summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/migrations/20150702001020-update-to-0_3_1.js3
-rw-r--r--lib/migrations/20160112220142-note-add-lastchange.js3
-rw-r--r--lib/migrations/20160420180355-note-add-alias.js3
-rw-r--r--lib/migrations/20160515114000-user-add-tokens.js3
-rw-r--r--lib/migrations/20160607060246-support-revision.js3
-rw-r--r--lib/migrations/20160703062241-support-authorship.js3
-rw-r--r--lib/migrations/20161009040430-support-delete-note.js3
-rw-r--r--lib/migrations/20161201050312-support-email-signin.js6
-rw-r--r--lib/migrations/20180525153000-user-add-delete-token.js8
-rw-r--r--lib/migrations/20200321153000-fix-account-deletion.js7
-rw-r--r--lib/web/auth/oauth2/index.js31
11 files changed, 52 insertions, 21 deletions
diff --git a/lib/migrations/20150702001020-update-to-0_3_1.js b/lib/migrations/20150702001020-update-to-0_3_1.js
index b941048e..16001f2e 100644
--- a/lib/migrations/20150702001020-update-to-0_3_1.js
+++ b/lib/migrations/20150702001020-update-to-0_3_1.js
@@ -21,7 +21,8 @@ module.exports = {
defaultValue: 0
})
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: shortid' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'shortid'" || error.message === 'column "shortid" of relation "Notes" already exists') {
+ if (error.message === 'column "shortid" of relation "Notes" already exists' ||
+ error.message.toLowerCase().includes('duplicate column name')) {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20160112220142-note-add-lastchange.js b/lib/migrations/20160112220142-note-add-lastchange.js
index 69781cef..430e1cc1 100644
--- a/lib/migrations/20160112220142-note-add-lastchange.js
+++ b/lib/migrations/20160112220142-note-add-lastchange.js
@@ -8,7 +8,8 @@ module.exports = {
type: Sequelize.DATE
})
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: lastchangeuserId' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'lastchangeuserId'" || error.message === 'column "lastchangeuserId" of relation "Notes" already exists') {
+ if (error.message === 'column "lastchangeuserId" of relation "Notes" already exists' ||
+ error.message.toLowerCase().includes('duplicate column name')) {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20160420180355-note-add-alias.js b/lib/migrations/20160420180355-note-add-alias.js
index 82941a91..18afb9c0 100644
--- a/lib/migrations/20160420180355-note-add-alias.js
+++ b/lib/migrations/20160420180355-note-add-alias.js
@@ -8,7 +8,8 @@ module.exports = {
indicesType: 'UNIQUE'
})
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: alias' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'alias'" || error.message === 'column "alias" of relation "Notes" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "alias" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20160515114000-user-add-tokens.js b/lib/migrations/20160515114000-user-add-tokens.js
index e47ef5a4..33457824 100644
--- a/lib/migrations/20160515114000-user-add-tokens.js
+++ b/lib/migrations/20160515114000-user-add-tokens.js
@@ -4,7 +4,8 @@ module.exports = {
return queryInterface.addColumn('Users', 'accessToken', Sequelize.STRING).then(function () {
return queryInterface.addColumn('Users', 'refreshToken', Sequelize.STRING)
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: accessToken' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'accessToken'" || error.message === 'column "accessToken" of relation "Users" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "accessToken" of relation "Users" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20160607060246-support-revision.js b/lib/migrations/20160607060246-support-revision.js
index b318ea44..fa2731b8 100644
--- a/lib/migrations/20160607060246-support-revision.js
+++ b/lib/migrations/20160607060246-support-revision.js
@@ -16,7 +16,8 @@ module.exports = {
updatedAt: Sequelize.DATE
})
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: savedAt' | error.message === "ER_DUP_FIELDNAME: Duplicate column name 'savedAt'" || error.message === 'column "savedAt" of relation "Notes" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "savedAt" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20160703062241-support-authorship.js b/lib/migrations/20160703062241-support-authorship.js
index 86054f1c..c54dde61 100644
--- a/lib/migrations/20160703062241-support-authorship.js
+++ b/lib/migrations/20160703062241-support-authorship.js
@@ -17,7 +17,8 @@ module.exports = {
updatedAt: Sequelize.DATE
})
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: authorship' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'authorship'" || error.message === 'column "authorship" of relation "Notes" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "authorship" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20161009040430-support-delete-note.js b/lib/migrations/20161009040430-support-delete-note.js
index b7ee72c3..7b9b60cf 100644
--- a/lib/migrations/20161009040430-support-delete-note.js
+++ b/lib/migrations/20161009040430-support-delete-note.js
@@ -2,7 +2,8 @@
module.exports = {
up: function (queryInterface, Sequelize) {
return queryInterface.addColumn('Notes', 'deletedAt', Sequelize.DATE).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: deletedAt' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'deletedAt'" || error.message === 'column "deletedAt" of relation "Notes" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "deletedAt" of relation "Notes" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20161201050312-support-email-signin.js b/lib/migrations/20161201050312-support-email-signin.js
index 5c9fbf85..0ade8cd2 100644
--- a/lib/migrations/20161201050312-support-email-signin.js
+++ b/lib/migrations/20161201050312-support-email-signin.js
@@ -3,7 +3,8 @@ module.exports = {
up: function (queryInterface, Sequelize) {
return queryInterface.addColumn('Users', 'email', Sequelize.TEXT).then(function () {
return queryInterface.addColumn('Users', 'password', Sequelize.TEXT).catch(function (error) {
- if (error.message === "ER_DUP_FIELDNAME: Duplicate column name 'password'" || error.message === 'column "password" of relation "Users" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "password" of relation "Users" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
@@ -11,7 +12,8 @@ module.exports = {
}
})
}).catch(function (error) {
- if (error.message === 'SQLITE_ERROR: duplicate column name: email' || error.message === "ER_DUP_FIELDNAME: Duplicate column name 'email'" || error.message === 'column "email" of relation "Users" already exists') {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "email" of relation "Users" already exists') {
// eslint-disable-next-line no-console
console.log('Migration has already run… ignoring.')
} else {
diff --git a/lib/migrations/20180525153000-user-add-delete-token.js b/lib/migrations/20180525153000-user-add-delete-token.js
index 642fa5d4..2dc88dfb 100644
--- a/lib/migrations/20180525153000-user-add-delete-token.js
+++ b/lib/migrations/20180525153000-user-add-delete-token.js
@@ -4,6 +4,14 @@ module.exports = {
return queryInterface.addColumn('Users', 'deleteToken', {
type: Sequelize.UUID,
defaultValue: Sequelize.UUIDV4
+ }).catch(function (error) {
+ if (error.message.toLowerCase().includes('duplicate column name') ||
+ error.message === 'column "deleteToken" of relation "Users" already exists') {
+ // eslint-disable-next-line no-console
+ console.log('Migration has already run… ignoring.')
+ } else {
+ throw error
+ }
})
},
diff --git a/lib/migrations/20200321153000-fix-account-deletion.js b/lib/migrations/20200321153000-fix-account-deletion.js
index e794e993..3b5a4224 100644
--- a/lib/migrations/20200321153000-fix-account-deletion.js
+++ b/lib/migrations/20200321153000-fix-account-deletion.js
@@ -45,6 +45,13 @@ module.exports = {
},
onDelete: 'cascade'
})
+ }).catch(function (error) {
+ if (error.message.toLowerCase().includes('duplicate key on write or update')) {
+ // eslint-disable-next-line no-console
+ console.log('Migration has already run… ignoring.')
+ } else {
+ throw error
+ }
})
},
diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js
index b8e62dda..9cb17f26 100644
--- a/lib/web/auth/oauth2/index.js
+++ b/lib/web/auth/oauth2/index.js
@@ -52,7 +52,8 @@ function extractProfileAttribute (data, path) {
}
function parseProfile (data) {
- const id = extractProfileAttribute(data, config.oauth2.userProfileIdAttr)
+ // only try to parse the id if a claim is configured
+ const id = config.oauth2.userProfileIdAttr ? extractProfileAttribute(data, config.oauth2.userProfileIdAttr) : undefined
const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr)
const displayName = extractProfileAttribute(data, config.oauth2.userProfileDisplayNameAttr)
const email = extractProfileAttribute(data, config.oauth2.userProfileEmailAttr)
@@ -66,18 +67,24 @@ function parseProfile (data) {
}
function checkAuthorization (data, done) {
- const roles = extractProfileAttribute(data, config.oauth2.rolesClaim)
- const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr)
-
+ // a role the user must have is set in the config
if (config.oauth2.accessRole) {
- if (!roles) {
- logger.error('oauth2: "accessRole" configured, but user profile doesn\'t contain roles attribute. Permission denied')
- return done('Permission denied', null)
- }
-
- if (!roles.includes(config.oauth2.accessRole)) {
- logger.debug(`oauth2: user "${username}" doesn't have the required role. Permission denied`)
- return done('Permission denied', null)
+ // check if we know which claim contains the list of groups a user is in
+ if (!config.oauth2.rolesClaim) {
+ // log error, but accept all logins
+ logger.error('oauth2: "accessRole" is configured, but "rolesClaim" is missing from the config. Can\'t check group membership!')
+ } else {
+ // parse and check role data
+ const roles = extractProfileAttribute(data, config.oauth2.rolesClaim)
+ if (!roles) {
+ logger.error('oauth2: "accessRole" is configured, but user profile doesn\'t contain roles attribute. Permission denied')
+ return done('Permission denied', null)
+ }
+ if (!roles.includes(config.oauth2.accessRole)) {
+ const username = extractProfileAttribute(data, config.oauth2.userProfileUsernameAttr)
+ logger.debug(`oauth2: user "${username}" doesn't have the required role. Permission denied`)
+ return done('Permission denied', null)
+ }
}
}
}