Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-29 02:52:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

OAuth working

Browse Source
This commit is contained in:
chesspro13 2024-09-07 13:18:47 -07:00
parent 1a8625b558
commit c74da18e23
No known key found for this signature in database
GPG Key ID: 5FEAE94D298066E5
5 changed files with 61 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/schema.sql
View File

@ -129,6 +129,8 @@ CREATE TABLE IF NOT EXISTS "attachments"
CREATE TABLE IF NOT EXISTS "user_data"
(
tmpID INT,
username TEXT,
email TEXT,
userIDEcnryptedDataKey TEXT,
userIDVerificationHash TEXT,
salt TEXT,

36
src/public/app/widgets/type_widgets/options/multi_factor_authentication.js
View File

@ -26,10 +26,9 @@ const TPL = `
<span class="env-oauth-enabled" "alert alert-warning" role="alert" style="font-weight: bold; color: red !important;" > </span>
</div>
<div>
<span> <b>Token status: </b></span><span class="token-status"> Needs login! </span><span><b> User status: </b></span><span class="user-status"> No user saved!</span>
<span> <b>User Account: </b></span><span class="user-account-name"> Not logged in! </span><span><b> User Email: </b></span><span class="user-account-email"> Not logged in!</span>
<br>
<button class="oauth-login-button" onclick="location.href='/authenticate'" > Login to configured OAuth/OpenID service </button>
<button class="save-user-button" > Save User </button>
<button class="clear-saved-user-button" > Clear Saved User </button>
</div>
</div>
<br>
@ -104,10 +103,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
".generate-recovery-code"
);
this.$oAuthEnabledCheckbox = this.$widget.find(".oauth-enabled-checkbox");
this.$saveUserButton = this.$widget.find(".save-user-button");
this.$clearSavedUserButton = this.$widget.find(".clear-saved-user-button");
this.$oauthLoginButton = this.$widget.find(".oauth-login-button");
this.$tokenStatus = this.$widget.find(".token-status");
this.$userStatus = this.$widget.find(".user-status");
this.$UserAccountName = this.$widget.find(".user-account-name");
this.$UserAccountEmail = this.$widget.find(".user-account-email");
this.$envEnabledTOTP = this.$widget.find(".env-totp-enabled");
this.$envEnabledOAuth = this.$widget.find(".env-oauth-enabled");
@ -122,9 +121,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
// this.updateSecret();
// });
this.$oAuthEnabledCheckbox.on("change", async () => {
this.updateOAuthStatus();
});
// Depricated. Will use .env to control.
// this.$oAuthEnabledCheckbox.on("change", async () => {
// this.updateOAuthStatus();
// });
this.$generateRecoveryCodeButton.on("click", async () => {
this.setRecoveryKeys();
@ -134,11 +134,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
this.generateKey();
});
this.$saveUserButton.on("click", (async) => {
this.$clearSavedUserButton.on("click", (async) => {
server
.get("oauth/authenticate")
.get("oauth/clearUser")
.then((result) => {
console.log(result.message);
toastService.showMessage(result.message);
})
.catch((result) => {
@ -213,10 +212,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
optionsLoaded(options) {
// TODO: Rework the logic since I've changed how OAuth works
// server.get("oauth/status").then((result) => {
// if (result.enabled) {
server.get("oauth/status").then((result) => {
if (result.enabled) {
// if (result.success)
// this.$oAuthEnabledCheckbox.prop("checked", result.message);
this.$oAuthEnabledCheckbox.prop("checked", result.enabled);
// this.$oauthLoginButton.prop("disabled", !result.message);
// this.$saveUserButton.prop("disabled", !result.message);
@ -226,7 +225,8 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
// this.$saveUserButton.prop("disabled", false);
// server.get("oauth/validate").then((result) => {
// if (result.success) {
// this.$tokenStatus.text("Logged in!");
this.$UserAccountName.text(result.name);
this.$UserAccountEmail.text(result.email);
// if (result.user) {
// this.$userStatus.text("User saved!");
@ -246,8 +246,8 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
// this.$envEnabledOAuth.text(
// "OAuth can only be enabled with environment variables. REQUIRES RESTART"
// );
// }
// });
}
});
server.get("totp/status").then((result) => {
console.log(result);

1
src/routes/routes.ts
View File

@ -129,6 +129,7 @@ function register(app: express.Application) {
apiRoute(GET, '/api/totp/get', totp.getSecret);
apiRoute(GET, '/api/oauth/status', openID.getOAuthStatus);
apiRoute(GET, '/api/oauth/clearUser', openID.clearSavedUser);
apiRoute(GET, '/api/oauth/validate', openID.isTokenValid);
apiRoute(PST, '/api/totp_recovery/set', recoveryCodes.setRecoveryCodes);

9
src/services/encryption/open_id_encryption.ts
View File

@ -5,7 +5,7 @@ import dataEncryptionService from "./data_encryption.js";
import sql from "../sql.js";
import sqlInit from "../sql_init.js";
function saveSubjectIdentifier(subjectIdentifier: string) {
function saveUser(subjectIdentifier: string, name: string, email: string) {
if (isUserSaved()) return false;
// Allows setup with existing instances of trilium
@ -13,6 +13,8 @@ function saveSubjectIdentifier(subjectIdentifier: string) {
CREATE TABLE IF NOT EXISTS "user_data"
(
tmpID INT,
username TEXT,
email TEXT,
userIDEcnryptedDataKey TEXT,
userIDVerificationHash TEXT,
salt TEXT,
@ -52,9 +54,10 @@ function saveSubjectIdentifier(subjectIdentifier: string) {
derivedKey: derivedKeySalt,
userIDEcnryptedDataKey: userIDEncryptedDataKey,
isSetup: "true",
username: name,
email: email
};
console.log("Saved data: " + data);
sql.upsert("user_data", "tmpID", data);
return true;
}
@ -158,6 +161,6 @@ export default {
verifyOpenIDSubjectIdentifier,
getDataKey,
setDataKey,
saveSubjectIdentifier,
saveUser,
isSubjectIdentifierSaved,
};

41
src/services/open_id.ts
View File

@ -11,8 +11,27 @@ function isOpenIDEnabled() {
}
function isUserSaved() {
const dbf = sql.getValue<string>("SELECT isSetup FROM user_data;");
return dbf === "true" ? true : false;
const data = sql.getValue<string>("SELECT isSetup FROM user_data;");
return data === "true" ? true : false;
}
function getUsername() {
const username = sql.getValue<string>("SELECT username FROM user_data;");
return username;
}
function getUserEmail() {
const email = sql.getValue<string>("SELECT email FROM user_data;");
return email;
}
function clearSavedUser() {
sql.execute("DELETE FROM user_data");
options.setOption("isUserSaved", false);
return {
success: true,
message: "Account data removed."
};
}
function checkOpenIDRequirements() {
@ -45,7 +64,9 @@ function checkOpenIDRequirements() {
function getOAuthStatus() {
return {
success: true,
message: checkOpenIDRequirements(),
name: getUsername(),
email: getUserEmail(),
enabled: isOpenIDEnabled(),
};
}
@ -117,12 +138,17 @@ function generateOAuthConfig() {
if (isUserSaved()) return session;
if (req.oidc.user === undefined) console.log("user invalid!");
else openIDEncryption.saveSubjectIdentifier(req.oidc.user.sub.toString());
if (req.oidc.user === undefined) {
console.log("user invalid!");
}else {
openIDEncryption.saveUser(
req.oidc.user.sub.toString(),
req.oidc.user.name.toString(),
req.oidc.user.email.toString());
}
return session;
},
};
};
return authConfig;
}
@ -130,6 +156,7 @@ export default {
generateOAuthConfig,
getOAuthStatus,
isOpenIDEnabled,
clearSavedUser,
checkOpenIDRequirements,
isTokenValid,
isUserSaved,