diff options
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r-- | server/lib/auth.ts | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index eaae5fdf3..2ef77bc9c 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -1,7 +1,7 @@ | |||
1 | import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users' | 1 | import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users' |
2 | import { logger } from '@server/helpers/logger' | 2 | import { logger } from '@server/helpers/logger' |
3 | import { generateRandomString } from '@server/helpers/utils' | 3 | import { generateRandomString } from '@server/helpers/utils' |
4 | import { OAUTH_LIFETIME, WEBSERVER } from '@server/initializers/constants' | 4 | import { OAUTH_LIFETIME, PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants' |
5 | import { revokeToken } from '@server/lib/oauth-model' | 5 | import { revokeToken } from '@server/lib/oauth-model' |
6 | import { PluginManager } from '@server/lib/plugins/plugin-manager' | 6 | import { PluginManager } from '@server/lib/plugins/plugin-manager' |
7 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' | 7 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' |
@@ -35,7 +35,7 @@ const authBypassTokens = new Map<string, { | |||
35 | npmName: string | 35 | npmName: string |
36 | }>() | 36 | }>() |
37 | 37 | ||
38 | async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | 38 | async function handleLogin (req: express.Request, res: express.Response, next: express.NextFunction) { |
39 | const grantType = req.body.grant_type | 39 | const grantType = req.body.grant_type |
40 | 40 | ||
41 | if (grantType === 'password') { | 41 | if (grantType === 'password') { |
@@ -90,10 +90,9 @@ async function onExternalUserAuthenticated (options: { | |||
90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
91 | 91 | ||
92 | const bypassToken = await generateRandomString(32) | 92 | const bypassToken = await generateRandomString(32) |
93 | const tokenLifetime = 1000 * 60 * 5 // 5 minutes | ||
94 | 93 | ||
95 | const expires = new Date() | 94 | const expires = new Date() |
96 | expires.setTime(expires.getTime() + tokenLifetime) | 95 | expires.setTime(expires.getTime() + PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME) |
97 | 96 | ||
98 | const user = buildUserResult(authResult) | 97 | const user = buildUserResult(authResult) |
99 | authBypassTokens.set(bypassToken, { | 98 | authBypassTokens.set(bypassToken, { |
@@ -108,7 +107,7 @@ async function onExternalUserAuthenticated (options: { | |||
108 | 107 | ||
109 | // --------------------------------------------------------------------------- | 108 | // --------------------------------------------------------------------------- |
110 | 109 | ||
111 | export { oAuthServer, handleIdAndPassLogin, onExternalUserAuthenticated, handleTokenRevocation } | 110 | export { oAuthServer, handleLogin, onExternalUserAuthenticated, handleTokenRevocation } |
112 | 111 | ||
113 | // --------------------------------------------------------------------------- | 112 | // --------------------------------------------------------------------------- |
114 | 113 | ||
@@ -212,7 +211,7 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
212 | 211 | ||
213 | const now = new Date() | 212 | const now = new Date() |
214 | if (now.getTime() > expires.getTime()) { | 213 | if (now.getTime() > expires.getTime()) { |
215 | logger.error('Cannot authenticate user with an expired bypass token') | 214 | logger.error('Cannot authenticate user with an expired external auth token') |
216 | return res.sendStatus(400) | 215 | return res.sendStatus(400) |
217 | } | 216 | } |
218 | 217 | ||
@@ -267,7 +266,7 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) { | |||
267 | return { | 266 | return { |
268 | username: pluginResult.username, | 267 | username: pluginResult.username, |
269 | email: pluginResult.email, | 268 | email: pluginResult.email, |
270 | role: pluginResult.role || UserRole.USER, | 269 | role: pluginResult.role ?? UserRole.USER, |
271 | displayName: pluginResult.displayName || pluginResult.username | 270 | displayName: pluginResult.displayName || pluginResult.username |
272 | } | 271 | } |
273 | } | 272 | } |