/
post-auth.js
61 lines (53 loc) · 1.79 KB
/
post-auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/*
* Copyright 2016 Red Hat Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
'use strict'
const URL = require('url')
module.exports = function (keycloak) {
return function postAuth (request, response, next) {
if (!request.query.auth_callback) {
return next()
}
// During the check SSO process the Keycloak server answered the user is not logged in
if (request.query.error === 'login_required') {
return next()
}
if (request.query.error) {
return keycloak.accessDenied(request, response, next)
}
keycloak.getGrantFromCode(request.query.code, request, response)
.then(grant => {
const urlParts = {
pathname: request.path,
query: request.query
}
delete urlParts.query.code
delete urlParts.query.auth_callback
delete urlParts.query.state
delete urlParts.query.session_state
const cleanUrl = URL.format(urlParts)
request.kauth.grant = grant
try {
keycloak.authenticated(request)
} catch (err) {
console.log(err)
}
response.redirect(cleanUrl)
}).catch((err) => {
keycloak.accessDenied(request, response, next)
console.error('Could not obtain grant code: ' + err)
})
}
}