strapi-plugin-oidc 1.10.1 → 1.10.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/{index-BF9ZcATc.js → index-COhAwRD-.js} +40 -16
- package/dist/admin/{index-CpOrxYA4.mjs → index-D0Q_r3J6.mjs} +40 -16
- package/dist/admin/{index-iTiehRZW.js → index-DgrNKY9Y.js} +1 -1
- package/dist/admin/{index-DH-_mRbC.mjs → index-SjMPr_u2.mjs} +1 -1
- package/dist/admin/index.js +1 -1
- package/dist/admin/index.mjs +1 -1
- package/dist/server/index.js +19 -16
- package/dist/server/index.mjs +19 -16
- package/package.json +1 -1
|
@@ -198,10 +198,25 @@ const AUDIT_LOG_DEFAULTS = {
|
|
|
198
198
|
ADMIN_PAGE_SIZE: 10
|
|
199
199
|
};
|
|
200
200
|
const OIDC_SIGN_IN_PATH = "/strapi-plugin-oidc/oidc";
|
|
201
|
+
const AUTH_ROUTES = [
|
|
202
|
+
"login",
|
|
203
|
+
"register",
|
|
204
|
+
"register-admin",
|
|
205
|
+
"forgot-password",
|
|
206
|
+
"reset-password"
|
|
207
|
+
];
|
|
208
|
+
const JWT_TOKEN_KEY = "jwtToken";
|
|
201
209
|
const UI_DEFAULTS = {
|
|
202
210
|
MIN_SPINNER_MS: 400
|
|
203
211
|
};
|
|
204
212
|
const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
213
|
+
function shouldRedirectToOidc(params) {
|
|
214
|
+
const isServerBounce = params.search.includes("oidc_redirect=1");
|
|
215
|
+
if (isServerBounce) return false;
|
|
216
|
+
const hasToken = params.localStorage.getItem(JWT_TOKEN_KEY) || params.cookies.split(";").some((c) => c.trim().startsWith(`${JWT_TOKEN_KEY}=`));
|
|
217
|
+
if (hasToken) return false;
|
|
218
|
+
return true;
|
|
219
|
+
}
|
|
205
220
|
const name = pluginPkg.strapi.displayName;
|
|
206
221
|
const index = {
|
|
207
222
|
register(app) {
|
|
@@ -212,7 +227,7 @@ const index = {
|
|
|
212
227
|
id: "settings.configuration",
|
|
213
228
|
defaultMessage: "Configuration"
|
|
214
229
|
},
|
|
215
|
-
Component: () => Promise.resolve().then(() => require("./index-
|
|
230
|
+
Component: () => Promise.resolve().then(() => require("./index-DgrNKY9Y.js")),
|
|
216
231
|
permissions: [{ action: PERMISSIONS.READ, subject: null }]
|
|
217
232
|
};
|
|
218
233
|
app.addSettingsLink(
|
|
@@ -232,10 +247,19 @@ const index = {
|
|
|
232
247
|
});
|
|
233
248
|
},
|
|
234
249
|
bootstrap() {
|
|
235
|
-
const
|
|
236
|
-
const
|
|
237
|
-
|
|
250
|
+
const authRouteNames = AUTH_ROUTES.filter((r) => r !== "register-admin");
|
|
251
|
+
const authRoutePattern = new RegExp(`/auth/(${authRouteNames.join("|")})`);
|
|
252
|
+
const isAuthRoute = (path) => authRoutePattern.test(path);
|
|
253
|
+
if (shouldRedirectToOidc({
|
|
254
|
+
search: window.location.search,
|
|
255
|
+
localStorage: window.localStorage,
|
|
256
|
+
cookies: document.cookie
|
|
257
|
+
})) {
|
|
258
|
+
document.documentElement.innerHTML = "";
|
|
238
259
|
window.location.replace(OIDC_SIGN_IN_PATH);
|
|
260
|
+
setTimeout(() => {
|
|
261
|
+
window.location.href = OIDC_SIGN_IN_PATH;
|
|
262
|
+
}, 2e3);
|
|
239
263
|
return;
|
|
240
264
|
}
|
|
241
265
|
const overlayContainer = document.createElement("div");
|
|
@@ -317,16 +341,16 @@ const index = {
|
|
|
317
341
|
const applySettings = async () => {
|
|
318
342
|
try {
|
|
319
343
|
const response = await window.fetch("/strapi-plugin-oidc/settings/public");
|
|
320
|
-
if (response.ok) {
|
|
321
|
-
const data = await response.json();
|
|
322
|
-
if (data.skipLoginPage) {
|
|
323
|
-
startSkipLoginRedirect();
|
|
324
|
-
return;
|
|
325
|
-
}
|
|
326
|
-
startLoginObserver(data.ssoButtonText || defaultButtonText, !!data.enforceOIDC);
|
|
327
|
-
} else {
|
|
344
|
+
if (!response.ok) {
|
|
328
345
|
startLoginObserver(defaultButtonText, false);
|
|
346
|
+
return;
|
|
347
|
+
}
|
|
348
|
+
const data = await response.json();
|
|
349
|
+
if (data.skipLoginPage) {
|
|
350
|
+
startSkipLoginRedirect();
|
|
351
|
+
return;
|
|
329
352
|
}
|
|
353
|
+
startLoginObserver(data.ssoButtonText || defaultButtonText, !!data.enforceOIDC);
|
|
330
354
|
} catch (error) {
|
|
331
355
|
startLoginObserver(defaultButtonText, false);
|
|
332
356
|
console.error("Failed to fetch OIDC settings:", error);
|
|
@@ -341,12 +365,12 @@ const index = {
|
|
|
341
365
|
const isLogout = url?.endsWith("/admin/logout") && args[1]?.method?.toUpperCase() === "POST";
|
|
342
366
|
if (isLogout) {
|
|
343
367
|
window.dispatchEvent(new CustomEvent(LOGOUT_EVENT));
|
|
344
|
-
window.localStorage.removeItem(
|
|
368
|
+
window.localStorage.removeItem(JWT_TOKEN_KEY);
|
|
345
369
|
window.localStorage.removeItem("isLoggedIn");
|
|
346
|
-
window.sessionStorage.removeItem(
|
|
370
|
+
window.sessionStorage.removeItem(JWT_TOKEN_KEY);
|
|
347
371
|
window.sessionStorage.removeItem("isLoggedIn");
|
|
348
|
-
document.cookie =
|
|
349
|
-
document.cookie =
|
|
372
|
+
document.cookie = `${JWT_TOKEN_KEY}=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/`;
|
|
373
|
+
document.cookie = `${JWT_TOKEN_KEY}=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/admin`;
|
|
350
374
|
originalFetch(...args).catch(() => {
|
|
351
375
|
});
|
|
352
376
|
window.location.href = "/strapi-plugin-oidc/logout";
|
|
@@ -195,10 +195,25 @@ const AUDIT_LOG_DEFAULTS = {
|
|
|
195
195
|
ADMIN_PAGE_SIZE: 10
|
|
196
196
|
};
|
|
197
197
|
const OIDC_SIGN_IN_PATH = "/strapi-plugin-oidc/oidc";
|
|
198
|
+
const AUTH_ROUTES = [
|
|
199
|
+
"login",
|
|
200
|
+
"register",
|
|
201
|
+
"register-admin",
|
|
202
|
+
"forgot-password",
|
|
203
|
+
"reset-password"
|
|
204
|
+
];
|
|
205
|
+
const JWT_TOKEN_KEY = "jwtToken";
|
|
198
206
|
const UI_DEFAULTS = {
|
|
199
207
|
MIN_SPINNER_MS: 400
|
|
200
208
|
};
|
|
201
209
|
const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
210
|
+
function shouldRedirectToOidc(params) {
|
|
211
|
+
const isServerBounce = params.search.includes("oidc_redirect=1");
|
|
212
|
+
if (isServerBounce) return false;
|
|
213
|
+
const hasToken = params.localStorage.getItem(JWT_TOKEN_KEY) || params.cookies.split(";").some((c) => c.trim().startsWith(`${JWT_TOKEN_KEY}=`));
|
|
214
|
+
if (hasToken) return false;
|
|
215
|
+
return true;
|
|
216
|
+
}
|
|
202
217
|
const name = pluginPkg.strapi.displayName;
|
|
203
218
|
const index = {
|
|
204
219
|
register(app) {
|
|
@@ -209,7 +224,7 @@ const index = {
|
|
|
209
224
|
id: "settings.configuration",
|
|
210
225
|
defaultMessage: "Configuration"
|
|
211
226
|
},
|
|
212
|
-
Component: () => import("./index-
|
|
227
|
+
Component: () => import("./index-SjMPr_u2.mjs"),
|
|
213
228
|
permissions: [{ action: PERMISSIONS.READ, subject: null }]
|
|
214
229
|
};
|
|
215
230
|
app.addSettingsLink(
|
|
@@ -229,10 +244,19 @@ const index = {
|
|
|
229
244
|
});
|
|
230
245
|
},
|
|
231
246
|
bootstrap() {
|
|
232
|
-
const
|
|
233
|
-
const
|
|
234
|
-
|
|
247
|
+
const authRouteNames = AUTH_ROUTES.filter((r) => r !== "register-admin");
|
|
248
|
+
const authRoutePattern = new RegExp(`/auth/(${authRouteNames.join("|")})`);
|
|
249
|
+
const isAuthRoute = (path) => authRoutePattern.test(path);
|
|
250
|
+
if (shouldRedirectToOidc({
|
|
251
|
+
search: window.location.search,
|
|
252
|
+
localStorage: window.localStorage,
|
|
253
|
+
cookies: document.cookie
|
|
254
|
+
})) {
|
|
255
|
+
document.documentElement.innerHTML = "";
|
|
235
256
|
window.location.replace(OIDC_SIGN_IN_PATH);
|
|
257
|
+
setTimeout(() => {
|
|
258
|
+
window.location.href = OIDC_SIGN_IN_PATH;
|
|
259
|
+
}, 2e3);
|
|
236
260
|
return;
|
|
237
261
|
}
|
|
238
262
|
const overlayContainer = document.createElement("div");
|
|
@@ -314,16 +338,16 @@ const index = {
|
|
|
314
338
|
const applySettings = async () => {
|
|
315
339
|
try {
|
|
316
340
|
const response = await window.fetch("/strapi-plugin-oidc/settings/public");
|
|
317
|
-
if (response.ok) {
|
|
318
|
-
const data = await response.json();
|
|
319
|
-
if (data.skipLoginPage) {
|
|
320
|
-
startSkipLoginRedirect();
|
|
321
|
-
return;
|
|
322
|
-
}
|
|
323
|
-
startLoginObserver(data.ssoButtonText || defaultButtonText, !!data.enforceOIDC);
|
|
324
|
-
} else {
|
|
341
|
+
if (!response.ok) {
|
|
325
342
|
startLoginObserver(defaultButtonText, false);
|
|
343
|
+
return;
|
|
344
|
+
}
|
|
345
|
+
const data = await response.json();
|
|
346
|
+
if (data.skipLoginPage) {
|
|
347
|
+
startSkipLoginRedirect();
|
|
348
|
+
return;
|
|
326
349
|
}
|
|
350
|
+
startLoginObserver(data.ssoButtonText || defaultButtonText, !!data.enforceOIDC);
|
|
327
351
|
} catch (error) {
|
|
328
352
|
startLoginObserver(defaultButtonText, false);
|
|
329
353
|
console.error("Failed to fetch OIDC settings:", error);
|
|
@@ -338,12 +362,12 @@ const index = {
|
|
|
338
362
|
const isLogout = url?.endsWith("/admin/logout") && args[1]?.method?.toUpperCase() === "POST";
|
|
339
363
|
if (isLogout) {
|
|
340
364
|
window.dispatchEvent(new CustomEvent(LOGOUT_EVENT));
|
|
341
|
-
window.localStorage.removeItem(
|
|
365
|
+
window.localStorage.removeItem(JWT_TOKEN_KEY);
|
|
342
366
|
window.localStorage.removeItem("isLoggedIn");
|
|
343
|
-
window.sessionStorage.removeItem(
|
|
367
|
+
window.sessionStorage.removeItem(JWT_TOKEN_KEY);
|
|
344
368
|
window.sessionStorage.removeItem("isLoggedIn");
|
|
345
|
-
document.cookie =
|
|
346
|
-
document.cookie =
|
|
369
|
+
document.cookie = `${JWT_TOKEN_KEY}=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/`;
|
|
370
|
+
document.cookie = `${JWT_TOKEN_KEY}=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/admin`;
|
|
347
371
|
originalFetch(...args).catch(() => {
|
|
348
372
|
});
|
|
349
373
|
window.location.href = "/strapi-plugin-oidc/logout";
|
|
@@ -7,7 +7,7 @@ const React = require("react");
|
|
|
7
7
|
const designSystem = require("@strapi/design-system");
|
|
8
8
|
const icons = require("@strapi/icons");
|
|
9
9
|
const reactIntl = require("react-intl");
|
|
10
|
-
const index = require("./index-
|
|
10
|
+
const index = require("./index-COhAwRD-.js");
|
|
11
11
|
const styled = require("styled-components");
|
|
12
12
|
const lucideReact = require("lucide-react");
|
|
13
13
|
const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
|
|
@@ -5,7 +5,7 @@ import { useState, useRef, useId, useEffect, useCallback, useReducer, useMemo, m
|
|
|
5
5
|
import { Typography, Flex, Box, MultiSelect, MultiSelectOption, Button, Dialog, Table, Pagination, PreviousLink, NextLink, PageLink, Field, Divider, Thead, Tr, Th, Tbody, Td, IconButton, Loader, Tooltip, Alert } from "@strapi/design-system";
|
|
6
6
|
import { Cross, WarningCircle, Plus, Download, Upload, Trash, Calendar, Mail, Information } from "@strapi/icons";
|
|
7
7
|
import { useIntl } from "react-intl";
|
|
8
|
-
import { g as getTrad, E as EMAIL_REGEX, e as en, A as AUDIT_LOG_DEFAULTS, U as UI_DEFAULTS } from "./index-
|
|
8
|
+
import { g as getTrad, E as EMAIL_REGEX, e as en, A as AUDIT_LOG_DEFAULTS, U as UI_DEFAULTS } from "./index-D0Q_r3J6.mjs";
|
|
9
9
|
import styled from "styled-components";
|
|
10
10
|
import { Filter, ClipboardList, Server } from "lucide-react";
|
|
11
11
|
function Role({ oidcRoles, roles, onChangeRole }) {
|
package/dist/admin/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperties(exports, { __esModule: { value: true }, [Symbol.toStringTag]: { value: "Module" } });
|
|
3
|
-
const index = require("./index-
|
|
3
|
+
const index = require("./index-COhAwRD-.js");
|
|
4
4
|
require("react");
|
|
5
5
|
require("react-dom/client");
|
|
6
6
|
exports.default = index.index;
|
package/dist/admin/index.mjs
CHANGED
package/dist/server/index.js
CHANGED
|
@@ -175,6 +175,13 @@ const DAY_MS = 864e5;
|
|
|
175
175
|
const DISCOVERY_TIMEOUT_MS = 5e3;
|
|
176
176
|
const OIDC_DISCOVERY_PATH = "/.well-known/openid-configuration";
|
|
177
177
|
const OIDC_SIGN_IN_PATH = "/strapi-plugin-oidc/oidc";
|
|
178
|
+
const AUTH_ROUTES = [
|
|
179
|
+
"login",
|
|
180
|
+
"register",
|
|
181
|
+
"register-admin",
|
|
182
|
+
"forgot-password",
|
|
183
|
+
"reset-password"
|
|
184
|
+
];
|
|
178
185
|
const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
179
186
|
function getPluginConfig() {
|
|
180
187
|
return pluginConfigSchema.parse(strapi.config.get("plugin::strapi-plugin-oidc") ?? {});
|
|
@@ -254,8 +261,7 @@ const COOKIE_NAMES = {
|
|
|
254
261
|
accessToken: "oidc_access_token",
|
|
255
262
|
userEmail: "oidc_user_email",
|
|
256
263
|
adminRefresh: "strapi_admin_refresh",
|
|
257
|
-
authenticated: "oidc_authenticated"
|
|
258
|
-
skipLoginPage: "oidc_skip_login_page"
|
|
264
|
+
authenticated: "oidc_authenticated"
|
|
259
265
|
};
|
|
260
266
|
function shouldMarkSecure(strapi2, ctx) {
|
|
261
267
|
const isProduction = strapi2.config.get("environment") === "production";
|
|
@@ -286,11 +292,11 @@ function clearAuthCookies(strapi2, ctx) {
|
|
|
286
292
|
ctx.cookies.set(COOKIE_NAMES.accessToken, "", rootPathOptions);
|
|
287
293
|
ctx.cookies.set(COOKIE_NAMES.userEmail, "", rootPathOptions);
|
|
288
294
|
}
|
|
289
|
-
const AUTH_ROUTES = ["login", "register", "register-admin", "forgot-password", "reset-password"];
|
|
290
295
|
const STATIC_EXTENSIONS = [".js", ".css", ".png", ".svg", ".ico", ".woff2", ".json", ".map"];
|
|
291
296
|
async function bootstrap({ strapi: strapi2 }) {
|
|
292
297
|
await applyDiscovery(strapi2);
|
|
293
|
-
const
|
|
298
|
+
const rawAdminUrl = strapi2.config.get("admin.url");
|
|
299
|
+
const adminUrl = typeof rawAdminUrl === "string" && rawAdminUrl.length > 0 ? rawAdminUrl : "/admin";
|
|
294
300
|
const tokenRefreshPath = `${adminUrl}/token/refresh`;
|
|
295
301
|
const EXCLUDED_ADMIN_PATHS = [
|
|
296
302
|
`${adminUrl}/login`,
|
|
@@ -308,17 +314,7 @@ async function bootstrap({ strapi: strapi2 }) {
|
|
|
308
314
|
const isAuthRoute = AUTH_ROUTES.some((r) => path.includes(r));
|
|
309
315
|
const isTokenRefresh = path === tokenRefreshPath;
|
|
310
316
|
const config2 = getPluginConfig();
|
|
311
|
-
|
|
312
|
-
if (isAdminPage) {
|
|
313
|
-
ctx.cookies.set(COOKIE_NAMES.skipLoginPage, config2.OIDC_SKIP_LOGIN_PAGE ? "1" : "0", {
|
|
314
|
-
httpOnly: false,
|
|
315
|
-
signed: false,
|
|
316
|
-
sameSite: "lax",
|
|
317
|
-
path: adminUrl,
|
|
318
|
-
secure: false
|
|
319
|
-
});
|
|
320
|
-
}
|
|
321
|
-
if (config2.OIDC_SKIP_LOGIN_PAGE && isAdminPage && !EXCLUDED_ADMIN_PATHS.includes(path) && !ctx.cookies.get(COOKIE_NAMES.adminRefresh)) {
|
|
317
|
+
if (config2.OIDC_SKIP_LOGIN_PAGE && ctx.request.method === "GET" && (path === adminUrl || path.startsWith(`${adminUrl}/`)) && !EXCLUDED_ADMIN_PATHS.includes(path) && !STATIC_EXTENSIONS.some((ext) => path.endsWith(ext)) && !ctx.cookies.get(COOKIE_NAMES.adminRefresh)) {
|
|
322
318
|
ctx.redirect(OIDC_SIGN_IN_PATH);
|
|
323
319
|
return;
|
|
324
320
|
}
|
|
@@ -3618,7 +3614,14 @@ function t(locale, key, fallback) {
|
|
|
3618
3614
|
}
|
|
3619
3615
|
async function oidcSignIn(ctx) {
|
|
3620
3616
|
try {
|
|
3621
|
-
const
|
|
3617
|
+
const config2 = configValidation();
|
|
3618
|
+
if (!config2.OIDC_SKIP_LOGIN_PAGE) {
|
|
3619
|
+
const raw = strapi.config.get("admin.url");
|
|
3620
|
+
const adminUrl = typeof raw === "string" && raw.length > 0 ? raw : "/admin";
|
|
3621
|
+
ctx.redirect(`${adminUrl}/auth/login?oidc_redirect=1`);
|
|
3622
|
+
return;
|
|
3623
|
+
}
|
|
3624
|
+
const { OIDC_CLIENT_ID, OIDC_REDIRECT_URI, OIDC_SCOPE, OIDC_AUTHORIZATION_ENDPOINT } = config2;
|
|
3622
3625
|
const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge__default.default();
|
|
3623
3626
|
const state = node_crypto.randomBytes(32).toString("base64url");
|
|
3624
3627
|
const nonce = node_crypto.randomBytes(32).toString("base64url");
|
package/dist/server/index.mjs
CHANGED
|
@@ -169,6 +169,13 @@ const DAY_MS = 864e5;
|
|
|
169
169
|
const DISCOVERY_TIMEOUT_MS = 5e3;
|
|
170
170
|
const OIDC_DISCOVERY_PATH = "/.well-known/openid-configuration";
|
|
171
171
|
const OIDC_SIGN_IN_PATH = "/strapi-plugin-oidc/oidc";
|
|
172
|
+
const AUTH_ROUTES = [
|
|
173
|
+
"login",
|
|
174
|
+
"register",
|
|
175
|
+
"register-admin",
|
|
176
|
+
"forgot-password",
|
|
177
|
+
"reset-password"
|
|
178
|
+
];
|
|
172
179
|
const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
173
180
|
function getPluginConfig() {
|
|
174
181
|
return pluginConfigSchema.parse(strapi.config.get("plugin::strapi-plugin-oidc") ?? {});
|
|
@@ -248,8 +255,7 @@ const COOKIE_NAMES = {
|
|
|
248
255
|
accessToken: "oidc_access_token",
|
|
249
256
|
userEmail: "oidc_user_email",
|
|
250
257
|
adminRefresh: "strapi_admin_refresh",
|
|
251
|
-
authenticated: "oidc_authenticated"
|
|
252
|
-
skipLoginPage: "oidc_skip_login_page"
|
|
258
|
+
authenticated: "oidc_authenticated"
|
|
253
259
|
};
|
|
254
260
|
function shouldMarkSecure(strapi2, ctx) {
|
|
255
261
|
const isProduction = strapi2.config.get("environment") === "production";
|
|
@@ -280,11 +286,11 @@ function clearAuthCookies(strapi2, ctx) {
|
|
|
280
286
|
ctx.cookies.set(COOKIE_NAMES.accessToken, "", rootPathOptions);
|
|
281
287
|
ctx.cookies.set(COOKIE_NAMES.userEmail, "", rootPathOptions);
|
|
282
288
|
}
|
|
283
|
-
const AUTH_ROUTES = ["login", "register", "register-admin", "forgot-password", "reset-password"];
|
|
284
289
|
const STATIC_EXTENSIONS = [".js", ".css", ".png", ".svg", ".ico", ".woff2", ".json", ".map"];
|
|
285
290
|
async function bootstrap({ strapi: strapi2 }) {
|
|
286
291
|
await applyDiscovery(strapi2);
|
|
287
|
-
const
|
|
292
|
+
const rawAdminUrl = strapi2.config.get("admin.url");
|
|
293
|
+
const adminUrl = typeof rawAdminUrl === "string" && rawAdminUrl.length > 0 ? rawAdminUrl : "/admin";
|
|
288
294
|
const tokenRefreshPath = `${adminUrl}/token/refresh`;
|
|
289
295
|
const EXCLUDED_ADMIN_PATHS = [
|
|
290
296
|
`${adminUrl}/login`,
|
|
@@ -302,17 +308,7 @@ async function bootstrap({ strapi: strapi2 }) {
|
|
|
302
308
|
const isAuthRoute = AUTH_ROUTES.some((r) => path.includes(r));
|
|
303
309
|
const isTokenRefresh = path === tokenRefreshPath;
|
|
304
310
|
const config2 = getPluginConfig();
|
|
305
|
-
|
|
306
|
-
if (isAdminPage) {
|
|
307
|
-
ctx.cookies.set(COOKIE_NAMES.skipLoginPage, config2.OIDC_SKIP_LOGIN_PAGE ? "1" : "0", {
|
|
308
|
-
httpOnly: false,
|
|
309
|
-
signed: false,
|
|
310
|
-
sameSite: "lax",
|
|
311
|
-
path: adminUrl,
|
|
312
|
-
secure: false
|
|
313
|
-
});
|
|
314
|
-
}
|
|
315
|
-
if (config2.OIDC_SKIP_LOGIN_PAGE && isAdminPage && !EXCLUDED_ADMIN_PATHS.includes(path) && !ctx.cookies.get(COOKIE_NAMES.adminRefresh)) {
|
|
311
|
+
if (config2.OIDC_SKIP_LOGIN_PAGE && ctx.request.method === "GET" && (path === adminUrl || path.startsWith(`${adminUrl}/`)) && !EXCLUDED_ADMIN_PATHS.includes(path) && !STATIC_EXTENSIONS.some((ext) => path.endsWith(ext)) && !ctx.cookies.get(COOKIE_NAMES.adminRefresh)) {
|
|
316
312
|
ctx.redirect(OIDC_SIGN_IN_PATH);
|
|
317
313
|
return;
|
|
318
314
|
}
|
|
@@ -3612,7 +3608,14 @@ function t(locale, key, fallback) {
|
|
|
3612
3608
|
}
|
|
3613
3609
|
async function oidcSignIn(ctx) {
|
|
3614
3610
|
try {
|
|
3615
|
-
const
|
|
3611
|
+
const config2 = configValidation();
|
|
3612
|
+
if (!config2.OIDC_SKIP_LOGIN_PAGE) {
|
|
3613
|
+
const raw = strapi.config.get("admin.url");
|
|
3614
|
+
const adminUrl = typeof raw === "string" && raw.length > 0 ? raw : "/admin";
|
|
3615
|
+
ctx.redirect(`${adminUrl}/auth/login?oidc_redirect=1`);
|
|
3616
|
+
return;
|
|
3617
|
+
}
|
|
3618
|
+
const { OIDC_CLIENT_ID, OIDC_REDIRECT_URI, OIDC_SCOPE, OIDC_AUTHORIZATION_ENDPOINT } = config2;
|
|
3616
3619
|
const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge();
|
|
3617
3620
|
const state = randomBytes(32).toString("base64url");
|
|
3618
3621
|
const nonce = randomBytes(32).toString("base64url");
|
package/package.json
CHANGED