diff options
author | Chocobozzz <me@florianbigard.com> | 2020-04-22 16:07:04 +0200 |
---|---|---|
committer | Chocobozzz <chocobozzz@cpy.re> | 2020-05-04 16:21:39 +0200 |
commit | 7fed637506043e4432cbebe041ada0625171cceb (patch) | |
tree | 07f174e17c4b4a0b3d43a0fa6944865c06234338 /server/lib/oauth-model.ts | |
parent | 8d4197637868d5cde49434e937186b57e40f4b2b (diff) | |
download | PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.gz PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.zst PeerTube-7fed637506043e4432cbebe041ada0625171cceb.zip |
Begin auth plugin support
Diffstat (limited to 'server/lib/oauth-model.ts')
-rw-r--r-- | server/lib/oauth-model.ts | 76 |
1 files changed, 57 insertions, 19 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index 086856f41..ea4a67802 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts | |||
@@ -1,4 +1,5 @@ | |||
1 | import * as Bluebird from 'bluebird' | 1 | import * as Bluebird from 'bluebird' |
2 | import * as express from 'express' | ||
2 | import { AccessDeniedError } from 'oauth2-server' | 3 | import { AccessDeniedError } from 'oauth2-server' |
3 | import { logger } from '../helpers/logger' | 4 | import { logger } from '../helpers/logger' |
4 | import { UserModel } from '../models/account/user' | 5 | import { UserModel } from '../models/account/user' |
@@ -9,6 +10,10 @@ import { Transaction } from 'sequelize' | |||
9 | import { CONFIG } from '../initializers/config' | 10 | import { CONFIG } from '../initializers/config' |
10 | import * as LRUCache from 'lru-cache' | 11 | import * as LRUCache from 'lru-cache' |
11 | import { MOAuthTokenUser } from '@server/typings/models/oauth/oauth-token' | 12 | import { MOAuthTokenUser } from '@server/typings/models/oauth/oauth-token' |
13 | import { MUser } from '@server/typings/models/user/user' | ||
14 | import { UserAdminFlag } from '@shared/models/users/user-flag.model' | ||
15 | import { createUserAccountAndChannelAndPlaylist } from './user' | ||
16 | import { UserRole } from '@shared/models/users/user-role' | ||
12 | 17 | ||
13 | type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } | 18 | type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } |
14 | 19 | ||
@@ -49,14 +54,14 @@ function getAccessToken (bearerToken: string) { | |||
49 | if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken)) | 54 | if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken)) |
50 | 55 | ||
51 | return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) | 56 | return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) |
52 | .then(tokenModel => { | 57 | .then(tokenModel => { |
53 | if (tokenModel) { | 58 | if (tokenModel) { |
54 | accessTokenCache.set(bearerToken, tokenModel) | 59 | accessTokenCache.set(bearerToken, tokenModel) |
55 | userHavingToken.set(tokenModel.userId, tokenModel.accessToken) | 60 | userHavingToken.set(tokenModel.userId, tokenModel.accessToken) |
56 | } | 61 | } |
57 | 62 | ||
58 | return tokenModel | 63 | return tokenModel |
59 | }) | 64 | }) |
60 | } | 65 | } |
61 | 66 | ||
62 | function getClient (clientId: string, clientSecret: string) { | 67 | function getClient (clientId: string, clientSecret: string) { |
@@ -72,6 +77,20 @@ function getRefreshToken (refreshToken: string) { | |||
72 | } | 77 | } |
73 | 78 | ||
74 | async function getUser (usernameOrEmail: string, password: string) { | 79 | async function getUser (usernameOrEmail: string, password: string) { |
80 | const res: express.Response = this.request.res | ||
81 | if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) { | ||
82 | const obj = res.locals.bypassLogin | ||
83 | logger.info('Bypassing oauth login by plugin %s.', obj.pluginName) | ||
84 | |||
85 | let user = await UserModel.loadByEmail(obj.user.username) | ||
86 | if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) | ||
87 | |||
88 | // This user does not belong to this plugin, skip it | ||
89 | if (user.pluginAuth !== obj.pluginName) return null | ||
90 | |||
91 | return user | ||
92 | } | ||
93 | |||
75 | logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') | 94 | logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') |
76 | 95 | ||
77 | const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) | 96 | const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) |
@@ -96,19 +115,11 @@ async function revokeToken (tokenInfo: TokenInfo) { | |||
96 | 115 | ||
97 | token.destroy() | 116 | token.destroy() |
98 | .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) | 117 | .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) |
118 | |||
119 | return true | ||
99 | } | 120 | } |
100 | 121 | ||
101 | /* | 122 | return false |
102 | * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js | ||
103 | * "As per the discussion we need set older date | ||
104 | * revokeToken will expected return a boolean in future version | ||
105 | * https://github.com/oauthjs/node-oauth2-server/pull/274 | ||
106 | * https://github.com/oauthjs/node-oauth2-server/issues/290" | ||
107 | */ | ||
108 | const expiredToken = token | ||
109 | expiredToken.refreshTokenExpiresAt = new Date('2015-05-28T06:59:53.000Z') | ||
110 | |||
111 | return expiredToken | ||
112 | } | 123 | } |
113 | 124 | ||
114 | async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { | 125 | async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { |
@@ -141,3 +152,30 @@ export { | |||
141 | revokeToken, | 152 | revokeToken, |
142 | saveToken | 153 | saveToken |
143 | } | 154 | } |
155 | |||
156 | async function createUserFromExternal (pluginAuth: string, options: { | ||
157 | username: string | ||
158 | email: string | ||
159 | role: UserRole | ||
160 | displayName: string | ||
161 | }) { | ||
162 | const userToCreate = new UserModel({ | ||
163 | username: options.username, | ||
164 | password: null, | ||
165 | email: options.email, | ||
166 | nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY, | ||
167 | autoPlayVideo: true, | ||
168 | role: options.role, | ||
169 | videoQuota: CONFIG.USER.VIDEO_QUOTA, | ||
170 | videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY, | ||
171 | adminFlags: UserAdminFlag.NONE, | ||
172 | pluginAuth | ||
173 | }) as MUser | ||
174 | |||
175 | const { user } = await createUserAccountAndChannelAndPlaylist({ | ||
176 | userToCreate, | ||
177 | userDisplayName: options.displayName | ||
178 | }) | ||
179 | |||
180 | return user | ||
181 | } | ||