matty/peertube-theme-nctv-dark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'feature/saml_onLogout' into 'master'

Browse Source 
Add onLogout support for the auth-saml plugin

See merge request framasoft/peertube/official-plugins!4
This commit is contained in:
Chocobozzz 2020-12-29 14:53:18 +01:00
commit 016e3eb1a8
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
peertube-plugin-auth-saml2/main.js
View File

@ -44,6 +44,13 @@ async function register ({
private: true private: true
}) })
registerSetting({
name: 'logout-url',
label: 'SSO logout URL (needs PeerTube >= 3.0.0)',
type: 'input',
private: true
})
registerSetting({ registerSetting({
name: 'provider-certificate', name: 'provider-certificate',
label: 'Identity provider certificate (PEM format)', label: 'Identity provider certificate (PEM format)',
@ -159,6 +166,7 @@ async function loadSettingsAndCreateProviders (
'client-id', 'client-id',
'sign-get-request', 'sign-get-request',
'login-url', 'login-url',
'logout-url',
'provider-certificate', 'provider-certificate',
'service-certificate', 'service-certificate',
'service-private-key' 'service-private-key'
@ -186,6 +194,7 @@ async function loadSettingsAndCreateProviders (
const identityOptions = { const identityOptions = {
sso_login_url: settings['login-url'], sso_login_url: settings['login-url'],
sso_logout_url: settings['logout-url'],
certificates: [ certificates: [
settings['provider-certificate'] settings['provider-certificate']
], ],
@ -211,10 +220,41 @@ async function loadSettingsAndCreateProviders (
logger.error('Cannot create login request url.', { err }) logger.error('Cannot create login request url.', { err })
return redirectOnError(res) return redirectOnError(res)
} }
},
onLogout: (user, req) => {
// Return silently if logout-url is not specified
if (!settings['logout-url']) {
return
}
return new Promise(async (resolve, reject) => {
try {
const options = await storageManager.getData(`saml_session_${req.cookies.saml_session}`)
// Include nameid format so the SLO can be accepted.
// See xmlbuilder for the JS object format.
options.name_id = {
"@Format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"#text": options.name_id
}
store.serviceProvider.create_logout_request_url(store.identityProvider, options, (err, logoutUrl, requestId) => {
if (err) {
reject('Cannot SAML 2 logout.', { err })
}
resolve(logoutUrl)
})
} catch (err) {
reject('Cannot create logout request url.', { err })
}
return
})
} }
}) })
store.userAuthenticated = result.userAuthenticated store.userAuthenticated = result.userAuthenticated
store.storageManager = storageManager
} }
function handleAssert(peertubeHelpers, settingsManager, req, res) { function handleAssert(peertubeHelpers, settingsManager, req, res) {
@ -233,6 +273,15 @@ function handleAssert(peertubeHelpers, settingsManager, req, res) {
try { try {
const user = await buildUser(settingsManager, samlResponse.user) const user = await buildUser(settingsManager, samlResponse.user)
// Store the nameid and session_index in the plugin database.
// Create a cookie called 'saml_session' so we can match later.
const session_id = crypto.randomBytes(10).toString("hex")
res.cookie('saml_session', session_id, { httpOnly: true, secure: true })
store.storageManager.storeData(`saml_session_${session_id}`, {
name_id: samlResponse.user.name_id,
session_index: samlResponse.user.session_index
})
return store.userAuthenticated({ return store.userAuthenticated({
req, req,
res, res,

2
peertube-plugin-auth-saml2/package.json
View File

@ -3,7 +3,7 @@
"version": "0.0.1", "version": "0.0.1",
"description": "Add SAML 2 support to login form in PeerTube.", "description": "Add SAML 2 support to login form in PeerTube.",
"engine": { "engine": {
"peertube": ">=2.2.0" "peertube": ">=3.0.0"
}, },
"keywords": [ "keywords": [
"peertube", "peertube",