diff options
author | Chocobozzz <me@florianbigard.com> | 2021-02-01 09:24:14 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2021-02-01 11:23:11 +0100 |
commit | 33c7131be5883d1b25c49adbcf5750b63905a368 (patch) | |
tree | 5e5a3ed4158734b3e6f25a7eb7f20f4dc93ed6c3 /server | |
parent | e01146559acd32e009ad7d399a4af151fa0d4c52 (diff) | |
download | PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.tar.gz PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.tar.zst PeerTube-33c7131be5883d1b25c49adbcf5750b63905a368.zip |
Check banned status for external auths
Diffstat (limited to 'server')
-rw-r--r-- | server/lib/oauth-model.ts | 8 | ||||
-rw-r--r-- | server/tests/external-plugins/auth-ldap.ts | 17 |
2 files changed, 24 insertions, 1 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index f7ea98b41..3f8b8e618 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts | |||
@@ -119,6 +119,8 @@ async function getUser (usernameOrEmail?: string, password?: string) { | |||
119 | // This user does not belong to this plugin, skip it | 119 | // This user does not belong to this plugin, skip it |
120 | if (user.pluginAuth !== obj.pluginName) return null | 120 | if (user.pluginAuth !== obj.pluginName) return null |
121 | 121 | ||
122 | checkUserValidityOrThrow(user) | ||
123 | |||
122 | return user | 124 | return user |
123 | } | 125 | } |
124 | } | 126 | } |
@@ -132,7 +134,7 @@ async function getUser (usernameOrEmail?: string, password?: string) { | |||
132 | const passwordMatch = await user.isPasswordMatch(password) | 134 | const passwordMatch = await user.isPasswordMatch(password) |
133 | if (passwordMatch !== true) return null | 135 | if (passwordMatch !== true) return null |
134 | 136 | ||
135 | if (user.blocked) throw new AccessDeniedError('User is blocked.') | 137 | checkUserValidityOrThrow(user) |
136 | 138 | ||
137 | if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { | 139 | if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION && user.emailVerified === false) { |
138 | throw new AccessDeniedError('User email is not verified.') | 140 | throw new AccessDeniedError('User email is not verified.') |
@@ -238,3 +240,7 @@ async function createUserFromExternal (pluginAuth: string, options: { | |||
238 | 240 | ||
239 | return user | 241 | return user |
240 | } | 242 | } |
243 | |||
244 | function checkUserValidityOrThrow (user: MUser) { | ||
245 | if (user.blocked) throw new AccessDeniedError('User is blocked.') | ||
246 | } | ||
diff --git a/server/tests/external-plugins/auth-ldap.ts b/server/tests/external-plugins/auth-ldap.ts index 4ce8e82cb..e4eae7e8c 100644 --- a/server/tests/external-plugins/auth-ldap.ts +++ b/server/tests/external-plugins/auth-ldap.ts | |||
@@ -4,9 +4,11 @@ import 'mocha' | |||
4 | import { expect } from 'chai' | 4 | import { expect } from 'chai' |
5 | import { User } from '@shared/models/users/user.model' | 5 | import { User } from '@shared/models/users/user.model' |
6 | import { | 6 | import { |
7 | blockUser, | ||
7 | getMyUserInformation, | 8 | getMyUserInformation, |
8 | installPlugin, | 9 | installPlugin, |
9 | setAccessTokensToServers, | 10 | setAccessTokensToServers, |
11 | unblockUser, | ||
10 | uninstallPlugin, | 12 | uninstallPlugin, |
11 | updatePluginSettings, | 13 | updatePluginSettings, |
12 | uploadVideo, | 14 | uploadVideo, |
@@ -17,6 +19,7 @@ import { cleanupTests, flushAndRunServer, ServerInfo } from '../../../shared/ext | |||
17 | describe('Official plugin auth-ldap', function () { | 19 | describe('Official plugin auth-ldap', function () { |
18 | let server: ServerInfo | 20 | let server: ServerInfo |
19 | let accessToken: string | 21 | let accessToken: string |
22 | let userId: number | ||
20 | 23 | ||
21 | before(async function () { | 24 | before(async function () { |
22 | this.timeout(30000) | 25 | this.timeout(30000) |
@@ -90,12 +93,26 @@ describe('Official plugin auth-ldap', function () { | |||
90 | 93 | ||
91 | expect(body.username).to.equal('fry') | 94 | expect(body.username).to.equal('fry') |
92 | expect(body.email).to.equal('fry@planetexpress.com') | 95 | expect(body.email).to.equal('fry@planetexpress.com') |
96 | |||
97 | userId = body.id | ||
93 | }) | 98 | }) |
94 | 99 | ||
95 | it('Should upload a video', async function () { | 100 | it('Should upload a video', async function () { |
96 | await uploadVideo(server.url, accessToken, { name: 'my super video' }) | 101 | await uploadVideo(server.url, accessToken, { name: 'my super video' }) |
97 | }) | 102 | }) |
98 | 103 | ||
104 | it('Should not be able to login if the user is banned', async function () { | ||
105 | await blockUser(server.url, userId, server.accessToken) | ||
106 | |||
107 | await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' }, 400) | ||
108 | }) | ||
109 | |||
110 | it('Should be able to login if the user is unbanned', async function () { | ||
111 | await unblockUser(server.url, userId, server.accessToken) | ||
112 | |||
113 | await userLogin(server, { username: 'fry@planetexpress.com', password: 'fry' }) | ||
114 | }) | ||
115 | |||
99 | it('Should not login if the plugin is uninstalled', async function () { | 116 | it('Should not login if the plugin is uninstalled', async function () { |
100 | await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' }) | 117 | await uninstallPlugin({ url: server.url, accessToken: server.accessToken, npmName: 'peertube-plugin-auth-ldap' }) |
101 | 118 | ||