From 67e1026a5db0bd9fcf89d6e1ad4915e4fcd33e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Lain=C3=A9?= Date: Thu, 25 Jan 2024 15:10:05 +0100 Subject: [PATCH] =?UTF-8?q?Debug=20AgentConnect=20=F0=9F=94=92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/auth/auth.controller.ts | 7 +++++-- src/auth/login.guard.ts | 20 ++++++++++++-------- src/auth/oidc.strategy.ts | 17 +++++++++++------ src/shared/services/mail.service.ts | 4 ---- src/user/user.service.ts | 7 +++++++ 5 files changed, 35 insertions(+), 20 deletions(-) diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts index 93dc1f9..87049cd 100644 --- a/src/auth/auth.controller.ts +++ b/src/auth/auth.controller.ts @@ -44,6 +44,8 @@ export class AuthController { @Get('/logout') @ApiOperation({ summary: 'OAuth - Logout' }) async logout(@Req() req, @Res() res: Response, next) { + console.log('USER', req.user); + console.log('USER', req.session.user); const id_token = req.user ? req.user.id_token : undefined; res.clearCookie('regleau_session'); req.logout((err) => { @@ -57,12 +59,13 @@ export class AuthController { )}/.well-known/openid-configuration`, ); const end_session_endpoint = TrustIssuer.metadata.end_session_endpoint; - if (end_session_endpoint) { + if (end_session_endpoint && id_token) { res.redirect( end_session_endpoint + '?post_logout_redirect_uri=' + this.configService.get('WEBSITE_URL') + - (id_token ? '&id_token_hint=' + id_token : ''), + '&id_token_hint=' + + id_token, ); } else { res.redirect(this.configService.get('WEBSITE_URL')); diff --git a/src/auth/login.guard.ts b/src/auth/login.guard.ts index a3f0129..a4085e4 100644 --- a/src/auth/login.guard.ts +++ b/src/auth/login.guard.ts @@ -1,20 +1,24 @@ import { ExecutionContext, Injectable } from '@nestjs/common'; import { AuthGuard } from '@nestjs/passport'; +import { ConfigService } from '@nestjs/config'; @Injectable() export class LoginGuard extends AuthGuard('oidc') { + constructor(private readonly configService: ConfigService) { + super(); + } + async canActivate(context: ExecutionContext) { - console.log('plep 1', context); try { const result = (await super.canActivate(context)) as boolean; + const request = context.switchToHttp().getRequest(); + await super.logIn(request); + return result; } catch (e) { - console.log(e); + const response = context.switchToHttp().getResponse(); + response.redirect( + this.configService.get('WEBSITE_URL') + '?error=unauthorized', + ); } - console.log('plep 2'); - const request = context.switchToHttp().getRequest(); - console.log('plep 3'); - await super.logIn(request); - console.log('plep 4'); - return result; } } diff --git a/src/auth/oidc.strategy.ts b/src/auth/oidc.strategy.ts index feef9a8..4560cd9 100644 --- a/src/auth/oidc.strategy.ts +++ b/src/auth/oidc.strategy.ts @@ -7,7 +7,6 @@ import { TokenSet, Issuer, generators, - errors, } from 'openid-client'; import { UserService } from '../user/user.service'; import random = generators.random; @@ -21,6 +20,8 @@ export const buildOpenIdClient = async () => { client_secret: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_CLIENT_SECRET, acr_values: TrustIssuer.acr_values_supported, response_type: 'code', + userinfo_signed_response_alg: 'HS256', + id_token_signed_response_alg: 'HS256', }); return client; }; @@ -39,28 +40,33 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') { scope: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_SCOPE, acr_values: client.acr_values, }, - passReqToCallback: true, usePKCE: false, }); this.client = client; } - authenticate(req, options: any = {}) { + async authenticate(req, options: any = {}) { options.nonce = random(); super.authenticate(req, options); } async validate(tokenset: TokenSet): Promise { - console.log('VALIDATE', tokenset); const userinfo: UserinfoResponse = await this.client.userinfo(tokenset); + console.log('VALIDATE', userinfo); + console.log('TOKENSET', tokenset); const userInDb = await this.userService.findOne(userinfo?.email); if (!userInDb) { - console.log('NOT USE IN DB'); throw new UnauthorizedException(); } + await this.userService.updateName( + userinfo.email, + userinfo.given_name, + userinfo.usual_name, + ); + try { const id_token = tokenset.id_token; const access_token = tokenset.access_token; @@ -73,7 +79,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') { }; return user; } catch (err) { - console.log('ERROR', err); throw new UnauthorizedException(); } } diff --git a/src/shared/services/mail.service.ts b/src/shared/services/mail.service.ts index 482edad..c9e5fae 100644 --- a/src/shared/services/mail.service.ts +++ b/src/shared/services/mail.service.ts @@ -50,10 +50,6 @@ export class MailService { )}`, error, ); - throw new HttpException( - "Une erreur est survenue dans l'envoi du mail.", - HttpStatus.INTERNAL_SERVER_ERROR, - ); }); } diff --git a/src/user/user.service.ts b/src/user/user.service.ts index 5334d1b..3d4566b 100644 --- a/src/user/user.service.ts +++ b/src/user/user.service.ts @@ -29,6 +29,13 @@ export class UserService { return this.userRepository.findOne({ where: { email } }); } + updateName(email: string, firstName: string, lastName: string) { + return this.userRepository.update( + { email }, + { first_name: firstName, last_name: lastName }, + ); + } + findByDepartementsId(depIds: number[]): Promise { return this.userRepository .createQueryBuilder('user')