.json

@@ -63,6 +63,7 @@
     "passport": "^0.7.0",
     "passport-activedirectory": "^1.0.4",
     "passport-local": "^1.0.0",
+    "passport-openidconnect": "^0.1.2",
     "perfect-scrollbar": "^1.5.5",
     "prop-types": "15.8.1",
     "react": "^16.13.1",

package.json

@@ -12,6 +12,7 @@ module.exports.canUserCancelPush = pushes.canUserCancelPush;
 module.exports.canUserApproveRejectPush = pushes.canUserApproveRejectPush;
 
 module.exports.findUser = users.findUser;
+module.exports.findUserByOIDC = users.findUserByOIDC;
 module.exports.getUsers = users.getUsers;
 module.exports.createUser = users.createUser;
 module.exports.deleteUser = users.deleteUser;

src/db/file/index.js

@@ -22,6 +22,22 @@ exports.findUser = function (username) {
   });
 };
 
+exports.findUserByOIDC = function (oidcId) {
+  return new Promise((resolve, reject) => {
+    db.findOne({ oidcId: oidcId }, (err, doc) => {
+      if (err) {
+        reject(err);
+      } else {
+        if (!doc) {
+          resolve(null);
+        } else {
+          resolve(doc);
+        }
+      }
+    });
+  });
+};
+
 exports.createUser = function (data) {
   return new Promise((resolve, reject) => {
     db.insert(data, (err) => {

src/db/file/users.js

@@ -7,21 +7,30 @@ if (config.getDatabase().type === 'mongo') {
   sink = require('../db/file');
 }
 
-module.exports.createUser = async (username, password, email, gitAccount, admin = false) => {
+module.exports.createUser = async (
+  username,
+  password,
+  email,
+  gitAccount,
+  admin = false,
+  oidcId = null,
+) => {
   console.log(
     `creating user
         user=${username},
         gitAccount=${gitAccount}
         email=${email},
-        admin=${admin}`,
+        admin=${admin}
+        oidcId=${oidcId}`,
   );
 
   const data = {
     username: username,
-    password: await bcrypt.hash(password, 10),
+    password: oidcId ? null : await bcrypt.hash(password, 10),
     gitAccount: gitAccount,
     email: email,
     admin: admin,
+    oidcId: oidcId,
   };
 
   if (username === undefined || username === null || username === '') {
@@ -56,6 +65,7 @@ module.exports.getPushes = sink.getPushes;
 module.exports.writeAudit = sink.writeAudit;
 module.exports.getPush = sink.getPush;
 module.exports.findUser = sink.findUser;
+module.exports.findUserByOIDC = sink.findUserByOIDC;
 module.exports.getUsers = sink.getUsers;
 module.exports.deleteUser = sink.deleteUser;
 module.exports.updateUser = sink.updateUser;

src/db/index.js

@@ -3,6 +3,13 @@ const router = new express.Router();
 const passport = require('../passport').getPassport();
 const db = require('../../db');
 const passportType = passport.type;
+const { GIT_PROXY_UI_HOST: uiHost = 'http://localhost', NODE_ENV } = process.env;
+
+// TODO: Refactor this through proper .env loading. This handles redirects in dev.
+let uiPort = 3000;
+if (NODE_ENV === 'production') {
+  uiPort = process.env.GIT_PROXY_UI_PORT;
+}
 
 router.get('/', (req, res) => {
   res.status(200).json({
@@ -41,6 +48,30 @@ router.post('/login', passport.authenticate(passportType), async (req, res) => {
   }
 });
 
+router.get('/oidc', passport.authenticate(passportType));
+
+router.get('/oidc/callback', (req, res, next) => {
+  passport.authenticate(passportType, (err, user, info) => {
+    console.log('authenticate callback executed');
+    if (err) {
+      console.error('Authentication error:', err);
+      return res.status(401).end();
+    }
+    if (!user) {
+      console.error('No user found:', info);
+      return res.status(401).end();
+    }
+    req.logIn(user, (err) => {
+      if (err) {
+        console.error('Login error:', err);
+        return res.status(401).end();
+      }
+      console.log('Logged in successfully. User:', user);
+      return res.redirect(`${uiHost}:${uiPort}/admin/profile`);
+    });
+  })(req, res, next);
+});
+
 // when login is successful, retrieve user info
 router.get('/success', (req, res) => {
   console.log('authenticated' + JSON.stringify(req.user));