Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-21 08:17:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): oauth should follow sign up restriction (#12683)

Browse Source 
<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

- **New Features**
	- Enforced signup restrictions for OAuth login based on configuration settings. Users will not be able to sign up via OAuth if signup is disabled by the administrator.
- **Bug Fixes**
	- Improved error handling during OAuth login when signup is not permitted.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
forehalo
2025-06-03 08:53:00 +00:00
parent a02eed382d
commit ee931d546e
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packages/backend/server/src/plugins/oauth/controller.ts
View File

@@ -13,11 +13,13 @@ import { ConnectedAccount } from '@prisma/client';
import type { Request, Response } from 'express'; import type { Request, Response } from 'express';
import { import {
Config,
InvalidAuthState, InvalidAuthState,
InvalidOauthCallbackState, InvalidOauthCallbackState,
MissingOauthQueryParameter, MissingOauthQueryParameter,
OauthAccountAlreadyConnected, OauthAccountAlreadyConnected,
OauthStateExpired, OauthStateExpired,
SignUpForbidden,
UnknownOauthProvider, UnknownOauthProvider,
URLHelper, URLHelper,
UseNamedGuard, UseNamedGuard,
@@ -38,7 +40,8 @@ export class OAuthController {
private readonly oauth: OAuthService, private readonly oauth: OAuthService,
private readonly models: Models, private readonly models: Models,
private readonly providerFactory: OAuthProviderFactory, private readonly providerFactory: OAuthProviderFactory,
private readonly url: URLHelper private readonly url: URLHelper,
private readonly config: Config
) {} ) {}
@Public() @Public()
@@ -184,7 +187,7 @@ export class OAuthController {
} }
const externAccount = await provider.getUser(tokens, state); const externAccount = await provider.getUser(tokens, state);
const user = await this.loginFromOauth( const user = await this.getOrCreateUserFromOauth(
state.provider, state.provider,
externAccount, externAccount,
tokens tokens
@@ -205,7 +208,7 @@ export class OAuthController {
}); });
} }
private async loginFromOauth( private async getOrCreateUserFromOauth(
provider: OAuthProviderName, provider: OAuthProviderName,
externalAccount: OAuthAccount, externalAccount: OAuthAccount,
tokens: Tokens tokens: Tokens
@@ -221,6 +224,10 @@ export class OAuthController {
return connectedAccount.user; return connectedAccount.user;
} }
if (!this.config.auth.allowSignup) {
throw new SignUpForbidden();
}
const user = await this.models.user.fulfill(externalAccount.email, { const user = await this.models.user.fulfill(externalAccount.email, {
avatarUrl: externalAccount.avatarUrl, avatarUrl: externalAccount.avatarUrl,
}); });