yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Improve handling of suspended users signing in with email (#2012)

Browse Source 
* chore: Separate signin/auth middleware
fix: Email signin token parsed by JWT middleware
fix: Email signin marked as active when logging in as suspended
fix: Suspended email signin correctly redirected to login screen
closes #1740

* refactor middleware -> lib

* lint
This commit is contained in:
Tom Moor
2021-04-08 20:40:04 -07:00
committed by GitHub
parent 1a889e9913
commit 190f0b6dc5
8 changed files with 96 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/auth/providers/email.js
View File

@@ -4,10 +4,10 @@ import Router from "koa-router";
import { find } from "lodash";
import { AuthorizationError } from "../../errors";
import mailer from "../../mailer";
import auth from "../../middlewares/authentication";
import methodOverride from "../../middlewares/methodOverride";
import validation from "../../middlewares/validation";
import { User, Team } from "../../models";
import { signIn } from "../../utils/authentication";
import { getUserForEmailSigninToken } from "../../utils/jwt";
const router = new Router();
@@ -84,25 +84,26 @@ router.post("email", async (ctx) => {
};
});
router.get("email.callback", auth({ required: false }), async (ctx) => {
router.get("email.callback", async (ctx) => {
const { token } = ctx.request.query;
ctx.assertPresent(token, "token is required");
try {
const user = await getUserForEmailSigninToken(token);
const team = await Team.findByPk(user.teamId);
if (!team.guestSignin) {
throw new AuthorizationError();
if (!user.team.guestSignin) {
return ctx.redirect("/?notice=auth-error");
}
if (user.isSuspended) {
return ctx.redirect("/?notice=suspended");
}
await user.update({ lastActiveAt: new Date() });
// set cookies on response and redirect to team subdomain
ctx.signIn(user, team, "email", false);
signIn(ctx, user, user.team, "email", false);
} catch (err) {
ctx.redirect(`${process.env.URL}?notice=expired-token`);
ctx.redirect(`/?notice=expired-token`);
}
});

7
server/auth/providers/google.js
View File

@@ -9,7 +9,6 @@ import {
GoogleWorkspaceRequiredError,
GoogleWorkspaceInvalidError,
} from "../../errors";
import auth from "../../middlewares/authentication";
import passportMiddleware from "../../middlewares/passport";
import { getAllowedDomains } from "../../utils/authentication";
import { StateStore } from "../../utils/passport";
@@ -90,11 +89,7 @@ if (GOOGLE_CLIENT_ID) {
router.get("google", passport.authenticate(providerName));
router.get(
"google.callback",
auth({ required: false }),
passportMiddleware(providerName)
);
router.get("google.callback", passportMiddleware(providerName));
}
export default router;

6
server/auth/providers/slack.js
View File

@@ -76,11 +76,7 @@ if (SLACK_CLIENT_ID) {
router.get("slack", passport.authenticate(providerName));
router.get(
"slack.callback",
auth({ required: false }),
passportMiddleware(providerName)
);
router.get("slack.callback", passportMiddleware(providerName));
router.get("slack.commands", auth({ required: false }), async (ctx) => {
const { code, state, error } = ctx.request.query;