aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib')
-rw-r--r--server/lib/auth.ts18
-rw-r--r--server/lib/client-html.ts2
-rw-r--r--server/lib/plugins/register-helpers-store.ts4
3 files changed, 15 insertions, 9 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index 1fa896f6e..7c1dd1139 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -83,10 +83,13 @@ async function onExternalUserAuthenticated (options: {
83 return 83 return
84 } 84 }
85 85
86 if (!isAuthResultValid(npmName, authName, authResult)) return
87
88 const { res } = authResult 86 const { res } = authResult
89 87
88 if (!isAuthResultValid(npmName, authName, authResult)) {
89 res.redirect('/login?externalAuthError=true')
90 return
91 }
92
90 logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) 93 logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName)
91 94
92 const bypassToken = await generateRandomString(32) 95 const bypassToken = await generateRandomString(32)
@@ -238,24 +241,27 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response)
238 241
239function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { 242function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) {
240 if (!isUserUsernameValid(result.username)) { 243 if (!isUserUsernameValid(result.username)) {
241 logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { result }) 244 logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username })
242 return false 245 return false
243 } 246 }
244 247
245 if (!result.email) { 248 if (!result.email) {
246 logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { result }) 249 logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email })
247 return false 250 return false
248 } 251 }
249 252
250 // role is optional 253 // role is optional
251 if (result.role && !isUserRoleValid(result.role)) { 254 if (result.role && !isUserRoleValid(result.role)) {
252 logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { result }) 255 logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role })
253 return false 256 return false
254 } 257 }
255 258
256 // display name is optional 259 // display name is optional
257 if (result.displayName && !isUserDisplayNameValid(result.displayName)) { 260 if (result.displayName && !isUserDisplayNameValid(result.displayName)) {
258 logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { result }) 261 logger.error(
262 'Auth method %s of plugin %s did not provide a valid display name.',
263 authName, npmName, { displayName: result.displayName }
264 )
259 return false 265 return false
260 } 266 }
261 267
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts
index 572bd03bd..4a4b0d12f 100644
--- a/server/lib/client-html.ts
+++ b/server/lib/client-html.ts
@@ -119,7 +119,7 @@ export class ClientHtml {
119 // Save locale in cookies 119 // Save locale in cookies
120 res.cookie('clientLanguage', lang, { 120 res.cookie('clientLanguage', lang, {
121 secure: WEBSERVER.SCHEME === 'https', 121 secure: WEBSERVER.SCHEME === 'https',
122 sameSite: true, 122 sameSite: 'none',
123 maxAge: 1000 * 3600 * 24 * 90 // 3 months 123 maxAge: 1000 * 3600 * 24 * 90 // 3 months
124 }) 124 })
125 125
diff --git a/server/lib/plugins/register-helpers-store.ts b/server/lib/plugins/register-helpers-store.ts
index a3ec7ef6a..e337b1cb0 100644
--- a/server/lib/plugins/register-helpers-store.ts
+++ b/server/lib/plugins/register-helpers-store.ts
@@ -230,9 +230,9 @@ export class RegisterHelpersStore {
230 230
231 private buildSettingsManager (): PluginSettingsManager { 231 private buildSettingsManager (): PluginSettingsManager {
232 return { 232 return {
233 getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name), 233 getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name, this.settings),
234 234
235 getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names), 235 getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names, this.settings),
236 236
237 setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), 237 setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value),
238 238