From 055cfb11a9d688dbc2dce5c164d1f0b311918378 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Mon, 27 Apr 2020 10:19:14 +0200
Subject: [PATCH] Add plugin auth migrations

---
 .../migrations/0485-video-file-metadata.ts    | 30 -------------
 .../migrations/0490-plugin-auth.ts            | 42 +++++++++++++++++++
 server/lib/auth.ts                            | 40 ++++++++++--------
 server/lib/plugins/register-helpers-store.ts  |  2 +
 server/models/server/plugin.ts                | 25 +++++++++++
 server/tests/plugins/id-and-pass-auth.ts      |  2 +-
 .../plugins/plugin-settings-manager.model.ts  |  4 +-
 7 files changed, 95 insertions(+), 50 deletions(-)
 delete mode 100644 server/initializers/migrations/0485-video-file-metadata.ts
 create mode 100644 server/initializers/migrations/0490-plugin-auth.ts

diff --git a/server/initializers/migrations/0485-video-file-metadata.ts b/server/initializers/migrations/0485-video-file-metadata.ts
deleted file mode 100644
index 5d95be024..000000000
--- a/server/initializers/migrations/0485-video-file-metadata.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-import * as Sequelize from 'sequelize'
-
-async function up (utils: {
-  transaction: Sequelize.Transaction
-  queryInterface: Sequelize.QueryInterface
-  sequelize: Sequelize.Sequelize
-}): Promise<void> {
-
-  const metadata = {
-    type: Sequelize.JSONB,
-    allowNull: true
-  }
-  await utils.queryInterface.addColumn('videoFile', 'metadata', metadata)
-
-  const metadataUrl = {
-    type: Sequelize.STRING,
-    allowNull: true
-  }
-  await utils.queryInterface.addColumn('videoFile', 'metadataUrl', metadataUrl)
-
-}
-
-function down (options) {
-  throw new Error('Not implemented.')
-}
-
-export {
-  up,
-  down
-}
diff --git a/server/initializers/migrations/0490-plugin-auth.ts b/server/initializers/migrations/0490-plugin-auth.ts
new file mode 100644
index 000000000..ea636a4ad
--- /dev/null
+++ b/server/initializers/migrations/0490-plugin-auth.ts
@@ -0,0 +1,42 @@
+import * as Sequelize from 'sequelize'
+
+async function up (utils: {
+  transaction: Sequelize.Transaction
+  queryInterface: Sequelize.QueryInterface
+  sequelize: Sequelize.Sequelize
+}): Promise<void> {
+
+  {
+    const password = {
+      type: Sequelize.STRING,
+      allowNull: true
+    }
+    await utils.queryInterface.changeColumn('user', 'password', password)
+  }
+
+  {
+    const pluginAuth = {
+      type: Sequelize.STRING,
+      allowNull: true
+    }
+    await utils.queryInterface.addColumn('user', 'pluginAuth', pluginAuth)
+  }
+
+  {
+    const authName = {
+      type: Sequelize.STRING,
+      allowNull: true
+    }
+    await utils.queryInterface.addColumn('oAuthToken', 'authName', authName)
+  }
+
+}
+
+function down (options) {
+  throw new Error('Not implemented.')
+}
+
+export {
+  up,
+  down
+}
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index c2a6fcaff..c47ec62d0 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -126,26 +126,30 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
       authOptions.authName, pluginAuth.npmName, loginOptions.id, authOptions.getWeight()
     )
 
-    const loginResult = await authOptions.login(loginOptions)
-    if (loginResult) {
-      logger.info(
-        'Login success with auth method %s of plugin %s for %s.',
-        authOptions.authName, pluginAuth.npmName, loginOptions.id
-      )
-
-      res.locals.bypassLogin = {
-        bypass: true,
-        pluginName: pluginAuth.npmName,
-        authName: authOptions.authName,
-        user: {
-          username: loginResult.username,
-          email: loginResult.email,
-          role: loginResult.role || UserRole.USER,
-          displayName: loginResult.displayName || loginResult.username
+    try {
+      const loginResult = await authOptions.login(loginOptions)
+      if (loginResult) {
+        logger.info(
+          'Login success with auth method %s of plugin %s for %s.',
+          authOptions.authName, pluginAuth.npmName, loginOptions.id
+        )
+
+        res.locals.bypassLogin = {
+          bypass: true,
+          pluginName: pluginAuth.npmName,
+          authName: authOptions.authName,
+          user: {
+            username: loginResult.username,
+            email: loginResult.email,
+            role: loginResult.role || UserRole.USER,
+            displayName: loginResult.displayName || loginResult.username
+          }
         }
-      }
 
-      return
+        return
+      }
+    } catch (err) {
+      logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err })
     }
   }
 }
diff --git a/server/lib/plugins/register-helpers-store.ts b/server/lib/plugins/register-helpers-store.ts
index 679ed3650..687974ccf 100644
--- a/server/lib/plugins/register-helpers-store.ts
+++ b/server/lib/plugins/register-helpers-store.ts
@@ -198,6 +198,8 @@ export class RegisterHelpersStore {
     return {
       getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name),
 
+      getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names),
+
       setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value)
     }
   }
diff --git a/server/models/server/plugin.ts b/server/models/server/plugin.ts
index 95774a467..83c873c5b 100644
--- a/server/models/server/plugin.ts
+++ b/server/models/server/plugin.ts
@@ -129,6 +129,31 @@ export class PluginModel extends Model<PluginModel> {
       })
   }
 
+  static getSettings (pluginName: string, pluginType: PluginType, settingNames: string[]) {
+    const query = {
+      attributes: [ 'settings' ],
+      where: {
+        name: pluginName,
+        type: pluginType
+      }
+    }
+
+    return PluginModel.findOne(query)
+      .then(p => {
+        if (!p || !p.settings) return {}
+
+        const result: { [settingName: string ]: string } = {}
+
+        for (const key of Object.keys(p.settings)) {
+          if (settingNames.includes(key)) {
+            result[key] = p.settings[key]
+          }
+        }
+
+        return result
+      })
+  }
+
   static setSetting (pluginName: string, pluginType: PluginType, settingName: string, settingValue: string) {
     const query = {
       where: {
diff --git a/server/tests/plugins/id-and-pass-auth.ts b/server/tests/plugins/id-and-pass-auth.ts
index 0268d35a0..caf65b55f 100644
--- a/server/tests/plugins/id-and-pass-auth.ts
+++ b/server/tests/plugins/id-and-pass-auth.ts
@@ -143,7 +143,7 @@ describe('Test id and pass auth plugins', function () {
     expect(body.role).to.equal(UserRole.MODERATOR)
   })
 
-  it('Should correctly auth token of laguna', async function () {
+  it('Should reject token of laguna by the plugin hook', async function () {
     this.timeout(10000)
 
     await wait(5000)
diff --git a/shared/models/plugins/plugin-settings-manager.model.ts b/shared/models/plugins/plugin-settings-manager.model.ts
index 63390a190..f83f53b8f 100644
--- a/shared/models/plugins/plugin-settings-manager.model.ts
+++ b/shared/models/plugins/plugin-settings-manager.model.ts
@@ -1,7 +1,9 @@
 import * as Bluebird from 'bluebird'
 
 export interface PluginSettingsManager {
-  getSetting: (name: string) => Bluebird<string>
+  getSetting: (name: string) => Bluebird<string | boolean>
+
+  getSettings: (names: string[]) => Bluebird<{ [settingName: string]: string | boolean }>
 
   setSetting: (name: string, value: string) => Bluebird<any>
 }
-- 
2.41.0