aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2021-02-01 09:24:14 +0100
committerChocobozzz <me@florianbigard.com>2021-02-01 11:23:11 +0100
commit33c7131be5883d1b25c49adbcf5750b63905a368 (patch)
tree5e5a3ed4158734b3e6f25a7eb7f20f4dc93ed6c3
parente01146559acd32e009ad7d399a4af151fa0d4c52 (diff)
downloadPeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.tar.gz
PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.tar.zst
PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.zip
Check banned status for external auths
-rw-r--r--server/lib/oauth-model.ts8
-rw-r--r--server/tests/external-plugins/auth-ldap.ts17
2 files changed, 24 insertions, 1 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index f7ea98b41..3f8b8e618 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -119,6 +119,8 @@ async function getUser (usernameOrEmail?: string, password?: string) {
119 // This user does not belong to this plugin, skip it 119 // This user does not belong to this plugin, skip it
120 if (user.pluginAuth !== obj.pluginName) return null 120 if (user.pluginAuth !== obj.pluginName) return null
121 121
122 checkUserValidityOrThrow(user)
123
122 return user 124 return user
123 } 125 }
124 } 126 }
@@ -132,7 +134,7 @@ async function getUser (usernameOrEmail?: string, password?: string) {
132 const passwordMatch = await user.isPasswordMatch(password) 134 const passwordMatch = await user.isPasswordMatch(password)
133 if (passwordMatch !== true) return null 135 if (passwordMatch !== true) return null
134 136
135 if (user.blocked) throw new AccessDeniedError('User is blocked.') 137 checkUserValidityOrThrow(user)
136 138
137 if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { 139 if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) {
138 throw new AccessDeniedError('User email is not verified.') 140 throw new AccessDeniedError('User email is not verified.')
@@ -238,3 +240,7 @@ async function createUserFromExternal (pluginAuth: string, options: {
238 240
239 return user 241 return user
240} 242}
243
244function checkUserValidityOrThrow (user: MUser) {
245 if (user.blocked) throw new AccessDeniedError('User is blocked.')
246}
diff --git a/server/tests/external-plugins/auth-ldap.ts b/server/tests/external-plugins/auth-ldap.ts
index 4ce8e82cb..e4eae7e8c 100644
--- a/server/tests/external-plugins/auth-ldap.ts
+++ b/server/tests/external-plugins/auth-ldap.ts
@@ -4,9 +4,11 @@ import 'mocha'
4import { expect } from 'chai' 4import { expect } from 'chai'
5import { User } from '@shared/models/users/user.model' 5import { User } from '@shared/models/users/user.model'
6import { 6import {
7 blockUser,
7 getMyUserInformation, 8 getMyUserInformation,
8 installPlugin, 9 installPlugin,
9 setAccessTokensToServers, 10 setAccessTokensToServers,
11 unblockUser,
10 uninstallPlugin, 12 uninstallPlugin,
11 updatePluginSettings, 13 updatePluginSettings,
12 uploadVideo, 14 uploadVideo,
@@ -17,6 +19,7 @@ import { cleanupTests, flushAndRunServer, ServerInfo } from '../../../shared/ext
17describe('Official plugin auth-ldap', function () { 19describe('Official plugin auth-ldap', function () {
18 let server: ServerInfo 20 let server: ServerInfo
19 let accessToken: string 21 let accessToken: string
22 let userId: number
20 23
21 before(async function () { 24 before(async function () {
22 this.timeout(30000) 25 this.timeout(30000)
@@ -90,12 +93,26 @@ describe('Official plugin auth-ldap', function () {
90 93
91 expect(body.username).to.equal('fry') 94 expect(body.username).to.equal('fry')
92 expect(body.email).to.equal('fry@planetexpress.com') 95 expect(body.email).to.equal('fry@planetexpress.com')
96
97 userId = body.id
93 }) 98 })
94 99
95 it('Should upload a video', async function () { 100 it('Should upload a video', async function () {
96 await uploadVideo(server.url, accessToken, { name: 'my super video' }) 101 await uploadVideo(server.url, accessToken, { name: 'my super video' })
97 }) 102 })
98 103
104 it('Should not be able to login if the user is banned', async function () {
105 await blockUser(server.url, userId, server.accessToken)
106
107 await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' }, 400)
108 })
109
110 it('Should be able to login if the user is unbanned', async function () {
111 await unblockUser(server.url, userId, server.accessToken)
112
113 await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' })
114 })
115
99 it('Should not login if the plugin is uninstalled', async function () { 116 it('Should not login if the plugin is uninstalled', async function () {
100 await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' }) 117 await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' })
101 118