Add mattermost authentication

2017-10-29 11:16:40 +01:00
parent dad5798472
commit 5cda55086a
14 changed files with 116 additions and 13 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -74,6 +74,11 @@ module.exports = {
    clientSecret: undefined,
    scope: undefined
  },
+  mattermost: {
+    baseURL: undefined,
+    clientID: undefined,
+    clientSecret: undefined
+  },
  dropbox: {
    clientID: undefined,
    clientSecret: undefined
--- a/lib/config/dockerSecret.js
+++ b/lib/config/dockerSecret.js
@@ -38,6 +38,10 @@ if (fs.existsSync(basePath)) {
      clientID: getSecret('gitlab_clientID'),
      clientSecret: getSecret('gitlab_clientSecret')
    },
+    mattermost: {
+      clientID: getSecret('mattermost_clientID'),
+      clientSecret: getSecret('mattermost_clientSecret')
+    },
    dropbox: {
      clientID: getSecret('dropbox_clientID'),
      clientSecret: getSecret('dropbox_clientSecret')
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -49,6 +49,11 @@ module.exports = {
    clientSecret: process.env.HMD_GITLAB_CLIENTSECRET,
    scope: process.env.HMD_GITLAB_SCOPE
  },
+  mattermost: {
+    baseURL: process.env.HMD_MATTERMOST_BASEURL,
+    clientID: process.env.HMD_MATTERMOST_CLIENTID,
+    clientSecret: process.env.HMD_MATTERMOST_CLIENTSECRET
+  },
  dropbox: {
    clientID: process.env.HMD_DROPBOX_CLIENTID,
    clientSecret: process.env.HMD_DROPBOX_CLIENTSECRET
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -90,6 +90,7 @@ config.isTwitterEnable = config.twitter.consumerKey && config.twitter.consumerSe
 config.isEmailEnable = config.email
 config.isGitHubEnable = config.github.clientID && config.github.clientSecret
 config.isGitLabEnable = config.gitlab.clientID && config.gitlab.clientSecret
+config.isMattermostEnable = config.mattermost.clientID && config.mattermost.clientSecret
 config.isLDAPEnable = config.ldap.url
 config.isPDFExportEnable = config.allowpdfexport

--- a/lib/models/user.js
+++ b/lib/models/user.js
@@ -111,6 +111,15 @@ module.exports = function (sequelize, DataTypes) {
              photo = letterAvatars(profile.username)
            }
            break
+          case 'mattermost':
+            photo = profile.avatarUrl
+            if (photo) {
+              if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
+              else photo = photo.replace(/(\?s=)\d*$/i, '$196')
+            } else {
+              photo = letterAvatars(profile.username)
+            }
+            break
          case 'dropbox':
            // no image api provided, use gravatar
            photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0].value)
--- a/lib/response.js
+++ b/lib/response.js
@@ -64,6 +64,7 @@ function showIndex (req, res, next) {
    twitter: config.isTwitterEnable,
    github: config.isGitHubEnable,
    gitlab: config.isGitLabEnable,
+    mattermost: config.isMattermostEnable,
    dropbox: config.isDropboxEnable,
    google: config.isGoogleEnable,
    ldap: config.isLDAPEnable,
--- a/lib/web/auth/index.js
+++ b/lib/web/auth/index.js
@@ -33,6 +33,7 @@ if (config.isFacebookEnable) authRouter.use(require('./facebook'))
 if (config.isTwitterEnable) authRouter.use(require('./twitter'))
 if (config.isGitHubEnable) authRouter.use(require('./github'))
 if (config.isGitLabEnable) authRouter.use(require('./gitlab'))
+if (config.isMattermostEnable) authRouter.use(require('./mattermost'))
 if (config.isDropboxEnable) authRouter.use(require('./dropbox'))
 if (config.isGoogleEnable) authRouter.use(require('./google'))
 if (config.isLDAPEnable) authRouter.use(require('./ldap'))
--- a/lib/web/auth/mattermost/index.js
+++ b/lib/web/auth/mattermost/index.js
@@ -0,0 +1,49 @@
+'use strict'
+
+const Router = require('express').Router
+const passport = require('passport')
+const Mattermost = require('mattermost')
+const OAuthStrategy = require('passport-oauth2').Strategy
+const config = require('../../../config')
+const {setReturnToFromReferer, passportGeneralCallback} = require('../utils')
+
+const mattermost = new Mattermost.Client()
+
+let mattermostAuth = module.exports = Router()
+
+let mattermostStrategy = new OAuthStrategy({
+  authorizationURL: config.mattermost.baseURL + '/oauth/authorize',
+  tokenURL: config.mattermost.baseURL + '/oauth/access_token',
+  clientID: config.mattermost.clientID,
+  clientSecret: config.mattermost.clientSecret,
+  callbackURL: config.serverurl + '/auth/mattermost/callback'
+}, passportGeneralCallback)
+
+mattermostStrategy.userProfile = (accessToken, done) => {
+  mattermost.setUrl(config.mattermost.baseURL)
+  mattermost.token = accessToken
+  mattermost.useHeaderToken()
+  mattermost.getMe(
+      (data) => {
+        done(null, data)
+      },
+      (err) => {
+        done(err)
+      }
+  )
+}
+
+passport.use(mattermostStrategy)
+
+mattermostAuth.get('/auth/mattermost', function (req, res, next) {
+  setReturnToFromReferer(req)
+  passport.authenticate('oauth2')(req, res, next)
+})
+
+// mattermost auth callback
+mattermostAuth.get('/auth/mattermost/callback',
+  passport.authenticate('oauth2', {
+    successReturnToOrRedirect: config.serverurl + '/',
+    failureRedirect: config.serverurl + '/'
+  })
+)