emerson-pereira · April 17, 2019 00:47
diff --git a/single-sign-on-open-connect.js b/single-sign-on-open-connect.js
 const express = require('express');
 const session = require('express-session');  
 const passport = require('passport'); 
 const cookieParser = require('cookie-parser');
 const fs = require('fs');
 const https = require('https');
 const cfenv = require('cfenv');
 const axios = require('axios');

 const settings = require('./settings.js');

 require('dotenv').config();

 // work around intermediate CA issue
 process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'

 const app = express();

 const isEnvDev = process.env.NODE_ENV === 'development';

 if (isEnvDev) {
  const key = fs.readFileSync('key.pem')
  const cert = fs.readFileSync('cert.pem')
  const options = { key, cert }
  https.createServer(options, app)
    .listen(3000, () => {
      console.log(`Running on https://localhost:3000`)
    })

  app.use(function(req, res, next) {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
    next();
  });
 }
 else {
  const appEnv = cfenv.getAppEnv()
  app.listen(appEnv.port, function() {
    console.log(`Running on port ${appEnv.url}`);
  })
 }

 app.use(cookieParser());
 app.use(session({
  resave: 'true',
  saveUninitialized: 'true',
  secret: process.env.SSO_SESSION_SECRET
 }));
 app.use(passport.initialize());
 app.use(passport.session()); 

 passport.serializeUser((user, done) => {
  done(null, user);
 }); 

 passport.deserializeUser((obj, done) => {
  done(null, obj);
 });

 const OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;

 const Strategy = new OpenIDConnectStrategy({
  authorizationURL: settings.authorization_url,
  tokenURL: settings.token_url,
  clientID: process.env.SSO_CLIENT_ID,
  scope: 'openid',
  response_type: 'code',
  clientSecret: process.env.SSO_CLIENT_SECRET,
  callbackURL: settings.callback_url,
  skipUserProfile: true,
  issuer: settings.issuer_id
 }, (iss, sub, profile, accessToken, refreshToken, params, done) => {
  process.nextTick(() => {
    profile.accessToken = accessToken;
    profile.refreshToken = refreshToken;
    done(null, profile);
  })
 }); 

 passport.use(Strategy);

 const ensureAuthenticated = (req, res, next) => {
  if (!req.isAuthenticated()) {
    req.session.originalUrl = req.originalUrl;
    res.redirect('/login');
 	} else {
 		return next();
 	}
 }

 app.get('/login', passport.authenticate('openidconnect', {}));

 app.get('/logout', (req, res) => {
  req.session.destroy();
  req.logout();
 });

 app.get('/sso/auth/callback', (req, res, next) => {
  const redirect_url = req.session.originalUrl;
 	passport.authenticate('openidconnect', {
    successRedirect: redirect_url,
    failureRedirect: '/failure',
  })(req,res,next);
 });

 app.get('/failure', (req, res) => {
  res.send('login failed');
 });

 app.get('/user', async (req, res) => {
  const user = req.user && req.user._json

  if (user) {
    const bluepagesEndpoint = `https://someApiEndpoint/mail=${user.emailAddress}`;
    const { data: bluepagesData } = await axios.get(bluepagesEndpoint);

    const deptObj = bluepagesData
      .search
      .entry[0]
      .attribute
      .find(a => a.name === 'dept');
    const dept = !!deptObj.value.length && deptObj.value[0];

    const userData = {
      name: `${user.firstName} ${user.lastName}`,
      email: user.emailAddress,
      id: user.uid,
      dept
    };
  
    res.json({
      success: true,
      data: userData
    });
  }
  else {
    res.json({
      success: false,
      data: null
    });
  }
 });

 app.use('/', ensureAuthenticated, express.static('public'));
	const express = require('express');
	const session = require('express-session');
	const passport = require('passport');
	const cookieParser = require('cookie-parser');
	const fs = require('fs');
	const https = require('https');
	const cfenv = require('cfenv');
	const axios = require('axios');

	const settings = require('./settings.js');

	require('dotenv').config();

	// work around intermediate CA issue
	process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'

	const app = express();

	const isEnvDev = process.env.NODE_ENV === 'development';

	if (isEnvDev) {
	const key = fs.readFileSync('key.pem')
	const cert = fs.readFileSync('cert.pem')
	const options = { key, cert }
	https.createServer(options, app)
	.listen(3000, () => {
	console.log(`Running on https://localhost:3000`)
	})

	app.use(function(req, res, next) {
	res.header('Access-Control-Allow-Origin', '*');
	res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
	next();
	});
	}
	else {
	const appEnv = cfenv.getAppEnv()
	app.listen(appEnv.port, function() {
	console.log(`Running on port ${appEnv.url}`);
	})
	}

	app.use(cookieParser());
	app.use(session({
	resave: 'true',
	saveUninitialized: 'true',
	secret: process.env.SSO_SESSION_SECRET
	}));
	app.use(passport.initialize());
	app.use(passport.session());

	passport.serializeUser((user, done) => {
	done(null, user);
	});

	passport.deserializeUser((obj, done) => {
	done(null, obj);
	});

	const OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;

	const Strategy = new OpenIDConnectStrategy({
	authorizationURL: settings.authorization_url,
	tokenURL: settings.token_url,
	clientID: process.env.SSO_CLIENT_ID,
	scope: 'openid',
	response_type: 'code',
	clientSecret: process.env.SSO_CLIENT_SECRET,
	callbackURL: settings.callback_url,
	skipUserProfile: true,
	issuer: settings.issuer_id
	}, (iss, sub, profile, accessToken, refreshToken, params, done) => {
	process.nextTick(() => {
	profile.accessToken = accessToken;
	profile.refreshToken = refreshToken;
	done(null, profile);
	})
	});

	passport.use(Strategy);

	const ensureAuthenticated = (req, res, next) => {
	if (!req.isAuthenticated()) {
	req.session.originalUrl = req.originalUrl;
	res.redirect('/login');
	} else {
	return next();
	}
	}

	app.get('/login', passport.authenticate('openidconnect', {}));

	app.get('/logout', (req, res) => {
	req.session.destroy();
	req.logout();
	});

	app.get('/sso/auth/callback', (req, res, next) => {
	const redirect_url = req.session.originalUrl;
	passport.authenticate('openidconnect', {
	successRedirect: redirect_url,
	failureRedirect: '/failure',
	})(req,res,next);
	});

	app.get('/failure', (req, res) => {
	res.send('login failed');
	});

	app.get('/user', async (req, res) => {
	const user = req.user && req.user._json

	if (user) {
	const bluepagesEndpoint = `https://someApiEndpoint/mail=${user.emailAddress}`;
	const { data: bluepagesData } = await axios.get(bluepagesEndpoint);

	const deptObj = bluepagesData
	.search
	.entry[0]
	.attribute
	.find(a => a.name === 'dept');
	const dept = !!deptObj.value.length && deptObj.value[0];

	const userData = {
	name: `${user.firstName} ${user.lastName}`,
	email: user.emailAddress,
	id: user.uid,
	dept
	};

	res.json({
	success: true,
	data: userData
	});
	}
	else {
	res.json({
	success: false,
	data: null
	});
	}
	});

	app.use('/', ensureAuthenticated, express.static('public'));