-import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users'
+import {
+ isUserAdminFlagsValid,
+ isUserDisplayNameValid,
+ isUserRoleValid,
+ isUserUsernameValid,
+ isUserVideoQuotaDailyValid,
+ isUserVideoQuotaValid
+} from '@server/helpers/custom-validators/users'
import { logger } from '@server/helpers/logger'
import { generateRandomString } from '@server/helpers/utils'
import { PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
import { PluginManager } from '@server/lib/plugins/plugin-manager'
import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
+import { MUser } from '@server/types/models'
import {
RegisterServerAuthenticatedResult,
RegisterServerAuthPassOptions,
RegisterServerExternalAuthenticatedResult
} from '@server/types/plugins/register-server-auth.model'
-import { UserRole } from '@shared/models'
+import { UserAdminFlag, UserRole } from '@shared/models'
+import { BypassLogin } from './oauth-model'
+
+export type ExternalUser =
+ Pick<MUser, 'username' | 'email' | 'role' | 'adminFlags' | 'videoQuotaDaily' | 'videoQuota'> &
+ { displayName: string }
// Token is the key, expiration date is the value
const authBypassTokens = new Map<string, {
expires: Date
- user: {
- username: string
- email: string
- displayName: string
- role: UserRole
- }
+ user: ExternalUser
+ userUpdater: RegisterServerAuthenticatedResult['userUpdater']
authName: string
npmName: string
}>()
expires,
user,
npmName,
- authName
+ authName,
+ userUpdater: authResult.userUpdater
})
// Cleanup expired tokens
return tokenModel?.authName
}
-async function getBypassFromPasswordGrant (username: string, password: string) {
+async function getBypassFromPasswordGrant (username: string, password: string): Promise<BypassLogin> {
const plugins = PluginManager.Instance.getIdAndPassAuths()
const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
bypass: true,
pluginName: pluginAuth.npmName,
authName: authOptions.authName,
- user: buildUserResult(loginResult)
+ user: buildUserResult(loginResult),
+ userUpdater: loginResult.userUpdater
}
} catch (err) {
logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err })
return undefined
}
-function getBypassFromExternalAuth (username: string, externalAuthToken: string) {
+function getBypassFromExternalAuth (username: string, externalAuthToken: string): BypassLogin {
const obj = authBypassTokens.get(externalAuthToken)
if (!obj) throw new Error('Cannot authenticate user with unknown bypass token')
return {
bypass: true,
pluginName: npmName,
- authName: authName,
+ authName,
+ userUpdater: obj.userUpdater,
user
}
}
function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) {
- if (!isUserUsernameValid(result.username)) {
- logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username })
+ const returnError = (field: string) => {
+ logger.error('Auth method %s of plugin %s did not provide a valid %s.', authName, npmName, field, { [field]: result[field] })
return false
}
- if (!result.email) {
- logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email })
- return false
- }
+ if (!isUserUsernameValid(result.username)) return returnError('username')
+ if (!result.email) return returnError('email')
- // role is optional
- if (result.role && !isUserRoleValid(result.role)) {
- logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role })
- return false
- }
+ // Following fields are optional
+ if (result.role && !isUserRoleValid(result.role)) return returnError('role')
+ if (result.displayName && !isUserDisplayNameValid(result.displayName)) return returnError('displayName')
+ if (result.adminFlags && !isUserAdminFlagsValid(result.adminFlags)) return returnError('adminFlags')
+ if (result.videoQuota && !isUserVideoQuotaValid(result.videoQuota + '')) return returnError('videoQuota')
+ if (result.videoQuotaDaily && !isUserVideoQuotaDailyValid(result.videoQuotaDaily + '')) return returnError('videoQuotaDaily')
- // display name is optional
- if (result.displayName && !isUserDisplayNameValid(result.displayName)) {
- logger.error(
- 'Auth method %s of plugin %s did not provide a valid display name.',
- authName, npmName, { displayName: result.displayName }
- )
+ if (result.userUpdater && typeof result.userUpdater !== 'function') {
+ logger.error('Auth method %s of plugin %s did not provide a valid user updater function.', authName, npmName)
return false
}
username: pluginResult.username,
email: pluginResult.email,
role: pluginResult.role ?? UserRole.USER,
- displayName: pluginResult.displayName || pluginResult.username
+ displayName: pluginResult.displayName || pluginResult.username,
+
+ adminFlags: pluginResult.adminFlags ?? UserAdminFlag.NONE,
+
+ videoQuota: pluginResult.videoQuota,
+ videoQuotaDaily: pluginResult.videoQuotaDaily
}
}
projects / github / Chocobozzz / PeerTube.git / blobdiff