Add new API endpoint for updating auth-settings and update passport auth strategies

2025-06-23 01:09:26 +02:00 · 2023-11-10 16:11:51 -06:00 · 2023-11-10 16:11:51 -06:00 · 237fe84c54
commit 237fe84c54
parent 078cb0855f
5 changed files with 255 additions and 119 deletions
--- a/server/controllers/MiscController.js
+++ b/server/controllers/MiscController.js
@ -129,7 +129,7 @@ class MiscController {
      return res.sendStatus(403)
    }
    const settingsUpdate = req.body
-    if (!settingsUpdate || !isObject(settingsUpdate)) {
+    if (!isObject(settingsUpdate)) {
      return res.status(400).send('Invalid settings update object')
    }

@ -604,5 +604,91 @@ class MiscController {
    }
    return res.json(Database.serverSettings.authenticationSettings)
  }
+
+  /**
+   * PATCH: api/auth-settings
+   * @this import('../routers/ApiRouter')
+   * 
+   * @param {import('express').Request} req 
+   * @param {import('express').Response} res 
+   */
+  async updateAuthSettings(req, res) {
+    if (!req.user.isAdminOrUp) {
+      Logger.error(`[MiscController] Non-admin user "${req.user.username}" attempted to update auth settings`)
+      return res.sendStatus(403)
+    }
+
+    const settingsUpdate = req.body
+    if (!isObject(settingsUpdate)) {
+      return res.status(400).send('Invalid auth settings update object')
+    }
+
+    let hasUpdates = false
+
+    const currentAuthenticationSettings = Database.serverSettings.authenticationSettings
+    const originalAuthMethods = [...currentAuthenticationSettings.authActiveAuthMethods]
+
+    // TODO: Better validation of auth settings once auth settings are separated from server settings
+    for (const key in currentAuthenticationSettings) {
+      if (settingsUpdate[key] === undefined) continue
+
+      if (key === 'authActiveAuthMethods') {
+        let updatedAuthMethods = settingsUpdate[key]?.filter?.((authMeth) => Database.serverSettings.supportedAuthMethods.includes(authMeth))
+        if (Array.isArray(updatedAuthMethods) && updatedAuthMethods.length) {
+          updatedAuthMethods.sort()
+          currentAuthenticationSettings[key].sort()
+          if (updatedAuthMethods.join() !== currentAuthenticationSettings[key].join()) {
+            Logger.debug(`[MiscController] Updating auth settings key "authActiveAuthMethods" from "${currentAuthenticationSettings[key].join()}" to "${updatedAuthMethods.join()}"`)
+            Database.serverSettings[key] = updatedAuthMethods
+            hasUpdates = true
+          }
+        } else {
+          Logger.warn(`[MiscController] Invalid value for authActiveAuthMethods`)
+        }
+      } else {
+        const updatedValueType = typeof settingsUpdate[key]
+        if (['authOpenIDAutoLaunch', 'authOpenIDAutoRegister'].includes(key)) {
+          if (updatedValueType !== 'boolean') {
+            Logger.warn(`[MiscController] Invalid value for ${key}. Expected boolean`)
+            continue
+          }
+        } else if (updatedValueType !== null && updatedValueType !== 'string') {
+          Logger.warn(`[MiscController] Invalid value for ${key}. Expected string or null`)
+          continue
+        }
+        let updatedValue = settingsUpdate[key]
+        if (updatedValue === '') updatedValue = null
+        let currentValue = currentAuthenticationSettings[key]
+        if (currentValue === '') currentValue = null
+
+        if (updatedValue !== currentValue) {
+          Logger.debug(`[MiscController] Updating auth settings key "${key}" from "${currentValue}" to "${updatedValue}"`)
+          Database.serverSettings[key] = updatedValue
+          hasUpdates = true
+        }
+      }
+    }
+
+    if (hasUpdates) {
+      // Use/unuse auth methods
+      Database.serverSettings.supportedAuthMethods.forEach((authMethod) => {
+        if (originalAuthMethods.includes(authMethod) && !Database.serverSettings.authActiveAuthMethods.includes(authMethod)) {
+          // Auth method has been removed
+          Logger.info(`[MiscController] Disabling active auth method "${authMethod}"`)
+          this.auth.unuseAuthStrategy(authMethod)
+        } else if (!originalAuthMethods.includes(authMethod) && Database.serverSettings.authActiveAuthMethods.includes(authMethod)) {
+          // Auth method has been added
+          Logger.info(`[MiscController] Enabling active auth method "${authMethod}"`)
+          this.auth.useAuthStrategy(authMethod)
+        }
+      })
+
+      await Database.updateServerSettings()
+    }
+
+    res.json({
+      serverSettings: Database.serverSettings.toJSONForBrowser()
+    })
+  }
 }
 module.exports = new MiscController()