diff options
Diffstat (limited to 'server/lib/oauth-model.ts')
| -rw-r--r-- | server/lib/oauth-model.ts | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index ea4a67802..7a6ed63be 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts | |||
| @@ -14,6 +14,7 @@ import { MUser } from '@server/typings/models/user/user' | |||
| 14 | import { UserAdminFlag } from '@shared/models/users/user-flag.model' | 14 | import { UserAdminFlag } from '@shared/models/users/user-flag.model' |
| 15 | import { createUserAccountAndChannelAndPlaylist } from './user' | 15 | import { createUserAccountAndChannelAndPlaylist } from './user' |
| 16 | import { UserRole } from '@shared/models/users/user-role' | 16 | import { UserRole } from '@shared/models/users/user-role' |
| 17 | import { PluginManager } from '@server/lib/plugins/plugin-manager' | ||
| 17 | 18 | ||
| 18 | type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } | 19 | type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } |
| 19 | 20 | ||
| @@ -82,7 +83,7 @@ async function getUser (usernameOrEmail: string, password: string) { | |||
| 82 | const obj = res.locals.bypassLogin | 83 | const obj = res.locals.bypassLogin |
| 83 | logger.info('Bypassing oauth login by plugin %s.', obj.pluginName) | 84 | logger.info('Bypassing oauth login by plugin %s.', obj.pluginName) |
| 84 | 85 | ||
| 85 | let user = await UserModel.loadByEmail(obj.user.username) | 86 | let user = await UserModel.loadByEmail(obj.user.email) |
| 86 | if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) | 87 | if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) |
| 87 | 88 | ||
| 88 | // This user does not belong to this plugin, skip it | 89 | // This user does not belong to this plugin, skip it |
| @@ -94,7 +95,8 @@ async function getUser (usernameOrEmail: string, password: string) { | |||
| 94 | logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') | 95 | logger.debug('Getting User (username/email: ' + usernameOrEmail + ', password: ******).') |
| 95 | 96 | ||
| 96 | const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) | 97 | const user = await UserModel.loadByUsernameOrEmail(usernameOrEmail) |
| 97 | if (!user) return null | 98 | // If we don't find the user, or if the user belongs to a plugin |
| 99 | if (!user || user.pluginAuth !== null) return null | ||
| 98 | 100 | ||
| 99 | const passwordMatch = await user.isPasswordMatch(password) | 101 | const passwordMatch = await user.isPasswordMatch(password) |
| 100 | if (passwordMatch === false) return null | 102 | if (passwordMatch === false) return null |
| @@ -109,8 +111,14 @@ async function getUser (usernameOrEmail: string, password: string) { | |||
| 109 | } | 111 | } |
| 110 | 112 | ||
| 111 | async function revokeToken (tokenInfo: TokenInfo) { | 113 | async function revokeToken (tokenInfo: TokenInfo) { |
| 114 | const res: express.Response = this.request.res | ||
| 112 | const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) | 115 | const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken) |
| 116 | |||
| 113 | if (token) { | 117 | if (token) { |
| 118 | if (res.locals.explicitLogout === true && token.User.pluginAuth && token.authName) { | ||
| 119 | PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName) | ||
| 120 | } | ||
| 121 | |||
| 114 | clearCacheByToken(token.accessToken) | 122 | clearCacheByToken(token.accessToken) |
| 115 | 123 | ||
| 116 | token.destroy() | 124 | token.destroy() |
| @@ -123,6 +131,12 @@ async function revokeToken (tokenInfo: TokenInfo) { | |||
| 123 | } | 131 | } |
| 124 | 132 | ||
| 125 | async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { | 133 | async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) { |
| 134 | const res: express.Response = this.request.res | ||
| 135 | |||
| 136 | const authName = res.locals.bypassLogin?.bypass === true | ||
| 137 | ? res.locals.bypassLogin.authName | ||
| 138 | : null | ||
| 139 | |||
| 126 | logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.') | 140 | logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.') |
| 127 | 141 | ||
| 128 | const tokenToCreate = { | 142 | const tokenToCreate = { |
| @@ -130,6 +144,7 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User | |||
| 130 | accessTokenExpiresAt: token.accessTokenExpiresAt, | 144 | accessTokenExpiresAt: token.accessTokenExpiresAt, |
| 131 | refreshToken: token.refreshToken, | 145 | refreshToken: token.refreshToken, |
| 132 | refreshTokenExpiresAt: token.refreshTokenExpiresAt, | 146 | refreshTokenExpiresAt: token.refreshTokenExpiresAt, |
| 147 | authName, | ||
| 133 | oAuthClientId: client.id, | 148 | oAuthClientId: client.id, |
| 134 | userId: user.id | 149 | userId: user.id |
| 135 | } | 150 | } |