ep_oauth 11.0.11 → 11.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -8
- package/auth.js +2 -4
- package/package.json +1 -1
- package/static/tests/backend/specs/authorize.ts +38 -0
package/README.md
CHANGED
|
@@ -1,14 +1,25 @@
|
|
|
1
|
-
|
|
1
|
+
# ep_oauth
|
|
2
|
+
|
|
3
|
+
OAuth2 authentication for Etherpad via GitHub.
|
|
4
|
+
|
|
5
|
+
## Install
|
|
2
6
|
|
|
3
|
-
Example config to be placed in settings.json
|
|
4
7
|
```
|
|
5
|
-
|
|
6
|
-
"clientID": "9829038409234fuckingnumbersandl1e1tt1er1s111yo",
|
|
7
|
-
"clientSecret": "herpderp22",
|
|
8
|
-
"callbackURL": "http://etherpoop.com:9001/auth/callback"
|
|
9
|
-
}
|
|
8
|
+
pnpm run plugins i ep_oauth
|
|
10
9
|
```
|
|
11
10
|
|
|
12
|
-
|
|
11
|
+
## Settings
|
|
12
|
+
|
|
13
|
+
Add to your `settings.json`:
|
|
14
|
+
|
|
15
|
+
```json
|
|
16
|
+
"ep_oauth": {
|
|
17
|
+
"clientID": "your_github_client_id",
|
|
18
|
+
"clientSecret": "your_github_client_secret",
|
|
19
|
+
"callbackURL": "https://your-etherpad.example.com/auth/callback"
|
|
20
|
+
}
|
|
21
|
+
```
|
|
13
22
|
|
|
23
|
+
## License
|
|
14
24
|
|
|
25
|
+
Apache-2.0
|
package/auth.js
CHANGED
|
@@ -93,15 +93,13 @@ exports.expressConfigure = (hookName, args, cb) => {
|
|
|
93
93
|
// FIRST STEP
|
|
94
94
|
exports.authorize = (hookName, args, cb) => {
|
|
95
95
|
// Never lands here for url /auth/callback
|
|
96
|
-
if (args.req.url.indexOf('/auth') === 0) return cb
|
|
96
|
+
if (args.req.url.indexOf('/auth') === 0) return cb([true]);
|
|
97
97
|
|
|
98
|
-
let userIsAuthedAlready = false;
|
|
99
98
|
console.debug(`Database lookup -> oauth:${args.req.sessionID}`);
|
|
100
99
|
db.get(`oauth:${args.req.sessionID}`, (k, user) => {
|
|
101
100
|
console.debug(`Oauth session found ->${args.req.sessionID}`, 'has user data of ', user);
|
|
102
|
-
|
|
101
|
+
return cb([!!user]);
|
|
103
102
|
});
|
|
104
|
-
return cb([userIsAuthedAlready]);
|
|
105
103
|
};
|
|
106
104
|
|
|
107
105
|
// SECOND STEP
|
package/package.json
CHANGED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
import {strict as assert} from 'assert';
|
|
4
|
+
import {init} from 'ep_etherpad-lite/tests/backend/common';
|
|
5
|
+
import {generateJWTToken} from 'ep_etherpad-lite/tests/backend/common';
|
|
6
|
+
|
|
7
|
+
let agent: any;
|
|
8
|
+
|
|
9
|
+
describe('ep_oauth authorize hook', () => {
|
|
10
|
+
before(async () => {
|
|
11
|
+
agent = await init();
|
|
12
|
+
});
|
|
13
|
+
|
|
14
|
+
it('allows access to /auth paths without authentication', async () => {
|
|
15
|
+
// The authorize hook should return true for /auth/* paths,
|
|
16
|
+
// allowing the OAuth flow to proceed without prior auth.
|
|
17
|
+
// We test this by verifying the server doesn't reject /auth/callback
|
|
18
|
+
// with a 401 (it will 302 or handle it via the OAuth flow).
|
|
19
|
+
const res = await agent
|
|
20
|
+
.get('/auth/callback')
|
|
21
|
+
.set('Authorization', await generateJWTToken())
|
|
22
|
+
.redirects(0);
|
|
23
|
+
// Should not be 401 (unauthorized) — the authorize hook allows /auth paths
|
|
24
|
+
assert.notStrictEqual(res.status, 401);
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
it('rejects unauthenticated requests to pad paths', async () => {
|
|
28
|
+
// Without an OAuth session, accessing a pad should not be authorized.
|
|
29
|
+
// The exact behavior depends on etherpad config, but we verify the
|
|
30
|
+
// authorize hook is being called (server doesn't crash).
|
|
31
|
+
const res = await agent
|
|
32
|
+
.get('/p/test-oauth-pad')
|
|
33
|
+
.redirects(0);
|
|
34
|
+
// Should get some response (redirect to auth, or 200/302) but not crash
|
|
35
|
+
assert.ok([200, 302, 401, 403].includes(res.status),
|
|
36
|
+
`Expected 200/302/401/403, got ${res.status}`);
|
|
37
|
+
});
|
|
38
|
+
});
|