fix auth

devksingh4 · devksingh4 · commit f1515562b7d9 · 2023-12-02T12:30:49.000-06:00
diff --git a/config.js b/config.js
@@ -12,7 +12,7 @@ exports.branding = {
   orgHome: process.env.brandOrgHome || "https://acm.illinois.edu",
   statusURL: process.env.brandStatusURL || "https://status.acm.illinois.edu",
   copyrightOwner: process.env.brandCopyrightOwner || "ACM @ UIUC",
-  domainHint: process.env.brandDomainHint || "acm.illinois.edu", // primary azure AD domain for tenant.
+  domainHint: process.env.brandDomainHint, // primary azure AD domain for tenant.
   externalDomain: process.env.externalDomain || "https://go.acm.illinois.edu"
 
 }
diff --git a/index.js b/index.js
@@ -313,7 +313,8 @@ app.get('/#',
         resourceURL: config.resourceURL,    // optional. Provide a value if you want to specify the resource.
         customState: 'my_state',            // optional. Provide a value if you want to provide custom state value.
         failureRedirect: '/error',
-        domain_hint: config.branding.domainHint
+        domain_hint: config.branding.domainHint,
+        prompt: 'select_account'
       }
     )(req, res, next);
   },
@@ -326,22 +327,6 @@ app.get('/error', (req, res) => {
 app.get('/unauthorized', (req, res) => {
   return res.status(401).render('unauthorized.html', { partials, productName: config.branding.title, logoPath: config.branding.logoPath, copyrightOwner: config.branding.copyrightOwner, statusURL: config.branding.statusURL, orgHome: config.branding.orgHome, groups: config.groups_permitted.toString().replaceAll(",", "<br />"), adminGroups: config.admin_groups.toString().replaceAll(",", "<br />") });
 });
-// 'GET returnURL'
-// `passport.authenticate` will try to authenticate the content returned in
-// query (such as authorization code). If authentication fails, user will be
-// redirected to '/' (home page); otherwise, it passes to the next middleware.
-app.get('/auth/openid/return',
-  function (req, res, next) {
-    passport.authenticate('azuread-openidconnect',
-      {
-        response: res,    // required
-        failureRedirect: '/'
-      }
-    )(req, res, next);
-  },
-  function (req, res) {
-    res.redirect('/');
-  });
 
 // 'POST returnURL'
 // `passport.authenticate` will try to authenticate the content returned in
@@ -351,8 +336,12 @@ app.post('/auth/openid/return',
   function (req, res, next) {
     passport.authenticate('azuread-openidconnect',
       {
-        response: res,    // required
-        failureRedirect: '/'
+        response: res,                      // required
+        resourceURL: config.resourceURL,    // optional. Provide a value if you want to specify the resource.
+        customState: 'my_state',            // optional. Provide a value if you want to provide custom state value.
+        failureRedirect: '/error',
+        domain_hint: config.branding.domainHint,
+        prompt: 'select_account'
       }
     )(req, res, next);
   },

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ exports.branding = {`
`12`	`12`	`orgHome: process.env.brandOrgHome \|\| "https://acm.illinois.edu",`
`13`	`13`	`statusURL: process.env.brandStatusURL \|\| "https://status.acm.illinois.edu",`
`14`	`14`	`copyrightOwner: process.env.brandCopyrightOwner \|\| "ACM @ UIUC",`
`15`		`- domainHint: process.env.brandDomainHint \|\| "acm.illinois.edu", // primary azure AD domain for tenant.`
	`15`	`+ domainHint: process.env.brandDomainHint, // primary azure AD domain for tenant.`
`16`	`16`	`externalDomain: process.env.externalDomain \|\| "https://go.acm.illinois.edu"`
`17`	`17`
`18`	`18`	`}`