diff options
Diffstat (limited to 'server/lib/oauth-model.ts')
-rw-r--r-- | server/lib/oauth-model.ts | 62 |
1 files changed, 44 insertions, 18 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index 7a6ed63be..6eb0e4473 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts | |||
@@ -1,4 +1,3 @@ | |||
1 | import * as Bluebird from 'bluebird' | ||
2 | import * as express from 'express' | 1 | import * as express from 'express' |
3 | import { AccessDeniedError } from 'oauth2-server' | 2 | import { AccessDeniedError } from 'oauth2-server' |
4 | import { logger } from '../helpers/logger' | 3 | import { logger } from '../helpers/logger' |
@@ -47,22 +46,33 @@ function clearCacheByToken (token: string) { | |||
47 | } | 46 | } |
48 | } | 47 | } |
49 | 48 | ||
50 | function getAccessToken (bearerToken: string) { | 49 | async function getAccessToken (bearerToken: string) { |
51 | logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') | 50 | logger.debug('Getting access token (bearerToken: ' + bearerToken + ').') |
52 | 51 | ||
53 | if (!bearerToken) return Bluebird.resolve(undefined) | 52 | if (!bearerToken) return undefined |
54 | 53 | ||
55 | if (accessTokenCache.has(bearerToken)) return Bluebird.resolve(accessTokenCache.get(bearerToken)) | 54 | let tokenModel: MOAuthTokenUser |
56 | 55 | ||
57 | return OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) | 56 | if (accessTokenCache.has(bearerToken)) { |
58 | .then(tokenModel => { | 57 | tokenModel = accessTokenCache.get(bearerToken) |
59 | if (tokenModel) { | 58 | } else { |
60 | accessTokenCache.set(bearerToken, tokenModel) | 59 | tokenModel = await OAuthTokenModel.getByTokenAndPopulateUser(bearerToken) |
61 | userHavingToken.set(tokenModel.userId, tokenModel.accessToken) | ||
62 | } | ||
63 | 60 | ||
64 | return tokenModel | 61 | if (tokenModel) { |
65 | }) | 62 | accessTokenCache.set(bearerToken, tokenModel) |
63 | userHavingToken.set(tokenModel.userId, tokenModel.accessToken) | ||
64 | } | ||
65 | } | ||
66 | |||
67 | if (!tokenModel) return undefined | ||
68 | |||
69 | if (tokenModel.User.pluginAuth) { | ||
70 | const valid = await PluginManager.Instance.isTokenValid(tokenModel, 'access') | ||
71 | |||
72 | if (valid !== true) return undefined | ||
73 | } | ||
74 | |||
75 | return tokenModel | ||
66 | } | 76 | } |
67 | 77 | ||
68 | function getClient (clientId: string, clientSecret: string) { | 78 | function getClient (clientId: string, clientSecret: string) { |
@@ -71,14 +81,27 @@ function getClient (clientId: string, clientSecret: string) { | |||
71 | return OAuthClientModel.getByIdAndSecret(clientId, clientSecret) | 81 | return OAuthClientModel.getByIdAndSecret(clientId, clientSecret) |
72 | } | 82 | } |
73 | 83 | ||
74 | function getRefreshToken (refreshToken: string) { | 84 | async function getRefreshToken (refreshToken: string) { |
75 | logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').') | 85 | logger.debug('Getting RefreshToken (refreshToken: ' + refreshToken + ').') |
76 | 86 | ||
77 | return OAuthTokenModel.getByRefreshTokenAndPopulateClient(refreshToken) | 87 | const tokenInfo = await OAuthTokenModel.getByRefreshTokenAndPopulateClient(refreshToken) |
88 | if (!tokenInfo) return undefined | ||
89 | |||
90 | const tokenModel = tokenInfo.token | ||
91 | |||
92 | if (tokenModel.User.pluginAuth) { | ||
93 | const valid = await PluginManager.Instance.isTokenValid(tokenModel, 'refresh') | ||
94 | |||
95 | if (valid !== true) return undefined | ||
96 | } | ||
97 | |||
98 | return tokenInfo | ||
78 | } | 99 | } |
79 | 100 | ||
80 | async function getUser (usernameOrEmail: string, password: string) { | 101 | async function getUser (usernameOrEmail: string, password: string) { |
81 | const res: express.Response = this.request.res | 102 | const res: express.Response = this.request.res |
103 | |||
104 | // Special treatment coming from a plugin | ||
82 | if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) { | 105 | if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) { |
83 | const obj = res.locals.bypassLogin | 106 | const obj = res.locals.bypassLogin |
84 | logger.info('Bypassing oauth login by plugin %s.', obj.pluginName) | 107 | logger.info('Bypassing oauth login by plugin %s.', obj.pluginName) |
@@ -110,7 +133,7 @@ async function getUser (usernameOrEmail: string, password: string) { | |||
110 | return user | 133 | return user |
111 | } | 134 | } |
112 | 135 | ||
113 | async function revokeToken (tokenInfo: TokenInfo) { | 136 | async function revokeToken (tokenInfo: { refreshToken: string }) { |
114 | const res: express.Response = this.request.res | 137 | const res: express.Response = this.request.res |
115 | const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) | 138 | const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) |
116 | 139 | ||
@@ -133,9 +156,12 @@ async function revokeToken (tokenInfo: TokenInfo) { | |||
133 | async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { | 156 | async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { |
134 | const res: express.Response = this.request.res | 157 | const res: express.Response = this.request.res |
135 | 158 | ||
136 | const authName = res.locals.bypassLogin?.bypass === true | 159 | let authName: string = null |
137 | ? res.locals.bypassLogin.authName | 160 | if (res.locals.bypassLogin?.bypass === true) { |
138 | : null | 161 | authName = res.locals.bypassLogin.authName |
162 | } else if (res.locals.refreshTokenAuthName) { | ||
163 | authName = res.locals.refreshTokenAuthName | ||
164 | } | ||
139 | 165 | ||
140 | logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.') | 166 | logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.') |
141 | 167 | ||