feat(auth): integrated oauth2 mock server

2024-01-28 12:53:00 +00:00 · 2024-01-28 12:53:00 +00:00 · 8acfc1d10c
commit 8acfc1d10c
parent a67697d159
4 changed files with 37 additions and 11 deletions
--- a/shell.nix
+++ b/shell.nix
@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Steffen Jost <jost@tcs.ifi.lmu.de>
+# SPDX-FileCopyrightText: 2022-2024 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, David Mosbach <david.mosbach@uniworx.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

@ -9,6 +9,12 @@ let

  haskellPackages = pkgs.haskellPackages;

+  oauth2Flake = (builtins.getFlake "git+https://gitlab.uniworx.de/mosbach/oauth2-mock-server/?rev=11548e5aacca29c6ba389a62bca3d7a80d54eb6f&ref=refresh-tokens").packages.x86_64-linux;
+
+  oauth2MockServer = oauth2Flake.default;
+  mkOauth2DB = oauth2Flake.mkOauth2DB;
+  killOauth2DB = oauth2Flake.killOauth2DB;
+
  postgresSchema = pkgs.writeText "schema.sql" ''
    CREATE USER uniworx WITH SUPERUSER;
    CREATE DATABASE uniworx_test;
@ -21,6 +27,17 @@ let
    local all all trust
  '';

+  oauth2Schema = pkgs.writeText "oauth2_schema.sql" ''
+    CREATE USER oauth2mock WITH SUPERUSER;
+    CREATE DATABASE test_users;
+    GRANT ALL ON DATABASE test_users TO oauth2mock;
+  '';
+
+  oauth2Hba = pkgs.writeText "oauth2_hba_file" ''
+    local all all trust
+  '';
+
+
  develop = pkgs.writeScriptBin "develop" ''
    #!${pkgs.zsh}/bin/zsh -e

@ -44,6 +61,7 @@ let
      type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached
      type cleanup_minio &>/dev/null && cleanup_minio
      type cleanup_maildev &>/dev/null && cleanup_maildev
+      [[ -z "$OAUTH2_PGDIR" ]] || source ${killOauth2DB}/bin/killOauth2DB

      [ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env"
      set +x
@ -53,6 +71,12 @@ let

    export PORT_OFFSET=$(((16#$(sha256sum <<<"$(hostname -f):''${basePath}" | head -c 16)) % 1000))

+    if [[ -z "$OAUTH2_PGHOST" ]]; then
+      set -xe
+      source ${mkOauth2DB}/bin/mkOauth2DB
+      set +xe
+    fi
+
    if [[ -z "$PGHOST" ]]; then
      set -xe

@ -271,7 +295,9 @@ in pkgs.mkShell {

    export CHROME_BIN=${pkgs.chromium}/bin/chromium
  '';
-  nativeBuildInputs = [develop inDevelop killallUni2work diffRunning]
+  OAUTH2_HBA = oauth2Hba;
+  OAUTH2_DB_SCHEMA = oauth2Schema;
+  nativeBuildInputs = [develop inDevelop killallUni2work diffRunning oauth2MockServer]
  ++ (with pkgs;
    [ stack nodejs-14_x postgresql_12 openldap exiftool memcached minio minio-client
      gup reuse pre-commit
--- a/src/Auth/OAuth2.hs
+++ b/src/Auth/OAuth2.hs
@ -30,7 +30,7 @@ instance Exception AzureUserException
 ----------------------------------------

 mockPluginName :: Text
-mockPluginName = "uniworx_dev"
+mockPluginName = "dev-oauth2-mock"

 newtype UserID = UserID Text
 instance FromJSON UserID where
@ -40,14 +40,14 @@ instance FromJSON UserID where
 oauth2MockServer :: YesodAuth m => AuthPlugin m
 oauth2MockServer =
  let oa = OAuth2
-            { oauth2ClientId = "uniworx"
-            , oauth2ClientSecret = Just "shh"
-            , oauth2AuthorizeEndpoint = fromString $ mockServerURL <> "/authorize"
+            { oauth2ClientId = "42"
+            , oauth2ClientSecret = Just "shhh"
+            , oauth2AuthorizeEndpoint = (fromString $ mockServerURL <> "/auth") `withQuery` [scopeParam " " ["ID", "Profile"]]
            , oauth2TokenEndpoint = fromString $ mockServerURL <> "/token"
            , oauth2RedirectUri = Nothing
            }
-      mockServerURL = "0.0.0.0/"
-      profileSrc = fromString $ mockServerURL <> "/foo"
+      mockServerURL = "http://localhost:9443"
+      profileSrc = fromString $ mockServerURL <> "/users/me"
  in  authOAuth2 mockPluginName oa $ \manager token -> do
        (UserID userID, userResponse) <- authGetProfile mockPluginName manager token profileSrc
        return Creds
--- a/src/Foundation/Instances.hs
+++ b/src/Foundation/Instances.hs
@ -140,7 +140,7 @@ instance YesodAuth UniWorX where
        $(widgetFile "login")

    authenticate c@Creds{..}
-      | credsPlugin `elem` ["azureadv2", "uniworx_dev"] = UniWorX.oAuthenticate c
+      | credsPlugin `elem` ["azureadv2", "dev-oauth2-mock"] = UniWorX.oAuthenticate c
      | otherwise                                       = UniWorX.authenticate c

    authPlugins UniWorX{ appSettings' = AppSettings{..}, appLdapPool, appAuthPlugins } = appAuthPlugins ++ catMaybes
--- a/templates/login.hamlet
+++ b/templates/login.hamlet
@ -1,6 +1,6 @@
 $newline never

-$# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
+$# SPDX-FileCopyrightText: 2022-2024 Gregor Kleen <gregor.kleen@ifi.lmu.de>,David Mosbach <david.mosbach@uniworx.de>
 $#
 $# SPDX-License-Identifier: AGPL-3.0-or-later

@ -9,7 +9,7 @@ $forall AuthPlugin{apName, apLogin} <- plugins
    <section>
      <h2>Azure
      ^{apLogin toParent}
-  $elseif apName == "uniworx_dev"
+  $elseif apName == "dev-oauth2-mock"
    <section>
      <h2>_{MsgDummyLoginTitle}
      ^{apLogin toParent}