Check auth plugin result
This commit is contained in:
parent
829b794a85
commit
98813e69bc
|
@ -7,6 +7,7 @@ import { logger } from '@server/helpers/logger'
|
||||||
import { UserRole } from '@shared/models'
|
import { UserRole } from '@shared/models'
|
||||||
import { revokeToken } from '@server/lib/oauth-model'
|
import { revokeToken } from '@server/lib/oauth-model'
|
||||||
import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
|
import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
|
||||||
|
import { isUserUsernameValid, isUserRoleValid, isUserDisplayNameValid } from '@server/helpers/custom-validators/users'
|
||||||
|
|
||||||
const oAuthServer = new OAuthServer({
|
const oAuthServer = new OAuthServer({
|
||||||
useErrorHandler: true,
|
useErrorHandler: true,
|
||||||
|
@ -120,10 +121,12 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
|
||||||
|
|
||||||
for (const pluginAuth of pluginAuths) {
|
for (const pluginAuth of pluginAuths) {
|
||||||
const authOptions = pluginAuth.registerAuthOptions
|
const authOptions = pluginAuth.registerAuthOptions
|
||||||
|
const authName = authOptions.authName
|
||||||
|
const npmName = pluginAuth.npmName
|
||||||
|
|
||||||
logger.debug(
|
logger.debug(
|
||||||
'Using auth method %s of plugin %s to login %s with weight %d.',
|
'Using auth method %s of plugin %s to login %s with weight %d.',
|
||||||
authOptions.authName, pluginAuth.npmName, loginOptions.id, authOptions.getWeight()
|
authName, npmName, loginOptions.id, authOptions.getWeight()
|
||||||
)
|
)
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -131,9 +134,31 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
|
||||||
if (loginResult) {
|
if (loginResult) {
|
||||||
logger.info(
|
logger.info(
|
||||||
'Login success with auth method %s of plugin %s for %s.',
|
'Login success with auth method %s of plugin %s for %s.',
|
||||||
authOptions.authName, pluginAuth.npmName, loginOptions.id
|
authName, npmName, loginOptions.id
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if (!isUserUsernameValid(loginResult.username)) {
|
||||||
|
logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { loginResult })
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!loginResult.email) {
|
||||||
|
logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { loginResult })
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// role is optional
|
||||||
|
if (loginResult.role && !isUserRoleValid(loginResult.role)) {
|
||||||
|
logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { loginResult })
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// display name is optional
|
||||||
|
if (loginResult.displayName && !isUserDisplayNameValid(loginResult.displayName)) {
|
||||||
|
logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { loginResult })
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
res.locals.bypassLogin = {
|
res.locals.bypassLogin = {
|
||||||
bypass: true,
|
bypass: true,
|
||||||
pluginName: pluginAuth.npmName,
|
pluginName: pluginAuth.npmName,
|
||||||
|
|
|
@ -23,6 +23,75 @@ async function register ({
|
||||||
return null
|
return null
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
registerIdAndPassAuth({
|
||||||
|
authName: 'ward-auth',
|
||||||
|
|
||||||
|
getWeight: () => 5,
|
||||||
|
|
||||||
|
login (body) {
|
||||||
|
if (body.id === 'ward') {
|
||||||
|
return Promise.resolve({
|
||||||
|
username: 'ward-42',
|
||||||
|
email: 'ward@example.com'
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
registerIdAndPassAuth({
|
||||||
|
authName: 'kiros-auth',
|
||||||
|
|
||||||
|
getWeight: () => 5,
|
||||||
|
|
||||||
|
login (body) {
|
||||||
|
if (body.id === 'kiros') {
|
||||||
|
return Promise.resolve({
|
||||||
|
username: 'kiros',
|
||||||
|
email: 'kiros@example.com',
|
||||||
|
displayName: 'a'.repeat(5000)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
registerIdAndPassAuth({
|
||||||
|
authName: 'raine-auth',
|
||||||
|
|
||||||
|
getWeight: () => 5,
|
||||||
|
|
||||||
|
login (body) {
|
||||||
|
if (body.id === 'raine') {
|
||||||
|
return Promise.resolve({
|
||||||
|
username: 'raine',
|
||||||
|
email: 'raine@example.com',
|
||||||
|
role: 42
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
registerIdAndPassAuth({
|
||||||
|
authName: 'ellone-auth',
|
||||||
|
|
||||||
|
getWeight: () => 5,
|
||||||
|
|
||||||
|
login (body) {
|
||||||
|
if (body.id === 'ellone') {
|
||||||
|
return Promise.resolve({
|
||||||
|
username: 'ellone'
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
async function unregister () {
|
async function unregister () {
|
||||||
|
|
|
@ -151,6 +151,20 @@ describe('Test id and pass auth plugins', function () {
|
||||||
await getMyUserInformation(server.url, lagunaAccessToken, 401)
|
await getMyUserInformation(server.url, lagunaAccessToken, 401)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('Should reject an invalid username, email, role or display name', async function () {
|
||||||
|
await userLogin(server, { username: 'ward', password: 'ward password' }, 400)
|
||||||
|
await waitUntilLog(server, 'valid username')
|
||||||
|
|
||||||
|
await userLogin(server, { username: 'kiros', password: 'kiros password' }, 400)
|
||||||
|
await waitUntilLog(server, 'valid display name')
|
||||||
|
|
||||||
|
await userLogin(server, { username: 'raine', password: 'raine password' }, 400)
|
||||||
|
await waitUntilLog(server, 'valid role')
|
||||||
|
|
||||||
|
await userLogin(server, { username: 'ellone', password: 'elonne password' }, 400)
|
||||||
|
await waitUntilLog(server, 'valid email')
|
||||||
|
})
|
||||||
|
|
||||||
it('Should uninstall the plugin one and do not login existing Crash', async function () {
|
it('Should uninstall the plugin one and do not login existing Crash', async function () {
|
||||||
await uninstallPlugin({
|
await uninstallPlugin({
|
||||||
url: server.url,
|
url: server.url,
|
||||||
|
|
Loading…
Reference in New Issue