diff options
author | Chocobozzz <me@florianbigard.com> | 2023-01-19 09:27:16 +0100 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2023-01-19 13:53:40 +0100 |
commit | e364e31e25bd1d4b8d801c845a96d6be708f0a18 (patch) | |
tree | 220785a42af361706eb8243960c5da9cddf4d2be /server/lib/auth | |
parent | bc48e33b80f357767b98c1d310b04bdda24c6d46 (diff) | |
download | PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.tar.gz PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.tar.zst PeerTube-e364e31e25bd1d4b8d801c845a96d6be708f0a18.zip |
Implement signup approval in server
Diffstat (limited to 'server/lib/auth')
-rw-r--r-- | server/lib/auth/oauth.ts | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts index 2905c79a2..887c4f7c9 100644 --- a/server/lib/auth/oauth.ts +++ b/server/lib/auth/oauth.ts | |||
@@ -11,20 +11,31 @@ import OAuth2Server, { | |||
11 | import { randomBytesPromise } from '@server/helpers/core-utils' | 11 | import { randomBytesPromise } from '@server/helpers/core-utils' |
12 | import { isOTPValid } from '@server/helpers/otp' | 12 | import { isOTPValid } from '@server/helpers/otp' |
13 | import { CONFIG } from '@server/initializers/config' | 13 | import { CONFIG } from '@server/initializers/config' |
14 | import { UserRegistrationModel } from '@server/models/user/user-registration' | ||
14 | import { MOAuthClient } from '@server/types/models' | 15 | import { MOAuthClient } from '@server/types/models' |
15 | import { sha1 } from '@shared/extra-utils' | 16 | import { sha1 } from '@shared/extra-utils' |
16 | import { HttpStatusCode } from '@shared/models' | 17 | import { HttpStatusCode, ServerErrorCode, UserRegistrationState } from '@shared/models' |
17 | import { OTP } from '../../initializers/constants' | 18 | import { OTP } from '../../initializers/constants' |
18 | import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' | 19 | import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model' |
19 | 20 | ||
20 | class MissingTwoFactorError extends Error { | 21 | class MissingTwoFactorError extends Error { |
21 | code = HttpStatusCode.UNAUTHORIZED_401 | 22 | code = HttpStatusCode.UNAUTHORIZED_401 |
22 | name = 'missing_two_factor' | 23 | name = ServerErrorCode.MISSING_TWO_FACTOR |
23 | } | 24 | } |
24 | 25 | ||
25 | class InvalidTwoFactorError extends Error { | 26 | class InvalidTwoFactorError extends Error { |
26 | code = HttpStatusCode.BAD_REQUEST_400 | 27 | code = HttpStatusCode.BAD_REQUEST_400 |
27 | name = 'invalid_two_factor' | 28 | name = ServerErrorCode.INVALID_TWO_FACTOR |
29 | } | ||
30 | |||
31 | class RegistrationWaitingForApproval extends Error { | ||
32 | code = HttpStatusCode.BAD_REQUEST_400 | ||
33 | name = ServerErrorCode.ACCOUNT_WAITING_FOR_APPROVAL | ||
34 | } | ||
35 | |||
36 | class RegistrationApprovalRejected extends Error { | ||
37 | code = HttpStatusCode.BAD_REQUEST_400 | ||
38 | name = ServerErrorCode.ACCOUNT_APPROVAL_REJECTED | ||
28 | } | 39 | } |
29 | 40 | ||
30 | /** | 41 | /** |
@@ -128,7 +139,17 @@ async function handlePasswordGrant (options: { | |||
128 | } | 139 | } |
129 | 140 | ||
130 | const user = await getUser(request.body.username, request.body.password, bypassLogin) | 141 | const user = await getUser(request.body.username, request.body.password, bypassLogin) |
131 | if (!user) throw new InvalidGrantError('Invalid grant: user credentials are invalid') | 142 | if (!user) { |
143 | const registration = await UserRegistrationModel.loadByEmailOrUsername(request.body.username) | ||
144 | |||
145 | if (registration?.state === UserRegistrationState.REJECTED) { | ||
146 | throw new RegistrationApprovalRejected('Registration approval for this account has been rejected') | ||
147 | } else if (registration?.state === UserRegistrationState.PENDING) { | ||
148 | throw new RegistrationWaitingForApproval('Registration for this account is awaiting approval') | ||
149 | } | ||
150 | |||
151 | throw new InvalidGrantError('Invalid grant: user credentials are invalid') | ||
152 | } | ||
132 | 153 | ||
133 | if (user.otpSecret) { | 154 | if (user.otpSecret) { |
134 | if (!request.headers[OTP.HEADER_NAME]) { | 155 | if (!request.headers[OTP.HEADER_NAME]) { |