diff options
Diffstat (limited to 'server/lib')
-rw-r--r-- | server/lib/auth.ts | 18 | ||||
-rw-r--r-- | server/lib/client-html.ts | 2 | ||||
-rw-r--r-- | server/lib/plugins/register-helpers-store.ts | 4 |
3 files changed, 15 insertions, 9 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 1fa896f6e..7c1dd1139 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -83,10 +83,13 @@ async function onExternalUserAuthenticated (options: { | |||
83 | return | 83 | return |
84 | } | 84 | } |
85 | 85 | ||
86 | if (!isAuthResultValid(npmName, authName, authResult)) return | ||
87 | |||
88 | const { res } = authResult | 86 | const { res } = authResult |
89 | 87 | ||
88 | if (!isAuthResultValid(npmName, authName, authResult)) { | ||
89 | res.redirect('/login?externalAuthError=true') | ||
90 | return | ||
91 | } | ||
92 | |||
90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 93 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
91 | 94 | ||
92 | const bypassToken = await generateRandomString(32) | 95 | const bypassToken = await generateRandomString(32) |
@@ -238,24 +241,27 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
238 | 241 | ||
239 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { | 242 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { |
240 | if (!isUserUsernameValid(result.username)) { | 243 | if (!isUserUsernameValid(result.username)) { |
241 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { result }) | 244 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username }) |
242 | return false | 245 | return false |
243 | } | 246 | } |
244 | 247 | ||
245 | if (!result.email) { | 248 | if (!result.email) { |
246 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { result }) | 249 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email }) |
247 | return false | 250 | return false |
248 | } | 251 | } |
249 | 252 | ||
250 | // role is optional | 253 | // role is optional |
251 | if (result.role && !isUserRoleValid(result.role)) { | 254 | if (result.role && !isUserRoleValid(result.role)) { |
252 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { result }) | 255 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role }) |
253 | return false | 256 | return false |
254 | } | 257 | } |
255 | 258 | ||
256 | // display name is optional | 259 | // display name is optional |
257 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { | 260 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { |
258 | logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { result }) | 261 | logger.error( |
262 | 'Auth method %s of plugin %s did not provide a valid display name.', | ||
263 | authName, npmName, { displayName: result.displayName } | ||
264 | ) | ||
259 | return false | 265 | return false |
260 | } | 266 | } |
261 | 267 | ||
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts index 572bd03bd..4a4b0d12f 100644 --- a/server/lib/client-html.ts +++ b/server/lib/client-html.ts | |||
@@ -119,7 +119,7 @@ export class ClientHtml { | |||
119 | // Save locale in cookies | 119 | // Save locale in cookies |
120 | res.cookie('clientLanguage', lang, { | 120 | res.cookie('clientLanguage', lang, { |
121 | secure: WEBSERVER.SCHEME === 'https', | 121 | secure: WEBSERVER.SCHEME === 'https', |
122 | sameSite: true, | 122 | sameSite: 'none', |
123 | maxAge: 1000 * 3600 * 24 * 90 // 3 months | 123 | maxAge: 1000 * 3600 * 24 * 90 // 3 months |
124 | }) | 124 | }) |
125 | 125 | ||
diff --git a/server/lib/plugins/register-helpers-store.ts b/server/lib/plugins/register-helpers-store.ts index a3ec7ef6a..e337b1cb0 100644 --- a/server/lib/plugins/register-helpers-store.ts +++ b/server/lib/plugins/register-helpers-store.ts | |||
@@ -230,9 +230,9 @@ export class RegisterHelpersStore { | |||
230 | 230 | ||
231 | private buildSettingsManager (): PluginSettingsManager { | 231 | private buildSettingsManager (): PluginSettingsManager { |
232 | return { | 232 | return { |
233 | getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name), | 233 | getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name, this.settings), |
234 | 234 | ||
235 | getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names), | 235 | getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names, this.settings), |
236 | 236 | ||
237 | setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), | 237 | setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), |
238 | 238 | ||