OpenServer/OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Fixing wrong token order

Browse Source
This commit is contained in:
Fabian Stamm 2020-03-11 11:22:47 +01:00
parent d371ad5e70
commit c8550b517a
1 changed files with 49 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
src/api/middlewares/user.ts
View File

@ -16,22 +16,32 @@ class Invalid extends Error { }
* @param redirect_uri Default current uri. Sets the uri to redirect, if json is not set and user not logged in
* @param validated Default true. If false, the token must not be validated
*/
export function GetUserMiddleware(json = false, special_required: boolean = false, redirect_uri?: string, validated = true) {
return promiseMiddleware(async function (req: Request, res: Response, next?: NextFunction) {
export function GetUserMiddleware(
json = false,
special_required: boolean = false,
redirect_uri?: string,
validated = true
) {
return promiseMiddleware(async function(
req: Request,
res: Response,
next?: NextFunction
) {
const invalid = (message: string) => {
throw new Invalid(req.__(message));
}
};
try {
let { login, special } = req.cookies
let { login, special } = req.query;
if (!login) {
login = req.query.login;
special = req.query.special;
login = req.cookies.login;
special = req.cookies.special;
}
if (!login) invalid("No login token")
if (!special && special_required) invalid("No special token")
if (!login) invalid("No login token");
if (!special && special_required) invalid("No special token");
let token = await LoginToken.findOne({ token: login, valid: true })
if (!await CheckToken(token, validated)) invalid("Login token invalid");
let token = await LoginToken.findOne({ token: login, valid: true });
if (!(await CheckToken(token, validated)))
invalid("Login token invalid");
let user = await User.findById(token.user);
if (!user) {
@ -42,30 +52,47 @@ export function GetUserMiddleware(json = false, special_required: boolean = fals
let special_token;
if (special) {
Logging.debug("Special found")
special_token = await LoginToken.findOne({ token: special, special: true, valid: true, user: token.user })
if (!await CheckToken(special_token, validated))
Logging.debug("Special found");
special_token = await LoginToken.findOne({
token: special,
special: true,
valid: true,
user: token.user
});
if (!(await CheckToken(special_token, validated)))
invalid("Special token invalid");
req.special = true;
}
req.user = user
req.user = user;
req.isAdmin = user.admin;
req.token = {
login: token,
special: special_token
}
};
if (next)
next()
if (next) next();
return true;
} catch (e) {
if (e instanceof Invalid) {
if (req.method === "GET" && !json) {
res.status(HttpStatusCode.UNAUTHORIZED)
res.redirect("/login?base64=true&state=" + Buffer.from(redirect_uri ? redirect_uri : req.originalUrl).toString("base64"))
res.status(HttpStatusCode.UNAUTHORIZED);
res.redirect(
"/login?base64=true&state=" +
Buffer.from(
redirect_uri ? redirect_uri : req.originalUrl
).toString("base64")
);
} else {
throw new RequestError(req.__("You are not logged in or your login is expired" + ` (${e.message})`), HttpStatusCode.UNAUTHORIZED, undefined, { auth: true })
throw new RequestError(
req.__(
"You are not logged in or your login is expired" +
` (${e.message})`
),
HttpStatusCode.UNAUTHORIZED,
undefined,
{ auth: true }
);
}
} else {
if (next) next(e);