X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Flib%2Foauth-model.ts;h=f7ea98b4174cee8854dd827e55319a8b19daff36;hb=884d2c39ae23b44d0d037aaff0f66ad9ae0807ba;hp=dbcba897a39d9fb037232251c8c9c19d3fa8abcb;hpb=3cc665f48fd233d09f778d7e887488dde6f03ef6;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index dbcba897a..f7ea98b41 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts @@ -8,12 +8,13 @@ import { LRU_CACHE } from '../initializers/constants' import { Transaction } from 'sequelize' import { CONFIG } from '../initializers/config' import * as LRUCache from 'lru-cache' -import { MOAuthTokenUser } from '@server/typings/models/oauth/oauth-token' -import { MUser } from '@server/typings/models/user/user' +import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token' +import { MUser } from '@server/types/models/user/user' import { UserAdminFlag } from '@shared/models/users/user-flag.model' import { createUserAccountAndChannelAndPlaylist } from './user' import { UserRole } from '@shared/models/users/user-role' import { PluginManager } from '@server/lib/plugins/plugin-manager' +import { ActorModel } from '@server/models/activitypub/actor' type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } @@ -109,6 +110,9 @@ async function getUser (usernameOrEmail?: string, password?: string) { let user = await UserModel.loadByEmail(obj.user.email) if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) + // Cannot create a user + if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.') + // If the user does not belongs to a plugin, it was created before its installation // Then we just go through a regular login process if (user.pluginAuth !== null) { @@ -123,7 +127,7 @@ async function getUser (usernameOrEmail?: string, password?: string) { const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) // If we don't find the user, or if the user belongs to a plugin - if (!user || user.pluginAuth !== null) return null + if (!user || user.pluginAuth !== null || !password) return null const passwordMatch = await user.isPasswordMatch(password) if (passwordMatch !== true) return null @@ -137,13 +141,15 @@ async function getUser (usernameOrEmail?: string, password?: string) { return user } -async function revokeToken (tokenInfo: { refreshToken: string }) { +async function revokeToken (tokenInfo: { refreshToken: string }): Promise<{ success: boolean, redirectUrl?: string }> { const res: express.Response = this.request.res const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) if (token) { + let redirectUrl: string + if (res.locals.explicitLogout === true && token.User.pluginAuth && token.authName) { - PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User) + redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, this.request) } clearCacheByToken(token.accessToken) @@ -151,10 +157,10 @@ async function revokeToken (tokenInfo: { refreshToken: string }) { token.destroy() .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) - return true + return { success: true, redirectUrl } } - return false + return { success: false } } async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { @@ -208,6 +214,10 @@ async function createUserFromExternal (pluginAuth: string, options: { role: UserRole displayName: string }) { + // Check an actor does not already exists with that name (removed user) + const actor = await ActorModel.loadLocalByName(options.username) + if (actor) return null + const userToCreate = new UserModel({ username: options.username, password: null,