0

我正在实现用于登录谷歌用户的代码,现在我正在尝试更改,以便它登录来自同一家公司的 MS 365 用户。我有一个存储用户的 psql 数据库。我曾经使用 google 凭据登录并将它们与具有相同 google_id 的用户 id 匹配。现在我将其更改为所有 MS 帐户都具有的 oid。我可以登录,但我似乎无法弄清楚它如何将凭据与用户“id”匹配。这是在数据库中找到用户的 api 请求

router.get('/ticket', function(req, res, next) {
  // Sort by 'id' column in descending order (from "Z")
  db.User.find({oid: req.user.id}, function(err, users) {
    if(err) return printError(res, err);
    var loggedInUser = _.first(users);
    console.log("logged in user:" + loggedInUser.id);

这就是数据库逻辑的方式:

var User = db.define('macland_user', {
      id: { type: 'serial', key: true },
      username: { type: 'text', unique: true },
      user_role: { type: 'enum', required: true, defaultValue:"sales", values: ["repair", "sales", "admin", "contractor"] },
      date_created: { type: 'date', time: true, defaultValue: null },
      email: { type: 'text', unique: true },
      google_id: { type: 'text', unique: true},
      oid: { type: 'text', unique: true},
      short_name: { type: 'text', unique: true},
      active: { type: 'boolean', required: true, defaultValue: true }
    },

我正在使用 OIDCStrategy

passport.serializeUser(function(user, done) {
  done(null, user.oid);
});

passport.deserializeUser(function(oid, done) {
  findByOid(oid, function (err, user) {
    done(err, user);
  });
});

var users = [];

var findByOid = function(oid, fn) {
  for (var i = 0, len = users.length; i < len; i++) {
    var user = users[i];
    log.info('we are using user: ', user.oid);
    console.log("usertest");
    if (user.oid === oid) {
      return fn(null, user);
    }
  }
  return fn(null, null);
};



//-----------------------------------------------------------------------------
// Use the OIDCStrategy within Passport.
// 
// Strategies in passport require a `verify` function, which accepts credentials
// (in this case, the `oid` claim in id_token), and invoke a callback to find
// the corresponding user object.
// 
// The following are the accepted prototypes for the `verify` function
// (1) function(iss, sub, done)
// (2) function(iss, sub, profile, done)
// (3) function(iss, sub, profile, access_token, refresh_token, done)
// (4) function(iss, sub, profile, access_token, refresh_token, params, done)
// (5) function(iss, sub, profile, jwtClaims, access_token, refresh_token, params, done)
// (6) prototype (1)-(5) with an additional `req` parameter as the first parameter
//
// To do prototype (6), passReqToCallback must be set to true in the config.
//-----------------------------------------------------------------------------
passport.use(new OIDCStrategy({
  identityMetadata: config.creds.identityMetadata,
  clientID: config.creds.clientID,
  responseType: config.creds.responseType,
  responseMode: config.creds.responseMode,
  redirectUrl: config.creds.redirectUrl,
  allowHttpForRedirectUrl: config.creds.allowHttpForRedirectUrl,
  clientSecret: config.creds.clientSecret,
  validateIssuer: config.creds.validateIssuer,
  isB2C: config.creds.isB2C,
  issuer: config.creds.issuer,
  passReqToCallback: config.creds.passReqToCallback,
  scope: config.creds.scope,
  loggingLevel: config.creds.loggingLevel,
  nonceLifetime: config.creds.nonceLifetime,
  nonceMaxAmount: config.creds.nonceMaxAmount,
  useCookieInsteadOfSession: config.creds.useCookieInsteadOfSession,
  cookieEncryptionKeys: config.creds.cookieEncryptionKeys,
  clockSkew: config.creds.clockSkew,
},
function(iss, sub, profile, accessToken, refreshToken, done) {
  if (!profile.oid) {
    return done(new Error("No oid found"), null);
  }
  // asynchronous verification, for effect...
  process.nextTick(function () {
    findByOid(profile.oid, function(err, user) {
      if (err) {
        return done(err);
      }
      if (!user) {
        // "Auto-registration"
        users.push(profile);
        return done(null, profile);
      }
      return done(null, user);
    });
  });
}
));
4

0 回答 0