diff options
Diffstat (limited to 'server/lib')
-rw-r--r-- | server/lib/auth.ts | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index c47ec62d0..5a6dd9dec 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -7,6 +7,7 @@ import { logger } from '@server/helpers/logger' | |||
7 | import { UserRole } from '@shared/models' | 7 | import { UserRole } from '@shared/models' |
8 | import { revokeToken } from '@server/lib/oauth-model' | 8 | import { revokeToken } from '@server/lib/oauth-model' |
9 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' | 9 | import { OAuthTokenModel } from '@server/models/oauth/oauth-token' |
10 | import { isUserUsernameValid, isUserRoleValid, isUserDisplayNameValid } from '@server/helpers/custom-validators/users' | ||
10 | 11 | ||
11 | const oAuthServer = new OAuthServer({ | 12 | const oAuthServer = new OAuthServer({ |
12 | useErrorHandler: true, | 13 | useErrorHandler: true, |
@@ -120,10 +121,12 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response | |||
120 | 121 | ||
121 | for (const pluginAuth of pluginAuths) { | 122 | for (const pluginAuth of pluginAuths) { |
122 | const authOptions = pluginAuth.registerAuthOptions | 123 | const authOptions = pluginAuth.registerAuthOptions |
124 | const authName = authOptions.authName | ||
125 | const npmName = pluginAuth.npmName | ||
123 | 126 | ||
124 | logger.debug( | 127 | logger.debug( |
125 | 'Using auth method %s of plugin %s to login %s with weight %d.', | 128 | 'Using auth method %s of plugin %s to login %s with weight %d.', |
126 | authOptions.authName, pluginAuth.npmName, loginOptions.id, authOptions.getWeight() | 129 | authName, npmName, loginOptions.id, authOptions.getWeight() |
127 | ) | 130 | ) |
128 | 131 | ||
129 | try { | 132 | try { |
@@ -131,9 +134,31 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response | |||
131 | if (loginResult) { | 134 | if (loginResult) { |
132 | logger.info( | 135 | logger.info( |
133 | 'Login success with auth method %s of plugin %s for %s.', | 136 | 'Login success with auth method %s of plugin %s for %s.', |
134 | authOptions.authName, pluginAuth.npmName, loginOptions.id | 137 | authName, npmName, loginOptions.id |
135 | ) | 138 | ) |
136 | 139 | ||
140 | if (!isUserUsernameValid(loginResult.username)) { | ||
141 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { loginResult }) | ||
142 | continue | ||
143 | } | ||
144 | |||
145 | if (!loginResult.email) { | ||
146 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { loginResult }) | ||
147 | continue | ||
148 | } | ||
149 | |||
150 | // role is optional | ||
151 | if (loginResult.role && !isUserRoleValid(loginResult.role)) { | ||
152 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { loginResult }) | ||
153 | continue | ||
154 | } | ||
155 | |||
156 | // display name is optional | ||
157 | if (loginResult.displayName && !isUserDisplayNameValid(loginResult.displayName)) { | ||
158 | logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { loginResult }) | ||
159 | continue | ||
160 | } | ||
161 | |||
137 | res.locals.bypassLogin = { | 162 | res.locals.bypassLogin = { |
138 | bypass: true, | 163 | bypass: true, |
139 | pluginName: pluginAuth.npmName, | 164 | pluginName: pluginAuth.npmName, |