diff options
author | Chocobozzz <me@florianbigard.com> | 2020-04-23 11:36:50 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2020-05-04 16:21:39 +0200 |
commit | e1c5503114deef954731904695cd40dccfcef555 (patch) | |
tree | 72cec4ee691a3362a7d024dc830d215a6b2c800a /server/lib/auth.ts | |
parent | 8dc8a34ee8428e7657414115d1c137592efa174d (diff) | |
download | PeerTube-e1c5503114deef954731904695cd40dccfcef555.tar.gz PeerTube-e1c5503114deef954731904695cd40dccfcef555.tar.zst PeerTube-e1c5503114deef954731904695cd40dccfcef555.zip |
Support logout and add id and pass tests
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r-- | server/lib/auth.ts | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 18d52fa5a..3495571db 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -5,6 +5,7 @@ import { PluginManager } from '@server/lib/plugins/plugin-manager' | |||
5 | import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-server-auth.model' | 5 | import { RegisterServerAuthPassOptions } from '@shared/models/plugins/register-server-auth.model' |
6 | import { logger } from '@server/helpers/logger' | 6 | import { logger } from '@server/helpers/logger' |
7 | import { UserRole } from '@shared/models' | 7 | import { UserRole } from '@shared/models' |
8 | import { revokeToken } from '@server/lib/oauth-model' | ||
8 | 9 | ||
9 | const oAuthServer = new OAuthServer({ | 10 | const oAuthServer = new OAuthServer({ |
10 | useErrorHandler: true, | 11 | useErrorHandler: true, |
@@ -37,8 +38,9 @@ async function handleIdAndPassLogin (req: express.Request, res: express.Response | |||
37 | const aWeight = a.registerAuthOptions.getWeight() | 38 | const aWeight = a.registerAuthOptions.getWeight() |
38 | const bWeight = b.registerAuthOptions.getWeight() | 39 | const bWeight = b.registerAuthOptions.getWeight() |
39 | 40 | ||
41 | // DESC weight order | ||
40 | if (aWeight === bWeight) return 0 | 42 | if (aWeight === bWeight) return 0 |
41 | if (aWeight > bWeight) return 1 | 43 | if (aWeight < bWeight) return 1 |
42 | return -1 | 44 | return -1 |
43 | }) | 45 | }) |
44 | 46 | ||
@@ -48,18 +50,24 @@ async function handleIdAndPassLogin (req: express.Request, res: express.Response | |||
48 | } | 50 | } |
49 | 51 | ||
50 | for (const pluginAuth of pluginAuths) { | 52 | for (const pluginAuth of pluginAuths) { |
53 | const authOptions = pluginAuth.registerAuthOptions | ||
54 | |||
51 | logger.debug( | 55 | logger.debug( |
52 | 'Using auth method of %s to login %s with weight %d.', | 56 | 'Using auth method %s of plugin %s to login %s with weight %d.', |
53 | pluginAuth.npmName, loginOptions.id, pluginAuth.registerAuthOptions.getWeight() | 57 | authOptions.authName, pluginAuth.npmName, loginOptions.id, authOptions.getWeight() |
54 | ) | 58 | ) |
55 | 59 | ||
56 | const loginResult = await pluginAuth.registerAuthOptions.login(loginOptions) | 60 | const loginResult = await authOptions.login(loginOptions) |
57 | if (loginResult) { | 61 | if (loginResult) { |
58 | logger.info('Login success with plugin %s for %s.', pluginAuth.npmName, loginOptions.id) | 62 | logger.info( |
63 | 'Login success with auth method %s of plugin %s for %s.', | ||
64 | authOptions.authName, pluginAuth.npmName, loginOptions.id | ||
65 | ) | ||
59 | 66 | ||
60 | res.locals.bypassLogin = { | 67 | res.locals.bypassLogin = { |
61 | bypass: true, | 68 | bypass: true, |
62 | pluginName: pluginAuth.npmName, | 69 | pluginName: pluginAuth.npmName, |
70 | authName: authOptions.authName, | ||
63 | user: { | 71 | user: { |
64 | username: loginResult.username, | 72 | username: loginResult.username, |
65 | email: loginResult.email, | 73 | email: loginResult.email, |
@@ -75,12 +83,40 @@ async function handleIdAndPassLogin (req: express.Request, res: express.Response | |||
75 | return localLogin(req, res, next) | 83 | return localLogin(req, res, next) |
76 | } | 84 | } |
77 | 85 | ||
86 | async function handleTokenRevocation (req: express.Request, res: express.Response) { | ||
87 | const token = res.locals.oauth.token | ||
88 | |||
89 | PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName) | ||
90 | |||
91 | await revokeToken(token) | ||
92 | .catch(err => { | ||
93 | logger.error('Cannot revoke token.', err) | ||
94 | }) | ||
95 | |||
96 | // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released | ||
97 | // oAuthServer.revoke(req, res, err => { | ||
98 | // if (err) { | ||
99 | // logger.warn('Error in revoke token handler.', { err }) | ||
100 | // | ||
101 | // return res.status(err.status) | ||
102 | // .json({ | ||
103 | // error: err.message, | ||
104 | // code: err.name | ||
105 | // }) | ||
106 | // .end() | ||
107 | // } | ||
108 | // }) | ||
109 | |||
110 | return res.sendStatus(200) | ||
111 | } | ||
112 | |||
78 | // --------------------------------------------------------------------------- | 113 | // --------------------------------------------------------------------------- |
79 | 114 | ||
80 | export { | 115 | export { |
81 | oAuthServer, | 116 | oAuthServer, |
82 | handleIdAndPassLogin, | 117 | handleIdAndPassLogin, |
83 | onExternalAuthPlugin | 118 | onExternalAuthPlugin, |
119 | handleTokenRevocation | ||
84 | } | 120 | } |
85 | 121 | ||
86 | // --------------------------------------------------------------------------- | 122 | // --------------------------------------------------------------------------- |
@@ -88,6 +124,8 @@ export { | |||
88 | function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | 124 | function localLogin (req: express.Request, res: express.Response, next: express.NextFunction) { |
89 | return oAuthServer.token()(req, res, err => { | 125 | return oAuthServer.token()(req, res, err => { |
90 | if (err) { | 126 | if (err) { |
127 | logger.warn('Login error.', { err }) | ||
128 | |||
91 | return res.status(err.status) | 129 | return res.status(err.status) |
92 | .json({ | 130 | .json({ |
93 | error: err.message, | 131 | error: err.message, |