diff options
author | Chocobozzz <me@florianbigard.com> | 2020-04-30 15:03:09 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2020-05-04 16:21:39 +0200 |
commit | bc90883f1a5e9c4ecb76ae358734b85be515af7f (patch) | |
tree | 47d578c1d5a3a95e89f2badfade76b125de11084 /server/lib/auth.ts | |
parent | a4995eb7ac5745f62604d70f7b2225ff33916d49 (diff) | |
download | PeerTube-bc90883f1a5e9c4ecb76ae358734b85be515af7f.tar.gz PeerTube-bc90883f1a5e9c4ecb76ae358734b85be515af7f.tar.zst PeerTube-bc90883f1a5e9c4ecb76ae358734b85be515af7f.zip |
Handle external login errors
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r-- | server/lib/auth.ts | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 1fa896f6e..7c1dd1139 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -83,10 +83,13 @@ async function onExternalUserAuthenticated (options: { | |||
83 | return | 83 | return |
84 | } | 84 | } |
85 | 85 | ||
86 | if (!isAuthResultValid(npmName, authName, authResult)) return | ||
87 | |||
88 | const { res } = authResult | 86 | const { res } = authResult |
89 | 87 | ||
88 | if (!isAuthResultValid(npmName, authName, authResult)) { | ||
89 | res.redirect('/login?externalAuthError=true') | ||
90 | return | ||
91 | } | ||
92 | |||
90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 93 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
91 | 94 | ||
92 | const bypassToken = await generateRandomString(32) | 95 | const bypassToken = await generateRandomString(32) |
@@ -238,24 +241,27 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
238 | 241 | ||
239 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { | 242 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { |
240 | if (!isUserUsernameValid(result.username)) { | 243 | if (!isUserUsernameValid(result.username)) { |
241 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { result }) | 244 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username }) |
242 | return false | 245 | return false |
243 | } | 246 | } |
244 | 247 | ||
245 | if (!result.email) { | 248 | if (!result.email) { |
246 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { result }) | 249 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email }) |
247 | return false | 250 | return false |
248 | } | 251 | } |
249 | 252 | ||
250 | // role is optional | 253 | // role is optional |
251 | if (result.role && !isUserRoleValid(result.role)) { | 254 | if (result.role && !isUserRoleValid(result.role)) { |
252 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { result }) | 255 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role }) |
253 | return false | 256 | return false |
254 | } | 257 | } |
255 | 258 | ||
256 | // display name is optional | 259 | // display name is optional |
257 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { | 260 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { |
258 | logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { result }) | 261 | logger.error( |
262 | 'Auth method %s of plugin %s did not provide a valid display name.', | ||
263 | authName, npmName, { displayName: result.displayName } | ||
264 | ) | ||
259 | return false | 265 | return false |
260 | } | 266 | } |
261 | 267 | ||