Add a test for refreshing remote keys

[github/Chocobozzz/PeerTube.git] / server / lib / auth.ts

diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index acf0da18a6740e20a0567a1394d32a78e95095cd..dbd421a7b3d6e0b33c1ecbf5dc2286475cc36452 100644 (file)
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -13,11 +13,13 @@ import {
 } from '@server/types/plugins/register-server-auth.model'
 import * as express from 'express'
 import * as OAuthServer from 'express-oauth-server'
+import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
 
 const oAuthServer = new OAuthServer({
   useErrorHandler: true,
   accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
   refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
+  allowExtendedTokenAttributes: true,
   continueMiddleware: true,
   model: require('./oauth-model')
 })
@@ -215,7 +217,7 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response)
   const obj = authBypassTokens.get(req.body.externalAuthToken)
   if (!obj) {
     logger.error('Cannot authenticate user with unknown bypass token')
-    return res.sendStatus(400)
+    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
   }
 
   const { expires, user, authName, npmName } = obj
@@ -223,12 +225,12 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response)
   const now = new Date()
   if (now.getTime() > expires.getTime()) {
     logger.error('Cannot authenticate user with an expired external auth token')
-    return res.sendStatus(400)
+    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
   }
 
   if (user.username !== req.body.username) {
     logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username)
-    return res.sendStatus(400)
+    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
   }
 
   // Bypass oauth library validation