Modify Microsoft AuthN lookup option to use username (required) vs email (not required)

payton · payton · commit 9d15dcd48656 · 2018-02-07T12:46:53.000-06:00
diff --git a/authz/microsoft.json-username-lookup.js b/authz/microsoft.json-username-lookup.js
@@ -1,7 +1,7 @@
 const axios = require('axios');
 
 function isAuthorized(decoded, request, callback, unauthorized, internalServerError, config) {
-  axios.get(config.JSON_EMAIL_LOOKUP)
+  axios.get(config.JSON_USERNAME_LOOKUP)
     .then(function(response) {
       if (Array.isArray(response.data) && response.data.indexOf(decoded.sub) > -1) {
         callback(null, request);
@@ -15,10 +15,10 @@ function isAuthorized(decoded, request, callback, unauthorized, internalServerEr
 }
 
 function getSubject(decoded) { 
-    if (decoded.payload.hasOwnProperty('email')) {
-        return decoded.payload.email;
+    if (decoded.payload.hasOwnProperty('upn')) {
+        return decoded.payload.upn;
     } else {
-        return 'Email not found';
+        return 'Username not found';
     }
 }
 
diff --git a/build/build.js b/build/build.js
@@ -62,7 +62,7 @@ function microsoftConfiguration() {
         required: true
       },
       AUTHZ: {
-        description: colors.red("Authorization methods:\n   (1) Azure AD Login (default)\n   (2) JSON Email Lookup\n\n   Select an authorization method")
+        description: colors.red("Authorization methods:\n   (1) Azure AD Login (default)\n   (2) JSON Username Lookup\n\n   Select an authorization method")
       }
     }
   }, function(err, result) {
@@ -77,7 +77,7 @@ function microsoftConfiguration() {
     config.AUTH_REQUEST.redirect_uri = result.REDIRECT_URI;
     config.AUTH_REQUEST.response_type = 'code';
     config.AUTH_REQUEST.response_mode = 'query';
-    config.AUTH_REQUEST.scope = 'openid email';
+    config.AUTH_REQUEST.scope = 'openid';
 
     config.TOKEN_REQUEST.client_id = result.CLIENT_ID;
     config.TOKEN_REQUEST.grant_type = 'authorization_code';
@@ -93,17 +93,17 @@ function microsoftConfiguration() {
         shell.exec('zip -q cloudfront-auth.zip config.json index.js package-lock.json package.json auth.js -r node_modules');
         break;
       case '2':
-        shell.cp('./authz/microsoft.json-email-lookup.js', './auth.js');
+        shell.cp('./authz/microsoft.json-username-lookup.js', './auth.js');
         prompt.start();
         prompt.message = colors.blue(">>>");
         prompt.get({
           properties: {
-            JSON_EMAIL_LOOKUP: {
-              description: colors.red("JSON email lookup endpoint")
+            JSON_USERNAME_LOOKUP: {
+              description: colors.red("JSON username lookup endpoint")
             }
           }
         }, function (err, result) {
-          config.JSON_EMAIL_LOOKUP = result.JSON_EMAIL_LOOKUP;
+          config.JSON_USERNAME_LOOKUP = result.JSON_USERNAME_LOOKUP;
           writeConfig(config, zipDefault);
         });
         break;

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`const axios = require('axios');`
`2`	`2`
`3`	`3`	`function isAuthorized(decoded, request, callback, unauthorized, internalServerError, config) {`
`4`		`- axios.get(config.JSON_EMAIL_LOOKUP)`
	`4`	`+ axios.get(config.JSON_USERNAME_LOOKUP)`
`5`	`5`	`.then(function(response) {`
`6`	`6`	`if (Array.isArray(response.data) && response.data.indexOf(decoded.sub) > -1) {`
`7`	`7`	`callback(null, request);`
`@@ -15,10 +15,10 @@ function isAuthorized(decoded, request, callback, unauthorized, internalServerEr`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`function getSubject(decoded) {`
`18`		`- if (decoded.payload.hasOwnProperty('email')) {`
`19`		`- return decoded.payload.email;`
	`18`	`+ if (decoded.payload.hasOwnProperty('upn')) {`
	`19`	`+ return decoded.payload.upn;`
`20`	`20`	`} else {`
`21`		`- return 'Email not found';`
	`21`	`+ return 'Username not found';`
`22`	`22`	`}`
`23`	`23`	`}`
`24`	`24`