diff options
Diffstat (limited to 'server/lib/auth.ts')
| -rw-r--r-- | server/lib/auth.ts | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index eaae5fdf3..2ef77bc9c 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users' | 1 | import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users' |
| 2 | import { logger } from '@server/helpers/logger' | 2 | import { logger } from '@server/helpers/logger' |
| 3 | import { generateRandomString } from '@server/helpers/utils' | 3 | import { generateRandomString } from '@server/helpers/utils' |
| 4 | import { OAUTH_LIFETIME, WEBSERVER } from '@server/initializers/constants' | 4 | import { OAUTH_LIFETIME, PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants' |
| 5 | import { revokeToken } from '@server/lib/oauth-model' | 5 | import { revokeToken } from '@server/lib/oauth-model' |
| 6 | import { PluginManager } from '@server/lib/plugins/plugin-manager' | 6 | import { PluginManager } from '@server/lib/plugins/plugin-manager' |
| 7 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' | 7 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' |
| @@ -35,7 +35,7 @@ const authBypassTokens = new Map<string, { | |||
| 35 | npmName: string | 35 | npmName: string |
| 36 | }>() | 36 | }>() |
| 37 | 37 | ||
| 38 | async function handleIdAndPassLogin (req: express.Request, res: express.Response, next: express.NextFunction) { | 38 | async function handleLogin (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 39 | const grantType = req.body.grant_type | 39 | const grantType = req.body.grant_type |
| 40 | 40 | ||
| 41 | if (grantType === 'password') { | 41 | if (grantType === 'password') { |
| @@ -90,10 +90,9 @@ async function onExternalUserAuthenticated (options: { | |||
| 90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
| 91 | 91 | ||
| 92 | const bypassToken = await generateRandomString(32) | 92 | const bypassToken = await generateRandomString(32) |
| 93 | const tokenLifetime = 1000 * 60 * 5 // 5 minutes | ||
| 94 | 93 | ||
| 95 | const expires = new Date() | 94 | const expires = new Date() |
| 96 | expires.setTime(expires.getTime() + tokenLifetime) | 95 | expires.setTime(expires.getTime() + PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME) |
| 97 | 96 | ||
| 98 | const user = buildUserResult(authResult) | 97 | const user = buildUserResult(authResult) |
| 99 | authBypassTokens.set(bypassToken, { | 98 | authBypassTokens.set(bypassToken, { |
| @@ -108,7 +107,7 @@ async function onExternalUserAuthenticated (options: { | |||
| 108 | 107 | ||
| 109 | // --------------------------------------------------------------------------- | 108 | // --------------------------------------------------------------------------- |
| 110 | 109 | ||
| 111 | export { oAuthServer, handleIdAndPassLogin, onExternalUserAuthenticated, handleTokenRevocation } | 110 | export { oAuthServer, handleLogin, onExternalUserAuthenticated, handleTokenRevocation } |
| 112 | 111 | ||
| 113 | // --------------------------------------------------------------------------- | 112 | // --------------------------------------------------------------------------- |
| 114 | 113 | ||
| @@ -212,7 +211,7 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
| 212 | 211 | ||
| 213 | const now = new Date() | 212 | const now = new Date() |
| 214 | if (now.getTime() > expires.getTime()) { | 213 | if (now.getTime() > expires.getTime()) { |
| 215 | logger.error('Cannot authenticate user with an expired bypass token') | 214 | logger.error('Cannot authenticate user with an expired external auth token') |
| 216 | return res.sendStatus(400) | 215 | return res.sendStatus(400) |
| 217 | } | 216 | } |
| 218 | 217 | ||
| @@ -267,7 +266,7 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) { | |||
| 267 | return { | 266 | return { |
| 268 | username: pluginResult.username, | 267 | username: pluginResult.username, |
| 269 | email: pluginResult.email, | 268 | email: pluginResult.email, |
| 270 | role: pluginResult.role || UserRole.USER, | 269 | role: pluginResult.role ?? UserRole.USER, |
| 271 | displayName: pluginResult.displayName || pluginResult.username | 270 | displayName: pluginResult.displayName || pluginResult.username |
| 272 | } | 271 | } |
| 273 | } | 272 | } |