aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib/auth.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r--server/lib/auth.ts13
1 files changed, 6 insertions, 7 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index eaae5fdf3..2ef77bc9c 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -1,7 +1,7 @@
1import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users' 1import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users'
2import { logger } from '@server/helpers/logger' 2import { logger } from '@server/helpers/logger'
3import { generateRandomString } from '@server/helpers/utils' 3import { generateRandomString } from '@server/helpers/utils'
4import { OAUTH_LIFETIME, WEBSERVER } from '@server/initializers/constants' 4import { OAUTH_LIFETIME, PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
5import { revokeToken } from '@server/lib/oauth-model' 5import { revokeToken } from '@server/lib/oauth-model'
6import { PluginManager } from '@server/lib/plugins/plugin-manager' 6import { PluginManager } from '@server/lib/plugins/plugin-manager'
7import { OAuthTokenModel } from '@server/models/oauth/oauth-token' 7import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
@@ -35,7 +35,7 @@ const authBypassTokens = new Map<string, {
35 npmName: string 35 npmName: string
36}>() 36}>()
37 37
38async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { 38async function handleLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
39 const grantType = req.body.grant_type 39 const grantType = req.body.grant_type
40 40
41 if (grantType === 'password') { 41 if (grantType === 'password') {
@@ -90,10 +90,9 @@ async function onExternalUserAuthenticated (options: {
90 logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) 90 logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName)
91 91
92 const bypassToken = await generateRandomString(32) 92 const bypassToken = await generateRandomString(32)
93 const tokenLifetime = 1000 * 60 * 5 // 5 minutes
94 93
95 const expires = new Date() 94 const expires = new Date()
96 expires.setTime(expires.getTime() + tokenLifetime) 95 expires.setTime(expires.getTime() + PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME)
97 96
98 const user = buildUserResult(authResult) 97 const user = buildUserResult(authResult)
99 authBypassTokens.set(bypassToken, { 98 authBypassTokens.set(bypassToken, {
@@ -108,7 +107,7 @@ async function onExternalUserAuthenticated (options: {
108 107
109// --------------------------------------------------------------------------- 108// ---------------------------------------------------------------------------
110 109
111export { oAuthServer, handleIdAndPassLogin, onExternalUserAuthenticated, handleTokenRevocation } 110export { oAuthServer, handleLogin, onExternalUserAuthenticated, handleTokenRevocation }
112 111
113// --------------------------------------------------------------------------- 112// ---------------------------------------------------------------------------
114 113
@@ -212,7 +211,7 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response)
212 211
213 const now = new Date() 212 const now = new Date()
214 if (now.getTime() > expires.getTime()) { 213 if (now.getTime() > expires.getTime()) {
215 logger.error('Cannot authenticate user with an expired bypass token') 214 logger.error('Cannot authenticate user with an expired external auth token')
216 return res.sendStatus(400) 215 return res.sendStatus(400)
217 } 216 }
218 217
@@ -267,7 +266,7 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) {
267 return { 266 return {
268 username: pluginResult.username, 267 username: pluginResult.username,
269 email: pluginResult.email, 268 email: pluginResult.email,
270 role: pluginResult.role || UserRole.USER, 269 role: pluginResult.role ?? UserRole.USER,
271 displayName: pluginResult.displayName || pluginResult.username 270 displayName: pluginResult.displayName || pluginResult.username
272 } 271 }
273} 272}