aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib/auth/external-auth.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib/auth/external-auth.ts')
-rw-r--r--server/lib/auth/external-auth.ts60
1 files changed, 31 insertions, 29 deletions
diff --git a/server/lib/auth/external-auth.ts b/server/lib/auth/external-auth.ts
index 053112801..155ec03d8 100644
--- a/server/lib/auth/external-auth.ts
+++ b/server/lib/auth/external-auth.ts
@@ -1,26 +1,33 @@
1 1
2import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users' 2import {
3 isUserAdminFlagsValid,
4 isUserDisplayNameValid,
5 isUserRoleValid,
6 isUserUsernameValid,
7 isUserVideoQuotaDailyValid,
8 isUserVideoQuotaValid
9} from '@server/helpers/custom-validators/users'
3import { logger } from '@server/helpers/logger' 10import { logger } from '@server/helpers/logger'
4import { generateRandomString } from '@server/helpers/utils' 11import { generateRandomString } from '@server/helpers/utils'
5import { PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants' 12import { PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
6import { PluginManager } from '@server/lib/plugins/plugin-manager' 13import { PluginManager } from '@server/lib/plugins/plugin-manager'
7import { OAuthTokenModel } from '@server/models/oauth/oauth-token' 14import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
15import { MUser } from '@server/types/models'
8import { 16import {
9 RegisterServerAuthenticatedResult, 17 RegisterServerAuthenticatedResult,
10 RegisterServerAuthPassOptions, 18 RegisterServerAuthPassOptions,
11 RegisterServerExternalAuthenticatedResult 19 RegisterServerExternalAuthenticatedResult
12} from '@server/types/plugins/register-server-auth.model' 20} from '@server/types/plugins/register-server-auth.model'
13import { UserRole } from '@shared/models' 21import { UserAdminFlag, UserRole } from '@shared/models'
22
23export type ExternalUser =
24 Pick<MUser, 'username' | 'email' | 'role' | 'adminFlags' | 'videoQuotaDaily' | 'videoQuota'> &
25 { displayName: string }
14 26
15// Token is the key, expiration date is the value 27// Token is the key, expiration date is the value
16const authBypassTokens = new Map<string, { 28const authBypassTokens = new Map<string, {
17 expires: Date 29 expires: Date
18 user: { 30 user: ExternalUser
19 username: string
20 email: string
21 displayName: string
22 role: UserRole
23 }
24 authName: string 31 authName: string
25 npmName: string 32 npmName: string
26}>() 33}>()
@@ -172,30 +179,20 @@ function getBypassFromExternalAuth (username: string, externalAuthToken: string)
172} 179}
173 180
174function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { 181function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) {
175 if (!isUserUsernameValid(result.username)) { 182 const returnError = (field: string) => {
176 logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username }) 183 logger.error('Auth method %s of plugin %s did not provide a valid %s.', authName, npmName, field, { [field]: result[field] })
177 return false 184 return false
178 } 185 }
179 186
180 if (!result.email) { 187 if (!isUserUsernameValid(result.username)) return returnError('username')
181 logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email }) 188 if (!result.email) return returnError('email')
182 return false
183 }
184 189
185 // role is optional 190 // Following fields are optional
186 if (result.role && !isUserRoleValid(result.role)) { 191 if (result.role && !isUserRoleValid(result.role)) return returnError('role')
187 logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role }) 192 if (result.displayName && !isUserDisplayNameValid(result.displayName)) return returnError('displayName')
188 return false 193 if (result.adminFlags && !isUserAdminFlagsValid(result.adminFlags)) return returnError('adminFlags')
189 } 194 if (result.videoQuota && !isUserVideoQuotaValid(result.videoQuota + '')) return returnError('videoQuota')
190 195 if (result.videoQuotaDaily && !isUserVideoQuotaDailyValid(result.videoQuotaDaily + '')) return returnError('videoQuotaDaily')
191 // display name is optional
192 if (result.displayName && !isUserDisplayNameValid(result.displayName)) {
193 logger.error(
194 'Auth method %s of plugin %s did not provide a valid display name.',
195 authName, npmName, { displayName: result.displayName }
196 )
197 return false
198 }
199 196
200 return true 197 return true
201} 198}
@@ -205,7 +202,12 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) {
205 username: pluginResult.username, 202 username: pluginResult.username,
206 email: pluginResult.email, 203 email: pluginResult.email,
207 role: pluginResult.role ?? UserRole.USER, 204 role: pluginResult.role ?? UserRole.USER,
208 displayName: pluginResult.displayName || pluginResult.username 205 displayName: pluginResult.displayName || pluginResult.username,
206
207 adminFlags: pluginResult.adminFlags ?? UserAdminFlag.NONE,
208
209 videoQuota: pluginResult.videoQuota,
210 videoQuotaDaily: pluginResult.videoQuotaDaily
209 } 211 }
210} 212}
211 213