fix auth

acm-uiuc · Dec 2, 2023 · f151556 · f151556
1 parent 92089ea
commit f151556
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 20 deletions.
diff --git a/config.js b/config.js
@@ -12,7 +12,7 @@ exports.branding = {
   orgHome: process.env.brandOrgHome || "https://acm.illinois.edu",
   statusURL: process.env.brandStatusURL || "https://status.acm.illinois.edu",
   copyrightOwner: process.env.brandCopyrightOwner || "ACM @ UIUC",
-  domainHint: process.env.brandDomainHint || "acm.illinois.edu", // primary azure AD domain for tenant.
+  domainHint: process.env.brandDomainHint, // primary azure AD domain for tenant.
   externalDomain: process.env.externalDomain || "https://go.acm.illinois.edu"
 
 }

diff --git a/index.js b/index.js
@@ -313,7 +313,8 @@ app.get('/login',
         resourceURL: config.resourceURL,    // optional. Provide a value if you want to specify the resource.
         customState: 'my_state',            // optional. Provide a value if you want to provide custom state value.
         failureRedirect: '/error',
-        domain_hint: config.branding.domainHint
+        domain_hint: config.branding.domainHint,
+        prompt: 'select_account'
       }
     )(req, res, next);
   },
@@ -326,22 +327,6 @@ app.get('/error', (req, res) => {
 app.get('/unauthorized', (req, res) => {
   return res.status(401).render('unauthorized.html', { partials, productName: config.branding.title, logoPath: config.branding.logoPath, copyrightOwner: config.branding.copyrightOwner, statusURL: config.branding.statusURL, orgHome: config.branding.orgHome, groups: config.groups_permitted.toString().replaceAll(",", "<br />"), adminGroups: config.admin_groups.toString().replaceAll(",", "<br />") });
 });
-// 'GET returnURL'
-// `passport.authenticate` will try to authenticate the content returned in
-// query (such as authorization code). If authentication fails, user will be
-// redirected to '/' (home page); otherwise, it passes to the next middleware.
-app.get('/auth/openid/return',
-  function (req, res, next) {
-    passport.authenticate('azuread-openidconnect',
-      {
-        response: res,    // required
-        failureRedirect: '/'
-      }
-    )(req, res, next);
-  },
-  function (req, res) {
-    res.redirect('/');
-  });
 
 // 'POST returnURL'
 // `passport.authenticate` will try to authenticate the content returned in
@@ -351,8 +336,12 @@ app.post('/auth/openid/return',
   function (req, res, next) {
     passport.authenticate('azuread-openidconnect',
       {
-        response: res,    // required
-        failureRedirect: '/'
+        response: res,                      // required
+        resourceURL: config.resourceURL,    // optional. Provide a value if you want to specify the resource.
+        customState: 'my_state',            // optional. Provide a value if you want to provide custom state value.
+        failureRedirect: '/error',
+        domain_hint: config.branding.domainHint,
+        prompt: 'select_account'
       }
     )(req, res, next);
   },