Skip to content

Commit

Permalink
Debug AgentConnect 🔒
Browse files Browse the repository at this point in the history
  • Loading branch information
@vincentlaine
vincentlaine committed Jan 25, 2024
1 parent 9476881 commit 67e1026
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 20 deletions.
7 changes: 5 additions & 2 deletions src/auth/auth.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ export class AuthController {
@Get('/logout')
@ApiOperation({ summary: 'OAuth - Logout' })
async logout(@Req() req, @Res() res: Response, next) {
console.log('USER', req.user);
console.log('USER', req.session.user);
const id_token = req.user ? req.user.id_token : undefined;
res.clearCookie('regleau_session');
req.logout((err) => {
Expand All @@ -57,12 +59,13 @@ export class AuthController {
)}/.well-known/openid-configuration`,
);
const end_session_endpoint = TrustIssuer.metadata.end_session_endpoint;
if (end_session_endpoint) {
if (end_session_endpoint && id_token) {
res.redirect(
end_session_endpoint +
'?post_logout_redirect_uri=' +
this.configService.get('WEBSITE_URL') +
(id_token ? '&id_token_hint=' + id_token : ''),
'&id_token_hint=' +
id_token,
);
} else {
res.redirect(this.configService.get('WEBSITE_URL'));
Expand Down
20 changes: 12 additions & 8 deletions src/auth/login.guard.ts
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,24 @@
import { ExecutionContext, Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import { ConfigService } from '@nestjs/config';

@Injectable()
export class LoginGuard extends AuthGuard('oidc') {
constructor(private readonly configService: ConfigService) {
super();
}

async canActivate(context: ExecutionContext) {
console.log('plep 1', context);
try {
const result = (await super.canActivate(context)) as boolean;
const request = context.switchToHttp().getRequest();
await super.logIn(request);
return result;
} catch (e) {
console.log(e);
const response = context.switchToHttp().getResponse();
response.redirect(
this.configService.get('WEBSITE_URL') + '?error=unauthorized',
);
}
console.log('plep 2');
const request = context.switchToHttp().getRequest();
console.log('plep 3');
await super.logIn(request);
console.log('plep 4');
return result;
}
}
17 changes: 11 additions & 6 deletions src/auth/oidc.strategy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import {
TokenSet,
Issuer,
generators,
errors,
} from 'openid-client';
import { UserService } from '../user/user.service';
import random = generators.random;
Expand All @@ -21,6 +20,8 @@ export const buildOpenIdClient = async () => {
client_secret: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_CLIENT_SECRET,
acr_values: TrustIssuer.acr_values_supported,
response_type: 'code',
userinfo_signed_response_alg: 'HS256',
id_token_signed_response_alg: 'HS256',
});
return client;
};
Expand All @@ -39,28 +40,33 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
scope: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_SCOPE,
acr_values: client.acr_values,
},
passReqToCallback: true,
usePKCE: false,
});

this.client = client;
}

authenticate(req, options: any = {}) {
async authenticate(req, options: any = {}) {
options.nonce = random();
super.authenticate(req, options);
}

async validate(tokenset: TokenSet): Promise<any> {
console.log('VALIDATE', tokenset);
const userinfo: UserinfoResponse = await this.client.userinfo(tokenset);
console.log('VALIDATE', userinfo);
console.log('TOKENSET', tokenset);
const userInDb = await this.userService.findOne(userinfo?.email);

if (!userInDb) {
console.log('NOT USE IN DB');
throw new UnauthorizedException();
}

await this.userService.updateName(
userinfo.email,
<string>userinfo.given_name,
<string>userinfo.usual_name,
);

try {
const id_token = tokenset.id_token;
const access_token = tokenset.access_token;
Expand All @@ -73,7 +79,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
};
return user;
} catch (err) {
console.log('ERROR', err);
throw new UnauthorizedException();
}
}
Expand Down
4 changes: 0 additions & 4 deletions src/shared/services/mail.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,6 @@ export class MailService {
)}`,
error,
);
throw new HttpException(
"Une erreur est survenue dans l'envoi du mail.",
HttpStatus.INTERNAL_SERVER_ERROR,
);
});
}

Expand Down
7 changes: 7 additions & 0 deletions src/user/user.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@ export class UserService {
return this.userRepository.findOne({ where: { email } });
}

updateName(email: string, firstName: string, lastName: string) {
return this.userRepository.update(
{ email },
{ first_name: firstName, last_name: lastName },
);
}

findByDepartementsId(depIds: number[]): Promise<User[]> {
return this.userRepository
.createQueryBuilder('user')
Expand Down

0 comments on commit 67e1026

Please sign in to comment.