fix(oidc): wekan/wekan#3299

5 years ago · ae9d82430a
parent d75ca0c8f0
commit ae9d82430a
1 changed files with 29 additions and 15 deletions
--- a/packages/wekan-oidc/oidc_server.js
+++ b/packages/wekan-oidc/oidc_server.js
@ -1,4 +1,15 @@
 Oidc = {};
+httpCa = false;
+
+if (process.env.OAUTH2_CA_CERT !== undefined) {
+    try {
+        const fs = Npm.require('fs');
+	httpCa = fs.readFileSync(process.env.OAUTH2_CA_CERT);
+    } catch(e) {
+	console.log('WARNING: failed loading: ' + process.env.OAUTH2_CA_CERT);
+	console.log(e);
+    }
+}

 OAuth.registerService('oidc', 2, null, function (query) {

@ -86,9 +97,7 @@ if (process.env.ORACLE_OIM_ENABLED !== 'true' && process.env.ORACLE_OIM_ENABLED
    var response;

    try {
-      response = HTTP.post(
-        serverTokenEndpoint,
-        {
+      var postOptions = {
          headers: {
            Accept: 'application/json',
            "User-Agent": userAgent
@ -101,8 +110,11 @@ if (process.env.ORACLE_OIM_ENABLED !== 'true' && process.env.ORACLE_OIM_ENABLED
            grant_type: 'authorization_code',
            state: query.state
          }
-        }
-      );
+        };
+      if (httpCa) {
+	postOptions['npmRequestOptions'] = { ca: httpCa };
+      }
+      response = HTTP.post(serverTokenEndpoint, postOptions);
    } catch (err) {
      throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),
        { response: err.response });
@ -143,9 +155,7 @@ if (process.env.ORACLE_OIM_ENABLED === 'true' || process.env.ORACLE_OIM_ENABLED
    if (debug) console.log('Basic Token: ', strBasicToken64);

    try {
-      response = HTTP.post(
-        serverTokenEndpoint,
-        {
+      var postOptions = {
          headers: {
            Accept: 'application/json',
            "User-Agent": userAgent,
@ -159,8 +169,11 @@ if (process.env.ORACLE_OIM_ENABLED === 'true' || process.env.ORACLE_OIM_ENABLED
            grant_type: 'authorization_code',
            state: query.state
          }
-        }
-      );
+        };
+      if (httpCa) {
+	postOptions['npmRequestOptions'] = { ca: httpCa };
+      }
+      response = HTTP.post(serverTokenEndpoint, postOptions);
    } catch (err) {
      throw _.extend(new Error("Failed to get token from OIDC " + serverTokenEndpoint + ": " + err.message),
        { response: err.response });
@ -188,15 +201,16 @@ var getUserInfo = function (accessToken) {
  }
  var response;
  try {
-    response = HTTP.get(
-      serverUserinfoEndpoint,
-      {
+    var getOptions = {
        headers: {
          "User-Agent": userAgent,
          "Authorization": "Bearer " + accessToken
        }
-      }
-    );
+      };
+    if (httpCa) {
+      getOptions['npmRequestOptions'] = { ca: httpCa };
+    }
+    response = HTTP.get(serverUserinfoEndpoint, getOptions);
  } catch (err) {
    throw _.extend(new Error("Failed to fetch userinfo from OIDC " + serverUserinfoEndpoint + ": " + err.message),
                   {response: err.response});