diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/lib/auth.ts | 18 | ||||
-rw-r--r-- | server/lib/client-html.ts | 2 | ||||
-rw-r--r-- | server/lib/plugins/register-helpers-store.ts | 4 | ||||
-rw-r--r-- | server/models/server/plugin.ts | 44 |
4 files changed, 44 insertions, 24 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 1fa896f6e..7c1dd1139 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -83,10 +83,13 @@ async function onExternalUserAuthenticated (options: { | |||
83 | return | 83 | return |
84 | } | 84 | } |
85 | 85 | ||
86 | if (!isAuthResultValid(npmName, authName, authResult)) return | ||
87 | |||
88 | const { res } = authResult | 86 | const { res } = authResult |
89 | 87 | ||
88 | if (!isAuthResultValid(npmName, authName, authResult)) { | ||
89 | res.redirect('/login?externalAuthError=true') | ||
90 | return | ||
91 | } | ||
92 | |||
90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 93 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
91 | 94 | ||
92 | const bypassToken = await generateRandomString(32) | 95 | const bypassToken = await generateRandomString(32) |
@@ -238,24 +241,27 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
238 | 241 | ||
239 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { | 242 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { |
240 | if (!isUserUsernameValid(result.username)) { | 243 | if (!isUserUsernameValid(result.username)) { |
241 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { result }) | 244 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username }) |
242 | return false | 245 | return false |
243 | } | 246 | } |
244 | 247 | ||
245 | if (!result.email) { | 248 | if (!result.email) { |
246 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { result }) | 249 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email }) |
247 | return false | 250 | return false |
248 | } | 251 | } |
249 | 252 | ||
250 | // role is optional | 253 | // role is optional |
251 | if (result.role && !isUserRoleValid(result.role)) { | 254 | if (result.role && !isUserRoleValid(result.role)) { |
252 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { result }) | 255 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role }) |
253 | return false | 256 | return false |
254 | } | 257 | } |
255 | 258 | ||
256 | // display name is optional | 259 | // display name is optional |
257 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { | 260 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { |
258 | logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { result }) | 261 | logger.error( |
262 | 'Auth method %s of plugin %s did not provide a valid display name.', | ||
263 | authName, npmName, { displayName: result.displayName } | ||
264 | ) | ||
259 | return false | 265 | return false |
260 | } | 266 | } |
261 | 267 | ||
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts index 572bd03bd..4a4b0d12f 100644 --- a/server/lib/client-html.ts +++ b/server/lib/client-html.ts | |||
@@ -119,7 +119,7 @@ export class ClientHtml { | |||
119 | // Save locale in cookies | 119 | // Save locale in cookies |
120 | res.cookie('clientLanguage', lang, { | 120 | res.cookie('clientLanguage', lang, { |
121 | secure: WEBSERVER.SCHEME === 'https', | 121 | secure: WEBSERVER.SCHEME === 'https', |
122 | sameSite: true, | 122 | sameSite: 'none', |
123 | maxAge: 1000 * 3600 * 24 * 90 // 3 months | 123 | maxAge: 1000 * 3600 * 24 * 90 // 3 months |
124 | }) | 124 | }) |
125 | 125 | ||
diff --git a/server/lib/plugins/register-helpers-store.ts b/server/lib/plugins/register-helpers-store.ts index a3ec7ef6a..e337b1cb0 100644 --- a/server/lib/plugins/register-helpers-store.ts +++ b/server/lib/plugins/register-helpers-store.ts | |||
@@ -230,9 +230,9 @@ export class RegisterHelpersStore { | |||
230 | 230 | ||
231 | private buildSettingsManager (): PluginSettingsManager { | 231 | private buildSettingsManager (): PluginSettingsManager { |
232 | return { | 232 | return { |
233 | getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name), | 233 | getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name, this.settings), |
234 | 234 | ||
235 | getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names), | 235 | getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names, this.settings), |
236 | 236 | ||
237 | setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), | 237 | setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), |
238 | 238 | ||
diff --git a/server/models/server/plugin.ts b/server/models/server/plugin.ts index 83c873c5b..3f88ac26d 100644 --- a/server/models/server/plugin.ts +++ b/server/models/server/plugin.ts | |||
@@ -1,5 +1,10 @@ | |||
1 | import * as Bluebird from 'bluebird' | ||
2 | import { FindAndCountOptions, json } from 'sequelize' | ||
1 | import { AllowNull, Column, CreatedAt, DataType, DefaultScope, Is, Model, Table, UpdatedAt } from 'sequelize-typescript' | 3 | import { AllowNull, Column, CreatedAt, DataType, DefaultScope, Is, Model, Table, UpdatedAt } from 'sequelize-typescript' |
2 | import { getSort, throwIfNotValid } from '../utils' | 4 | import { MPlugin, MPluginFormattable } from '@server/typings/models' |
5 | import { PeerTubePlugin } from '../../../shared/models/plugins/peertube-plugin.model' | ||
6 | import { PluginType } from '../../../shared/models/plugins/plugin.type' | ||
7 | import { RegisterServerSettingOptions } from '../../../shared/models/plugins/register-server-setting.model' | ||
3 | import { | 8 | import { |
4 | isPluginDescriptionValid, | 9 | isPluginDescriptionValid, |
5 | isPluginHomepage, | 10 | isPluginHomepage, |
@@ -7,12 +12,7 @@ import { | |||
7 | isPluginTypeValid, | 12 | isPluginTypeValid, |
8 | isPluginVersionValid | 13 | isPluginVersionValid |
9 | } from '../../helpers/custom-validators/plugins' | 14 | } from '../../helpers/custom-validators/plugins' |
10 | import { PluginType } from '../../../shared/models/plugins/plugin.type' | 15 | import { getSort, throwIfNotValid } from '../utils' |
11 | import { PeerTubePlugin } from '../../../shared/models/plugins/peertube-plugin.model' | ||
12 | import { FindAndCountOptions, json } from 'sequelize' | ||
13 | import { RegisterServerSettingOptions } from '../../../shared/models/plugins/register-server-setting.model' | ||
14 | import * as Bluebird from 'bluebird' | ||
15 | import { MPlugin, MPluginFormattable } from '@server/typings/models' | ||
16 | 16 | ||
17 | @DefaultScope(() => ({ | 17 | @DefaultScope(() => ({ |
18 | attributes: { | 18 | attributes: { |
@@ -112,7 +112,7 @@ export class PluginModel extends Model<PluginModel> { | |||
112 | return PluginModel.findOne(query) | 112 | return PluginModel.findOne(query) |
113 | } | 113 | } |
114 | 114 | ||
115 | static getSetting (pluginName: string, pluginType: PluginType, settingName: string) { | 115 | static getSetting (pluginName: string, pluginType: PluginType, settingName: string, registeredSettings: RegisterServerSettingOptions[]) { |
116 | const query = { | 116 | const query = { |
117 | attributes: [ 'settings' ], | 117 | attributes: [ 'settings' ], |
118 | where: { | 118 | where: { |
@@ -123,13 +123,23 @@ export class PluginModel extends Model<PluginModel> { | |||
123 | 123 | ||
124 | return PluginModel.findOne(query) | 124 | return PluginModel.findOne(query) |
125 | .then(p => { | 125 | .then(p => { |
126 | if (!p || !p.settings) return undefined | 126 | if (!p || p.settings === undefined) { |
127 | const registered = registeredSettings.find(s => s.name === settingName) | ||
128 | if (!registered || registered.default === undefined) return undefined | ||
129 | |||
130 | return registered.default | ||
131 | } | ||
127 | 132 | ||
128 | return p.settings[settingName] | 133 | return p.settings[settingName] |
129 | }) | 134 | }) |
130 | } | 135 | } |
131 | 136 | ||
132 | static getSettings (pluginName: string, pluginType: PluginType, settingNames: string[]) { | 137 | static getSettings ( |
138 | pluginName: string, | ||
139 | pluginType: PluginType, | ||
140 | settingNames: string[], | ||
141 | registeredSettings: RegisterServerSettingOptions[] | ||
142 | ) { | ||
133 | const query = { | 143 | const query = { |
134 | attributes: [ 'settings' ], | 144 | attributes: [ 'settings' ], |
135 | where: { | 145 | where: { |
@@ -140,13 +150,17 @@ export class PluginModel extends Model<PluginModel> { | |||
140 | 150 | ||
141 | return PluginModel.findOne(query) | 151 | return PluginModel.findOne(query) |
142 | .then(p => { | 152 | .then(p => { |
143 | if (!p || !p.settings) return {} | 153 | const result: { [settingName: string ]: string | boolean } = {} |
144 | 154 | ||
145 | const result: { [settingName: string ]: string } = {} | 155 | for (const name of settingNames) { |
156 | if (!p || p.settings[name] === undefined) { | ||
157 | const registered = registeredSettings.find(s => s.name === name) | ||
146 | 158 | ||
147 | for (const key of Object.keys(p.settings)) { | 159 | if (registered?.default !== undefined) { |
148 | if (settingNames.includes(key)) { | 160 | result[name] = registered.default |
149 | result[key] = p.settings[key] | 161 | } |
162 | } else { | ||
163 | result[name] = p.settings[name] | ||
150 | } | 164 | } |
151 | } | 165 | } |
152 | 166 | ||