OAuth working

db/schema.sql

@@ -129,6 +129,8 @@ CREATE TABLE IF NOT EXISTS "attachments"
 CREATE TABLE IF NOT EXISTS "user_data"
 (
     tmpID INT,
+    username TEXT,
+    email TEXT,
     userIDEcnryptedDataKey TEXT,
     userIDVerificationHash TEXT,
     salt TEXT,

src/public/app/widgets/type_widgets/options/multi_factor_authentication.js

@@ -26,10 +26,9 @@ const TPL = `
             <span class="env-oauth-enabled" "alert alert-warning" role="alert" style="font-weight: bold; color: red !important;" > </span>
         </div>
         <div>
-            <span> <b>Token status: </b></span><span class="token-status"> Needs login! </span><span><b> User status: </b></span><span class="user-status"> No user saved!</span>
+            <span> <b>User Account: </b></span><span class="user-account-name"> Not logged in! </span><span><b> User Email: </b></span><span class="user-account-email"> Not logged in!</span>
             <br>
-            <button class="oauth-login-button" onclick="location.href='/authenticate'" > Login to configured OAuth/OpenID service </button>
-            <button class="save-user-button" > Save User </button>
+            <button class="clear-saved-user-button" > Clear Saved User </button>
         </div>
     </div>
     <br>
@@ -104,10 +103,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
       ".generate-recovery-code"
     );
     this.$oAuthEnabledCheckbox = this.$widget.find(".oauth-enabled-checkbox");
-    this.$saveUserButton = this.$widget.find(".save-user-button");
+    this.$clearSavedUserButton = this.$widget.find(".clear-saved-user-button");
     this.$oauthLoginButton = this.$widget.find(".oauth-login-button");
-    this.$tokenStatus = this.$widget.find(".token-status");
-    this.$userStatus = this.$widget.find(".user-status");
+    this.$UserAccountName = this.$widget.find(".user-account-name");
+    this.$UserAccountEmail = this.$widget.find(".user-account-email");
     this.$envEnabledTOTP = this.$widget.find(".env-totp-enabled");
     this.$envEnabledOAuth = this.$widget.find(".env-oauth-enabled");
 
@@ -122,9 +121,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
     //   this.updateSecret();
     // });
 
-    this.$oAuthEnabledCheckbox.on("change", async () => {
-      this.updateOAuthStatus();
-    });
+    // Depricated. Will use .env to control.
+    // this.$oAuthEnabledCheckbox.on("change", async () => {
+    //   this.updateOAuthStatus();
+    // });
 
     this.$generateRecoveryCodeButton.on("click", async () => {
       this.setRecoveryKeys();
@@ -134,11 +134,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
       this.generateKey();
     });
 
-    this.$saveUserButton.on("click", (async) => {
+    this.$clearSavedUserButton.on("click", (async) => {
       server
-        .get("oauth/authenticate")
+        .get("oauth/clearUser")
         .then((result) => {
-          console.log(result.message);
           toastService.showMessage(result.message);
         })
         .catch((result) => {
@@ -213,10 +212,10 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
   optionsLoaded(options) {
     // TODO: Rework the logic since I've changed how OAuth works
 
-    // server.get("oauth/status").then((result) => {
-    //   if (result.enabled) {
+    server.get("oauth/status").then((result) => {
+      if (result.enabled) {
     //     if (result.success)
-    //       this.$oAuthEnabledCheckbox.prop("checked", result.message);
+        this.$oAuthEnabledCheckbox.prop("checked", result.enabled);
 
     //     this.$oauthLoginButton.prop("disabled", !result.message);
     //     this.$saveUserButton.prop("disabled", !result.message);
@@ -226,7 +225,8 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
     //       this.$saveUserButton.prop("disabled", false);
     //       server.get("oauth/validate").then((result) => {
     //         if (result.success) {
-    //           this.$tokenStatus.text("Logged in!");
+              this.$UserAccountName.text(result.name);
+              this.$UserAccountEmail.text(result.email);
 
     //           if (result.user) {
     //             this.$userStatus.text("User saved!");
@@ -246,8 +246,8 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
     //     this.$envEnabledOAuth.text(
     //       "OAuth can only be enabled with environment variables. REQUIRES RESTART"
     //     );
-    //   }
-    // });
+      }
+    });
 
     server.get("totp/status").then((result) => {
       console.log(result);

src/routes/routes.ts

@@ -129,6 +129,7 @@ function register(app: express.Application) {
     apiRoute(GET, '/api/totp/get', totp.getSecret);
 
     apiRoute(GET, '/api/oauth/status', openID.getOAuthStatus);
+    apiRoute(GET, '/api/oauth/clearUser', openID.clearSavedUser);
     apiRoute(GET, '/api/oauth/validate', openID.isTokenValid);
 
     apiRoute(PST, '/api/totp_recovery/set', recoveryCodes.setRecoveryCodes);

src/services/encryption/open_id_encryption.ts

@@ -5,7 +5,7 @@ import dataEncryptionService from "./data_encryption.js";
 import sql from "../sql.js";
 import sqlInit from "../sql_init.js";
 
-function saveSubjectIdentifier(subjectIdentifier: string) {
+function saveUser(subjectIdentifier: string, name: string, email: string) {
   if (isUserSaved()) return false;
 
   // Allows setup with existing instances of trilium
@@ -13,6 +13,8 @@ function saveSubjectIdentifier(subjectIdentifier: string) {
     CREATE TABLE IF NOT EXISTS "user_data"
     (
         tmpID INT,
+        username TEXT,
+        email TEXT,
         userIDEcnryptedDataKey TEXT,
         userIDVerificationHash TEXT,
         salt TEXT,
@@ -52,9 +54,10 @@ function saveSubjectIdentifier(subjectIdentifier: string) {
     derivedKey: derivedKeySalt,
     userIDEcnryptedDataKey: userIDEncryptedDataKey,
     isSetup: "true",
+    username: name,
+    email: email
   };
 
-  console.log("Saved data: " + data);
   sql.upsert("user_data", "tmpID", data);
   return true;
 }
@@ -158,6 +161,6 @@ export default {
   verifyOpenIDSubjectIdentifier,
   getDataKey,
   setDataKey,
-  saveSubjectIdentifier,
+  saveUser,
   isSubjectIdentifierSaved,
 };

src/services/open_id.ts

@@ -11,8 +11,27 @@ function isOpenIDEnabled() {
 }
 
 function isUserSaved() {
-  const dbf = sql.getValue<string>("SELECT isSetup FROM user_data;");
-  return dbf === "true" ? true : false;
+  const data = sql.getValue<string>("SELECT isSetup FROM user_data;");
+  return data === "true" ? true : false;
+}
+
+function getUsername() {
+  const username = sql.getValue<string>("SELECT username FROM user_data;");
+  return username;
+}
+
+function getUserEmail() {
+  const email = sql.getValue<string>("SELECT email FROM user_data;");
+  return email;
+}
+
+function clearSavedUser() {
+  sql.execute("DELETE FROM user_data");
+  options.setOption("isUserSaved", false);
+  return {
+    success: true,
+    message: "Account data removed."
+  };
 }
 
 function checkOpenIDRequirements() {
@@ -45,7 +64,9 @@ function checkOpenIDRequirements() {
 function getOAuthStatus() {
   return {
     success: true,
-    message: checkOpenIDRequirements(),
+    name: getUsername(),
+    email: getUserEmail(),
+    enabled: isOpenIDEnabled(),
   };
 }
 
@@ -117,9 +138,14 @@ function generateOAuthConfig() {
 
       if (isUserSaved()) return session;
 
-      if (req.oidc.user === undefined) console.log("user invalid!");
-      else openIDEncryption.saveSubjectIdentifier(req.oidc.user.sub.toString());
-
+      if (req.oidc.user === undefined) {
+        console.log("user invalid!");
+      }else {
+         openIDEncryption.saveUser(
+          req.oidc.user.sub.toString(),
+          req.oidc.user.name.toString(),
+          req.oidc.user.email.toString());
+      }
       return session;
     },
   }; 
@@ -130,6 +156,7 @@ export default {
   generateOAuthConfig,
   getOAuthStatus,
   isOpenIDEnabled,
+  clearSavedUser,
   checkOpenIDRequirements,
   isTokenValid,
   isUserSaved,