Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-29 19:12:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

OAuth working

Browse Source
This commit is contained in:
chesspro13 2024-09-07 13:18:47 -07:00
parent 1a8625b558
commit c74da18e23
No known key found for this signature in database
GPG Key ID: 5FEAE94D298066E5
5 changed files with 61 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/schema.sql
View File

@ -129,6 +129,8 @@ CREATE TABLE IF NOT EXISTS "attachments"
CREATE TABLE IF NOT EXISTS "user_data" CREATE TABLE IF NOT EXISTS "user_data"
( (
tmpID INT, tmpID INT,
username TEXT,
email TEXT,
userIDEcnryptedDataKey TEXT, userIDEcnryptedDataKey TEXT,
userIDVerificationHash TEXT, userIDVerificationHash TEXT,
salt TEXT, salt TEXT,

36
src/public/app/widgets/type_widgets/options/multi_factor_authentication.js
View File

@ -26,10 +26,9 @@ const TPL = `
<span class="env-oauth-enabled" "alert alert-warning" role="alert" style="font-weight: bold; color: red !important;" > </span> <span class="env-oauth-enabled" "alert alert-warning" role="alert" style="font-weight: bold; color: red !important;" > </span>
</div> </div>
<div> <div>
<span> <b>Token status: </b></span><span class="token-status"> Needs login! </span><span><b> User status: </b></span><span class="user-status"> No user saved!</span> <span> <b>User Account: </b></span><span class="user-account-name"> Not logged in! </span><span><b> User Email: </b></span><span class="user-account-email"> Not logged in!</span>
<br> <br>
<button class="oauth-login-button" onclick="location.href='/authenticate'" > Login to configured OAuth/OpenID service </button> <button class="clear-saved-user-button" > Clear Saved User </button>
<button class="save-user-button" > Save User </button>
</div> </div>
</div> </div>
<br> <br>
@ -104,10 +103,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
".generate-recovery-code" ".generate-recovery-code"
); );
this.$oAuthEnabledCheckbox = this.$widget.find(".oauth-enabled-checkbox"); this.$oAuthEnabledCheckbox = this.$widget.find(".oauth-enabled-checkbox");
this.$saveUserButton = this.$widget.find(".save-user-button"); this.$clearSavedUserButton = this.$widget.find(".clear-saved-user-button");
this.$oauthLoginButton = this.$widget.find(".oauth-login-button"); this.$oauthLoginButton = this.$widget.find(".oauth-login-button");
this.$tokenStatus = this.$widget.find(".token-status"); this.$UserAccountName = this.$widget.find(".user-account-name");
this.$userStatus = this.$widget.find(".user-status"); this.$UserAccountEmail = this.$widget.find(".user-account-email");
this.$envEnabledTOTP = this.$widget.find(".env-totp-enabled"); this.$envEnabledTOTP = this.$widget.find(".env-totp-enabled");
this.$envEnabledOAuth = this.$widget.find(".env-oauth-enabled"); this.$envEnabledOAuth = this.$widget.find(".env-oauth-enabled");
@ -122,9 +121,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
// this.updateSecret(); // this.updateSecret();
// }); // });
this.$oAuthEnabledCheckbox.on("change", async () => { // Depricated. Will use .env to control.
this.updateOAuthStatus(); // this.$oAuthEnabledCheckbox.on("change", async () => {
}); // this.updateOAuthStatus();
// });
this.$generateRecoveryCodeButton.on("click", async () => { this.$generateRecoveryCodeButton.on("click", async () => {
this.setRecoveryKeys(); this.setRecoveryKeys();
@ -134,11 +134,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
this.generateKey(); this.generateKey();
}); });
this.$saveUserButton.on("click", (async) => { this.$clearSavedUserButton.on("click", (async) => {
server server
.get("oauth/authenticate") .get("oauth/clearUser")
.then((result) => { .then((result) => {
console.log(result.message);
toastService.showMessage(result.message); toastService.showMessage(result.message);
}) })
.catch((result) => { .catch((result) => {
@ -213,10 +212,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
optionsLoaded(options) { optionsLoaded(options) {
// TODO: Rework the logic since I've changed how OAuth works // TODO: Rework the logic since I've changed how OAuth works
// server.get("oauth/status").then((result) => { server.get("oauth/status").then((result) => {
// if (result.enabled) { if (result.enabled) {
// if (result.success) // if (result.success)
// this.$oAuthEnabledCheckbox.prop("checked", result.message); this.$oAuthEnabledCheckbox.prop("checked", result.enabled);
// this.$oauthLoginButton.prop("disabled", !result.message); // this.$oauthLoginButton.prop("disabled", !result.message);
// this.$saveUserButton.prop("disabled", !result.message); // this.$saveUserButton.prop("disabled", !result.message);
@ -226,7 +225,8 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
// this.$saveUserButton.prop("disabled", false); // this.$saveUserButton.prop("disabled", false);
// server.get("oauth/validate").then((result) => { // server.get("oauth/validate").then((result) => {
// if (result.success) { // if (result.success) {
// this.$tokenStatus.text("Logged in!"); this.$UserAccountName.text(result.name);
this.$UserAccountEmail.text(result.email);
// if (result.user) { // if (result.user) {
// this.$userStatus.text("User saved!"); // this.$userStatus.text("User saved!");
@ -246,8 +246,8 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
// this.$envEnabledOAuth.text( // this.$envEnabledOAuth.text(
// "OAuth can only be enabled with environment variables. REQUIRES RESTART" // "OAuth can only be enabled with environment variables. REQUIRES RESTART"
// ); // );
// } }
// }); });
server.get("totp/status").then((result) => { server.get("totp/status").then((result) => {
console.log(result); console.log(result);

1
src/routes/routes.ts
View File

@ -129,6 +129,7 @@ function register(app: express.Application) {
apiRoute(GET, '/api/totp/get', totp.getSecret); apiRoute(GET, '/api/totp/get', totp.getSecret);
apiRoute(GET, '/api/oauth/status', openID.getOAuthStatus); apiRoute(GET, '/api/oauth/status', openID.getOAuthStatus);
apiRoute(GET, '/api/oauth/clearUser', openID.clearSavedUser);
apiRoute(GET, '/api/oauth/validate', openID.isTokenValid); apiRoute(GET, '/api/oauth/validate', openID.isTokenValid);
apiRoute(PST, '/api/totp_recovery/set', recoveryCodes.setRecoveryCodes); apiRoute(PST, '/api/totp_recovery/set', recoveryCodes.setRecoveryCodes);

9
src/services/encryption/open_id_encryption.ts
View File

@ -5,7 +5,7 @@ import dataEncryptionService from "./data_encryption.js";
import sql from "../sql.js"; import sql from "../sql.js";
import sqlInit from "../sql_init.js"; import sqlInit from "../sql_init.js";
function saveSubjectIdentifier(subjectIdentifier: string) { function saveUser(subjectIdentifier: string, name: string, email: string) {
if (isUserSaved()) return false; if (isUserSaved()) return false;
// Allows setup with existing instances of trilium // Allows setup with existing instances of trilium
@ -13,6 +13,8 @@ function saveSubjectIdentifier(subjectIdentifier: string) {
CREATE TABLE IF NOT EXISTS "user_data" CREATE TABLE IF NOT EXISTS "user_data"
( (
tmpID INT, tmpID INT,
username TEXT,
email TEXT,
userIDEcnryptedDataKey TEXT, userIDEcnryptedDataKey TEXT,
userIDVerificationHash TEXT, userIDVerificationHash TEXT,
salt TEXT, salt TEXT,
@ -52,9 +54,10 @@ function saveSubjectIdentifier(subjectIdentifier: string) {
derivedKey: derivedKeySalt, derivedKey: derivedKeySalt,
userIDEcnryptedDataKey: userIDEncryptedDataKey, userIDEcnryptedDataKey: userIDEncryptedDataKey,
isSetup: "true", isSetup: "true",
username: name,
email: email
}; };
console.log("Saved data: " + data);
sql.upsert("user_data", "tmpID", data); sql.upsert("user_data", "tmpID", data);
return true; return true;
} }
@ -158,6 +161,6 @@ export default {
verifyOpenIDSubjectIdentifier, verifyOpenIDSubjectIdentifier,
getDataKey, getDataKey,
setDataKey, setDataKey,
saveSubjectIdentifier, saveUser,
isSubjectIdentifierSaved, isSubjectIdentifierSaved,
}; };

41
src/services/open_id.ts
View File

@ -11,8 +11,27 @@ function isOpenIDEnabled() {
} }
function isUserSaved() { function isUserSaved() {
const dbf = sql.getValue<string>("SELECT isSetup FROM user_data;"); const data = sql.getValue<string>("SELECT isSetup FROM user_data;");
return dbf === "true" ? true : false; return data === "true" ? true : false;
}
function getUsername() {
const username = sql.getValue<string>("SELECT username FROM user_data;");
return username;
}
function getUserEmail() {
const email = sql.getValue<string>("SELECT email FROM user_data;");
return email;
}
function clearSavedUser() {
sql.execute("DELETE FROM user_data");
options.setOption("isUserSaved", false);
return {
success: true,
message: "Account data removed."
};
} }
function checkOpenIDRequirements() { function checkOpenIDRequirements() {
@ -45,7 +64,9 @@ function checkOpenIDRequirements() {
function getOAuthStatus() { function getOAuthStatus() {
return { return {
success: true, success: true,
message: checkOpenIDRequirements(), name: getUsername(),
email: getUserEmail(),
enabled: isOpenIDEnabled(),
}; };
} }
@ -117,12 +138,17 @@ function generateOAuthConfig() {
if (isUserSaved()) return session; if (isUserSaved()) return session;
if (req.oidc.user === undefined) console.log("user invalid!"); if (req.oidc.user === undefined) {
else openIDEncryption.saveSubjectIdentifier(req.oidc.user.sub.toString()); console.log("user invalid!");
}else {
openIDEncryption.saveUser(
req.oidc.user.sub.toString(),
req.oidc.user.name.toString(),
req.oidc.user.email.toString());
}
return session; return session;
}, },
}; };
return authConfig; return authConfig;
} }
@ -130,6 +156,7 @@ export default {
generateOAuthConfig, generateOAuthConfig,
getOAuthStatus, getOAuthStatus,
isOpenIDEnabled, isOpenIDEnabled,
clearSavedUser,
checkOpenIDRequirements, checkOpenIDRequirements,
isTokenValid, isTokenValid,
isUserSaved, isUserSaved,