aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib/oauth-model.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-04-24 11:33:01 +0200
committerChocobozzz <chocobozzz@cpy.re>2020-05-04 16:21:39 +0200
commite307e4fce39853d445d086f92b8c556c363ee15d (patch)
tree0f3faaf3c73222db0fb55b72260c787aeeeb05eb /server/lib/oauth-model.ts
parente1c5503114deef954731904695cd40dccfcef555 (diff)
downloadPeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.gz
PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.tar.zst
PeerTube-e307e4fce39853d445d086f92b8c556c363ee15d.zip
Add ability for auth plugins to hook tokens validity
Diffstat (limited to 'server/lib/oauth-model.ts')
-rw-r--r--server/lib/oauth-model.ts62
1 files changed, 44 insertions, 18 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index 7a6ed63be..6eb0e4473 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -1,4 +1,3 @@
1import * as Bluebird from 'bluebird'
2import * as express from 'express' 1import * as express from 'express'
3import { AccessDeniedError } from 'oauth2-server' 2import { AccessDeniedError } from 'oauth2-server'
4import { logger } from '../helpers/logger' 3import { logger } from '../helpers/logger'
@@ -47,22 +46,33 @@ function clearCacheByToken (token: string) {
47 } 46 }
48} 47}
49 48
50function getAccessToken (bearerToken: string) { 49async function getAccessToken (bearerToken: string) {
51 logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') 50 logger.debug('Getting access token (bearerToken: ' + bearerToken + ').')
52 51
53 if (!bearerToken) return Bluebird.resolve(undefined) 52 if (!bearerToken) return undefined
54 53
55 if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken)) 54 let tokenModel: MOAuthTokenUser
56 55
57 return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) 56 if (accessTokenCache.has(bearerToken)) {
58 .then(tokenModel => { 57 tokenModel = accessTokenCache.get(bearerToken)
59 if (tokenModel) { 58 } else {
60 accessTokenCache.set(bearerToken, tokenModel) 59 tokenModel = await OAuthTokenModel.getByTokenAndPopulateUser(bearerToken)
61 userHavingToken.set(tokenModel.userId, tokenModel.accessToken)
62 }
63 60
64 return tokenModel 61 if (tokenModel) {
65 }) 62 accessTokenCache.set(bearerToken, tokenModel)
63 userHavingToken.set(tokenModel.userId, tokenModel.accessToken)
64 }
65 }
66
67 if (!tokenModel) return undefined
68
69 if (tokenModel.User.pluginAuth) {
70 const valid = await PluginManager.Instance.isTokenValid(tokenModel, 'access')
71
72 if (valid !== true) return undefined
73 }
74
75 return tokenModel
66} 76}
67 77
68function getClient (clientId: string, clientSecret: string) { 78function getClient (clientId: string, clientSecret: string) {
@@ -71,14 +81,27 @@ function getClient (clientId: string, clientSecret: string) {
71 return OAuthClientModel.getByIdAndSecret(clientId, clientSecret) 81 return OAuthClientModel.getByIdAndSecret(clientId, clientSecret)
72} 82}
73 83
74function getRefreshToken (refreshToken: string) { 84async function getRefreshToken (refreshToken: string) {
75 logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').') 85 logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').')
76 86
77 return OAuthTokenModel.getByRefreshTokenAndPopulateClient(refreshToken) 87 const tokenInfo = await OAuthTokenModel.getByRefreshTokenAndPopulateClient(refreshToken)
88 if (!tokenInfo) return undefined
89
90 const tokenModel = tokenInfo.token
91
92 if (tokenModel.User.pluginAuth) {
93 const valid = await PluginManager.Instance.isTokenValid(tokenModel, 'refresh')
94
95 if (valid !== true) return undefined
96 }
97
98 return tokenInfo
78} 99}
79 100
80async function getUser (usernameOrEmail: string, password: string) { 101async function getUser (usernameOrEmail: string, password: string) {
81 const res: express.Response = this.request.res 102 const res: express.Response = this.request.res
103
104 // Special treatment coming from a plugin
82 if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) { 105 if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) {
83 const obj = res.locals.bypassLogin 106 const obj = res.locals.bypassLogin
84 logger.info('Bypassing oauth login by plugin %s.', obj.pluginName) 107 logger.info('Bypassing oauth login by plugin %s.', obj.pluginName)
@@ -110,7 +133,7 @@ async function getUser (usernameOrEmail: string, password: string) {
110 return user 133 return user
111} 134}
112 135
113async function revokeToken (tokenInfo: TokenInfo) { 136async function revokeToken (tokenInfo: { refreshToken: string }) {
114 const res: express.Response = this.request.res 137 const res: express.Response = this.request.res
115 const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) 138 const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken)
116 139
@@ -133,9 +156,12 @@ async function revokeToken (tokenInfo: TokenInfo) {
133async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { 156async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) {
134 const res: express.Response = this.request.res 157 const res: express.Response = this.request.res
135 158
136 const authName = res.locals.bypassLogin?.bypass === true 159 let authName: string = null
137 ? res.locals.bypassLogin.authName 160 if (res.locals.bypassLogin?.bypass === true) {
138 : null 161 authName = res.locals.bypassLogin.authName
162 } else if (res.locals.refreshTokenAuthName) {
163 authName = res.locals.refreshTokenAuthName
164 }
139 165
140 logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.') 166 logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.')
141 167