aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib/auth.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib/auth.ts')
-rw-r--r--server/lib/auth.ts29
1 files changed, 27 insertions, 2 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index c47ec62d0..5a6dd9dec 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -7,6 +7,7 @@ import { logger } from '@server/helpers/logger'
7import { UserRole } from '@shared/models' 7import { UserRole } from '@shared/models'
8import { revokeToken } from '@server/lib/oauth-model' 8import { revokeToken } from '@server/lib/oauth-model'
9import { OAuthTokenModel } from '@server/models/oauth/oauth-token' 9import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
10import { isUserUsernameValid, isUserRoleValid, isUserDisplayNameValid } from '@server/helpers/custom-validators/users'
10 11
11const oAuthServer = new OAuthServer({ 12const oAuthServer = new OAuthServer({
12 useErrorHandler: true, 13 useErrorHandler: true,
@@ -120,10 +121,12 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
120 121
121 for (const pluginAuth of pluginAuths) { 122 for (const pluginAuth of pluginAuths) {
122 const authOptions = pluginAuth.registerAuthOptions 123 const authOptions = pluginAuth.registerAuthOptions
124 const authName = authOptions.authName
125 const npmName = pluginAuth.npmName
123 126
124 logger.debug( 127 logger.debug(
125 'Using auth method %s of plugin %s to login %s with weight %d.', 128 'Using auth method %s of plugin %s to login %s with weight %d.',
126 authOptions.authName, pluginAuth.npmName, loginOptions.id, authOptions.getWeight() 129 authName, npmName, loginOptions.id, authOptions.getWeight()
127 ) 130 )
128 131
129 try { 132 try {
@@ -131,9 +134,31 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
131 if (loginResult) { 134 if (loginResult) {
132 logger.info( 135 logger.info(
133 'Login success with auth method %s of plugin %s for %s.', 136 'Login success with auth method %s of plugin %s for %s.',
134 authOptions.authName, pluginAuth.npmName, loginOptions.id 137 authName, npmName, loginOptions.id
135 ) 138 )
136 139
140 if (!isUserUsernameValid(loginResult.username)) {
141 logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { loginResult })
142 continue
143 }
144
145 if (!loginResult.email) {
146 logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { loginResult })
147 continue
148 }
149
150 // role is optional
151 if (loginResult.role && !isUserRoleValid(loginResult.role)) {
152 logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { loginResult })
153 continue
154 }
155
156 // display name is optional
157 if (loginResult.displayName && !isUserDisplayNameValid(loginResult.displayName)) {
158 logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { loginResult })
159 continue
160 }
161
137 res.locals.bypassLogin = { 162 res.locals.bypassLogin = {
138 bypass: true, 163 bypass: true,
139 pluginName: pluginAuth.npmName, 164 pluginName: pluginAuth.npmName,