diff options
Diffstat (limited to 'lib')
11 files changed, 52 insertions, 21 deletions
diff --git a/lib/migrations/20150702001020-update-to-0_3_1.js b/lib/migrations/20150702001020-update-to-0_3_1.js index b941048e..16001f2e 100644 --- a/lib/migrations/20150702001020-update-to-0_3_1.js +++ b/lib/migrations/20150702001020-update-to-0_3_1.js @@ -21,7 +21,8 @@ module.exports = { defaultValue: 0 }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: shortid' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'shortid'" || error.message === 'column "shortid" of relation "Notes" already exists') { + if (error.message === 'column "shortid" of relation "Notes" already exists' || + error.message.toLowerCase().includes('duplicate column name')) { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160112220142-note-add-lastchange.js b/lib/migrations/20160112220142-note-add-lastchange.js index 69781cef..430e1cc1 100644 --- a/lib/migrations/20160112220142-note-add-lastchange.js +++ b/lib/migrations/20160112220142-note-add-lastchange.js @@ -8,7 +8,8 @@ module.exports = { type: Sequelize.DATE }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: lastchangeuserId' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'lastchangeuserId'" || error.message === 'column "lastchangeuserId" of relation "Notes" already exists') { + if (error.message === 'column "lastchangeuserId" of relation "Notes" already exists' || + error.message.toLowerCase().includes('duplicate column name')) { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160420180355-note-add-alias.js b/lib/migrations/20160420180355-note-add-alias.js index 82941a91..18afb9c0 100644 --- a/lib/migrations/20160420180355-note-add-alias.js +++ b/lib/migrations/20160420180355-note-add-alias.js @@ -8,7 +8,8 @@ module.exports = { indicesType: 'UNIQUE' }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: alias' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'alias'" || error.message === 'column "alias" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "alias" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160515114000-user-add-tokens.js b/lib/migrations/20160515114000-user-add-tokens.js index e47ef5a4..33457824 100644 --- a/lib/migrations/20160515114000-user-add-tokens.js +++ b/lib/migrations/20160515114000-user-add-tokens.js @@ -4,7 +4,8 @@ module.exports = { return queryInterface.addColumn('Users', 'accessToken', Sequelize.STRING).then(function () { return queryInterface.addColumn('Users', 'refreshToken', Sequelize.STRING) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: accessToken' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'accessToken'" || error.message === 'column "accessToken" of relation "Users" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "accessToken" of relation "Users" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160607060246-support-revision.js b/lib/migrations/20160607060246-support-revision.js index b318ea44..fa2731b8 100644 --- a/lib/migrations/20160607060246-support-revision.js +++ b/lib/migrations/20160607060246-support-revision.js @@ -16,7 +16,8 @@ module.exports = { updatedAt: Sequelize.DATE }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: savedAt' | error.message === "ER_DUP_FIELDNAME: Duplicate column name 'savedAt'" || error.message === 'column "savedAt" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "savedAt" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20160703062241-support-authorship.js b/lib/migrations/20160703062241-support-authorship.js index 86054f1c..c54dde61 100644 --- a/lib/migrations/20160703062241-support-authorship.js +++ b/lib/migrations/20160703062241-support-authorship.js @@ -17,7 +17,8 @@ module.exports = { updatedAt: Sequelize.DATE }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: authorship' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'authorship'" || error.message === 'column "authorship" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "authorship" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20161009040430-support-delete-note.js b/lib/migrations/20161009040430-support-delete-note.js index b7ee72c3..7b9b60cf 100644 --- a/lib/migrations/20161009040430-support-delete-note.js +++ b/lib/migrations/20161009040430-support-delete-note.js @@ -2,7 +2,8 @@ module.exports = { up: function (queryInterface, Sequelize) { return queryInterface.addColumn('Notes', 'deletedAt', Sequelize.DATE).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: deletedAt' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'deletedAt'" || error.message === 'column "deletedAt" of relation "Notes" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "deletedAt" of relation "Notes" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20161201050312-support-email-signin.js b/lib/migrations/20161201050312-support-email-signin.js index 5c9fbf85..0ade8cd2 100644 --- a/lib/migrations/20161201050312-support-email-signin.js +++ b/lib/migrations/20161201050312-support-email-signin.js @@ -3,7 +3,8 @@ module.exports = { up: function (queryInterface, Sequelize) { return queryInterface.addColumn('Users', 'email', Sequelize.TEXT).then(function () { return queryInterface.addColumn('Users', 'password', Sequelize.TEXT).catch(function (error) { - if (error.message === "ER_DUP_FIELDNAME: Duplicate column name 'password'" || error.message === 'column "password" of relation "Users" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "password" of relation "Users" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { @@ -11,7 +12,8 @@ module.exports = { } }) }).catch(function (error) { - if (error.message === 'SQLITE_ERROR: duplicate column name: email' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'email'" || error.message === 'column "email" of relation "Users" already exists') { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "email" of relation "Users" already exists') { // eslint-disable-next-line no-console console.log('Migration has already run… ignoring.') } else { diff --git a/lib/migrations/20180525153000-user-add-delete-token.js b/lib/migrations/20180525153000-user-add-delete-token.js index 642fa5d4..2dc88dfb 100644 --- a/lib/migrations/20180525153000-user-add-delete-token.js +++ b/lib/migrations/20180525153000-user-add-delete-token.js @@ -4,6 +4,14 @@ module.exports = { return queryInterface.addColumn('Users', 'deleteToken', { type: Sequelize.UUID, defaultValue: Sequelize.UUIDV4 + }).catch(function (error) { + if (error.message.toLowerCase().includes('duplicate column name') || + error.message === 'column "deleteToken" of relation "Users" already exists') { + // eslint-disable-next-line no-console + console.log('Migration has already run… ignoring.') + } else { + throw error + } }) }, diff --git a/lib/migrations/20200321153000-fix-account-deletion.js b/lib/migrations/20200321153000-fix-account-deletion.js index e794e993..3b5a4224 100644 --- a/lib/migrations/20200321153000-fix-account-deletion.js +++ b/lib/migrations/20200321153000-fix-account-deletion.js @@ -45,6 +45,13 @@ module.exports = { }, onDelete: 'cascade' }) + }).catch(function (error) { + if (error.message.toLowerCase().includes('duplicate key on write or update')) { + // eslint-disable-next-line no-console + console.log('Migration has already run… ignoring.') + } else { + throw error + } }) }, diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js index b8e62dda..9cb17f26 100644 --- a/lib/web/auth/oauth2/index.js +++ b/lib/web/auth/oauth2/index.js @@ -52,7 +52,8 @@ function extractProfileAttribute (data, path) { } function parseProfile (data) { - const id = extractProfileAttribute(data, config.oauth2.userProfileIdAttr) + // only try to parse the id if a claim is configured + const id = config.oauth2.userProfileIdAttr ? extractProfileAttribute(data, config.oauth2.userProfileIdAttr) : undefined const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr) const displayName = extractProfileAttribute(data, config.oauth2.userProfileDisplayNameAttr) const email = extractProfileAttribute(data, config.oauth2.userProfileEmailAttr) @@ -66,18 +67,24 @@ function parseProfile (data) { } function checkAuthorization (data, done) { - const roles = extractProfileAttribute(data, config.oauth2.rolesClaim) - const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr) - + // a role the user must have is set in the config if (config.oauth2.accessRole) { - if (!roles) { - logger.error('oauth2: "accessRole" configured, but user profile doesn\'t contain roles attribute. Permission denied') - return done('Permission denied', null) - } - - if (!roles.includes(config.oauth2.accessRole)) { - logger.debug(`oauth2: user "${username}" doesn't have the required role. Permission denied`) - return done('Permission denied', null) + // check if we know which claim contains the list of groups a user is in + if (!config.oauth2.rolesClaim) { + // log error, but accept all logins + logger.error('oauth2: "accessRole" is configured, but "rolesClaim" is missing from the config. Can\'t check group membership!') + } else { + // parse and check role data + const roles = extractProfileAttribute(data, config.oauth2.rolesClaim) + if (!roles) { + logger.error('oauth2: "accessRole" is configured, but user profile doesn\'t contain roles attribute. Permission denied') + return done('Permission denied', null) + } + if (!roles.includes(config.oauth2.accessRole)) { + const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr) + logger.debug(`oauth2: user "${username}" doesn't have the required role. Permission denied`) + return done('Permission denied', null) + } } } } |