diff --git a/server/auth/OidcAuthStrategy.js b/server/auth/OidcAuthStrategy.js index c3f6cfb2..9a515c1a 100644 --- a/server/auth/OidcAuthStrategy.js +++ b/server/auth/OidcAuthStrategy.js @@ -121,7 +121,7 @@ class OidcAuthStrategy { throw new Error(`Group claim ${Database.serverSettings.authOpenIDGroupClaim} not found or empty in userinfo`) } - let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo, this) + let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo) if (!user?.isActive) { throw new Error('User not active or not found') diff --git a/server/auth/TokenManager.js b/server/auth/TokenManager.js index 65ae32b1..d972b534 100644 --- a/server/auth/TokenManager.js +++ b/server/auth/TokenManager.js @@ -81,6 +81,18 @@ class TokenManager { } } + /** + * Generate a JWT token for a given user + * TODO: Old method with no expiration + * @deprecated + * + * @param {{ id:string, username:string }} user + * @returns {string} + */ + static generateAccessToken(user) { + return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret) + } + /** * Function to generate a jwt token for a given user * TODO: Old method with no expiration @@ -90,7 +102,7 @@ class TokenManager { * @returns {string} */ generateAccessToken(user) { - return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret) + return TokenManager.generateAccessToken(user) } /** diff --git a/server/models/User.js b/server/models/User.js index 3f06b238..bc8a9f6a 100644 --- a/server/models/User.js +++ b/server/models/User.js @@ -1,9 +1,11 @@ const uuidv4 = require('uuid').v4 const sequelize = require('sequelize') +const { LRUCache } = require('lru-cache') + const Logger = require('../Logger') const SocketAuthority = require('../SocketAuthority') const { isNullOrNaN } = require('../utils') -const { LRUCache } = require('lru-cache') +const TokenManager = require('../auth/TokenManager') class UserCache { constructor() { @@ -213,10 +215,9 @@ class User extends Model { * or creates a new user if configured to do so. * * @param {Object} userinfo - * @param {import('../Auth')} auth * @returns {Promise} */ - static async findOrCreateUserFromOpenIdUserInfo(userinfo, auth) { + static async findOrCreateUserFromOpenIdUserInfo(userinfo) { let user = await this.getUserByOpenIDSub(userinfo.sub) // Matched by sub @@ -290,7 +291,7 @@ class User extends Model { // If no existing user was matched, auto-register if configured if (global.ServerSettings.authOpenIDAutoRegister) { Logger.info(`[User] openid: Auto-registering user with sub "${userinfo.sub}"`, userinfo) - user = await this.createUserFromOpenIdUserInfo(userinfo, auth) + user = await this.createUserFromOpenIdUserInfo(userinfo) return user } @@ -301,16 +302,15 @@ class User extends Model { /** * Create user from openid userinfo * @param {Object} userinfo - * @param {import('../Auth')} auth * @returns {Promise} */ - static async createUserFromOpenIdUserInfo(userinfo, auth) { + static async createUserFromOpenIdUserInfo(userinfo) { const userId = uuidv4() // TODO: Ensure username is unique? const username = userinfo.preferred_username || userinfo.name || userinfo.sub const email = userinfo.email && userinfo.email_verified ? userinfo.email : null - const token = auth.generateAccessToken({ id: userId, username }) + const token = TokenManager.generateAccessToken({ id: userId, username }) const newUser = { id: userId,