mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-06-15 02:34:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

fix(oauth): add support for client_credentials flow
Some checks are pending
Backend tests / Linux without plugins (push) Waiting to run
Details
Backend tests / Linux with Plugins (push) Waiting to run
Details
Backend tests / Windows without plugins (push) Waiting to run
Details
Backend tests / Windows with Plugins (push) Waiting to run
Details
CodeQL / Analyze (push) Waiting to run
Details
Docker / docker (push) Waiting to run
Details
Frontend admin tests powered by Sauce Labs / with plugins (push) Waiting to run
Details
Frontend tests powered by Sauce Labs / Playwright Chrome (push) Waiting to run
Details
Frontend tests powered by Sauce Labs / Playwright Firefox (push) Waiting to run
Details
Frontend tests powered by Sauce Labs / Playwright Webkit (push) Waiting to run
Details
Loadtest / without plugins (push) Waiting to run
Details
Loadtest / with Plugins (push) Waiting to run
Details
Loadtest / long running (push) Waiting to run
Details
Perform type checks / perform type check (push) Waiting to run
Details
rate limit / test (push) Waiting to run
Details
Upgrade from latest release / Linux with Plugins (push) Waiting to run
Details
Windows Build / Build .zip (push) Waiting to run
Details

Browse source
This commit is contained in:
SamTV12345 2025-04-06 10:46:12 +02:00
parent 35ddea0c57
commit ab5b933fb3
4 changed files with 31 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/node/handler/APIHandler.ts
View file

@ -20,9 +20,10 @@
*/
import {MapArrayType} from "../types/MapType";
import { jwtDecode } from "jwt-decode";
const api = require('../db/API');
const padManager = require('../db/PadManager');
const settings = require('../utils/Settings');
import createHTTPError from 'http-errors';
import {Http2ServerRequest} from "node:http2";
import {publicKeyExported} from "../security/OAuth2Provider";
@ -182,8 +183,17 @@ exports.handle = async function (apiVersion: string, functionName: string, field
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
try {
await jwtVerify(req.headers.authorization!.replace("Bearer ", ""), publicKeyExported!, {algorithms: ['RS256'],
requiredClaims: ["admin"]})
const clientIds: string[] = settings.sso.clients?.map((client: {client_id: string}) => client.client_id);
const jwtToCheck = req.headers.authorization.replace("Bearer ", "")
const payload = jwtDecode(jwtToCheck)
// client_credentials
if (clientIds.includes(<string>payload.sub)) {
await jwtVerify(jwtToCheck, publicKeyExported!, {algorithms: ['RS256']})
} else {
// authorization_code
await jwtVerify(jwtToCheck, publicKeyExported!, {algorithms: ['RS256'],
requiredClaims: ["admin"]})
}
} catch (e) {
throw new createHTTPError.Unauthorized('no or wrong OAuth token');
}

2
src/node/security/OAuth2Provider.ts
View file

@ -30,7 +30,7 @@ const configuration: Configuration = {
if(account === undefined) {
return undefined
}
if (account.is_admin) {
if (account.is_admin ) {
return {
accountId: id,
claims: () => ({

1
src/package.json
View file

@ -70,6 +70,7 @@
"socket.io-client": "^4.8.1",
"superagent": "10.2.0",
"swagger-ui-express": "^5.0.1",
"jwt-decode": "^4.0.0",
"tinycon": "0.6.8",
"tsx": "4.19.3",
"ueberdb2": "^5.0.6",