Skip to content

Commit

Permalink
Merge pull request #915 from bcgov/feature/entra
Browse files Browse the repository at this point in the history 
Working entra login
  • Loading branch information
@SodhiA1
SodhiA1 authored Jul 25, 2023
2 parents f0e9697 + 39f3d32 commit 7c17224
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 11 deletions.
1 change: 1 addition & 0 deletions backend/src/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ const parseJwt = (token) => {
utils.getOidcDiscovery().then(discovery => {
//OIDC Strategy is used for authorization
addLoginPassportUse(discovery, 'oidcBceid', config.get('server:frontend') + '/api/auth/callback_bceid', 'keycloak_bcdevexchange_bceid');
addLoginPassportUse(discovery, 'oidcEntra', config.get('server:frontend') + '/api/auth/callback_entra', 'entra');
addLoginPassportUse(discovery, 'oidcBceidActivateUser', config.get('server:frontend') + '/api/auth/callback_activate_user', 'keycloak_bcdevexchange_bceid');
addLoginPassportUse(discovery, 'oidcBceidActivateDistrictUser', config.get('server:frontend') + '/api/auth/callback_activate_district_user', 'keycloak_bcdevexchange_bceid');
//JWT strategy is used for authorization
Expand Down
9 changes: 7 additions & 2 deletions backend/src/components/secureExchange.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -952,7 +952,7 @@ async function verifyActivateUserLink(req, res) {
}
return res.redirect(baseUrl + '/api/auth/logout?loginBceidActivateDistrictUser=true');
} catch (e) {
let msg = 'Error Occurred please retry with the link provided in the email';
let msg = 'Error occurred please retry with the link provided in the email';
if (e.status === 400) {
msg = 'Invalid link clicked. Please click the link provided in your email';
} else if (e.status === 410) {
Expand Down Expand Up @@ -1035,9 +1035,14 @@ function setInstituteTypeIdentifierAndRedirect(req, res) {
}
}

function getAndSetupEDXUserAndRedirect(req, res, accessToken, digitalID, correlationID) {
function getAndSetupEDXUserAndRedirect(req, res, accessToken, digitalID, correlationID, isValidTenant='true') {
log.info('User Set Up and Redirect called');

if(!isValidTenant || isValidTenant !== 'true'){
log.info('Not a valid tenant, redirecting to Unauthorized Page');
res.redirect(config.get('server:frontend') + '/unauthorized');
}

Promise.all([
cacheService.loadAllSchoolsToMap(),
cacheService.loadAllDistrictsToMap()
Expand Down
18 changes: 18 additions & 0 deletions backend/src/routes/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,21 @@ router.get('/callback_bceid',
getAndSetupEDXUserAndRedirect(req, res, accessToken, digitalID, correlationID);
}
);

router.get('/callback_entra',
passport.authenticate('oidcEntra', {
failureRedirect: 'error'
}),
(req, res) => {
const userInfo = getSessionUser(req);
const accessToken = userInfo.jwt;
const isValidTenant = userInfo._json.isValidTenant;
const digitalID = userInfo._json.digitalIdentityID;
const correlationID = req.session?.correlationID;
getAndSetupEDXUserAndRedirect(req, res, accessToken, digitalID, correlationID, isValidTenant);
}
);

//a prettier way to handle errors
router.get('/error', (_req, res) => {
res.redirect(config.get('server:frontend') + '/login-error');
Expand All @@ -66,6 +81,7 @@ function addBaseRouterGet(strategyName, callbackURI) {
}

addBaseRouterGet('oidcBceid', '/login_bceid');
addBaseRouterGet('oidcEntra', '/login_entra');
addBaseRouterGet('oidcBceidActivateUser', '/login_bceid_activate_user');
addBaseRouterGet('oidcBceidActivateDistrictUser', '/login_bceid_activate_district_user');

Expand All @@ -84,6 +100,8 @@ router.get('/logout', async (req, res, next) => {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend') + '/login-error');
} else if (req.query && req.query.loginBceid) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend') + '/api/auth/login_bceid');
} else if (req.query && req.query.loginEntra) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend') + '/api/auth/login_entra');
} else if (req.query && req.query.loginBceidActivateUser) {
retUrl = encodeURIComponent(config.get('logoutEndpoint') + '?post_logout_redirect_uri=' + config.get('server:frontend') + '/api/auth/login_bceid_activate_user');
} else if (req.query && req.query.loginBceidActivateDistrictUser) {
Expand Down
39 changes: 30 additions & 9 deletions frontend/src/components/Login.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,40 @@
Welcome to the Education Data Exchange!
</v-card-text>
<v-row
no-gutters
class="my-1"
align="center"
justify="center"
>
<v-btn
id="login-button"
variant="outlined"
:href="authRoutes.LOGIN_BCEID"
class="ma-2"
@click="clearStorage"
>
Log In with Basic BCeID<v-icon>mdi-login</v-icon>
</v-btn>
<v-col class="d-flex justify-center">
<v-btn
id="login-button"
variant="outlined"
:href="authRoutes.LOGIN_ENTRA"
class="ma-2"
@click="clearStorage"
>
Log In with Entra<v-icon>mdi-login</v-icon>
</v-btn>
</v-col>
</v-row>
<v-row
no-gutters
class="my-1"
align="center"
justify="center"
>
<v-col class="d-flex justify-center">
<v-btn
id="login-button"
variant="outlined"
:href="authRoutes.LOGIN_BCEID"
class="ma-2"
@click="clearStorage"
>
Log In with Basic BCeID<v-icon>mdi-login</v-icon>
</v-btn>
</v-col>
</v-row>
</v-card>
</v-row>
Expand Down
1 change: 1 addition & 0 deletions frontend/src/utils/constants.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ object = {
LOGIN: authRoot + '/login',
DASHBOARD: '/',
LOGIN_BCEID: authRoot + '/logout?loginBceid=true',
LOGIN_ENTRA: authRoot + '/logout?loginEntra=true',
LOGOUT: authRoot + '/logout',
SESSION_EXPIRED: authRoot + '/logout?sessionExpired=true',
LOGIN_FAILED: authRoot + '/logout?loginError=true',
Expand Down

0 comments on commit 7c17224

Please sign in to comment.