yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: consistently check allowed domains (#2985)

Browse Source 
* fix: ensure consistency of checking allowed domain

* chore: update comment to match the logic
This commit is contained in:
Eugene Sokolov
2022-01-24 01:40:18 +00:00
committed by GitHub
parent 390a1343b7
commit b52b1b02fe
4 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/routes/auth/providers/google.ts
View File

@@ -10,14 +10,13 @@ import {
GoogleWorkspaceInvalidError,
} from "@server/errors";
import passportMiddleware from "@server/middlewares/passport";
import { getAllowedDomains } from "@server/utils/authentication";
import { isDomainAllowed } from "@server/utils/authentication";
import { StateStore } from "@server/utils/passport";
const router = new Router();
const providerName = "google";
const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID;
const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET;
const allowedDomains = getAllowedDomains();
const scopes = [
"https://www.googleapis.com/auth/userinfo.profile",
"https://www.googleapis.com/auth/userinfo.email",
@@ -48,7 +47,7 @@ if (GOOGLE_CLIENT_ID) {
throw GoogleWorkspaceRequiredError();
}
if (allowedDomains.length && !allowedDomains.includes(domain)) {
if (!isDomainAllowed(domain)) {
throw GoogleWorkspaceInvalidError();
}

5
server/routes/auth/providers/oidc.ts
View File

@@ -9,7 +9,7 @@ import {
AuthenticationError,
} from "@server/errors";
import passportMiddleware from "@server/middlewares/passport";
import { getAllowedDomains } from "@server/utils/authentication";
import { isDomainAllowed } from "@server/utils/authentication";
import { StateStore, request } from "@server/utils/passport";
const router = new Router();
@@ -23,7 +23,6 @@ const OIDC_USERINFO_URI = process.env.OIDC_USERINFO_URI || "";
const OIDC_SCOPES = process.env.OIDC_SCOPES || "";
const OIDC_USERNAME_CLAIM =
process.env.OIDC_USERNAME_CLAIM || "preferred_username";
const allowedDomains = getAllowedDomains();
export const config = {
name: OIDC_DISPLAY_NAME,
@@ -84,7 +83,7 @@ if (OIDC_CLIENT_ID) {
throw OIDCMalformedUserInfoError();
}
if (allowedDomains.length && !allowedDomains.includes(domain)) {
if (!isDomainAllowed(domain)) {
throw AuthenticationError(
`Domain ${domain} is not on the whitelist`
);