diff options
Diffstat (limited to 'server/lib/auth/external-auth.ts')
-rw-r--r-- | server/lib/auth/external-auth.ts | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/server/lib/auth/external-auth.ts b/server/lib/auth/external-auth.ts index 155ec03d8..bc5b74257 100644 --- a/server/lib/auth/external-auth.ts +++ b/server/lib/auth/external-auth.ts | |||
@@ -19,6 +19,7 @@ import { | |||
19 | RegisterServerExternalAuthenticatedResult | 19 | RegisterServerExternalAuthenticatedResult |
20 | } from '@server/types/plugins/register-server-auth.model' | 20 | } from '@server/types/plugins/register-server-auth.model' |
21 | import { UserAdminFlag, UserRole } from '@shared/models' | 21 | import { UserAdminFlag, UserRole } from '@shared/models' |
22 | import { BypassLogin } from './oauth-model' | ||
22 | 23 | ||
23 | export type ExternalUser = | 24 | export type ExternalUser = |
24 | Pick<MUser, 'username' | 'email' | 'role' | 'adminFlags' | 'videoQuotaDaily' | 'videoQuota'> & | 25 | Pick<MUser, 'username' | 'email' | 'role' | 'adminFlags' | 'videoQuotaDaily' | 'videoQuota'> & |
@@ -28,6 +29,7 @@ export type ExternalUser = | |||
28 | const authBypassTokens = new Map<string, { | 29 | const authBypassTokens = new Map<string, { |
29 | expires: Date | 30 | expires: Date |
30 | user: ExternalUser | 31 | user: ExternalUser |
32 | userUpdater: RegisterServerAuthenticatedResult['userUpdater'] | ||
31 | authName: string | 33 | authName: string |
32 | npmName: string | 34 | npmName: string |
33 | }>() | 35 | }>() |
@@ -63,7 +65,8 @@ async function onExternalUserAuthenticated (options: { | |||
63 | expires, | 65 | expires, |
64 | user, | 66 | user, |
65 | npmName, | 67 | npmName, |
66 | authName | 68 | authName, |
69 | userUpdater: authResult.userUpdater | ||
67 | }) | 70 | }) |
68 | 71 | ||
69 | // Cleanup expired tokens | 72 | // Cleanup expired tokens |
@@ -85,7 +88,7 @@ async function getAuthNameFromRefreshGrant (refreshToken?: string) { | |||
85 | return tokenModel?.authName | 88 | return tokenModel?.authName |
86 | } | 89 | } |
87 | 90 | ||
88 | async function getBypassFromPasswordGrant (username: string, password: string) { | 91 | async function getBypassFromPasswordGrant (username: string, password: string): Promise<BypassLogin> { |
89 | const plugins = PluginManager.Instance.getIdAndPassAuths() | 92 | const plugins = PluginManager.Instance.getIdAndPassAuths() |
90 | const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = [] | 93 | const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = [] |
91 | 94 | ||
@@ -140,7 +143,8 @@ async function getBypassFromPasswordGrant (username: string, password: string) { | |||
140 | bypass: true, | 143 | bypass: true, |
141 | pluginName: pluginAuth.npmName, | 144 | pluginName: pluginAuth.npmName, |
142 | authName: authOptions.authName, | 145 | authName: authOptions.authName, |
143 | user: buildUserResult(loginResult) | 146 | user: buildUserResult(loginResult), |
147 | userUpdater: loginResult.userUpdater | ||
144 | } | 148 | } |
145 | } catch (err) { | 149 | } catch (err) { |
146 | logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err }) | 150 | logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err }) |
@@ -150,7 +154,7 @@ async function getBypassFromPasswordGrant (username: string, password: string) { | |||
150 | return undefined | 154 | return undefined |
151 | } | 155 | } |
152 | 156 | ||
153 | function getBypassFromExternalAuth (username: string, externalAuthToken: string) { | 157 | function getBypassFromExternalAuth (username: string, externalAuthToken: string): BypassLogin { |
154 | const obj = authBypassTokens.get(externalAuthToken) | 158 | const obj = authBypassTokens.get(externalAuthToken) |
155 | if (!obj) throw new Error('Cannot authenticate user with unknown bypass token') | 159 | if (!obj) throw new Error('Cannot authenticate user with unknown bypass token') |
156 | 160 | ||
@@ -174,6 +178,7 @@ function getBypassFromExternalAuth (username: string, externalAuthToken: string) | |||
174 | bypass: true, | 178 | bypass: true, |
175 | pluginName: npmName, | 179 | pluginName: npmName, |
176 | authName, | 180 | authName, |
181 | userUpdater: obj.userUpdater, | ||
177 | user | 182 | user |
178 | } | 183 | } |
179 | } | 184 | } |
@@ -194,6 +199,11 @@ function isAuthResultValid (npmName: string, authName: string, result: RegisterS | |||
194 | if (result.videoQuota && !isUserVideoQuotaValid(result.videoQuota + '')) return returnError('videoQuota') | 199 | if (result.videoQuota && !isUserVideoQuotaValid(result.videoQuota + '')) return returnError('videoQuota') |
195 | if (result.videoQuotaDaily && !isUserVideoQuotaDailyValid(result.videoQuotaDaily + '')) return returnError('videoQuotaDaily') | 200 | if (result.videoQuotaDaily && !isUserVideoQuotaDailyValid(result.videoQuotaDaily + '')) return returnError('videoQuotaDaily') |
196 | 201 | ||
202 | if (result.userUpdater && typeof result.userUpdater !== 'function') { | ||
203 | logger.error('Auth method %s of plugin %s did not provide a valid user updater function.', authName, npmName) | ||
204 | return false | ||
205 | } | ||
206 | |||
197 | return true | 207 | return true |
198 | } | 208 | } |
199 | 209 | ||