Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-10-25 17:13:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: 🎸 Fix SSO login

Browse Source
This commit is contained in:
Jin 2025-03-26 02:39:29 +01:00
parent d4b657e4d8
commit f2a29653b2
3 changed files with 34 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/routes/login.ts
View File

@ -64,7 +64,13 @@ function setPassword(req: Request, res: Response) {
function login(req: Request, res: Response) { function login(req: Request, res: Response) {
if (openID.isOpenIDEnabled()) { if (openID.isOpenIDEnabled()) {
res.oidc.login({ returnTo: '/' }); res.oidc.login({
returnTo: '/',
authorizationParams: {
prompt: 'consent',
access_type: 'offline'
}
});
return; return;
} }

12
src/services/auth.ts
View File

@ -28,16 +28,12 @@ function checkAuth(req: Request, res: Response, next: NextFunction) {
}); });
return; return;
} else if (openID.isOpenIDEnabled()) { } else if (openID.isOpenIDEnabled()) {
if ( if (req.oidc?.isAuthenticated() && req.session.loggedIn) {
req.oidc.isAuthenticated() &&
openIDEncryption.verifyOpenIDSubjectIdentifier(req.oidc.user?.sub)
) {
req.session.loggedIn = true;
next(); next();
} else { return;
req.session.loggedIn = false;
res.oidc.login({});
} }
res.redirect('/login');
return;
} else if (!req.session.loggedIn && !isElectron && !noAuthentication) { } else if (!req.session.loggedIn && !isElectron && !noAuthentication) {
const redirectToShare = options.getOptionBool("redirectBareDomain"); const redirectToShare = options.getOptionBool("redirectBareDomain");
if (redirectToShare) { if (redirectToShare) {

30
src/services/open_id.ts
View File

@ -103,33 +103,45 @@ function generateOAuthConfig() {
}; };
const authConfig = { const authConfig = {
authRequired: true, authRequired: false,
auth0Logout: false, auth0Logout: false,
baseURL: config.MultiFactorAuthentication.oauthBaseUrl, baseURL: config.MultiFactorAuthentication.oauthBaseUrl,
clientID: config.MultiFactorAuthentication.oauthClientId, clientID: config.MultiFactorAuthentication.oauthClientId,
issuerBaseURL: "https://accounts.google.com/.well-known/openid-configuration", issuerBaseURL: "https://accounts.google.com",
secret: config.MultiFactorAuthentication.oauthClientSecret, secret: config.MultiFactorAuthentication.oauthClientSecret,
clientSecret: config.MultiFactorAuthentication.oauthClientSecret, clientSecret: config.MultiFactorAuthentication.oauthClientSecret,
authorizationParams: { authorizationParams: {
response_type: "code", response_type: "code",
scope: "openid profile email", scope: "openid profile email",
access_type: "offline",
prompt: "consent",
state: "random_state_" + Math.random().toString(36).substring(2)
}, },
routes: authRoutes, routes: authRoutes,
idpLogout: false, idpLogout: true,
logoutParams: logoutParams, logoutParams: logoutParams,
afterCallback: async (req: Request, res: Response, session: Session) => { afterCallback: async (req: Request, res: Response, session: Session) => {
if (!sqlInit.isDbInitialized()) return session; if (!sqlInit.isDbInitialized()) return session;
if (isUserSaved()) return session; if (!req.oidc.user) {
if (req.oidc.user === undefined) {
console.log("user invalid!"); console.log("user invalid!");
} else { return session;
}
// 保存用户信息
openIDEncryption.saveUser( openIDEncryption.saveUser(
req.oidc.user.sub.toString(), req.oidc.user.sub.toString(),
req.oidc.user.name.toString(), req.oidc.user.name.toString(),
req.oidc.user.email.toString()); req.oidc.user.email.toString()
} );
// 设置登录状态
req.session.loggedIn = true;
req.session.lastAuthState = {
totpEnabled: false,
ssoEnabled: true
};
return session; return session;
}, },
}; };