From f1515562b7d97e48945c4b1e210b865382ecff3c Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Sat, 2 Dec 2023 12:30:49 -0600 Subject: [PATCH] fix auth --- config.js | 2 +- index.js | 27 ++++++++------------------- 2 files changed, 9 insertions(+), 20 deletions(-) diff --git a/config.js b/config.js index 647c588..edef2b9 100644 --- a/config.js +++ b/config.js @@ -12,7 +12,7 @@ exports.branding = { orgHome: process.env.brandOrgHome || "https://acm.illinois.edu", statusURL: process.env.brandStatusURL || "https://status.acm.illinois.edu", copyrightOwner: process.env.brandCopyrightOwner || "ACM @ UIUC", - domainHint: process.env.brandDomainHint || "acm.illinois.edu", // primary azure AD domain for tenant. + domainHint: process.env.brandDomainHint, // primary azure AD domain for tenant. externalDomain: process.env.externalDomain || "https://go.acm.illinois.edu" } diff --git a/index.js b/index.js index b709ead..4a79a00 100644 --- a/index.js +++ b/index.js @@ -313,7 +313,8 @@ app.get('/login', resourceURL: config.resourceURL, // optional. Provide a value if you want to specify the resource. customState: 'my_state', // optional. Provide a value if you want to provide custom state value. failureRedirect: '/error', - domain_hint: config.branding.domainHint + domain_hint: config.branding.domainHint, + prompt: 'select_account' } )(req, res, next); }, @@ -326,22 +327,6 @@ app.get('/error', (req, res) => { app.get('/unauthorized', (req, res) => { return res.status(401).render('unauthorized.html', { partials, productName: config.branding.title, logoPath: config.branding.logoPath, copyrightOwner: config.branding.copyrightOwner, statusURL: config.branding.statusURL, orgHome: config.branding.orgHome, groups: config.groups_permitted.toString().replaceAll(",", "
"), adminGroups: config.admin_groups.toString().replaceAll(",", "
") }); }); -// 'GET returnURL' -// `passport.authenticate` will try to authenticate the content returned in -// query (such as authorization code). If authentication fails, user will be -// redirected to '/' (home page); otherwise, it passes to the next middleware. -app.get('/auth/openid/return', - function (req, res, next) { - passport.authenticate('azuread-openidconnect', - { - response: res, // required - failureRedirect: '/' - } - )(req, res, next); - }, - function (req, res) { - res.redirect('/'); - }); // 'POST returnURL' // `passport.authenticate` will try to authenticate the content returned in @@ -351,8 +336,12 @@ app.post('/auth/openid/return', function (req, res, next) { passport.authenticate('azuread-openidconnect', { - response: res, // required - failureRedirect: '/' + response: res, // required + resourceURL: config.resourceURL, // optional. Provide a value if you want to specify the resource. + customState: 'my_state', // optional. Provide a value if you want to provide custom state value. + failureRedirect: '/error', + domain_hint: config.branding.domainHint, + prompt: 'select_account' } )(req, res, next); },