mirror/advplyr.audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-07-16 04:14:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix OIDC auto register user #4485

Browse source
This commit is contained in:
advplyr 2025-07-13 17:04:02 -05:00
parent 264ae928a9
commit f7b94a4b6d
3 changed files with 21 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/auth/OidcAuthStrategy.js
View file

@ -121,7 +121,7 @@ class OidcAuthStrategy {
throw new Error(`Group claim ${Database.serverSettings.authOpenIDGroupClaim} not found or empty in userinfo`)
}
let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo, this)
let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo)
if (!user?.isActive) {
throw new Error('User not active or not found')

14
server/auth/TokenManager.js
View file

@ -81,6 +81,18 @@ class TokenManager {
}
}
/**
* Generate a JWT token for a given user
* TODO: Old method with no expiration
* @deprecated
*
* @param {{ id:string, username:string }} user
* @returns {string}
*/
static generateAccessToken(user) {
return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret)
}
/**
* Function to generate a jwt token for a given user
* TODO: Old method with no expiration
@ -90,7 +102,7 @@ class TokenManager {
* @returns {string}
*/
generateAccessToken(user) {
return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret)
return TokenManager.generateAccessToken(user)
}
/**

14
server/models/User.js
View file

@ -1,9 +1,11 @@
const uuidv4 = require('uuid').v4
const sequelize = require('sequelize')
const { LRUCache } = require('lru-cache')
const Logger = require('../Logger')
const SocketAuthority = require('../SocketAuthority')
const { isNullOrNaN } = require('../utils')
const { LRUCache } = require('lru-cache')
const TokenManager = require('../auth/TokenManager')
class UserCache {
constructor() {
@ -213,10 +215,9 @@ class User extends Model {
* or creates a new user if configured to do so.
*
* @param {Object} userinfo
* @param {import('../Auth')} auth
* @returns {Promise<User>}
*/
static async findOrCreateUserFromOpenIdUserInfo(userinfo, auth) {
static async findOrCreateUserFromOpenIdUserInfo(userinfo) {
let user = await this.getUserByOpenIDSub(userinfo.sub)
// Matched by sub
@ -290,7 +291,7 @@ class User extends Model {
// If no existing user was matched, auto-register if configured
if (global.ServerSettings.authOpenIDAutoRegister) {
Logger.info(`[User] openid: Auto-registering user with sub "${userinfo.sub}"`, userinfo)
user = await this.createUserFromOpenIdUserInfo(userinfo, auth)
user = await this.createUserFromOpenIdUserInfo(userinfo)
return user
}
@ -301,16 +302,15 @@ class User extends Model {
/**
* Create user from openid userinfo
* @param {Object} userinfo
* @param {import('../Auth')} auth
* @returns {Promise<User>}
*/
static async createUserFromOpenIdUserInfo(userinfo, auth) {
static async createUserFromOpenIdUserInfo(userinfo) {
const userId = uuidv4()
// TODO: Ensure username is unique?
const username = userinfo.preferred_username || userinfo.name || userinfo.sub
const email = userinfo.email && userinfo.email_verified ? userinfo.email : null
const token = auth.generateAccessToken({ id: userId, username })
const token = TokenManager.generateAccessToken({ id: userId, username })
const newUser = {
id: userId,