From 4e09e8762b0e2a07dcec888bb170fde63bb6c832 Mon Sep 17 00:00:00 2001 From: Alexandre KIENTZ Date: Wed, 3 Dec 2025 22:14:52 +0100 Subject: [PATCH] first commit --- src/controllers/authController.js | 12 ++++++++++-- src/middleware/oidcMiddleware.js | 20 +++++++++++++++++--- src/server.js | 14 +++++++++++--- 3 files changed, 38 insertions(+), 8 deletions(-) diff --git a/src/controllers/authController.js b/src/controllers/authController.js index 8168869..079786f 100644 --- a/src/controllers/authController.js +++ b/src/controllers/authController.js @@ -203,6 +203,11 @@ export async function authCallback(req, res) { return res.redirect(redirectUrl); } + // Log the incoming request details + console.log('Callback request method:', req.method); + console.log('Callback query params:', Object.keys(req.query)); + console.log('Callback body params:', Object.keys(req.body)); + const { tokenSet, userInfo } = await handleCallback(req); req.session.tokenSet = tokenSet; @@ -218,8 +223,11 @@ export async function authCallback(req, res) { res.redirect(redirectUrl); } catch (error) { - console.error('Callback error:', error); - res.status(401).send('Authentication failed'); + console.error('Callback error:', error.message); + console.error('Callback error details:', error); + console.error('Session state:', req.session?.state); + console.error('Session nonce:', req.session?.nonce); + res.status(401).send(`Authentication failed: ${error.message}`); } } diff --git a/src/middleware/oidcMiddleware.js b/src/middleware/oidcMiddleware.js index 3b669f6..74694ab 100644 --- a/src/middleware/oidcMiddleware.js +++ b/src/middleware/oidcMiddleware.js @@ -65,10 +65,24 @@ export async function handleCallback(req) { ...req.body, }; - const tokenSet = await client.callback(config.oidc.redirectUri, params, { + // Log for debugging + console.log('OAuth callback params:', { code: params.code ? 'present' : 'missing', state: params.state ? 'present' : 'missing', error: params.error || 'none' }); + console.log('Session state:', req.session.state ? 'present' : 'missing'); + console.log('Session nonce:', req.session.nonce ? 'present' : 'missing'); + + // Prepare validation options - only include state if it was provided by the provider + const validationOpts = { nonce: req.session.nonce, - state: req.session.state, - }); + }; + + // Only validate state if the provider sent it back + if (params.state) { + validationOpts.state = req.session.state; + } + + console.log('Validation options:', { hasNonce: !!validationOpts.nonce, hasState: !!validationOpts.state }); + + const tokenSet = await client.callback(config.oidc.redirectUri, params, validationOpts); const userInfo = await client.userinfo(tokenSet); diff --git a/src/server.js b/src/server.js index 0f5713e..99dc7c6 100644 --- a/src/server.js +++ b/src/server.js @@ -22,10 +22,18 @@ import reverseProxyMiddleware from './middleware/proxyMiddleware.js'; const app = express(); const FileStoreSession = FileStore(session); -// Create sessions directory FIRST (before any middleware) +// Create sessions directory FIRST (before any middleware) with proper permissions +const sessionsDir = path.join(process.cwd(), 'sessions'); try { - const sessionsDir = path.join(process.cwd(), 'sessions'); - fs.mkdirSync(sessionsDir, { recursive: true }); + // Create with mode 0o755 for read/write access + if (!fs.existsSync(sessionsDir)) { + fs.mkdirSync(sessionsDir, { recursive: true, mode: 0o755 }); + console.log('✓ Sessions directory created at:', sessionsDir); + } else { + console.log('✓ Sessions directory exists at:', sessionsDir); + // Ensure proper permissions + fs.chmodSync(sessionsDir, 0o755); + } } catch (error) { console.error('✗ Failed to create sessions directory:', error); process.exit(1);