From 4b5c7c1c7b0887e2fb42bf3687e7b6cda9ccf709 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Mon, 23 Jul 2018 13:14:34 -0600 Subject: [PATCH] fix: move displayName into auth integrations --- src/core/server/app/handlers/auth/local.ts | 19 ++++--------------- .../server/app/middleware/passport/oidc.ts | 2 +- .../server/app/middleware/passport/sso.ts | 2 +- src/core/server/models/tenant.ts | 15 ++++++++++----- 4 files changed, 16 insertions(+), 22 deletions(-) diff --git a/src/core/server/app/handlers/auth/local.ts b/src/core/server/app/handlers/auth/local.ts index baab6dcd6..0c438ccf3 100644 --- a/src/core/server/app/handlers/auth/local.ts +++ b/src/core/server/app/handlers/auth/local.ts @@ -23,11 +23,6 @@ const SignupBodySchema = Joi.object().keys({ email: Joi.string().trim(), }); -// Extends the default signup body schema to allow the displayName to be set. -const SignupDisplayNameBodySchema = SignupBodySchema.keys({ - displayName: Joi.string().trim(), -}); - export interface SignupOptions { db: Db; signingConfig: JWTSigningConfig; @@ -50,15 +45,10 @@ export const signupHandler = (options: SignupOptions): RequestHandler => async ( return next(new Error("integration is disabled")); } - // Get the fields from the body. We condition on the display name being - // enabled to allow the display name to be stripped in the event that the - // display name is not enabled, yielding a displayName being `undefined`, - // which will not be set in the resultant document. Validate will throw an - // error if the body does not conform to the specification. - const { username, password, email, displayName }: SignupBody = validate( - tenant.auth.displayNameEnable - ? SignupDisplayNameBodySchema - : SignupBodySchema, + // Get the fields from the body. Validate will throw an error if the body + // does not conform to the specification. + const { username, password, email }: SignupBody = validate( + SignupBodySchema, req.body ); @@ -72,7 +62,6 @@ export const signupHandler = (options: SignupOptions): RequestHandler => async ( const user = await upsert(options.db, tenant, { email, username, - displayName, password, profiles: [profile], // New users signing up via local auth will have the commenter role to diff --git a/src/core/server/app/middleware/passport/oidc.ts b/src/core/server/app/middleware/passport/oidc.ts index 35982e0a1..2bbe16a30 100644 --- a/src/core/server/app/middleware/passport/oidc.ts +++ b/src/core/server/app/middleware/passport/oidc.ts @@ -131,7 +131,7 @@ export async function findOrCreateOIDCUser( name, nickname, }: OIDCIDToken = validate( - tenant.auth.displayNameEnable + tenant.auth.integrations.oidc!.displayNameEnable ? OIDCDisplayNameIDTokenSchema : OIDCIDTokenSchema, token diff --git a/src/core/server/app/middleware/passport/sso.ts b/src/core/server/app/middleware/passport/sso.ts index cd50a67de..4e6903139 100644 --- a/src/core/server/app/middleware/passport/sso.ts +++ b/src/core/server/app/middleware/passport/sso.ts @@ -57,7 +57,7 @@ export async function findOrCreateSSOUser( // Unpack/validate the token content. const { id, email, username, displayName, avatar }: SSOUserProfile = validate( - tenant.auth.displayNameEnable + tenant.auth.integrations.sso!.displayNameEnable ? SSODisplayNameUserProfileSchema : SSOUserProfileSchema, token.user diff --git a/src/core/server/models/tenant.ts b/src/core/server/models/tenant.ts index 0b14a46c0..bc19c6553 100644 --- a/src/core/server/models/tenant.ts +++ b/src/core/server/models/tenant.ts @@ -58,16 +58,24 @@ export interface AuthIntegration { enabled: boolean; } +export interface DisplayNameAuthIntegration { + displayNameEnable: boolean; +} + // SSOAuthIntegration is an AuthIntegration that provides a secret to the admins // of a tenant, where they can sign a SSO payload with it to provide to the // embed to allow single sign on. -export interface SSOAuthIntegration extends AuthIntegration { +export interface SSOAuthIntegration + extends AuthIntegration, + DisplayNameAuthIntegration { key: string; } // OIDCAuthIntegration provides a way to store Open ID Connect credentials. This // will be used in the admin to provide staff logins for users. -export interface OIDCAuthIntegration extends AuthIntegration { +export interface OIDCAuthIntegration + extends AuthIntegration, + DisplayNameAuthIntegration { clientID: string; clientSecret: string; issuer: string; @@ -108,7 +116,6 @@ export interface AuthIntegrations { export interface Auth { integrations: AuthIntegrations; - displayNameEnable: boolean; } // Tenant definition. @@ -194,8 +201,6 @@ export async function createTenant(db: Db, input: CreateTenantInput) { banned: [], }, auth: { - // Disable the displayName by default. - displayNameEnable: false, integrations: { local: { enabled: true,