fix: configure user endpoint when AuthType is NONE (#1403)

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2025-10-27 11:02:16 +01:00 · 2022-03-01 10:52:22 +01:00 · 2022-03-01 10:52:22 +01:00 · ace3214777
commit ace3214777
parent 141ea5fdb0
4 changed files with 37 additions and 14 deletions
--- a/src/lib/middleware/no-authentication.ts
+++ b/src/lib/middleware/no-authentication.ts
@ -1,16 +1,12 @@
 import { Application } from 'express';
-import { ADMIN } from '../types/permissions';
-import ApiUser from '../types/api-user';
+import NoAuthUser from '../types/no-auth-user';

 function noneAuthentication(basePath = '', app: Application): void {
    app.use(`${basePath}/api/admin/`, (req, res, next) => {
        // @ts-ignore
        if (!req.user) {
-            // @ts-ignore
-            req.user = new ApiUser({
-                username: 'unknown',
-                permissions: [ADMIN],
-            });
+            // @ts-expect-error
+            req.user = new NoAuthUser();
        }
        next();
    });
--- a/src/lib/routes/admin-api/config.ts
+++ b/src/lib/routes/admin-api/config.ts
@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
 import { IUnleashServices } from '../../types/services';
-import { IUnleashConfig } from '../../types/option';
+import { IAuthType, IUnleashConfig } from '../../types/option';
 import version from '../../util/version';

 import Controller from '../controller';
@ -46,7 +46,9 @@ class ConfigController extends Controller {
            await this.settingService.get<SimpleAuthSettings>(simpleAuthKey);

        const versionInfo = this.versionService.getVersionInfo();
-        const disablePasswordAuth = simpleAuthSettings?.disabled;
+        const disablePasswordAuth =
+            simpleAuthSettings?.disabled ||
+            this.config.authentication.type == IAuthType.NONE;
        res.json({ ...config, versionInfo, disablePasswordAuth });
    }
 }
--- a/src/lib/routes/admin-api/user.ts
+++ b/src/lib/routes/admin-api/user.ts
@ -2,13 +2,13 @@ import { Response } from 'express';
 import { IAuthRequest } from '../unleash-types';
 import Controller from '../controller';
 import { AccessService } from '../../services/access-service';
-import { IUnleashConfig } from '../../types/option';
+import { IAuthType, IUnleashConfig } from '../../types/option';
 import { IUnleashServices } from '../../types/services';
 import UserService from '../../services/user-service';
 import SessionService from '../../services/session-service';
 import UserFeedbackService from '../../services/user-feedback-service';
 import UserSplashService from '../../services/user-splash-service';
-import { NONE } from '../../types/permissions';
+import { ADMIN, NONE } from '../../types/permissions';

 interface IChangeUserRequest {
    password: string;
@ -58,9 +58,12 @@ class UserController extends Controller {
    async getUser(req: IAuthRequest, res: Response): Promise<void> {
        res.setHeader('cache-control', 'no-store');
        const { user } = req;
-        const permissions = await this.accessService.getPermissionsForUser(
-            user,
-        );
+        let permissions;
+        if (this.config.authentication.type === IAuthType.NONE) {
+            permissions = [{ permission: ADMIN }];
+        } else {
+            permissions = await this.accessService.getPermissionsForUser(user);
+        }
        const feedback = await this.userFeedbackService.getAllUserFeedback(
            user,
        );
--- a/src/lib/types/no-auth-user.ts
+++ b/src/lib/types/no-auth-user.ts
@ -0,0 +1,22 @@
+import { ADMIN } from './permissions';
+
+export default class NoAuthUser {
+    isAPI: boolean;
+
+    username: string;
+
+    id: number;
+
+    permissions: string[];
+
+    constructor(
+        username: string = 'unknown',
+        id: number = -1,
+        permissions: string[] = [ADMIN],
+    ) {
+        this.isAPI = true;
+        this.username = username;
+        this.id = id;
+        this.permissions = permissions;
+    }
+}