Ask password reset/email verif error handling

With a user that uses a plugin authentication
author: Chocobozzz <me@florianbigard.com> 2022-09-28 16:00:32 +0200
committer: Chocobozzz <me@florianbigard.com> 2022-09-28 16:00:32 +0200
commit: c5f3ff39e5351ac911418c432dac235c5aefec9e (patch)
tree: 5b7cbcf7a4436f891515364e735d564948a4503d /server
parent: 1f545e80b4db2aa371be48e3bce7de8f32d557d3 (diff)
download: PeerTube-c5f3ff39e5351ac911418c432dac235c5aefec9e.tar.gz
PeerTube-c5f3ff39e5351ac911418c432dac235c5aefec9e.tar.zst
PeerTube-c5f3ff39e5351ac911418c432dac235c5aefec9e.zip
3 files changed, 23 insertions, 1 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 0b27d5277..07b9ae395 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -343,7 +343,7 @@ async function askResetUserPassword (req: express.Request, res: express.Response
  const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
  const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
-  await Emailer.Instance.addPasswordResetEmailJob(user.username, user.email, url)
+  Emailer.Instance.addPasswordResetEmailJob(user.username, user.email, url)
  return res.status(HttpStatusCode.NO_CONTENT_204).end()
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 2de5265fb..eb693318f 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -411,6 +411,13 @@ const usersAskResetPasswordValidator = [
      return res.status(HttpStatusCode.NO_CONTENT_204).end()
    }
+    if (res.locals.user.pluginAuth) {
+      return res.fail({
+        status: HttpStatusCode.CONFLICT_409,
+        message: 'Cannot recover password of a user that uses a plugin authentication.'
+      })
+    }
    return next()
  }
 ]
@@ -454,6 +461,13 @@ const usersAskSendVerifyEmailValidator = [
      return res.status(HttpStatusCode.NO_CONTENT_204).end()
    }
+    if (res.locals.user.pluginAuth) {
+      return res.fail({
+        status: HttpStatusCode.CONFLICT_409,
+        message: 'Cannot ask verification email of a user that uses a plugin authentication.'
+      })
+    }
    return next()
  }
 ]
diff --git a/server/tests/external-plugins/auth-ldap.ts b/server/tests/external-plugins/auth-ldap.ts
index d7f155d2a..6f6a574a0 100644
--- a/server/tests/external-plugins/auth-ldap.ts
+++ b/server/tests/external-plugins/auth-ldap.ts
@@ -94,6 +94,14 @@ describe('Official plugin auth-ldap', function () {
    await server.login.login({ user: { username: 'fry@planetexpress.com', password: 'fry' } })
  })
+  it('Should not be able to ask password reset', async function () {
+    await server.users.askResetPassword({ email: 'fry@planetexpress.com', expectedStatus: HttpStatusCode.CONFLICT_409 })
+  })
+  it('Should not be able to ask email verification', async function () {
+    await server.users.askSendVerifyEmail({ email: 'fry@planetexpress.com', expectedStatus: HttpStatusCode.CONFLICT_409 })
+  })
  it('Should not login if the plugin is uninstalled', async function () {
    await server.plugins.uninstall({ npmName: 'peertube-plugin-auth-ldap' })
author	Chocobozzz <me@florianbigard.com>	2022-09-28 16:00:32 +0200
committer	Chocobozzz <me@florianbigard.com>	2022-09-28 16:00:32 +0200
commit	c5f3ff39e5351ac911418c432dac235c5aefec9e (patch)
tree	5b7cbcf7a4436f891515364e735d564948a4503d /server
parent	1f545e80b4db2aa371be48e3bce7de8f32d557d3 (diff)
download	PeerTube-c5f3ff39e5351ac911418c432dac235c5aefec9e.tar.gz PeerTube-c5f3ff39e5351ac911418c432dac235c5aefec9e.tar.zst PeerTube-c5f3ff39e5351ac911418c432dac235c5aefec9e.zip