diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/lib/oauth-model.ts | 8 | ||||
| -rw-r--r-- | server/middlewares/validators/users.ts | 9 | ||||
| -rw-r--r-- | server/tests/api/check-params/users.ts | 2 | ||||
| -rw-r--r-- | server/tests/api/videos/video-imports.ts | 2 | ||||
| -rw-r--r-- | server/tests/plugins/external-auth.ts | 10 |
5 files changed, 27 insertions, 4 deletions
diff --git a/server/lib/oauth-model.ts b/server/lib/oauth-model.ts index e5ea4636e..db546efb1 100644 --- a/server/lib/oauth-model.ts +++ b/server/lib/oauth-model.ts | |||
| @@ -14,6 +14,7 @@ import { UserAdminFlag } from '@shared/models/users/user-flag.model' | |||
| 14 | import { createUserAccountAndChannelAndPlaylist } from './user' | 14 | import { createUserAccountAndChannelAndPlaylist } from './user' |
| 15 | import { UserRole } from '@shared/models/users/user-role' | 15 | import { UserRole } from '@shared/models/users/user-role' |
| 16 | import { PluginManager } from '@server/lib/plugins/plugin-manager' | 16 | import { PluginManager } from '@server/lib/plugins/plugin-manager' |
| 17 | import { ActorModel } from '@server/models/activitypub/actor' | ||
| 17 | 18 | ||
| 18 | type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } | 19 | type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date } |
| 19 | 20 | ||
| @@ -109,6 +110,9 @@ async function getUser (usernameOrEmail?: string, password?: string) { | |||
| 109 | let user = await UserModel.loadByEmail(obj.user.email) | 110 | let user = await UserModel.loadByEmail(obj.user.email) |
| 110 | if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) | 111 | if (!user) user = await createUserFromExternal(obj.pluginName, obj.user) |
| 111 | 112 | ||
| 113 | // Cannot create a user | ||
| 114 | if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.') | ||
| 115 | |||
| 112 | // If the user does not belongs to a plugin, it was created before its installation | 116 | // If the user does not belongs to a plugin, it was created before its installation |
| 113 | // Then we just go through a regular login process | 117 | // Then we just go through a regular login process |
| 114 | if (user.pluginAuth !== null) { | 118 | if (user.pluginAuth !== null) { |
| @@ -208,6 +212,10 @@ async function createUserFromExternal (pluginAuth: string, options: { | |||
| 208 | role: UserRole | 212 | role: UserRole |
| 209 | displayName: string | 213 | displayName: string |
| 210 | }) { | 214 | }) { |
| 215 | // Check an actor does not already exists with that name (removed user) | ||
| 216 | const actor = await ActorModel.loadLocalByName(options.username) | ||
| 217 | if (actor) return null | ||
| 218 | |||
| 211 | const userToCreate = new UserModel({ | 219 | const userToCreate = new UserModel({ |
| 212 | username: options.username, | 220 | username: options.username, |
| 213 | password: null, | 221 | password: null, |
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 840b9fc74..3bdbcdf6a 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -234,14 +234,19 @@ const usersUpdateMeValidator = [ | |||
| 234 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 234 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 235 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) | 235 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) |
| 236 | 236 | ||
| 237 | const user = res.locals.oauth.token.User | ||
| 238 | |||
| 237 | if (req.body.password || req.body.email) { | 239 | if (req.body.password || req.body.email) { |
| 240 | if (user.pluginAuth !== null) { | ||
| 241 | return res.status(400) | ||
| 242 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) | ||
| 243 | } | ||
| 244 | |||
| 238 | if (!req.body.currentPassword) { | 245 | if (!req.body.currentPassword) { |
| 239 | return res.status(400) | 246 | return res.status(400) |
| 240 | .json({ error: 'currentPassword parameter is missing.' }) | 247 | .json({ error: 'currentPassword parameter is missing.' }) |
| 241 | .end() | ||
| 242 | } | 248 | } |
| 243 | 249 | ||
| 244 | const user = res.locals.oauth.token.User | ||
| 245 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | 250 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { |
| 246 | return res.status(401) | 251 | return res.status(401) |
| 247 | .json({ error: 'currentPassword is invalid.' }) | 252 | .json({ error: 'currentPassword is invalid.' }) |
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 4d597f0a3..6e737af15 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
| @@ -1044,7 +1044,7 @@ describe('Test users API validators', function () { | |||
| 1044 | } | 1044 | } |
| 1045 | await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() })) | 1045 | await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() })) |
| 1046 | await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() })) | 1046 | await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() })) |
| 1047 | await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' })) | 1047 | await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' as any })) |
| 1048 | 1048 | ||
| 1049 | await waitJobs([ server ]) | 1049 | await waitJobs([ server ]) |
| 1050 | 1050 | ||
diff --git a/server/tests/api/videos/video-imports.ts b/server/tests/api/videos/video-imports.ts index 4d5989f43..d211859e4 100644 --- a/server/tests/api/videos/video-imports.ts +++ b/server/tests/api/videos/video-imports.ts | |||
| @@ -175,7 +175,7 @@ Ajouter un sous-titre est vraiment facile`) | |||
| 175 | 175 | ||
| 176 | { | 176 | { |
| 177 | const attributes = immutableAssign(baseAttributes, { | 177 | const attributes = immutableAssign(baseAttributes, { |
| 178 | torrentfile: 'video-720p.torrent', | 178 | torrentfile: 'video-720p.torrent' as any, |
| 179 | description: 'this is a super torrent description', | 179 | description: 'this is a super torrent description', |
| 180 | tags: [ 'tag_torrent1', 'tag_torrent2' ] | 180 | tags: [ 'tag_torrent1', 'tag_torrent2' ] |
| 181 | }) | 181 | }) |
diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts index a85672782..57361be05 100644 --- a/server/tests/plugins/external-auth.ts +++ b/server/tests/plugins/external-auth.ts | |||
| @@ -255,6 +255,16 @@ describe('Test external auth plugins', function () { | |||
| 255 | expect(body.role).to.equal(UserRole.USER) | 255 | expect(body.role).to.equal(UserRole.USER) |
| 256 | }) | 256 | }) |
| 257 | 257 | ||
| 258 | it('Should not update an external auth email', async function () { | ||
| 259 | await updateMyUser({ | ||
| 260 | url: server.url, | ||
| 261 | accessToken: cyanAccessToken, | ||
| 262 | email: 'toto@example.com', | ||
| 263 | currentPassword: 'toto', | ||
| 264 | statusCodeExpected: 400 | ||
| 265 | }) | ||
| 266 | }) | ||
| 267 | |||
| 258 | it('Should reject token of Kefka by the plugin hook', async function () { | 268 | it('Should reject token of Kefka by the plugin hook', async function () { |
| 259 | this.timeout(10000) | 269 | this.timeout(10000) |
| 260 | 270 | ||