aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib/oauth-model.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-04-22 16:07:04 +0200
committerChocobozzz <chocobozzz@cpy.re>2020-05-04 16:21:39 +0200
commit7fed637506043e4432cbebe041ada0625171cceb (patch)
tree07f174e17c4b4a0b3d43a0fa6944865c06234338 /server/lib/oauth-model.ts
parent8d4197637868d5cde49434e937186b57e40f4b2b (diff)
downloadPeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.gz
PeerTube-7fed637506043e4432cbebe041ada0625171cceb.tar.zst
PeerTube-7fed637506043e4432cbebe041ada0625171cceb.zip
Begin auth plugin support
Diffstat (limited to 'server/lib/oauth-model.ts')
-rw-r--r--server/lib/oauth-model.ts76
1 files changed, 57 insertions, 19 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index 086856f41..ea4a67802 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -1,4 +1,5 @@
1import * as Bluebird from 'bluebird' 1import * as Bluebird from 'bluebird'
2import * as express from 'express'
2import { AccessDeniedError } from 'oauth2-server' 3import { AccessDeniedError } from 'oauth2-server'
3import { logger } from '../helpers/logger' 4import { logger } from '../helpers/logger'
4import { UserModel } from '../models/account/user' 5import { UserModel } from '../models/account/user'
@@ -9,6 +10,10 @@ import { Transaction } from 'sequelize'
9import { CONFIG } from '../initializers/config' 10import { CONFIG } from '../initializers/config'
10import * as LRUCache from 'lru-cache' 11import * as LRUCache from 'lru-cache'
11import { MOAuthTokenUser } from '@server/typings/models/oauth/oauth-token' 12import { MOAuthTokenUser } from '@server/typings/models/oauth/oauth-token'
13import { MUser } from '@server/typings/models/user/user'
14import { UserAdminFlag } from '@shared/models/users/user-flag.model'
15import { createUserAccountAndChannelAndPlaylist } from './user'
16import { UserRole } from '@shared/models/users/user-role'
12 17
13type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } 18type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
14 19
@@ -49,14 +54,14 @@ function getAccessToken (bearerToken: string) {
49 if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken)) 54 if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken))
50 55
51 return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) 56 return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken)
52 .then(tokenModel => { 57 .then(tokenModel => {
53 if (tokenModel) { 58 if (tokenModel) {
54 accessTokenCache.set(bearerToken, tokenModel) 59 accessTokenCache.set(bearerToken, tokenModel)
55 userHavingToken.set(tokenModel.userId, tokenModel.accessToken) 60 userHavingToken.set(tokenModel.userId, tokenModel.accessToken)
56 } 61 }
57 62
58 return tokenModel 63 return tokenModel
59 }) 64 })
60} 65}
61 66
62function getClient (clientId: string, clientSecret: string) { 67function getClient (clientId: string, clientSecret: string) {
@@ -72,6 +77,20 @@ function getRefreshToken (refreshToken: string) {
72} 77}
73 78
74async function getUser (usernameOrEmail: string, password: string) { 79async function getUser (usernameOrEmail: string, password: string) {
80 const res: express.Response = this.request.res
81 if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) {
82 const obj = res.locals.bypassLogin
83 logger.info('Bypassing oauth login by plugin %s.', obj.pluginName)
84
85 let user = await UserModel.loadByEmail(obj.user.username)
86 if (!user) user = await createUserFromExternal(obj.pluginName, obj.user)
87
88 // This user does not belong to this plugin, skip it
89 if (user.pluginAuth !== obj.pluginName) return null
90
91 return user
92 }
93
75 logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') 94 logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).')
76 95
77 const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) 96 const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail)
@@ -96,19 +115,11 @@ async function revokeToken (tokenInfo: TokenInfo) {
96 115
97 token.destroy() 116 token.destroy()
98 .catch(err => logger.error('Cannot destroy token when revoking token.', { err })) 117 .catch(err => logger.error('Cannot destroy token when revoking token.', { err }))
118
119 return true
99 } 120 }
100 121
101 /* 122 return false
102 * Thanks to https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/mongo-models.js
103 * "As per the discussion we need set older date
104 * revokeToken will expected return a boolean in future version
105 * https://github.com/oauthjs/node-oauth2-server/pull/274
106 * https://github.com/oauthjs/node-oauth2-server/issues/290"
107 */
108 const expiredToken = token
109 expiredToken.refreshTokenExpiresAt = new Date('2015-05-28T06:59:53.000Z')
110
111 return expiredToken
112} 123}
113 124
114async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { 125async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) {
@@ -141,3 +152,30 @@ export {
141 revokeToken, 152 revokeToken,
142 saveToken 153 saveToken
143} 154}
155
156async function createUserFromExternal (pluginAuth: string, options: {
157 username: string
158 email: string
159 role: UserRole
160 displayName: string
161}) {
162 const userToCreate = new UserModel({
163 username: options.username,
164 password: null,
165 email: options.email,
166 nsfwPolicy: CONFIG.INSTANCE.DEFAULT_NSFW_POLICY,
167 autoPlayVideo: true,
168 role: options.role,
169 videoQuota: CONFIG.USER.VIDEO_QUOTA,
170 videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY,
171 adminFlags: UserAdminFlag.NONE,
172 pluginAuth
173 }) as MUser
174
175 const { user } = await createUserAccountAndChannelAndPlaylist({
176 userToCreate,
177 userDisplayName: options.displayName
178 })
179
180 return user
181}