diff --git a/server/auth/OidcAuthStrategy.js b/server/auth/OidcAuthStrategy.js index 9a515c1a2..c3f6cfb22 100644 --- a/server/auth/OidcAuthStrategy.js +++ b/server/auth/OidcAuthStrategy.js @@ -121,7 +121,7 @@ class OidcAuthStrategy { throw new Error(`Group claim ${Database.serverSettings.authOpenIDGroupClaim} not found or empty in userinfo`) } - let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo) + let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo, this) if (!user?.isActive) { throw new Error('User not active or not found') diff --git a/server/auth/TokenManager.js b/server/auth/TokenManager.js index d972b5345..65ae32b18 100644 --- a/server/auth/TokenManager.js +++ b/server/auth/TokenManager.js @@ -81,18 +81,6 @@ class TokenManager { } } - /** - * Generate a JWT token for a given user - * TODO: Old method with no expiration - * @deprecated - * - * @param {{ id:string, username:string }} user - * @returns {string} - */ - static generateAccessToken(user) { - return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret) - } - /** * Function to generate a jwt token for a given user * TODO: Old method with no expiration @@ -102,7 +90,7 @@ class TokenManager { * @returns {string} */ generateAccessToken(user) { - return TokenManager.generateAccessToken(user) + return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret) } /** diff --git a/server/models/User.js b/server/models/User.js index bc8a9f6a1..3f06b2389 100644 --- a/server/models/User.js +++ b/server/models/User.js @@ -1,11 +1,9 @@ const uuidv4 = require('uuid').v4 const sequelize = require('sequelize') -const { LRUCache } = require('lru-cache') - const Logger = require('../Logger') const SocketAuthority = require('../SocketAuthority') const { isNullOrNaN } = require('../utils') -const TokenManager = require('../auth/TokenManager') +const { LRUCache } = require('lru-cache') class UserCache { constructor() { @@ -215,9 +213,10 @@ class User extends Model { * or creates a new user if configured to do so. * * @param {Object} userinfo + * @param {import('../Auth')} auth * @returns {Promise} */ - static async findOrCreateUserFromOpenIdUserInfo(userinfo) { + static async findOrCreateUserFromOpenIdUserInfo(userinfo, auth) { let user = await this.getUserByOpenIDSub(userinfo.sub) // Matched by sub @@ -291,7 +290,7 @@ class User extends Model { // If no existing user was matched, auto-register if configured if (global.ServerSettings.authOpenIDAutoRegister) { Logger.info(`[User] openid: Auto-registering user with sub "${userinfo.sub}"`, userinfo) - user = await this.createUserFromOpenIdUserInfo(userinfo) + user = await this.createUserFromOpenIdUserInfo(userinfo, auth) return user } @@ -302,15 +301,16 @@ class User extends Model { /** * Create user from openid userinfo * @param {Object} userinfo + * @param {import('../Auth')} auth * @returns {Promise} */ - static async createUserFromOpenIdUserInfo(userinfo) { + static async createUserFromOpenIdUserInfo(userinfo, auth) { const userId = uuidv4() // TODO: Ensure username is unique? const username = userinfo.preferred_username || userinfo.name || userinfo.sub const email = userinfo.email && userinfo.email_verified ? userinfo.email : null - const token = TokenManager.generateAccessToken({ id: userId, username }) + const token = auth.generateAccessToken({ id: userId, username }) const newUser = { id: userId,