3 * Copyright 2017 RIFT.IO Inc
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * Auth util for use across the api_server.
21 * @module framework/core/api_utils/auth
22 * @author Kiran Kashalkar <kiran.kashalkar@riftio.com>
25 var jsonLoader
= require('require-json');
26 var passport
= require('passport');
27 var OpenIdConnectStrategy
= require('passport-openidconnect').Strategy
;
28 var BearerStrategy
= require('passport-http-bearer').Strategy
;
29 var OAuth2Strategy
= require('passport-oauth2');
30 var OAuth2RefreshTokenStrategy
= require('passport-oauth2-middleware').Strategy
;
31 var openidConnectConfig
= require('./openidconnect_config.json');
32 var _
= require('lodash');
33 var constants
= require('./constants');
34 var utils
= require('./utils');
35 var request
= utils
.request
;
36 var rp
= require('request-promise');
37 var nodeutil
= require('util');
40 var Authorization = function(openidConfig
) {
44 self
.passport
= passport
;
46 self
.openidConnectConfig
= openidConnectConfig
;
48 var refreshStrategy
= new OAuth2RefreshTokenStrategy({
49 refreshWindow
: constants
.REFRESH_WINDOW
, // Time in seconds to perform a token refresh before it expires
50 userProperty
: 'user', // Active user property name to store OAuth tokens
51 authenticationURL
: '/login', // URL to redirect unauthorized users to
52 callbackParameter
: 'callback' //URL query parameter name to pass a return URL
55 self
.passport
.use('main', refreshStrategy
);
57 var openidConfigPrefix
= openidConfig
.idpServerProtocol
+ '://' + openidConfig
.idpServerAddress
+ ':' + openidConfig
.idpServerPortNumber
;
59 self
.openidConnectConfig
.authorizationURL
= openidConfigPrefix
+ self
.openidConnectConfig
.authorizationURL
;
60 self
.openidConnectConfig
.tokenURL
= openidConfigPrefix
+ self
.openidConnectConfig
.tokenURL
;
61 self
.openidConnectConfig
.callbackURL
= openidConfig
.callbackServerProtocol
+ '://' + openidConfig
.callbackAddress
+ ':' + openidConfig
.callbackPortNumber
+ self
.openidConnectConfig
.callbackURL
;
63 var userInfoURL
= openidConfigPrefix
+ self
.openidConnectConfig
.userInfoURL
;
65 function SkyquakeOAuth2Strategy(options
, verify
) {
66 OAuth2Strategy
.call(this, options
, verify
);
68 nodeutil
.inherits(SkyquakeOAuth2Strategy
, OAuth2Strategy
);
70 SkyquakeOAuth2Strategy
.prototype.userProfile = function(access_token
, done
) {
72 var requestHeaders
= {
73 'Authorization': 'Bearer ' + access_token
79 headers
: requestHeaders
,
80 forever
: constants
.FOREVER_ON
,
81 rejectUnauthorized
: constants
.REJECT_UNAUTHORIZED
82 }, function(err
, response
, body
) {
84 console
.log('Error obtaining userinfo: ', err
);
90 if (response
.statusCode
== constants
.HTTP_RESPONSE_CODES
.SUCCESS
.OK
) {
92 var data
= JSON
.parse(response
.body
);
93 var username
= data
['preferred_username'];
94 var subject
= data
['sub'];
95 var domain
= data
['user_domain'] || 'system';
102 console
.log('Error parsing userinfo data');
113 var oauthStrategy
= new SkyquakeOAuth2Strategy(self
.openidConnectConfig
,
114 refreshStrategy
.getOAuth2StrategyCallback());
116 self
.passport
.use('oauth2', oauthStrategy
);
117 refreshStrategy
.useOAuth2Strategy(oauthStrategy
);
119 self
.passport
.serializeUser(function(user
, done
) {
123 self
.passport
.deserializeUser(function(obj
, done
) {
129 Authorization
.prototype.configure = function(config
) {
130 this.config
= config
;
131 // Initialize Passport and restore authentication state, if any, from the
133 if (this.config
.app
) {
134 this.config
.app
.use(this.passport
.initialize());
135 this.config
.app
.use(this.passport
.session());
137 console
.log('FATAL error. Bad config passed into authorization module');
141 Authorization
.prototype.invalidate_token = function(token
) {
145 module
.exports
= Authorization
;