Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-03-19 00:18:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Openid auth failures redirect to login page with error message.

Browse Source 
Remove remaining google oauth server settings
This commit is contained in:
advplyr 2023-11-11 13:10:24 -06:00
parent 1ad6722e6d
commit fb48636510
4 changed files with 24 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
client/pages/login.vue
View File

@ -109,7 +109,7 @@ export default {
return this.$store.state.user.user return this.$store.state.user.user
}, },
openidAuthUri() { openidAuthUri() {
return `${process.env.serverUrl}/auth/openid?callback=${location.toString()}` return `${process.env.serverUrl}/auth/openid?callback=${location.href.split('?').shift()}`
}, },
openIDButtonText() { openIDButtonText() {
return this.authFormData?.authOpenIDButtonText || 'Login with OpenId' return this.authFormData?.authOpenIDButtonText || 'Login with OpenId'
@ -238,6 +238,15 @@ export default {
}) })
}, },
updateLoginVisibility(authMethods) { updateLoginVisibility(authMethods) {
if (this.$route.query?.error) {
this.error = this.$route.query.error
// Remove error query string
const newurl = new URL(location.href)
newurl.searchParams.delete('error')
window.history.replaceState({ path: newurl.href }, '', newurl.href)
}
if (authMethods.includes('local') || !authMethods.length) { if (authMethods.includes('local') || !authMethods.length) {
this.login_local = true this.login_local = true
} else { } else {
@ -257,8 +266,8 @@ export default {
} }
}, },
async mounted() { async mounted() {
if (new URLSearchParams(window.location.search).get('setToken')) { if (this.$route.query?.setToken) {
localStorage.setItem('token', new URLSearchParams(window.location.search).get('setToken')) localStorage.setItem('token', this.$route.query.setToken)
} }
if (localStorage.getItem('token')) { if (localStorage.getItem('token')) {
if (await this.checkAuth()) return // if valid user no need to check status if (await this.checkAuth()) return // if valid user no need to check status

16
server/Auth.js
View File

@ -101,9 +101,10 @@ class Auth {
}, async (tokenset, userinfo, done) => { }, async (tokenset, userinfo, done) => {
Logger.debug(`[Auth] openid callback userinfo=`, userinfo) Logger.debug(`[Auth] openid callback userinfo=`, userinfo)
let failureMessage = 'Unauthorized'
if (!userinfo.sub) { if (!userinfo.sub) {
Logger.error(`[Auth] openid callback invalid userinfo, no sub`) Logger.error(`[Auth] openid callback invalid userinfo, no sub`)
return done(null, null) return done(null, null, failureMessage)
} }
// First check for matching user by sub // First check for matching user by sub
@ -116,7 +117,8 @@ class Auth {
// Check that user is not already matched // Check that user is not already matched
if (user?.authOpenIDSub) { if (user?.authOpenIDSub) {
Logger.warn(`[Auth] openid: User found with email "${userinfo.email}" but is already matched with sub "${user.authOpenIDSub}"`) Logger.warn(`[Auth] openid: User found with email "${userinfo.email}" but is already matched with sub "${user.authOpenIDSub}"`)
// TODO: Show some error log? // TODO: Message isn't actually returned to the user yet. Need to override the passport authenticated callback
failureMessage = 'A matching user was found but is already matched with another user from your auth provider'
user = null user = null
} }
} else if (Database.serverSettings.authOpenIDMatchExistingBy === 'username' && userinfo.preferred_username) { } else if (Database.serverSettings.authOpenIDMatchExistingBy === 'username' && userinfo.preferred_username) {
@ -125,7 +127,8 @@ class Auth {
// Check that user is not already matched // Check that user is not already matched
if (user?.authOpenIDSub) { if (user?.authOpenIDSub) {
Logger.warn(`[Auth] openid: User found with username "${userinfo.preferred_username}" but is already matched with sub "${user.authOpenIDSub}"`) Logger.warn(`[Auth] openid: User found with username "${userinfo.preferred_username}" but is already matched with sub "${user.authOpenIDSub}"`)
// TODO: Show some error log? // TODO: Message isn't actually returned to the user yet. Need to override the passport authenticated callback
failureMessage = 'A matching user was found but is already matched with another user from your auth provider'
user = null user = null
} }
} }
@ -147,8 +150,11 @@ class Auth {
} }
if (!user?.isActive) { if (!user?.isActive) {
if (user && !user.isActive) {
failureMessage = 'Unauthorized'
}
// deny login // deny login
done(null, null) done(null, null, failureMessage)
return return
} }
@ -366,7 +372,7 @@ class Auth {
if (req.session[sessionKey].mobile) { if (req.session[sessionKey].mobile) {
return passport.authenticate('openid-client', { redirect_uri: 'audiobookshelf://oauth' })(req, res, next) return passport.authenticate('openid-client', { redirect_uri: 'audiobookshelf://oauth' })(req, res, next)
} else { } else {
return passport.authenticate('openid-client')(req, res, next) return passport.authenticate('openid-client', { failureRedirect: '/login?error=Unauthorized&autoLaunch=0' })(req, res, next)
} }
}, },
// on a successfull login: read the cookies and react like the client requested (callback or json) // on a successfull login: read the cookies and react like the client requested (callback or json)

2
server/controllers/MiscController.js
View File

@ -652,7 +652,7 @@ class MiscController {
Logger.warn(`[MiscController] Invalid value for ${key}. Expected boolean`) Logger.warn(`[MiscController] Invalid value for ${key}. Expected boolean`)
continue continue
} }
} else if (updatedValueType !== null && updatedValueType !== 'string') { } else if (settingsUpdate[key] !== null && updatedValueType !== 'string') {
Logger.warn(`[MiscController] Invalid value for ${key}. Expected string or null`) Logger.warn(`[MiscController] Invalid value for ${key}. Expected string or null`)
continue continue
} }

26
server/objects/settings/ServerSettings.js
View File

@ -58,11 +58,6 @@ class ServerSettings {
// Active auth methodes // Active auth methodes
this.authActiveAuthMethods = ['local'] this.authActiveAuthMethods = ['local']
// google-oauth20 settings
this.authGoogleOauth20ClientID = null
this.authGoogleOauth20ClientSecret = null
this.authGoogleOauth20CallbackURL = null
// openid settings // openid settings
this.authOpenIDIssuerURL = null this.authOpenIDIssuerURL = null
this.authOpenIDAuthorizationURL = null this.authOpenIDAuthorizationURL = null
@ -118,9 +113,6 @@ class ServerSettings {
this.buildNumber = settings.buildNumber || 0 // Added v2.4.5 this.buildNumber = settings.buildNumber || 0 // Added v2.4.5
this.authActiveAuthMethods = settings.authActiveAuthMethods || ['local'] this.authActiveAuthMethods = settings.authActiveAuthMethods || ['local']
this.authGoogleOauth20ClientID = settings.authGoogleOauth20ClientID || null
this.authGoogleOauth20ClientSecret = settings.authGoogleOauth20ClientSecret || null
this.authGoogleOauth20CallbackURL = settings.authGoogleOauth20CallbackURL || null
this.authOpenIDIssuerURL = settings.authOpenIDIssuerURL || null this.authOpenIDIssuerURL = settings.authOpenIDIssuerURL || null
this.authOpenIDAuthorizationURL = settings.authOpenIDAuthorizationURL || null this.authOpenIDAuthorizationURL = settings.authOpenIDAuthorizationURL || null
@ -139,16 +131,6 @@ class ServerSettings {
this.authActiveAuthMethods = ['local'] this.authActiveAuthMethods = ['local']
} }
// remove uninitialized methods
// GoogleOauth20
if (this.authActiveAuthMethods.includes('google-oauth20') && (
!this.authGoogleOauth20ClientID ||
!this.authGoogleOauth20ClientSecret ||
!this.authGoogleOauth20CallbackURL
)) {
this.authActiveAuthMethods.splice(this.authActiveAuthMethods.indexOf('google-oauth20', 0), 1)
}
// remove uninitialized methods // remove uninitialized methods
// OpenID // OpenID
if (this.authActiveAuthMethods.includes('openid') && ( if (this.authActiveAuthMethods.includes('openid') && (
@ -226,9 +208,6 @@ class ServerSettings {
version: this.version, version: this.version,
buildNumber: this.buildNumber, buildNumber: this.buildNumber,
authActiveAuthMethods: this.authActiveAuthMethods, authActiveAuthMethods: this.authActiveAuthMethods,
authGoogleOauth20ClientID: this.authGoogleOauth20ClientID, // Do not return to client
authGoogleOauth20ClientSecret: this.authGoogleOauth20ClientSecret, // Do not return to client
authGoogleOauth20CallbackURL: this.authGoogleOauth20CallbackURL,
authOpenIDIssuerURL: this.authOpenIDIssuerURL, authOpenIDIssuerURL: this.authOpenIDIssuerURL,
authOpenIDAuthorizationURL: this.authOpenIDAuthorizationURL, authOpenIDAuthorizationURL: this.authOpenIDAuthorizationURL,
authOpenIDTokenURL: this.authOpenIDTokenURL, authOpenIDTokenURL: this.authOpenIDTokenURL,
@ -247,8 +226,6 @@ class ServerSettings {
toJSONForBrowser() { toJSONForBrowser() {
const json = this.toJSON() const json = this.toJSON()
delete json.tokenSecret delete json.tokenSecret
delete json.authGoogleOauth20ClientID
delete json.authGoogleOauth20ClientSecret
delete json.authOpenIDClientID delete json.authOpenIDClientID
delete json.authOpenIDClientSecret delete json.authOpenIDClientSecret
return json return json
@ -261,9 +238,6 @@ class ServerSettings {
get authenticationSettings() { get authenticationSettings() {
return { return {
authActiveAuthMethods: this.authActiveAuthMethods, authActiveAuthMethods: this.authActiveAuthMethods,
authGoogleOauth20ClientID: this.authGoogleOauth20ClientID, // Do not return to client
authGoogleOauth20ClientSecret: this.authGoogleOauth20ClientSecret, // Do not return to client
authGoogleOauth20CallbackURL: this.authGoogleOauth20CallbackURL,
authOpenIDIssuerURL: this.authOpenIDIssuerURL, authOpenIDIssuerURL: this.authOpenIDIssuerURL,
authOpenIDAuthorizationURL: this.authOpenIDAuthorizationURL, authOpenIDAuthorizationURL: this.authOpenIDAuthorizationURL,
authOpenIDTokenURL: this.authOpenIDTokenURL, authOpenIDTokenURL: this.authOpenIDTokenURL,