Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-04-25 01:16:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

OpenID: Don't downgrade root

Browse Source
This commit is contained in:
Denis Arnst 2024-03-29 14:51:34 +01:00
parent 617b8f4487
commit 8cd50d5684
No known key found for this signature in database
GPG Key ID: D5866C58940197BF
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/Auth.js
View File

@ -220,6 +220,16 @@ async setUserGroup(user, userinfo) {
let userType = rolesInOrderOfPriority.find(role => groupsList.includes(role))
if (userType) {
if (user.type === 'root') {
// Check OpenID Group
if (userType !== 'admin') {
throw new Error(`Root user "${user.username}" cannot be downgraded to ${userType}. Denying login.`)
} else {
// If root user is logging in via OpenID, we will not change the type
return
}
}
Logger.debug(`[Auth] openid callback: Setting user ${user.username} type to ${userType}`)
if (user.type !== userType) {
@ -239,7 +249,7 @@ async updateUserPermissions(user, userinfo) {
if (!absPermissionsClaim) // No advanced permissions claim configured, don't set anything
return
if (user.type === 'admin')
if (user.type === 'admin' || user.type === 'root')
return
const absPermissions = userinfo[absPermissionsClaim]