mirror of
https://github.com/immich-app/immich.git
synced 2025-01-28 06:32:44 +01:00
fix: auth sub override (#9635)
This commit is contained in:
parent
bb79df655d
commit
91b835cfeb
3 changed files with 35 additions and 13 deletions
server
|
@ -377,7 +377,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should not allow auto registering', async () => {
|
it('should not allow auto registering', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.noAutoRegister);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthEnabled);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
await expect(sut.callback({ url: 'http://immich/auth/login?code=abc123' }, loginDetails)).rejects.toBeInstanceOf(
|
await expect(sut.callback({ url: 'http://immich/auth/login?code=abc123' }, loginDetails)).rejects.toBeInstanceOf(
|
||||||
BadRequestException,
|
BadRequestException,
|
||||||
|
@ -386,7 +386,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should link an existing user', async () => {
|
it('should link an existing user', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.noAutoRegister);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthEnabled);
|
||||||
userMock.getByEmail.mockResolvedValue(userStub.user1);
|
userMock.getByEmail.mockResolvedValue(userStub.user1);
|
||||||
userMock.update.mockResolvedValue(userStub.user1);
|
userMock.update.mockResolvedValue(userStub.user1);
|
||||||
sessionMock.create.mockResolvedValue(sessionStub.valid);
|
sessionMock.create.mockResolvedValue(sessionStub.valid);
|
||||||
|
@ -399,6 +399,20 @@ describe('AuthService', () => {
|
||||||
expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, { oauthId: sub });
|
expect(userMock.update).toHaveBeenCalledWith(userStub.user1.id, { oauthId: sub });
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should not link to a user with a different oauth sub', async () => {
|
||||||
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithAutoRegister);
|
||||||
|
userMock.getByEmail.mockResolvedValueOnce({ ...userStub.user1, oauthId: 'existing-sub' });
|
||||||
|
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
||||||
|
userMock.create.mockResolvedValue(userStub.user1);
|
||||||
|
|
||||||
|
await expect(sut.callback({ url: 'http://immich/auth/login?code=abc123' }, loginDetails)).resolves.toEqual(
|
||||||
|
loginResponseStub.user1oauth,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(userMock.update).not.toHaveBeenCalled();
|
||||||
|
expect(userMock.create).toHaveBeenCalled();
|
||||||
|
});
|
||||||
|
|
||||||
it('should allow auto registering by default', async () => {
|
it('should allow auto registering by default', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.enabled);
|
systemMock.get.mockResolvedValue(systemConfigStub.enabled);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
|
@ -415,7 +429,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should use the mobile redirect override', async () => {
|
it('should use the mobile redirect override', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.override);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithMobileOverride);
|
||||||
userMock.getByOAuthId.mockResolvedValue(userStub.user1);
|
userMock.getByOAuthId.mockResolvedValue(userStub.user1);
|
||||||
sessionMock.create.mockResolvedValue(sessionStub.valid);
|
sessionMock.create.mockResolvedValue(sessionStub.valid);
|
||||||
|
|
||||||
|
@ -425,7 +439,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should use the mobile redirect override for ios urls with multiple slashes', async () => {
|
it('should use the mobile redirect override for ios urls with multiple slashes', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.override);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithMobileOverride);
|
||||||
userMock.getByOAuthId.mockResolvedValue(userStub.user1);
|
userMock.getByOAuthId.mockResolvedValue(userStub.user1);
|
||||||
sessionMock.create.mockResolvedValue(sessionStub.valid);
|
sessionMock.create.mockResolvedValue(sessionStub.valid);
|
||||||
|
|
||||||
|
@ -435,7 +449,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should use the default quota', async () => {
|
it('should use the default quota', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.withDefaultStorageQuota);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithStorageQuota);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
||||||
userMock.create.mockResolvedValue(userStub.user1);
|
userMock.create.mockResolvedValue(userStub.user1);
|
||||||
|
@ -448,7 +462,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should ignore an invalid storage quota', async () => {
|
it('should ignore an invalid storage quota', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.withDefaultStorageQuota);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithStorageQuota);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
||||||
userMock.create.mockResolvedValue(userStub.user1);
|
userMock.create.mockResolvedValue(userStub.user1);
|
||||||
|
@ -462,7 +476,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should ignore a negative quota', async () => {
|
it('should ignore a negative quota', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.withDefaultStorageQuota);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithStorageQuota);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
||||||
userMock.create.mockResolvedValue(userStub.user1);
|
userMock.create.mockResolvedValue(userStub.user1);
|
||||||
|
@ -476,7 +490,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should not set quota for 0 quota', async () => {
|
it('should not set quota for 0 quota', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.withDefaultStorageQuota);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithStorageQuota);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
||||||
userMock.create.mockResolvedValue(userStub.user1);
|
userMock.create.mockResolvedValue(userStub.user1);
|
||||||
|
@ -496,7 +510,7 @@ describe('AuthService', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should use a valid storage quota', async () => {
|
it('should use a valid storage quota', async () => {
|
||||||
systemMock.get.mockResolvedValue(systemConfigStub.withDefaultStorageQuota);
|
systemMock.get.mockResolvedValue(systemConfigStub.oauthWithStorageQuota);
|
||||||
userMock.getByEmail.mockResolvedValue(null);
|
userMock.getByEmail.mockResolvedValue(null);
|
||||||
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
userMock.getAdmin.mockResolvedValue(userStub.user1);
|
||||||
userMock.create.mockResolvedValue(userStub.user1);
|
userMock.create.mockResolvedValue(userStub.user1);
|
||||||
|
|
|
@ -201,7 +201,7 @@ export class AuthService {
|
||||||
// link existing user
|
// link existing user
|
||||||
if (!user) {
|
if (!user) {
|
||||||
const emailUser = await this.userRepository.getByEmail(profile.email);
|
const emailUser = await this.userRepository.getByEmail(profile.email);
|
||||||
if (emailUser) {
|
if (emailUser && !emailUser.oauthId) {
|
||||||
user = await this.userRepository.update(emailUser.id, { oauthId: profile.sub });
|
user = await this.userRepository.update(emailUser.id, { oauthId: profile.sub });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
14
server/test/fixtures/system-config.stub.ts
vendored
14
server/test/fixtures/system-config.stub.ts
vendored
|
@ -15,7 +15,7 @@ export const systemConfigStub = {
|
||||||
enabled: false,
|
enabled: false,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
noAutoRegister: {
|
oauthEnabled: {
|
||||||
oauth: {
|
oauth: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
autoRegister: false,
|
autoRegister: false,
|
||||||
|
@ -23,7 +23,15 @@ export const systemConfigStub = {
|
||||||
buttonText: 'OAuth',
|
buttonText: 'OAuth',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
override: {
|
oauthWithAutoRegister: {
|
||||||
|
oauth: {
|
||||||
|
enabled: true,
|
||||||
|
autoRegister: true,
|
||||||
|
autoLaunch: false,
|
||||||
|
buttonText: 'OAuth',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
oauthWithMobileOverride: {
|
||||||
oauth: {
|
oauth: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
autoRegister: true,
|
autoRegister: true,
|
||||||
|
@ -32,7 +40,7 @@ export const systemConfigStub = {
|
||||||
buttonText: 'OAuth',
|
buttonText: 'OAuth',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
withDefaultStorageQuota: {
|
oauthWithStorageQuota: {
|
||||||
oauth: {
|
oauth: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
autoRegister: true,
|
autoRegister: true,
|
||||||
|
|
Loading…
Reference in a new issue