diff --git a/docker-compose.prod.yaml b/docker-compose.prod.yaml index 5c1355cc..e6336609 100644 --- a/docker-compose.prod.yaml +++ b/docker-compose.prod.yaml @@ -74,7 +74,7 @@ services: OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER - OPID_ADDITIONAL_SCOPES: $OPID_ADDITIONAL_SCOPES + OPID_SCOPE: $OPID_SCOPE OPID_USERNAME_CLAIM: $OPID_USERNAME_CLAIM OPID_LOCALE_CLAIM: $OPID_LOCALE_CLAIM DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS diff --git a/docker-compose.single-domain.yaml b/docker-compose.single-domain.yaml index 1612e396..b9149ba0 100644 --- a/docker-compose.single-domain.yaml +++ b/docker-compose.single-domain.yaml @@ -76,6 +76,9 @@ services: OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER + OPID_SCOPE: $OPID_SCOPE + OPID_USERNAME_CLAIM: $OPID_USERNAME_CLAIM + OPID_LOCALE_CLAIM: $OPID_LOCALE_CLAIM DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS volumes: - ./pusher:/usr/src/app diff --git a/docker-compose.yaml b/docker-compose.yaml index 2bbc6c0a..3c16ce00 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -85,6 +85,9 @@ services: OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER + OPID_SCOPE: $OPID_SCOPE + OPID_USERNAME_CLAIM: $OPID_USERNAME_CLAIM + OPID_LOCALE_CLAIM: $OPID_LOCALE_CLAIM DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS volumes: - ./pusher:/usr/src/app diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts index 9110fc45..543e2bf1 100644 --- a/front/src/Connexion/ConnectionManager.ts +++ b/front/src/Connexion/ConnectionManager.ts @@ -10,13 +10,13 @@ import { _ServiceWorker } from "../Network/ServiceWorker"; import { loginSceneVisibleIframeStore } from "../Stores/LoginSceneStore"; import { userIsConnected, warningContainerStore } from "../Stores/MenuStore"; import { analyticsClient } from "../Administration/AnalyticsClient"; -import { gameManager } from "../Phaser/Game/GameManager"; import { axiosWithRetry } from "./AxiosUtils"; import axios from "axios"; import { isRegisterData } from "../Messages/JsonMessages/RegisterData"; import { isAdminApiData } from "../Messages/JsonMessages/AdminApiData"; import { limitMapStore } from "../Stores/GameStore"; import { showLimitRoomModalStore } from "../Stores/ModalStore"; +import { gameManager } from "../Phaser/Game/GameManager"; import { locales } from "../i18n/i18n-util"; import type { Locales } from "../i18n/i18n-types"; import { setCurrentLocale } from "../i18n/locales"; @@ -359,6 +359,7 @@ class ConnectionManager { this.localUser = new LocalUser(userUuid, textures, email); localUserStore.saveUser(this.localUser); this.authToken = authToken; + if (username) { gameManager.setPlayerName(username); } @@ -378,8 +379,8 @@ class ConnectionManager { } catch (err) { console.warn("Could not set locale", err); } - } - + } + //user connected, set connected store for menu at true userIsConnected.set(true); } diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts index 706a60ea..26adb8aa 100644 --- a/pusher/src/Controller/AuthenticateController.ts +++ b/pusher/src/Controller/AuthenticateController.ts @@ -93,7 +93,15 @@ export class AuthenticateController extends BaseController { res.writeStatus("200"); this.addCorsHeaders(res); res.writeHeader("Content-Type", "application/json"); - return res.end(JSON.stringify({ ...resCheckTokenAuth, ...resUserData, username: authTokenData.username, locale: authTokenData.locale, authToken: token })); + return res.end( + JSON.stringify({ + ...resCheckTokenAuth, + ...resUserData, + authToken: token, + username: authTokenData?.username, + locale: authTokenData?.locale, + }) + ); } catch (err) { console.info("User was not connected", err); } @@ -115,7 +123,12 @@ export class AuthenticateController extends BaseController { if (!sub) { throw new Error("No sub in the response"); } - const authToken = jwtTokenManager.createAuthToken(sub, userInfo?.access_token, userInfo?.username, userInfo?.locale); + const authToken = jwtTokenManager.createAuthToken( + sub, + userInfo?.access_token, + userInfo?.username, + userInfo?.locale + ); //Get user data from Admin Back Office //This is very important to create User Local in LocalStorage in WorkAdventure @@ -124,7 +137,9 @@ export class AuthenticateController extends BaseController { res.writeStatus("200"); this.addCorsHeaders(res); res.writeHeader("Content-Type", "application/json"); - return res.end(JSON.stringify({ ...data, authToken, username: userInfo.username, locale: userInfo.locale, userUuid : sub })); + return res.end( + JSON.stringify({ ...data, authToken, username: userInfo?.username, locale: userInfo?.locale, userUuid : sub }) + ); } catch (e) { console.error("openIDCallback => ERROR", e); return this.errorToResponse(e, res); diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts index 2189e52e..a6b96c5e 100644 --- a/pusher/src/Enum/EnvironmentVariable.ts +++ b/pusher/src/Enum/EnvironmentVariable.ts @@ -19,7 +19,7 @@ export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || ""; export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || ""; export const OPID_CLIENT_REDIRECT_URL = process.env.OPID_CLIENT_REDIRECT_URL || FRONT_URL + "/jwt"; export const OPID_PROFILE_SCREEN_PROVIDER = process.env.OPID_PROFILE_SCREEN_PROVIDER || ADMIN_URL + "/profile"; -export const OPID_ADDITIONAL_SCOPES = process.env.OPID_ADDITIONAL_SCOPES || ""; +export const OPID_SCOPE = process.env.OPID_SCOPE || "openid email"; export const OPID_USERNAME_CLAIM = process.env.OPID_USERNAME_CLAIM || "username"; export const OPID_LOCALE_CLAIM = process.env.OPID_LOCALE_CLAIM || "locale"; export const DISABLE_ANONYMOUS: boolean = process.env.DISABLE_ANONYMOUS === "true"; diff --git a/pusher/src/Services/OpenIDClient.ts b/pusher/src/Services/OpenIDClient.ts index 23572365..32bda560 100644 --- a/pusher/src/Services/OpenIDClient.ts +++ b/pusher/src/Services/OpenIDClient.ts @@ -4,9 +4,9 @@ import { OPID_CLIENT_SECRET, OPID_CLIENT_ISSUER, OPID_CLIENT_REDIRECT_URL, - OPID_ADDITIONAL_SCOPES, OPID_USERNAME_CLAIM, OPID_LOCALE_CLAIM, + OPID_SCOPE, } from "../Enum/EnvironmentVariable"; class OpenIDClient { @@ -28,8 +28,11 @@ class OpenIDClient { public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) { return this.initClient().then((client) => { + if (!OPID_SCOPE.includes("email") || !OPID_SCOPE.includes("openid")) { + throw new Error("Invalid scope, 'email' and 'openid' are required in OPID_SCOPE."); + } return client.authorizationUrl({ - scope: "openid email " + OPID_ADDITIONAL_SCOPES, + scope: OPID_SCOPE, prompt: "login", state: state, nonce: nonce, @@ -39,7 +42,10 @@ class OpenIDClient { }); } - public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string; username: string; locale: string }> { + public getUserInfo( + code: string, + nonce: string + ): Promise<{ email: string; sub: string; access_token: string; username: string; locale: string }> { return this.initClient().then((client) => { return client.callback(OPID_CLIENT_REDIRECT_URL, { code }, { nonce }).then((tokenSet) => { return client.userinfo(tokenSet).then((res) => { @@ -48,8 +54,8 @@ class OpenIDClient { email: res.email as string, sub: res.sub, access_token: tokenSet.access_token as string, - username: (res[OPID_USERNAME_CLAIM]) as string, - locale: (res[OPID_LOCALE_CLAIM]) as string, + username: res[OPID_USERNAME_CLAIM] as string, + locale: res[OPID_LOCALE_CLAIM] as string, }; }); });