npm
Sign UpSign In

This package has been deprecated

Author message:

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

kth-node-passport-cas

3.1.15 • Public • Published

kth-node-passport-cas

Cas authentication strategy for Passport based but modified from github.com/sadne/passport-cas.

Migrating from <= 2.x to 3.x

We are now whitelisting the redirect url (nextUrl param) to only allow relative paths actually owned by the application. When upgrading you need to provide these in the initialising of this package.

Add proxyPrefixPath to route handler-init (normally in server.js):

require('kth-node-passport-cas').routeHandlers({
  casLoginUri: config.proxyPrefixPath.uri + '/login',
  casGatewayUri: config.proxyPrefixPath.uri + '/loginGateway',
  proxyPrefixPath: config.proxyPrefixPath.uri, // <-------------- here
  server: server
})

Also add proxyPrefixPath to redirect (normally in authentication.js):

require('kth-node-passport-cas').routeHandlers.getRedirectAuthenticatedUser({
  ldapConfig: config.ldap,
  ldapClient: ldapClient,
  proxyPrefixPath: config.proxyPrefixPath.uri, // <-------------- here
  unpackLdapUser: function (ldapUser, pgtIou) {
    return {
      username: ldapUser.ugUsername,
      displayName: ldapUser.displayName,
      email: ldapUser.mail,
      pgtIou: pgtIou,
      // This is where you can set custom roles
      isAdmin: hasGroup(config.auth.adminGroup, ldapUser),
      isSupport: hasGroup(config.auth.supportGroup, ldapUser),
      isSchema: hasGroup(config.auth.schemaGroup, ldapUser)
    }
  }
})

API

Strategy

Passport style authentication strategy implemented for login through KTH CAS.

Usage:

const passport = require('passport')
const Strategy = require('kth-node-passport-cas').Strategy
const log = require('kth-node-log')


const casOptions = {
  ssoBaseURL: 'https://url.to/cas',
  serverBaseURL: 'http://url.to.me:port',
  log: log
}

const strategy = new Strategy(casOptions,
  function (logOnResult, done) {
    return done(null, logOnResult.user, logOnResult)
  }
)

passport.use(strategy)

GatewayStrategy

Passport style authentication strategy implemented to check if user is logged in through KTH CAS.

const passport = require('passport')
const GatewayStrategy = require('kth-node-passport-cas').GatewayStrategy
const log = require('kth-node-log')

passport.use(new GatewayStrategy({
  casUrl: 'https://url.to/cas'
}, function (result, done) {
  done(null, result.user, result)
}))

getProxyTicket

Get a proxy ticket from CAS-service. Returns a promise.

Call signature:

const getProxyTicket = require('kth-node-passport-cas').getProxyTicket

getProxyTicket (casService, pgtId, targetService)
  .then((ticket) => {
    // do something...
  })
  .catch((err) => {
    // do something...
  })

Express Route Handlers

Express route handlers used for KTH CAS authentication.

const ldapConfig = { ... } // Object structure can be found in kth-node-configuration
const COOKIE_TIMEOUT = 5 // in seconds. The cookie timeout determines how long a user is considered "anonymous"

const ldap = require('kth-node-ldap')
const ldapClient =  ldap.createClient({
  url: ldapConfig.uri,
  timeout: ldapConfig.timeout,
  connectTimeout: ldapConfig.connecttimeout,
  maxConnections: ldapConfig.maxconnections,
  bindDN: ldapConfig.username,
  bindCredentials: ldapConfig.password,
  checkInterval: ldapConfig.checkinterval,
  maxIdleTime: ldapConfig.maxidletime,
  reconnect: true
})

const server = require('kth-node-server')
const passport = require('passport')

// Don't forget to register the strategies here (Strategy and GatewayStrategy shown above)

server.use(passport.initialize())
server.use(passport.session())

const { authLoginHandler, authCheckHandler, logoutHandler, pgtCallbackHandler, serverLogin, getServerGatewayLogin } = require('kth-node-passport-cas').routeHandlers({
  adminGroup: 'group_name', // LDAP admin group for this app
  casLoginUri: '/app/mountpoint/login',
  casGatewayUri: '/app/mountpoint/loginGateway',
  cookieTimeout: COOKIE_TIMEOUT,
  ldapConfig: ldapConfig,
  ldapClient: ldapClient,
  server: server
})
appRoute.get('cas.login', '/app/mountpoint/login', authLoginHandler)
appRoute.get('cas.gateway', '/app/mountpoint/loginGateway', authCheckHandler)
appRoute.get('cas.logout', '/app/mountpoint/logout', logoutHandler)
// Optional pgtCallback
appRoute.get('cas.pgtCallback', '/app/mountpoint/pgtCallback', pgtCallbackHandler)

// Make sure user is logged in and send to login page if not
server.get('/app/mountpoint', serverLogin, function (req, res) { ... })

// Make sure user is logged in and fail request if not
server.get('/app/mountpoint/gateway', getServerGatewayLogin('/'), function (req, res) { ... })

Readme

Keywords

Package Sidebar

Install

npm i kth-node-passport-cas

Repository

github.com/KTH/kth-node-passport-cas

Homepage

github.com/KTH/kth-node-passport-cas#readme

Weekly Downloads

33

Version

3.1.15

License

MIT

Unpacked Size

34.9 kB

Total Files

11

Last publish

Collaborators

  • kth-stratus
  • mictsi
  • n_sandstrom
  • kthwebmaster
  • exacs
  • ssundkvist
  • kth-ci
  • emilstenberg
Try on RunKit
Report malware