diff options
| author | Chocobozzz <me@florianbigard.com> | 2021-02-01 09:24:14 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2021-02-01 11:23:11 +0100 |
| commit | 33c7131be5883d1b25c49adbcf5750b63905a368 (patch) | |
| tree | 5e5a3ed4158734b3e6f25a7eb7f20f4dc93ed6c3 | |
| parent | e01146559acd32e009ad7d399a4af151fa0d4c52 (diff) | |
| download | PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.tar.gz PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.tar.zst PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.zip | |
Check banned status for external auths
| -rw-r--r-- | server/lib/oauth-model.ts | 8 | ||||
| -rw-r--r-- | server/tests/external-plugins/auth-ldap.ts | 17 |
2 files changed, 24 insertions, 1 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index f7ea98b41..3f8b8e618 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts | |||
| @@ -119,6 +119,8 @@ async function getUser (usernameOrEmail?: string, password?: string) { | |||
| 119 | // This user does not belong to this plugin, skip it | 119 | // This user does not belong to this plugin, skip it |
| 120 | if (user.pluginAuth !== obj.pluginName) return null | 120 | if (user.pluginAuth !== obj.pluginName) return null |
| 121 | 121 | ||
| 122 | checkUserValidityOrThrow(user) | ||
| 123 | |||
| 122 | return user | 124 | return user |
| 123 | } | 125 | } |
| 124 | } | 126 | } |
| @@ -132,7 +134,7 @@ async function getUser (usernameOrEmail?: string, password?: string) { | |||
| 132 | const passwordMatch = await user.isPasswordMatch(password) | 134 | const passwordMatch = await user.isPasswordMatch(password) |
| 133 | if (passwordMatch !== true) return null | 135 | if (passwordMatch !== true) return null |
| 134 | 136 | ||
| 135 | if (user.blocked) throw new AccessDeniedError('User is blocked.') | 137 | checkUserValidityOrThrow(user) |
| 136 | 138 | ||
| 137 | if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { | 139 | if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { |
| 138 | throw new AccessDeniedError('User email is not verified.') | 140 | throw new AccessDeniedError('User email is not verified.') |
| @@ -238,3 +240,7 @@ async function createUserFromExternal (pluginAuth: string, options: { | |||
| 238 | 240 | ||
| 239 | return user | 241 | return user |
| 240 | } | 242 | } |
| 243 | |||
| 244 | function checkUserValidityOrThrow (user: MUser) { | ||
| 245 | if (user.blocked) throw new AccessDeniedError('User is blocked.') | ||
| 246 | } | ||
diff --git a/server/tests/external-plugins/auth-ldap.ts b/server/tests/external-plugins/auth-ldap.ts index 4ce8e82cb..e4eae7e8c 100644 --- a/server/tests/external-plugins/auth-ldap.ts +++ b/server/tests/external-plugins/auth-ldap.ts | |||
| @@ -4,9 +4,11 @@ import 'mocha' | |||
| 4 | import { expect } from 'chai' | 4 | import { expect } from 'chai' |
| 5 | import { User } from '@shared/models/users/user.model' | 5 | import { User } from '@shared/models/users/user.model' |
| 6 | import { | 6 | import { |
| 7 | blockUser, | ||
| 7 | getMyUserInformation, | 8 | getMyUserInformation, |
| 8 | installPlugin, | 9 | installPlugin, |
| 9 | setAccessTokensToServers, | 10 | setAccessTokensToServers, |
| 11 | unblockUser, | ||
| 10 | uninstallPlugin, | 12 | uninstallPlugin, |
| 11 | updatePluginSettings, | 13 | updatePluginSettings, |
| 12 | uploadVideo, | 14 | uploadVideo, |
| @@ -17,6 +19,7 @@ import { cleanupTests, flushAndRunServer, ServerInfo } from '../../../shared/ext | |||
| 17 | describe('Official plugin auth-ldap', function () { | 19 | describe('Official plugin auth-ldap', function () { |
| 18 | let server: ServerInfo | 20 | let server: ServerInfo |
| 19 | let accessToken: string | 21 | let accessToken: string |
| 22 | let userId: number | ||
| 20 | 23 | ||
| 21 | before(async function () { | 24 | before(async function () { |
| 22 | this.timeout(30000) | 25 | this.timeout(30000) |
| @@ -90,12 +93,26 @@ describe('Official plugin auth-ldap', function () { | |||
| 90 | 93 | ||
| 91 | expect(body.username).to.equal('fry') | 94 | expect(body.username).to.equal('fry') |
| 92 | expect(body.email).to.equal('fry@planetexpress.com') | 95 | expect(body.email).to.equal('fry@planetexpress.com') |
| 96 | |||
| 97 | userId = body.id | ||
| 93 | }) | 98 | }) |
| 94 | 99 | ||
| 95 | it('Should upload a video', async function () { | 100 | it('Should upload a video', async function () { |
| 96 | await uploadVideo(server.url, accessToken, { name: 'my super video' }) | 101 | await uploadVideo(server.url, accessToken, { name: 'my super video' }) |
| 97 | }) | 102 | }) |
| 98 | 103 | ||
| 104 | it('Should not be able to login if the user is banned', async function () { | ||
| 105 | await blockUser(server.url, userId, server.accessToken) | ||
| 106 | |||
| 107 | await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' }, 400) | ||
| 108 | }) | ||
| 109 | |||
| 110 | it('Should be able to login if the user is unbanned', async function () { | ||
| 111 | await unblockUser(server.url, userId, server.accessToken) | ||
| 112 | |||
| 113 | await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' }) | ||
| 114 | }) | ||
| 115 | |||
| 99 | it('Should not login if the plugin is uninstalled', async function () { | 116 | it('Should not login if the plugin is uninstalled', async function () { |
| 100 | await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' }) | 117 | await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' }) |
| 101 | 118 | ||