Merge pull request #45 from cylab-tw/oauthdev

feat: updated oauth plugin to support custom scope in request
cylab-tw · Dec 20, 2024 · 7807ebb · 7807ebb
2 parents a6b421e + e434785
commit 7807ebb
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 32 deletions.
diff --git a/bluelight/data/configOAuth.json b/bluelight/data/configOAuth.json
@@ -1,14 +1,16 @@
 {
-    "enabled":false,
-    "hostname":"127.0.0.1",
+    "enabled":true,
+    "hostname":"localhost",
     "port":"8080",
     "http":"http",
-    "client_id":"account",
+    "client_id":"testclient",
+    "client_secret":"",
     "endpoints":
     {
-        "auth":"realms/TestRealm/protocol/openid-connect/auth",
-        "validation":"realms/TestRealm/protocol/openid-connect/userinfo", 
-        "token":"realms/TestRealm/protocol/openid-connect/token" 
+        "auth":"realms/testRealm/protocol/openid-connect/auth",
+        "validation":"realms/testRealm/protocol/openid-connect/userinfo", 
+        "token":"realms/testRealm/protocol/openid-connect/token" 
     },
+    "scope":"openid profile email",
     "tokenInRequest":true
-}
+}
diff --git a/bluelight/scripts/plugin/oauth.js b/bluelight/scripts/plugin/oauth.js
@@ -1,8 +1,8 @@
-var OAuthConfig = {};
-var keycloakAPI = "";
+let OAuthConfig = {};
+let keycloakAPI = "";
 
 auth();
-window.addEventListener("load", function(event) {
+window.addEventListener("load", (event) => {
     auth();
 });
 /**
@@ -27,27 +27,26 @@ async function auth() {
         if (tokenVaild) {
             if(window.location.href.indexOf(`code=`) != -1)
             {
-                let originalUrl = removeURLParameter(window.location.href, "code");
-                originalUrl = removeURLParameter(originalUrl, "session_state");
+                let originalUrl = removeURLParameter(window.location.href, "code","session_state","iss");
                 window.location.href = originalUrl;
             }
             if(OAuthConfig.tokenInRequest == true)
             {
-                ConfigLog.QIDO.token.Authorization = "Bearer " + theToken;
-                ConfigLog.WADO.token.Authorization = "Bearer " + theToken;
-                ConfigLog.STOW.token.Authorization = "Bearer " + theToken;
-                readAllJson(readJson);
+                XMLHttpRequest.prototype.origOpen = XMLHttpRequest.prototype.open;
+                XMLHttpRequest.prototype.open   = function () {
+                    this.origOpen.apply(this, arguments);
+                    this.setRequestHeader('Authorization', "Bearer " + theToken);
+                };
+                loadLdcmview();
             }
-            console.log(ConfigLog);
             return true;
         }
         // No token or token is not vaild, redirect to keycloak login page and put current url in the Callback URL parameter.
         else {
             setCookie("access_token","",7);
-            let redirectUri = removeURLParameter(window.location.href, "code");
-            redirectUri = removeURLParameter(redirectUri, "session_state");
+            let redirectUri = removeURLParameter(window.location.href, "code","session_state","iss");
             let loginPage = `${keycloakAPI}${OAuthConfig.endpoints.auth}?client_id=${OAuthConfig.client_id}&grant_type=authorization_code&response_type=code&redirect_uri=${redirectUri}`;
-            window.location.href = loginPage;
+            //window.location.href = loginPage;
             return false;
         }
     }
@@ -119,10 +118,9 @@ function isTokenVaild(theToken) {
 function requestToken(code, session_state) {
     return new Promise((resolve, reject) => {
         let tokenAPI = `${keycloakAPI}${OAuthConfig.endpoints.token}`;
-        let redirectUri = removeURLParameter(window.location.href, "code");
-        redirectUri = removeURLParameter(redirectUri, "session_state");
+        let redirectUri = removeURLParameter(window.location.href, "code","session_state","iss");
         let responseToken = "";
-        let params = `grant_type=authorization_code&client_id=${OAuthConfig.client_id}&code=${code}&session_state=${session_state}&redirect_uri=${redirectUri}`;
+        let params = `grant_type=authorization_code&client_id=${OAuthConfig.client_id}&client_secret=${OAuthConfig.client_secret}&scope=${OAuthConfig.scope}&code=${code}&session_state=${session_state}&redirect_uri=${redirectUri}`;
         let request = new XMLHttpRequest();
         request.open('POST', tokenAPI);
         request.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
@@ -176,4 +174,10 @@ function removeURLParameter(url, parameter) {
         return urlparts[0] + (pars.length > 0 ? "?" + pars.join("&") : "");
     }
     return url;
-}
+}
+
+function removeURLParameters(url, ...parameters) {
+    const urlObj = new URL(url);
+    parameters.forEach(param => urlObj.searchParams.delete(param));
+    return urlObj.toString();
+}
diff --git a/search/data/configOAuth.json b/search/data/configOAuth.json
@@ -1,14 +1,16 @@
 {
-    "enabled":false,
-    "hostname":"127.0.0.1",
+    "enabled":true,
+    "hostname":"localhost",
     "port":"8080",
     "http":"http",
-    "client_id":"account",
+    "client_id":"testclient",
+    "client_secret":"",
     "endpoints":
     {
-        "auth":"realms/TestRealm/protocol/openid-connect/auth",
-        "validation":"realms/TestRealm/protocol/openid-connect/userinfo", 
-        "token":"realms/TestRealm/protocol/openid-connect/token" 
+        "auth":"realms/testRealm/protocol/openid-connect/auth",
+        "validation":"realms/testRealm/protocol/openid-connect/userinfo", 
+        "token":"realms/testRealm/protocol/openid-connect/token" 
     },
-    "tokenInRequest":false
+    "scope":"openid profile email",
+    "tokenInRequest":true
 }
diff --git a/search/scripts/oauth.js b/search/scripts/oauth.js
@@ -122,7 +122,7 @@ function requestToken(code, session_state) {
         let redirectUri = removeURLParameter(window.location.href, "code");
         redirectUri = removeURLParameter(redirectUri, "session_state");
         let responseToken = "";
-        let params = `grant_type=authorization_code&client_id=${OAuthConfig.client_id}&code=${code}&session_state=${session_state}&redirect_uri=${redirectUri}`;
+        let params = `grant_type=authorization_code&client_id=${OAuthConfig.client_id}&client_secret=${OAuthConfig.client_secret}&scope=${OAuthConfig.scope}&code=${code}&session_state=${session_state}&redirect_uri=${redirectUri}`;
         let request = new XMLHttpRequest();
         request.open('POST', tokenAPI);
         request.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');