From 9d15dcd48656dc921bd94cc70ebfc1bc72159e93 Mon Sep 17 00:00:00 2001 From: Payton Garland Date: Wed, 7 Feb 2018 12:46:46 -0600 Subject: [PATCH] Modify Microsoft AuthN lookup option to use username (required) vs email (not required) --- ...l-lookup.js => microsoft.json-username-lookup.js} | 8 ++++---- build/build.js | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) rename authz/{microsoft.json-email-lookup.js => microsoft.json-username-lookup.js} (79%) diff --git a/authz/microsoft.json-email-lookup.js b/authz/microsoft.json-username-lookup.js similarity index 79% rename from authz/microsoft.json-email-lookup.js rename to authz/microsoft.json-username-lookup.js index 0f69dfa..2e9abf9 100644 --- a/authz/microsoft.json-email-lookup.js +++ b/authz/microsoft.json-username-lookup.js @@ -1,7 +1,7 @@ const axios = require('axios'); function isAuthorized(decoded, request, callback, unauthorized, internalServerError, config) { - axios.get(config.JSON_EMAIL_LOOKUP) + axios.get(config.JSON_USERNAME_LOOKUP) .then(function(response) { if (Array.isArray(response.data) && response.data.indexOf(decoded.sub) > -1) { callback(null, request); @@ -15,10 +15,10 @@ function isAuthorized(decoded, request, callback, unauthorized, internalServerEr } function getSubject(decoded) { - if (decoded.payload.hasOwnProperty('email')) { - return decoded.payload.email; + if (decoded.payload.hasOwnProperty('upn')) { + return decoded.payload.upn; } else { - return 'Email not found'; + return 'Username not found'; } } diff --git a/build/build.js b/build/build.js index f934872..6ca45cc 100644 --- a/build/build.js +++ b/build/build.js @@ -62,7 +62,7 @@ function microsoftConfiguration() { required: true }, AUTHZ: { - description: colors.red("Authorization methods:\n (1) Azure AD Login (default)\n (2) JSON Email Lookup\n\n Select an authorization method") + description: colors.red("Authorization methods:\n (1) Azure AD Login (default)\n (2) JSON Username Lookup\n\n Select an authorization method") } } }, function(err, result) { @@ -77,7 +77,7 @@ function microsoftConfiguration() { config.AUTH_REQUEST.redirect_uri = result.REDIRECT_URI; config.AUTH_REQUEST.response_type = 'code'; config.AUTH_REQUEST.response_mode = 'query'; - config.AUTH_REQUEST.scope = 'openid email'; + config.AUTH_REQUEST.scope = 'openid'; config.TOKEN_REQUEST.client_id = result.CLIENT_ID; config.TOKEN_REQUEST.grant_type = 'authorization_code'; @@ -93,17 +93,17 @@ function microsoftConfiguration() { shell.exec('zip -q cloudfront-auth.zip config.json index.js package-lock.json package.json auth.js -r node_modules'); break; case '2': - shell.cp('./authz/microsoft.json-email-lookup.js', './auth.js'); + shell.cp('./authz/microsoft.json-username-lookup.js', './auth.js'); prompt.start(); prompt.message = colors.blue(">>>"); prompt.get({ properties: { - JSON_EMAIL_LOOKUP: { - description: colors.red("JSON email lookup endpoint") + JSON_USERNAME_LOOKUP: { + description: colors.red("JSON username lookup endpoint") } } }, function (err, result) { - config.JSON_EMAIL_LOOKUP = result.JSON_EMAIL_LOOKUP; + config.JSON_USERNAME_LOOKUP = result.JSON_USERNAME_LOOKUP; writeConfig(config, zipDefault); }); break;