我正在实现用于登录谷歌用户的代码,现在我正在尝试更改,以便它登录来自同一家公司的 MS 365 用户。我有一个存储用户的 psql 数据库。我曾经使用 google 凭据登录并将它们与具有相同 google_id 的用户 id 匹配。现在我将其更改为所有 MS 帐户都具有的 oid。我可以登录,但我似乎无法弄清楚它如何将凭据与用户“id”匹配。这是在数据库中找到用户的 api 请求
router.get('/ticket', function(req, res, next) {
// Sort by 'id' column in descending order (from "Z")
db.User.find({oid: req.user.id}, function(err, users) {
if(err) return printError(res, err);
var loggedInUser = _.first(users);
console.log("logged in user:" + loggedInUser.id);
这就是数据库逻辑的方式:
var User = db.define('macland_user', {
id: { type: 'serial', key: true },
username: { type: 'text', unique: true },
user_role: { type: 'enum', required: true, defaultValue:"sales", values: ["repair", "sales", "admin", "contractor"] },
date_created: { type: 'date', time: true, defaultValue: null },
email: { type: 'text', unique: true },
google_id: { type: 'text', unique: true},
oid: { type: 'text', unique: true},
short_name: { type: 'text', unique: true},
active: { type: 'boolean', required: true, defaultValue: true }
},
我正在使用 OIDCStrategy
passport.serializeUser(function(user, done) {
done(null, user.oid);
});
passport.deserializeUser(function(oid, done) {
findByOid(oid, function (err, user) {
done(err, user);
});
});
var users = [];
var findByOid = function(oid, fn) {
for (var i = 0, len = users.length; i < len; i++) {
var user = users[i];
log.info('we are using user: ', user.oid);
console.log("usertest");
if (user.oid === oid) {
return fn(null, user);
}
}
return fn(null, null);
};
//-----------------------------------------------------------------------------
// Use the OIDCStrategy within Passport.
//
// Strategies in passport require a `verify` function, which accepts credentials
// (in this case, the `oid` claim in id_token), and invoke a callback to find
// the corresponding user object.
//
// The following are the accepted prototypes for the `verify` function
// (1) function(iss, sub, done)
// (2) function(iss, sub, profile, done)
// (3) function(iss, sub, profile, access_token, refresh_token, done)
// (4) function(iss, sub, profile, access_token, refresh_token, params, done)
// (5) function(iss, sub, profile, jwtClaims, access_token, refresh_token, params, done)
// (6) prototype (1)-(5) with an additional `req` parameter as the first parameter
//
// To do prototype (6), passReqToCallback must be set to true in the config.
//-----------------------------------------------------------------------------
passport.use(new OIDCStrategy({
identityMetadata: config.creds.identityMetadata,
clientID: config.creds.clientID,
responseType: config.creds.responseType,
responseMode: config.creds.responseMode,
redirectUrl: config.creds.redirectUrl,
allowHttpForRedirectUrl: config.creds.allowHttpForRedirectUrl,
clientSecret: config.creds.clientSecret,
validateIssuer: config.creds.validateIssuer,
isB2C: config.creds.isB2C,
issuer: config.creds.issuer,
passReqToCallback: config.creds.passReqToCallback,
scope: config.creds.scope,
loggingLevel: config.creds.loggingLevel,
nonceLifetime: config.creds.nonceLifetime,
nonceMaxAmount: config.creds.nonceMaxAmount,
useCookieInsteadOfSession: config.creds.useCookieInsteadOfSession,
cookieEncryptionKeys: config.creds.cookieEncryptionKeys,
clockSkew: config.creds.clockSkew,
},
function(iss, sub, profile, accessToken, refreshToken, done) {
if (!profile.oid) {
return done(new Error("No oid found"), null);
}
// asynchronous verification, for effect...
process.nextTick(function () {
findByOid(profile.oid, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
users.push(profile);
return done(null, profile);
}
return done(null, user);
});
});
}
));