diff options
Diffstat (limited to 'server/lib/auth.ts')
| -rw-r--r-- | server/lib/auth.ts | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 1fa896f6e..7c1dd1139 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
| @@ -83,10 +83,13 @@ async function onExternalUserAuthenticated (options: { | |||
| 83 | return | 83 | return |
| 84 | } | 84 | } |
| 85 | 85 | ||
| 86 | if (!isAuthResultValid(npmName, authName, authResult)) return | ||
| 87 | |||
| 88 | const { res } = authResult | 86 | const { res } = authResult |
| 89 | 87 | ||
| 88 | if (!isAuthResultValid(npmName, authName, authResult)) { | ||
| 89 | res.redirect('/login?externalAuthError=true') | ||
| 90 | return | ||
| 91 | } | ||
| 92 | |||
| 90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 93 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
| 91 | 94 | ||
| 92 | const bypassToken = await generateRandomString(32) | 95 | const bypassToken = await generateRandomString(32) |
| @@ -238,24 +241,27 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
| 238 | 241 | ||
| 239 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { | 242 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { |
| 240 | if (!isUserUsernameValid(result.username)) { | 243 | if (!isUserUsernameValid(result.username)) { |
| 241 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { result }) | 244 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username }) |
| 242 | return false | 245 | return false |
| 243 | } | 246 | } |
| 244 | 247 | ||
| 245 | if (!result.email) { | 248 | if (!result.email) { |
| 246 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { result }) | 249 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email }) |
| 247 | return false | 250 | return false |
| 248 | } | 251 | } |
| 249 | 252 | ||
| 250 | // role is optional | 253 | // role is optional |
| 251 | if (result.role && !isUserRoleValid(result.role)) { | 254 | if (result.role && !isUserRoleValid(result.role)) { |
| 252 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { result }) | 255 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role }) |
| 253 | return false | 256 | return false |
| 254 | } | 257 | } |
| 255 | 258 | ||
| 256 | // display name is optional | 259 | // display name is optional |
| 257 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { | 260 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { |
| 258 | logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { result }) | 261 | logger.error( |
| 262 | 'Auth method %s of plugin %s did not provide a valid display name.', | ||
| 263 | authName, npmName, { displayName: result.displayName } | ||
| 264 | ) | ||
| 259 | return false | 265 | return false |
| 260 | } | 266 | } |
| 261 | 267 | ||