diff --git a/packages/cli/src/CredentialsHelper.ts b/packages/cli/src/CredentialsHelper.ts index 230499adef..c4278aaa6a 100644 --- a/packages/cli/src/CredentialsHelper.ts +++ b/packages/cli/src/CredentialsHelper.ts @@ -753,3 +753,13 @@ export async function getCredentialForUser( return sharedCredential.credentials as ICredentialsDb; } + +/** + * Get a credential without user check + */ +export async function getCredentialWithoutUser( + credentialId: string, +): Promise { + const credential = await Db.collections.Credentials.findOne(credentialId); + return credential; +} diff --git a/packages/cli/src/Server.ts b/packages/cli/src/Server.ts index 81e6a87138..68d97c3180 100644 --- a/packages/cli/src/Server.ts +++ b/packages/cli/src/Server.ts @@ -137,6 +137,7 @@ import { WorkflowHelpers, WorkflowRunner, getCredentialForUser, + getCredentialWithoutUser, } from '.'; import config from '../config'; @@ -1822,18 +1823,18 @@ class App { LoggerProxy.error( 'OAuth1 callback failed because of insufficient parameters received', { - userId: req.user.id, + userId: req.user?.id, credentialId, }, ); return ResponseHelper.sendErrorResponse(res, errorResponse); } - const credential = await getCredentialForUser(credentialId, req.user); + const credential = await getCredentialWithoutUser(credentialId); if (!credential) { LoggerProxy.error('OAuth1 callback failed because of insufficient user permissions', { - userId: req.user.id, + userId: req.user?.id, credentialId, }); const errorResponse = new ResponseHelper.ResponseError( @@ -1883,7 +1884,7 @@ class App { oauthToken = await requestPromise(options); } catch (error) { LoggerProxy.error('Unable to fetch tokens for OAuth1 callback', { - userId: req.user.id, + userId: req.user?.id, credentialId, }); const errorResponse = new ResponseHelper.ResponseError( @@ -1913,13 +1914,13 @@ class App { await Db.collections.Credentials!.update(credentialId, newCredentialsData); LoggerProxy.verbose('OAuth1 callback successful for new credential', { - userId: req.user.id, + userId: req.user?.id, credentialId, }); res.sendFile(pathResolve(__dirname, '../../templates/oauth-callback.html')); } catch (error) { LoggerProxy.error('OAuth1 callback failed because of insufficient user permissions', { - userId: req.user.id, + userId: req.user?.id, credentialId: req.query.cid, }); // Error response @@ -2084,11 +2085,11 @@ class App { return ResponseHelper.sendErrorResponse(res, errorResponse); } - const credential = await getCredentialForUser(state.cid, req.user); + const credential = await getCredentialWithoutUser(state.cid); if (!credential) { LoggerProxy.error('OAuth2 callback failed because of insufficient permissions', { - userId: req.user.id, + userId: req.user?.id, credentialId: state.cid, }); const errorResponse = new ResponseHelper.ResponseError( @@ -2129,7 +2130,7 @@ class App { !token.verify(decryptedDataOriginal.csrfSecret as string, state.token) ) { LoggerProxy.debug('OAuth2 callback state is invalid', { - userId: req.user.id, + userId: req.user?.id, credentialId: state.cid, }); const errorResponse = new ResponseHelper.ResponseError( @@ -2180,7 +2181,7 @@ class App { if (oauthToken === undefined) { LoggerProxy.error('OAuth2 callback failed: unable to get access tokens', { - userId: req.user.id, + userId: req.user?.id, credentialId: state.cid, }); const errorResponse = new ResponseHelper.ResponseError( @@ -2214,7 +2215,7 @@ class App { // Save the credentials in DB await Db.collections.Credentials!.update(state.cid, newCredentialsData); LoggerProxy.verbose('OAuth2 callback successful for new credential', { - userId: req.user.id, + userId: req.user?.id, credentialId: state.cid, }); diff --git a/packages/cli/src/UserManagement/routes/index.ts b/packages/cli/src/UserManagement/routes/index.ts index 78534c106e..c1ca208951 100644 --- a/packages/cli/src/UserManagement/routes/index.ts +++ b/packages/cli/src/UserManagement/routes/index.ts @@ -66,6 +66,8 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint req.url.startsWith(`/${restEndpoint}/forgot-password`) || req.url.startsWith(`/${restEndpoint}/resolve-password-token`) || req.url.startsWith(`/${restEndpoint}/change-password`) || + req.url.startsWith(`/${restEndpoint}/oauth2-credential/callback`) || + req.url.startsWith(`/${restEndpoint}/oauth1-credential/callback`) || isAuthExcluded(req.url, ignoredEndpoints) ) { return next(); diff --git a/packages/cli/src/requests.d.ts b/packages/cli/src/requests.d.ts index 3ab1d7a301..eeba44f25b 100644 --- a/packages/cli/src/requests.d.ts +++ b/packages/cli/src/requests.d.ts @@ -237,12 +237,16 @@ export declare namespace OAuthRequest { {}, {}, { oauth_verifier: string; oauth_token: string; cid: string } - >; + > & { + user?: User; + }; } namespace OAuth2Credential { type Auth = OAuth1Credential.Auth; - type Callback = AuthenticatedRequest<{}, {}, {}, { code: string; state: string }>; + type Callback = AuthenticatedRequest<{}, {}, {}, { code: string; state: string }> & { + user?: User; + }; } }