proxy auth users don't get a token

otherwise, they will stay logged in even after the proxy auth has
disabled them (with the saved token in the local store)
This commit is contained in:
Igor Serebryany 2023-10-06 15:11:45 -07:00
parent a85ae7467c
commit 20356a17d8
No known key found for this signature in database
GPG key ID: 0AF607692FD9EB24
2 changed files with 23 additions and 10 deletions

View file

@ -63,7 +63,7 @@ class Auth {
}
if (token == null && proxyUsername == null) {
Logger.error('Api called without a token and proxy auth is disabled', req.path)
Logger.error('Api called without a token and no proxy auth provided', req.path)
return res.sendStatus(401)
}
@ -158,6 +158,8 @@ class Auth {
email,
type: 'user',
isActive: true,
token: null,
isFromProxy: true,
}
return await this.createUser(account)
@ -178,7 +180,11 @@ class Auth {
account.pash = await this.hashPass(password)
account.token = await this.generateAccessToken({ userId: account.id, username })
// proxy users don't get a token
if (!account.isFromProxy) {
account.token = await this.generateAccessToken({ userId: account.id, username })
}
account.createdAt = Date.now()
const newUser = new User(account)