From 94fa8fb192be837ec941b574ed9d044960fa0029 Mon Sep 17 00:00:00 2001 From: yzx9 Date: Sat, 25 Nov 2023 01:41:55 +0800 Subject: [PATCH] Add OAuth2 authorization content type configuration --- docker-compose.certbot.yml | 1 + docker-compose.traefik.yml | 1 + docker-compose.yml | 1 + .../sharelatex/AuthenticationController.js | 30 +++++++++++-------- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/docker-compose.certbot.yml b/docker-compose.certbot.yml index aa7f3f6..b08ee8f 100644 --- a/docker-compose.certbot.yml +++ b/docker-compose.certbot.yml @@ -88,6 +88,7 @@ services: # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL + # OAUTH2_AUTHORIZATION_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json'] # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL # OAUTH2_USER_ATTR_EMAIL: email diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml index ef20da0..22a96f0 100644 --- a/docker-compose.traefik.yml +++ b/docker-compose.traefik.yml @@ -169,6 +169,7 @@ services: # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL + # OAUTH2_AUTHORIZATION_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json'] # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL # OAUTH2_USER_ATTR_EMAIL: email diff --git a/docker-compose.yml b/docker-compose.yml index a972113..d7a6b5c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -86,6 +86,7 @@ services: # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL + # OAUTH2_AUTHORIZATION_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json'] # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL # OAUTH2_USER_ATTR_EMAIL: email diff --git a/ldap-overleaf-sl/sharelatex/AuthenticationController.js b/ldap-overleaf-sl/sharelatex/AuthenticationController.js index 549981b..28b6960 100644 --- a/ldap-overleaf-sl/sharelatex/AuthenticationController.js +++ b/ldap-overleaf-sl/sharelatex/AuthenticationController.js @@ -292,30 +292,35 @@ const AuthenticationController = { }, async oauth2Callback(req, res, next) { + console.log(`OAuth, receive code ${req.query.code} and state ${req.query.state}`) const saveState = req.session.oauth2State delete req.session.oauth2State if (saveState !== req.query.state) { - console.log("OAuth ", JSON.stringify(user)) return AuthenticationController.finishLogin(false, req, res, next) } try { - console.log("OAuth2 code", req.query.code) + const contentType = process.env.OAUTH2_AUTHORIZATION_CONTENT_TYPE || 'application/x-www-form-urlencoded' + const bodyParams = { + grant_type: "authorization_code", + client_id: process.env.OAUTH2_CLIENT_ID, + client_secret: process.env.OAUTH2_CLIENT_SECRET, + code: req.query.code, + redirect_uri: `${process.env.SHARELATEX_SITE_URL}/oauth/callback`, + } + const body = contentType === 'application/json' + ? JSON.stringify(bodyParams) + : new URLSearchParams(bodyParams).toString() + const tokenResponse = await fetch(process.env.OAUTH2_TOKEN_URL, { method: 'POST', headers: { "Accept": "application/json", - "Content-Type": "application/json", + "Content-Type": contentType, }, - body: JSON.stringify({ - grant_type: "authorization_code", - client_id: process.env.OAUTH2_CLIENT_ID, - client_secret: process.env.OAUTH2_CLIENT_SECRET, - code: req.query.code, - redirect_uri: `${process.env.SHARELATEX_SITE_URL}/oauth/callback`, - }) + body }) - + const tokenData = await tokenResponse.json() console.log("OAuth2 respond", JSON.stringify(tokenData)) @@ -324,9 +329,8 @@ const AuthenticationController = { headers: { "Accept": "application/json", "Authorization": `Bearer ${tokenData.access_token}`, - "Content-Type": "application/json", } - }) + }); const profile = await profileResponse.json() console.log("OAuth2 user profile", JSON.stringify(profile))