diff --git a/apps/server/src/assets/config-sample.ini b/apps/server/src/assets/config-sample.ini index f89790163..41eb3d2b6 100644 --- a/apps/server/src/assets/config-sample.ini +++ b/apps/server/src/assets/config-sample.ini @@ -55,3 +55,15 @@ oauthClientId= # Set the client secret for OAuth/OpenID authentication # This is the secret of the client that will be used to verify the user's identity oauthClientSecret= + +# Set the issuer base URL for OAuth/OpenID authentication +# This is the base URL of the service that will be used to verify the user's identity +oauthIssuerBaseUrl= + +# Set the issuer name for OAuth/OpenID authentication +# This is the name of the service that will be used to verify the user's identity +oauthIssuerName= + +# Set the issuer icon for OAuth/OpenID authentication +# This is the icon of the service that will be used to verify the user's identity +oauthIssuerIcon= diff --git a/apps/server/src/assets/translations/cn/server.json b/apps/server/src/assets/translations/cn/server.json index 8af485c5d..4daf1d49b 100644 --- a/apps/server/src/assets/translations/cn/server.json +++ b/apps/server/src/assets/translations/cn/server.json @@ -103,7 +103,7 @@ "password": "密码", "remember-me": "记住我", "button": "登录", - "sign_in_with_google": "使用 Google 登录" + "sign_in_with_sso": "使用 {{ ssoIssuerName }} 登录" }, "set_password": { "title": "设置密码", diff --git a/apps/server/src/assets/translations/en/server.json b/apps/server/src/assets/translations/en/server.json index 33147a8d2..ffa7a0eb3 100644 --- a/apps/server/src/assets/translations/en/server.json +++ b/apps/server/src/assets/translations/en/server.json @@ -112,7 +112,7 @@ "password": "Password", "remember-me": "Remember me", "button": "Login", - "sign_in_with_google": "Sign in with Google" + "sign_in_with_sso": "Sign in with {{ ssoIssuerName }}" }, "set_password": { "title": "Set Password", diff --git a/apps/server/src/assets/views/login.ejs b/apps/server/src/assets/views/login.ejs index 1daf91a3d..4cd3c6a00 100644 --- a/apps/server/src/assets/views/login.ejs +++ b/apps/server/src/assets/views/login.ejs @@ -26,8 +26,8 @@ <% if (ssoEnabled) { %> - Google logo - <%= t("login.sign_in_with_google") %> + <%= ssoIssuerName %> + <%= t("login.sign_in_with_sso", { ssoIssuerName: ssoIssuerName }) %> <% } else { %>
diff --git a/apps/server/src/routes/login.ts b/apps/server/src/routes/login.ts index d428f21bf..10bfa5b94 100644 --- a/apps/server/src/routes/login.ts +++ b/apps/server/src/routes/login.ts @@ -19,6 +19,8 @@ function loginPage(req: Request, res: Response) { wrongTotp: false, totpEnabled: totp.isTotpEnabled(), ssoEnabled: openID.isOpenIDEnabled(), + ssoIssuerName: openID.getSSOIssuerName(), + ssoIssuerIcon: openID.getSSOIssuerIcon(), assetPath: assetPath, assetPathFragment: assetUrlFragment, appPath: appPath, diff --git a/apps/server/src/services/config.ts b/apps/server/src/services/config.ts index 2089c03ce..d88236b52 100644 --- a/apps/server/src/services/config.ts +++ b/apps/server/src/services/config.ts @@ -46,6 +46,9 @@ export interface TriliumConfig { oauthBaseUrl: string; oauthClientId: string; oauthClientSecret: string; + oauthIssuerBaseUrl: string; + oauthIssuerName: string; + oauthIssuerIcon: string; }; } @@ -123,7 +126,16 @@ const config: TriliumConfig = { process.env.TRILIUM_OAUTH_CLIENT_ID || iniConfig?.MultiFactorAuthentication?.oauthClientId || "", oauthClientSecret: - process.env.TRILIUM_OAUTH_CLIENT_SECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || "" + process.env.TRILIUM_OAUTH_CLIENT_SECRET || iniConfig?.MultiFactorAuthentication?.oauthClientSecret || "", + + oauthIssuerBaseUrl: + process.env.TRILIUM_OAUTH_ISSUER_BASE_URL || iniConfig?.MultiFactorAuthentication?.oauthIssuerBaseUrl || "https://accounts.google.com", + + oauthIssuerName: + process.env.TRILIUM_OAUTH_ISSUER_NAME || iniConfig?.MultiFactorAuthentication?.oauthIssuerName || "Google", + + oauthIssuerIcon: + process.env.TRILIUM_OAUTH_ISSUER_ICON || iniConfig?.MultiFactorAuthentication?.oauthIssuerIcon || "" } }; diff --git a/apps/server/src/services/open_id.ts b/apps/server/src/services/open_id.ts index e45ed6599..2ae3bbe1e 100644 --- a/apps/server/src/services/open_id.ts +++ b/apps/server/src/services/open_id.ts @@ -8,7 +8,7 @@ import config from "./config.js"; function checkOpenIDConfig() { - let missingVars: string[] = [] + const missingVars: string[] = [] if (config.MultiFactorAuthentication.oauthBaseUrl === "") { missingVars.push("oauthBaseUrl"); } @@ -89,6 +89,14 @@ function isTokenValid(req: Request, res: Response, next: NextFunction) { } } +function getSSOIssuerName() { + return config.MultiFactorAuthentication.oauthIssuerName; +} + +function getSSOIssuerIcon() { + return config.MultiFactorAuthentication.oauthIssuerIcon; +} + function generateOAuthConfig() { const authRoutes = { callback: "/callback", @@ -105,7 +113,7 @@ function generateOAuthConfig() { auth0Logout: false, baseURL: config.MultiFactorAuthentication.oauthBaseUrl, clientID: config.MultiFactorAuthentication.oauthClientId, - issuerBaseURL: "https://accounts.google.com", + issuerBaseURL: config.MultiFactorAuthentication.oauthIssuerBaseUrl, secret: config.MultiFactorAuthentication.oauthClientSecret, clientSecret: config.MultiFactorAuthentication.oauthClientSecret, authorizationParams: { @@ -147,6 +155,8 @@ function generateOAuthConfig() { export default { generateOAuthConfig, getOAuthStatus, + getSSOIssuerName, + getSSOIssuerIcon, isOpenIDEnabled, clearSavedUser, isTokenValid,