Shinobi/libs/auth/google.js

const {OAuth2Client} = require('google-auth-library');
module.exports = (s,config,lang,app) => {
    const {
        basicAuth,
    } = require('./utils.js')(s,config,lang)
    const {
        getLoginToken,
        deleteLoginToken,
        bindLoginIdToUser,
        refreshLoginTokenAccessDate,
    } = require('./alternateLogins.js')(s,config,lang)
    console.log(`Google App ID : ${config.appIdGoogleSignIn}`)
    const client = new OAuth2Client(config.appIdGoogleSignIn);
    async function verifyToken(userLoginToken) {
      const ticket = await client.verifyIdToken({
          idToken: userLoginToken,
          audience: config.appIdGoogleSignIn,
      });
      const payload = ticket.getPayload();
      const userid = payload['sub'];
      return {
          ok: !!payload.email,
          user: payload.email ? {
              id: userid,
              name: payload.name,
              email: payload.email,
              picture: payload.picture,
          } : null,
      }
    }
    async function loginWithGoogleAccount(userLoginToken) {
        const response = {ok: false, googleSignedIn: false}
        const tokenResponse = await verifyToken(userLoginToken)
        if(tokenResponse.ok){
            const user = tokenResponse.user
            response.googleSignedIn = true
            response.googleUser = user
            const foundToken = await getLoginToken(user.id,'google')
            if(foundToken){
                const userResponse = await s.knexQueryPromise({
                    action: "select",
                    columns: '*',
                    table: "Users",
                    where: [
                        ['uid','=',foundToken.uid],
                        ['ke','=',foundToken.ke],
                    ],
                    limit: 1
                })
                response.ok = true
                userResponse.rows[0].details = s.parseJSON(userResponse.rows[0].details)
                response.user = userResponse.rows[0]
            }else{
                response.msg = lang.tokenNotUserBound
                if(config.allowBindingAltLoginsFromLoginPage){
                    response.msg += '\n' + lang.tokenNotUserBoundPt2
                }
                // make new if no users?
            }
        }
        return response
    }
    s.onProcessReady(() => {
        config.renderPaths.loginTokenAddGoogle = `pages/blocks/loginTokenAddGoogle`
        s.alternateLogins['google'] = async (params) => {
            const response = { ok: false }
            const loginToken = params.alternateLoginToken
            const username = params.mail
            const password = params.pass
            const googleLoginResponse = await loginWithGoogleAccount(loginToken)
            if(googleLoginResponse.user){
                const user = googleLoginResponse.user
                response.ok = true
                response.user = user
                refreshLoginTokenAccessDate(googleLoginResponse.googleUser.id,'google')
            }else if(config.allowBindingAltLoginsFromLoginPage && googleLoginResponse.googleSignedIn && username && password){
                const basicAuthResponse = await basicAuth(username,password)
                if(basicAuthResponse.user){
                    const user = basicAuthResponse.user
                    const loginId = googleLoginResponse.googleUser.id
                    const groupKey = user.ke
                    const userId = user.uid
                    const bindResponse = await bindLoginIdToUser({
                        loginId: loginId,
                        ke: groupKey,
                        uid: userId,
                        name: googleLoginResponse.googleUser.name,
                        type: 'google'
                    })
                    response.ok = true
                    response.user = basicAuthResponse.user
                }
            }else{
                response.msg = googleLoginResponse.msg
            }
            return response
        }
        const alternateLoginsFieldList = s.definitions["Account Settings"].blocks["AlternateLogins"].info
        alternateLoginsFieldList[alternateLoginsFieldList.length - 1].btns.push({
           "class": `btn-info google-sign-in`,
           "btnContent": `<i class="fa fa-google"></i> &nbsp; ${lang['Link Google Account']}`,
       })
       s.customAutoLoadTree['LibsJs'].push(`dash2.googleSignIn.js`)
    })
    /**
    * API : Add Token Window (Sign-In to Google) (GET)
     */
    app.get(config.webPaths.apiPrefix+':auth/loginTokenAddGoogle/:ke', function (req,res){
        s.auth(req.params,(user) => {
            s.renderPage(req,res,config.renderPaths.loginTokenAddGoogle,{
                lang: lang,
                config: s.getConfigWithBranding(req.hostname),
                $user: user
            })
        },res,req);
    });
    /**
    * API : Add Token Window (Sign-In to Google) (POST)
     */
    app.post(config.webPaths.apiPrefix+':auth/loginTokenAddGoogle/:ke', function (req,res){
        const response = {ok: false};
        s.auth(req.params,async (user) => {
            const userId = user.uid
            const groupKey = req.params.ke
            const loginToken = req.body.loginToken
            const tokenResponse = await verifyToken(loginToken)
            if(tokenResponse.ok){
                const googleUser = tokenResponse.user
                const loginId = googleUser.id
                const bindResponse = await bindLoginIdToUser({
                    loginId: loginId,
                    ke: groupKey,
                    uid: userId,
                    name: googleUser.name,
                    type: 'google'
                })
                response.ok = bindResponse.ok
                response.msg = bindResponse.msg
            }
            s.closeJsonResponse(res,response)
        },res,req);
    });
    return {
        client: client,
        verifyToken: verifyToken,
        loginWithGoogleAccount: loginWithGoogleAccount,
    }
}
google login test framework 2021-04-01 06:03:34 +00:00			`const {OAuth2Client} = require('google-auth-library');`
Add Linking and Unlinking Google Sign-In from Alt Logins section 2021-04-04 06:53:38 +00:00			`module.exports = (s,config,lang,app) => {`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`const {`
			`basicAuth,`
			`} = require('./utils.js')(s,config,lang)`
clean up google login script 2021-04-04 00:19:20 +00:00			`const {`
			`getLoginToken,`
			`deleteLoginToken,`
			`bindLoginIdToUser,`
			`refreshLoginTokenAccessDate,`
			`} = require('./alternateLogins.js')(s,config,lang)`
update ldap account linking to use Alternate Login system 2021-04-07 03:55:16 +00:00			console.log(`Google App ID : ${config.appIdGoogleSignIn}`)
rename param for google app id 2021-04-04 18:37:20 +00:00			`const client = new OAuth2Client(config.appIdGoogleSignIn);`
google login test framework 2021-04-01 06:03:34 +00:00			`async function verifyToken(userLoginToken) {`
			`const ticket = await client.verifyIdToken({`
			`idToken: userLoginToken,`
rename param for google app id 2021-04-04 18:37:20 +00:00			`audience: config.appIdGoogleSignIn,`
google login test framework 2021-04-01 06:03:34 +00:00			`});`
			`const payload = ticket.getPayload();`
			`const userid = payload['sub'];`
			`return {`
			`ok: !!payload.email,`
			`user: payload.email ? {`
			`id: userid,`
			`name: payload.name,`
			`email: payload.email,`
			`picture: payload.picture,`
			`} : null,`
			`}`
			`}`
			`async function loginWithGoogleAccount(userLoginToken) {`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`const response = {ok: false, googleSignedIn: false}`
google login test framework 2021-04-01 06:03:34 +00:00			`const tokenResponse = await verifyToken(userLoginToken)`
			`if(tokenResponse.ok){`
			`const user = tokenResponse.user`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`response.googleSignedIn = true`
			`response.googleUser = user`
clean up google login script 2021-04-04 00:19:20 +00:00			`const foundToken = await getLoginToken(user.id,'google')`
			`if(foundToken){`
google login test framework 2021-04-01 06:03:34 +00:00			`const userResponse = await s.knexQueryPromise({`
			`action: "select",`
			`columns: '*',`
			`table: "Users",`
			`where: [`
clean up google login script 2021-04-04 00:19:20 +00:00			`['uid','=',foundToken.uid],`
			`['ke','=',foundToken.ke],`
			`],`
			`limit: 1`
google login test framework 2021-04-01 06:03:34 +00:00			`})`
			`response.ok = true`
alternate login engine, add google sign-in 2021-04-03 05:14:34 +00:00			`userResponse.rows[0].details = s.parseJSON(userResponse.rows[0].details)`
			`response.user = userResponse.rows[0]`
google login test framework 2021-04-01 06:03:34 +00:00			`}else{`
Add Alternate Logins section in Settings, Minor Cleanup + Login Token API Endpoints for : get single, get all, delete by loginId + framework.sql update + update auto table creation for existing installations + fail message specific to alternateLogin can be passed to UI + add type column to LoginTokens table, default is "google" because its the only one (first of many to come) 2021-04-04 04:46:58 +00:00			`response.msg = lang.tokenNotUserBound`
			`if(config.allowBindingAltLoginsFromLoginPage){`
			`response.msg += '\n' + lang.tokenNotUserBoundPt2`
			`}`
google login test framework 2021-04-01 06:03:34 +00:00			`// make new if no users?`
			`}`
			`}`
			`return response`
			`}`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`s.onProcessReady(() => {`
update ldap account linking to use Alternate Login system 2021-04-07 03:55:16 +00:00			config.renderPaths.loginTokenAddGoogle = `pages/blocks/loginTokenAddGoogle`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`s.alternateLogins['google'] = async (params) => {`
			`const response = { ok: false }`
			`const loginToken = params.alternateLoginToken`
			`const username = params.mail`
			`const password = params.pass`
			`const googleLoginResponse = await loginWithGoogleAccount(loginToken)`
			`if(googleLoginResponse.user){`
clean up google login script 2021-04-04 00:19:20 +00:00			`const user = googleLoginResponse.user`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`response.ok = true`
clean up google login script 2021-04-04 00:19:20 +00:00			`response.user = user`
			`refreshLoginTokenAccessDate(googleLoginResponse.googleUser.id,'google')`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`}else if(config.allowBindingAltLoginsFromLoginPage && googleLoginResponse.googleSignedIn && username && password){`
			`const basicAuthResponse = await basicAuth(username,password)`
			`if(basicAuthResponse.user){`
			`const user = basicAuthResponse.user`
			`const loginId = googleLoginResponse.googleUser.id`
			`const groupKey = user.ke`
			`const userId = user.uid`
Fix Google App ID designation, add Name to LoginTokens + Show Last Login for LoginTokens in Settings window 2021-04-04 17:35:09 +00:00			`const bindResponse = await bindLoginIdToUser({`
			`loginId: loginId,`
			`ke: groupKey,`
			`uid: userId,`
			`name: googleLoginResponse.googleUser.name,`
			`type: 'google'`
			`})`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`response.ok = true`
			`response.user = basicAuthResponse.user`
			`}`
Add Alternate Logins section in Settings, Minor Cleanup + Login Token API Endpoints for : get single, get all, delete by loginId + framework.sql update + update auto table creation for existing installations + fail message specific to alternateLogin can be passed to UI + add type column to LoginTokens table, default is "google" because its the only one (first of many to come) 2021-04-04 04:46:58 +00:00			`}else{`
			`response.msg = googleLoginResponse.msg`
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`}`
			`return response`
alternate login engine, add google sign-in 2021-04-03 05:14:34 +00:00			`}`
update Settings Window Builder, cleanup LDAP presentation 2021-04-08 02:03:24 +00:00			`const alternateLoginsFieldList = s.definitions["Account Settings"].blocks["AlternateLogins"].info`
			`alternateLoginsFieldList[alternateLoginsFieldList.length - 1].btns.push({`
Add Linking and Unlinking Google Sign-In from Alt Logins section 2021-04-04 06:53:38 +00:00			"class": `btn-info google-sign-in`,
			"btnContent": `<i class="fa fa-google"></i>   ${lang['Link Google Account']}`,
			`})`
			s.customAutoLoadTree['LibsJs'].push(`dash2.googleSignIn.js`)
allow binding google auth with login screen 2021-04-03 21:16:15 +00:00			`})`
Add Linking and Unlinking Google Sign-In from Alt Logins section 2021-04-04 06:53:38 +00:00			`/**`
			`* API : Add Token Window (Sign-In to Google) (GET)`
			`*/`
			`app.get(config.webPaths.apiPrefix+':auth/loginTokenAddGoogle/:ke', function (req,res){`
			`s.auth(req.params,(user) => {`
			`s.renderPage(req,res,config.renderPaths.loginTokenAddGoogle,{`
			`lang: lang,`
			`config: s.getConfigWithBranding(req.hostname),`
			`$user: user`
			`})`
			`},res,req);`
			`});`
			`/**`
			`* API : Add Token Window (Sign-In to Google) (POST)`
			`*/`
			`app.post(config.webPaths.apiPrefix+':auth/loginTokenAddGoogle/:ke', function (req,res){`
			`const response = {ok: false};`
			`s.auth(req.params,async (user) => {`
			`const userId = user.uid`
			`const groupKey = req.params.ke`
			`const loginToken = req.body.loginToken`
			`const tokenResponse = await verifyToken(loginToken)`
			`if(tokenResponse.ok){`
			`const googleUser = tokenResponse.user`
			`const loginId = googleUser.id`
Fix Google App ID designation, add Name to LoginTokens + Show Last Login for LoginTokens in Settings window 2021-04-04 17:35:09 +00:00			`const bindResponse = await bindLoginIdToUser({`
			`loginId: loginId,`
			`ke: groupKey,`
			`uid: userId,`
			`name: googleUser.name,`
			`type: 'google'`
			`})`
Add Linking and Unlinking Google Sign-In from Alt Logins section 2021-04-04 06:53:38 +00:00			`response.ok = bindResponse.ok`
			`response.msg = bindResponse.msg`
			`}`
			`s.closeJsonResponse(res,response)`
			`},res,req);`
			`});`
google login test framework 2021-04-01 06:03:34 +00:00			`return {`
			`client: client,`
			`verifyToken: verifyToken,`
			`loginWithGoogleAccount: loginWithGoogleAccount,`
			`}`
			`}`