RegisterServerAuthenticatedResult,
RegisterServerAuthPassOptions,
RegisterServerExternalAuthenticatedResult
-} from '@shared/models/plugins/register-server-auth.model'
+} from '@server/types/plugins/register-server-auth.model'
import * as express from 'express'
import * as OAuthServer from 'express-oauth-server'
+import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
const oAuthServer = new OAuthServer({
useErrorHandler: true,
const token = res.locals.oauth.token
res.locals.explicitLogout = true
- await revokeToken(token)
+ const result = await revokeToken(token)
// FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released
// oAuthServer.revoke(req, res, err => {
// }
// })
- return res.json()
+ return res.json(result)
}
async function onExternalUserAuthenticated (options: {
authName
})
+ // Cleanup
+ const now = new Date()
+ for (const [ key, value ] of authBypassTokens) {
+ if (value.expires.getTime() < now.getTime()) {
+ authBypassTokens.delete(key)
+ }
+ }
+
res.redirect(`/login?externalAuthToken=${bypassToken}&username=${user.username}`)
}
const obj = authBypassTokens.get(req.body.externalAuthToken)
if (!obj) {
logger.error('Cannot authenticate user with unknown bypass token')
- return res.sendStatus(400)
+ return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
}
const { expires, user, authName, npmName } = obj
const now = new Date()
if (now.getTime() > expires.getTime()) {
logger.error('Cannot authenticate user with an expired external auth token')
- return res.sendStatus(400)
+ return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
}
if (user.username !== req.body.username) {
logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username)
- return res.sendStatus(400)
+ return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
}
// Bypass oauth library validation