2024-09-13 17:49:32 +02:00
|
|
|
|
|
|
|
|
namespace _zeitbild.api
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
*/
|
|
|
|
|
export function register_session_oidc(
|
2024-10-30 07:20:13 +01:00
|
|
|
rest_subject : lib_plankton.rest_caldav.type_rest
|
2024-09-13 17:49:32 +02:00
|
|
|
) : void
|
|
|
|
|
{
|
2024-09-19 13:34:07 +02:00
|
|
|
register<
|
|
|
|
|
null,
|
|
|
|
|
string
|
|
|
|
|
>(
|
2024-09-13 17:49:32 +02:00
|
|
|
rest_subject,
|
2024-09-19 13:34:07 +02:00
|
|
|
lib_plankton.http.enum_method.get,
|
2024-09-13 17:49:32 +02:00
|
|
|
"/session/oidc",
|
|
|
|
|
{
|
2024-09-18 18:17:25 +02:00
|
|
|
"description": "verarbeitet einen OIDC login callback",
|
2024-09-19 13:34:07 +02:00
|
|
|
"query_parameters": () => ([
|
|
|
|
|
{
|
|
|
|
|
"name": "code",
|
|
|
|
|
"required": true,
|
|
|
|
|
"description": null,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name": "iss",
|
|
|
|
|
"required": true,
|
|
|
|
|
"description": null,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name": "scope",
|
|
|
|
|
"required": true,
|
|
|
|
|
"description": null,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name": "state",
|
|
|
|
|
"required": true,
|
|
|
|
|
"description": null,
|
|
|
|
|
},
|
|
|
|
|
]),
|
2024-09-13 17:49:32 +02:00
|
|
|
"input_schema": () => ({
|
|
|
|
|
"type": "null",
|
|
|
|
|
}),
|
|
|
|
|
"output_schema": () => ({
|
2024-09-19 13:34:07 +02:00
|
|
|
"nullable": false,
|
|
|
|
|
"type": "string",
|
2024-09-13 17:49:32 +02:00
|
|
|
}),
|
2024-09-19 13:34:07 +02:00
|
|
|
"response_body_mimetype": "text/html",
|
|
|
|
|
"response_body_encode": (output => Buffer.from(output)),
|
|
|
|
|
"restriction": restriction_none,
|
2024-09-13 17:49:32 +02:00
|
|
|
"execution": async (stuff) => {
|
2024-09-26 18:59:46 +02:00
|
|
|
const data : {
|
|
|
|
|
token : string;
|
|
|
|
|
userinfo : {
|
|
|
|
|
name : (null | string);
|
|
|
|
|
email : (null | string);
|
|
|
|
|
};
|
2024-10-20 14:26:15 +02:00
|
|
|
redirect_uri_template : string;
|
|
|
|
|
} = await _zeitbild.auth.oidc_handle_authorization_callback(
|
2024-09-26 18:59:46 +02:00
|
|
|
(stuff.headers["Cookie"] ?? stuff.headers["cookie"] ?? null),
|
|
|
|
|
stuff.query_parameters
|
2024-09-18 18:17:25 +02:00
|
|
|
);
|
2024-09-26 18:59:46 +02:00
|
|
|
if (data.userinfo.name === null) {
|
|
|
|
|
return Promise.reject(
|
|
|
|
|
new Error(
|
|
|
|
|
"IDP did not return user name"
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
try {
|
|
|
|
|
await _zeitbild.service.user.add(
|
|
|
|
|
{
|
|
|
|
|
"name": data.userinfo.name,
|
|
|
|
|
"email_address": data.userinfo.email,
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
lib_plankton.log.info(
|
|
|
|
|
"user_provisioned",
|
|
|
|
|
{
|
|
|
|
|
"name": data.userinfo.name,
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
catch (error) {
|
|
|
|
|
// do nothing
|
|
|
|
|
}
|
|
|
|
|
const session_key : string = await lib_plankton.session.begin(
|
|
|
|
|
data.userinfo.name,
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
|
|
|
|
"oidc_token": data.token,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
return Promise.resolve(
|
|
|
|
|
{
|
2024-09-19 13:34:07 +02:00
|
|
|
"status_code": 200,
|
|
|
|
|
"data": lib_plankton.string.coin(
|
|
|
|
|
"<html><head><meta http-equiv=\"refresh\" content=\"0; url={{url}}\" /></head><body></body></html>",
|
|
|
|
|
{
|
|
|
|
|
"url": lib_plankton.string.coin(
|
2024-10-20 14:26:15 +02:00
|
|
|
data.redirect_uri_template,
|
2024-09-19 13:34:07 +02:00
|
|
|
{
|
|
|
|
|
"session_key": session_key,
|
|
|
|
|
}
|
|
|
|
|
),
|
|
|
|
|
}
|
|
|
|
|
),
|
2024-09-26 18:59:46 +02:00
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2024-09-13 17:49:32 +02:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
