mirror of
				https://github.com/TriliumNext/Notes.git
				synced 2025-10-25 08:51:35 +08:00 
			
		
		
		
	feat: 🎸 Fix SSO login
This commit is contained in:
		
							parent
							
								
									d4b657e4d8
								
							
						
					
					
						commit
						f2a29653b2
					
				| @ -64,7 +64,13 @@ function setPassword(req: Request, res: Response) { | ||||
| 
 | ||||
| function login(req: Request, res: Response) { | ||||
|     if (openID.isOpenIDEnabled()) { | ||||
|         res.oidc.login({ returnTo: '/' }); | ||||
|         res.oidc.login({ | ||||
|             returnTo: '/', | ||||
|             authorizationParams: { | ||||
|                 prompt: 'consent', | ||||
|                 access_type: 'offline' | ||||
|             } | ||||
|         }); | ||||
|         return; | ||||
|     } | ||||
| 
 | ||||
|  | ||||
| @ -28,16 +28,12 @@ function checkAuth(req: Request, res: Response, next: NextFunction) { | ||||
|         }); | ||||
|         return; | ||||
|     } else if (openID.isOpenIDEnabled()) { | ||||
|         if ( | ||||
|             req.oidc.isAuthenticated() && | ||||
|             openIDEncryption.verifyOpenIDSubjectIdentifier(req.oidc.user?.sub) | ||||
|         ) { | ||||
|             req.session.loggedIn = true; | ||||
|         if (req.oidc?.isAuthenticated() && req.session.loggedIn) { | ||||
|             next(); | ||||
|         } else { | ||||
|             req.session.loggedIn = false; | ||||
|             res.oidc.login({}); | ||||
|             return; | ||||
|         } | ||||
|         res.redirect('/login'); | ||||
|         return; | ||||
|     } else if (!req.session.loggedIn && !isElectron && !noAuthentication) { | ||||
|         const redirectToShare = options.getOptionBool("redirectBareDomain"); | ||||
|         if (redirectToShare) { | ||||
|  | ||||
| @ -103,33 +103,45 @@ function generateOAuthConfig() { | ||||
|     }; | ||||
| 
 | ||||
|     const authConfig = { | ||||
|         authRequired: true, | ||||
|         authRequired: false, | ||||
|         auth0Logout: false, | ||||
|         baseURL: config.MultiFactorAuthentication.oauthBaseUrl, | ||||
|         clientID: config.MultiFactorAuthentication.oauthClientId, | ||||
|         issuerBaseURL: "https://accounts.google.com/.well-known/openid-configuration", | ||||
|         issuerBaseURL: "https://accounts.google.com", | ||||
|         secret: config.MultiFactorAuthentication.oauthClientSecret, | ||||
|         clientSecret: config.MultiFactorAuthentication.oauthClientSecret, | ||||
|         authorizationParams: { | ||||
|             response_type: "code", | ||||
|             scope: "openid profile email", | ||||
|             access_type: "offline", | ||||
|             prompt: "consent", | ||||
|             state: "random_state_" + Math.random().toString(36).substring(2) | ||||
|         }, | ||||
|         routes: authRoutes, | ||||
|         idpLogout: false, | ||||
|         idpLogout: true, | ||||
|         logoutParams: logoutParams, | ||||
|         afterCallback: async (req: Request, res: Response, session: Session) => { | ||||
|             if (!sqlInit.isDbInitialized()) return session; | ||||
| 
 | ||||
|             if (isUserSaved()) return session; | ||||
| 
 | ||||
|             if (req.oidc.user === undefined) { | ||||
|             if (!req.oidc.user) { | ||||
|                 console.log("user invalid!"); | ||||
|             } else { | ||||
|                 return session; | ||||
|             } | ||||
| 
 | ||||
|             // 保存用户信息
 | ||||
|             openIDEncryption.saveUser( | ||||
|                 req.oidc.user.sub.toString(), | ||||
|                 req.oidc.user.name.toString(), | ||||
|                     req.oidc.user.email.toString()); | ||||
|             } | ||||
|                 req.oidc.user.email.toString() | ||||
|             ); | ||||
| 
 | ||||
|             // 设置登录状态
 | ||||
|             req.session.loggedIn = true; | ||||
|             req.session.lastAuthState = { | ||||
|                 totpEnabled: false, | ||||
|                 ssoEnabled: true | ||||
|             }; | ||||
| 
 | ||||
|             return session; | ||||
|         }, | ||||
|     }; | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Jin
						Jin