Check auth plugin result

author: Chocobozzz <me@florianbigard.com> 2020-04-27 11:42:01 +0200
committer: Chocobozzz <chocobozzz@cpy.re> 2020-05-04 16:21:39 +0200
commit: 98813e69bccc568eff771cfcaf907ccdd82ce3f1 (patch)
tree: 07a381fe910cf15cb22d0de6ff93cc7fd5ee0ce1 /server/lib
parent: 829b794a8542b55bdfff481fa7c3593bc88cb696 (diff)
download: PeerTube-98813e69bccc568eff771cfcaf907ccdd82ce3f1.tar.gz
PeerTube-98813e69bccc568eff771cfcaf907ccdd82ce3f1.tar.zst
PeerTube-98813e69bccc568eff771cfcaf907ccdd82ce3f1.zip
1 files changed, 27 insertions, 2 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index c47ec62d0..5a6dd9dec 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -7,6 +7,7 @@ import { logger } from '@server/helpers/logger'
 import { UserRole } from '@shared/models'
 import { revokeToken } from '@server/lib/oauth-model'
 import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
+import { isUserUsernameValid, isUserRoleValid, isUserDisplayNameValid } from '@server/helpers/custom-validators/users'
 const oAuthServer = new OAuthServer({
  useErrorHandler: true,
@@ -120,10 +121,12 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
  for (const pluginAuth of pluginAuths) {
    const authOptions = pluginAuth.registerAuthOptions
+    const authName = authOptions.authName
+    const npmName = pluginAuth.npmName
    logger.debug(
      'Using auth method %s of plugin %s to login %s with weight %d.',
-      authOptions.authName, pluginAuth.npmName, loginOptions.id, authOptions.getWeight()
+      authName, npmName, loginOptions.id, authOptions.getWeight()
    )
    try {
@@ -131,9 +134,31 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
      if (loginResult) {
        logger.info(
          'Login success with auth method %s of plugin %s for %s.',
-          authOptions.authName, pluginAuth.npmName, loginOptions.id
+          authName, npmName, loginOptions.id
        )
+        if (!isUserUsernameValid(loginResult.username)) {
+          logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { loginResult })
+          continue
+        }
+        if (!loginResult.email) {
+          logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { loginResult })
+          continue
+        }
+        // role is optional
+        if (loginResult.role && !isUserRoleValid(loginResult.role)) {
+          logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { loginResult })
+          continue
+        }
+        // display name is optional
+        if (loginResult.displayName && !isUserDisplayNameValid(loginResult.displayName)) {
+          logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { loginResult })
+          continue
+        }
        res.locals.bypassLogin = {
          bypass: true,
          pluginName: pluginAuth.npmName,
author	Chocobozzz <me@florianbigard.com>	2020-04-27 11:42:01 +0200
committer	Chocobozzz <chocobozzz@cpy.re>	2020-05-04 16:21:39 +0200
commit	98813e69bccc568eff771cfcaf907ccdd82ce3f1 (patch)
tree	07a381fe910cf15cb22d0de6ff93cc7fd5ee0ce1 /server/lib
parent	829b794a8542b55bdfff481fa7c3593bc88cb696 (diff)
download	PeerTube-98813e69bccc568eff771cfcaf907ccdd82ce3f1.tar.gz PeerTube-98813e69bccc568eff771cfcaf907ccdd82ce3f1.tar.zst PeerTube-98813e69bccc568eff771cfcaf907ccdd82ce3f1.zip