aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-05-20 10:04:44 +0200
committerChocobozzz <me@florianbigard.com>2020-05-20 10:17:27 +0200
commit9a7fd9600bf513adffbf2127be7c3a8b4d31073f (patch)
treea2ac8e321f57f5c7add15ec8166a6a2e7bdf989a /server
parent51539e95d954867d5c4561ac56843105253db79c (diff)
downloadPeerTube-9a7fd9600bf513adffbf2127be7c3a8b4d31073f.tar.gz
PeerTube-9a7fd9600bf513adffbf2127be7c3a8b4d31073f.tar.zst
PeerTube-9a7fd9600bf513adffbf2127be7c3a8b4d31073f.zip
Fix external auth email/password update
Also check if an actor does not already exist when creating the user
Diffstat (limited to 'server')
-rw-r--r--server/lib/oauth-model.ts8
-rw-r--r--server/middlewares/validators/users.ts9
-rw-r--r--server/tests/api/check-params/users.ts2
-rw-r--r--server/tests/api/videos/video-imports.ts2
-rw-r--r--server/tests/plugins/external-auth.ts10
5 files changed, 27 insertions, 4 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts
index e5ea4636e..db546efb1 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/oauth-model.ts
@@ -14,6 +14,7 @@ import { UserAdminFlag } from '@shared/models/users/user-flag.model'
14import { createUserAccountAndChannelAndPlaylist } from './user' 14import { createUserAccountAndChannelAndPlaylist } from './user'
15import { UserRole } from '@shared/models/users/user-role' 15import { UserRole } from '@shared/models/users/user-role'
16import { PluginManager } from '@server/lib/plugins/plugin-manager' 16import { PluginManager } from '@server/lib/plugins/plugin-manager'
17import { ActorModel } from '@server/models/activitypub/actor'
17 18
18type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } 19type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
19 20
@@ -109,6 +110,9 @@ async function getUser (usernameOrEmail?: string, password?: string) {
109 let user = await UserModel.loadByEmail(obj.user.email) 110 let user = await UserModel.loadByEmail(obj.user.email)
110 if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) 111 if (!user) user = await createUserFromExternal(obj.pluginName, obj.user)
111 112
113 // Cannot create a user
114 if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.')
115
112 // If the user does not belongs to a plugin, it was created before its installation 116 // If the user does not belongs to a plugin, it was created before its installation
113 // Then we just go through a regular login process 117 // Then we just go through a regular login process
114 if (user.pluginAuth !== null) { 118 if (user.pluginAuth !== null) {
@@ -208,6 +212,10 @@ async function createUserFromExternal (pluginAuth: string, options: {
208 role: UserRole 212 role: UserRole
209 displayName: string 213 displayName: string
210}) { 214}) {
215 // Check an actor does not already exists with that name (removed user)
216 const actor = await ActorModel.loadLocalByName(options.username)
217 if (actor) return null
218
211 const userToCreate = new UserModel({ 219 const userToCreate = new UserModel({
212 username: options.username, 220 username: options.username,
213 password: null, 221 password: null,
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 840b9fc74..3bdbcdf6a 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -234,14 +234,19 @@ const usersUpdateMeValidator = [
234 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 234 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
235 logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) 235 logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
236 236
237 const user = res.locals.oauth.token.User
238
237 if (req.body.password || req.body.email) { 239 if (req.body.password || req.body.email) {
240 if (user.pluginAuth !== null) {
241 return res.status(400)
242 .json({ error: 'You cannot update your email or password that is associated with an external auth system.' })
243 }
244
238 if (!req.body.currentPassword) { 245 if (!req.body.currentPassword) {
239 return res.status(400) 246 return res.status(400)
240 .json({ error: 'currentPassword parameter is missing.' }) 247 .json({ error: 'currentPassword parameter is missing.' })
241 .end()
242 } 248 }
243 249
244 const user = res.locals.oauth.token.User
245 if (await user.isPasswordMatch(req.body.currentPassword) !== true) { 250 if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
246 return res.status(401) 251 return res.status(401)
247 .json({ error: 'currentPassword is invalid.' }) 252 .json({ error: 'currentPassword is invalid.' })
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 4d597f0a3..6e737af15 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -1044,7 +1044,7 @@ describe('Test users API validators', function () {
1044 } 1044 }
1045 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() })) 1045 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
1046 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() })) 1046 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
1047 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' })) 1047 await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' as any }))
1048 1048
1049 await waitJobs([ server ]) 1049 await waitJobs([ server ])
1050 1050
diff --git a/server/tests/api/videos/video-imports.ts b/server/tests/api/videos/video-imports.ts
index 4d5989f43..d211859e4 100644
--- a/server/tests/api/videos/video-imports.ts
+++ b/server/tests/api/videos/video-imports.ts
@@ -175,7 +175,7 @@ Ajouter un sous-titre est vraiment facile`)
175 175
176 { 176 {
177 const attributes = immutableAssign(baseAttributes, { 177 const attributes = immutableAssign(baseAttributes, {
178 torrentfile: 'video-720p.torrent', 178 torrentfile: 'video-720p.torrent' as any,
179 description: 'this is a super torrent description', 179 description: 'this is a super torrent description',
180 tags: [ 'tag_torrent1', 'tag_torrent2' ] 180 tags: [ 'tag_torrent1', 'tag_torrent2' ]
181 }) 181 })
diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts
index a85672782..57361be05 100644
--- a/server/tests/plugins/external-auth.ts
+++ b/server/tests/plugins/external-auth.ts
@@ -255,6 +255,16 @@ describe('Test external auth plugins', function () {
255 expect(body.role).to.equal(UserRole.USER) 255 expect(body.role).to.equal(UserRole.USER)
256 }) 256 })
257 257
258 it('Should not update an external auth email', async function () {
259 await updateMyUser({
260 url: server.url,
261 accessToken: cyanAccessToken,
262 email: 'toto@example.com',
263 currentPassword: 'toto',
264 statusCodeExpected: 400
265 })
266 })
267
258 it('Should reject token of Kefka by the plugin hook', async function () { 268 it('Should reject token of Kefka by the plugin hook', async function () {
259 this.timeout(10000) 269 this.timeout(10000)
260 270