mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-11 04:47:29 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix(core): Make OAuth1/OAuth2 callback not require auth (#10263)

Browse source
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2024-07-31 15:03:37 +02:00 committed by GitHub
parent 2a09a036d2
commit a8e2774f53
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 11 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/cli/src/auth/auth.service.ts
View file

@ -42,10 +42,6 @@ const skipBrowserIdCheckEndpoints = [
// We need to exclude binary-data downloading endpoint because we can't send custom headers on `<embed>` tags
`/${restEndpoint}/binary-data/`,
// oAuth callback urls aren't called by the frontend. therefore we can't send custom header on these requests
`/${restEndpoint}/oauth1-credential/callback`,
`/${restEndpoint}/oauth2-credential/callback`,
];
@Service()

15
packages/cli/src/controllers/oauth/oAuth1Credential.controller.ts
View file

@ -99,9 +99,8 @@ export class OAuth1CredentialController extends AbstractOAuthController {
}
/** Verify and store app code. Generate access tokens and store for respective credential */
@Get('/callback', { usesTemplates: true })
@Get('/callback', { usesTemplates: true, skipAuth: true })
async handleCallback(req: OAuthRequest.OAuth1Credential.Callback, res: Response) {
const userId = req.user?.id;
try {
const { oauth_verifier, oauth_token, state: encodedState } = req.query;
@ -124,7 +123,7 @@ export class OAuth1CredentialController extends AbstractOAuthController {
const credential = await this.getCredentialWithoutUser(credentialId);
if (!credential) {
const errorMessage = 'OAuth1 callback failed because of insufficient permissions';
this.logger.error(errorMessage, { userId, credentialId });
this.logger.error(errorMessage, { credentialId });
return this.renderCallbackError(res, errorMessage);
}
@ -138,7 +137,7 @@ export class OAuth1CredentialController extends AbstractOAuthController {
if (this.verifyCsrfState(decryptedDataOriginal, state)) {
const errorMessage = 'The OAuth1 callback state is invalid!';
this.logger.debug(errorMessage, { userId, credentialId });
this.logger.debug(errorMessage, { credentialId });
return this.renderCallbackError(res, errorMessage);
}
@ -156,7 +155,7 @@ export class OAuth1CredentialController extends AbstractOAuthController {
try {
oauthToken = await axios.request(options);
} catch (error) {
this.logger.error('Unable to fetch tokens for OAuth1 callback', { userId, credentialId });
this.logger.error('Unable to fetch tokens for OAuth1 callback', { credentialId });
const errorResponse = new NotFoundError('Unable to get access tokens!');
return sendErrorResponse(res, errorResponse);
}
@ -172,15 +171,11 @@ export class OAuth1CredentialController extends AbstractOAuthController {
await this.encryptAndSaveData(credential, decryptedDataOriginal);
this.logger.verbose('OAuth1 callback successful for new credential', {
userId,
credentialId,
});
return res.render('oauth-callback');
} catch (error) {
this.logger.error('OAuth1 callback failed because of insufficient user permissions', {
userId,
});
// Error response
this.logger.error('OAuth1 callback failed because of insufficient user permissions');
return sendErrorResponse(res, error as Error);
}
}

10
packages/cli/src/controllers/oauth/oAuth2Credential.controller.ts
View file

@ -80,9 +80,8 @@ export class OAuth2CredentialController extends AbstractOAuthController {
}
/** Verify and store app code. Generate access tokens and store for respective credential */
@Get('/callback', { usesTemplates: true })
@Get('/callback', { usesTemplates: true, skipAuth: true })
async handleCallback(req: OAuthRequest.OAuth2Credential.Callback, res: Response) {
const userId = req.user?.id;
try {
const { code, state: encodedState } = req.query;
if (!code || !encodedState) {
@ -104,7 +103,7 @@ export class OAuth2CredentialController extends AbstractOAuthController {
const credential = await this.getCredentialWithoutUser(credentialId);
if (!credential) {
const errorMessage = 'OAuth2 callback failed because of insufficient permissions';
this.logger.error(errorMessage, { userId, credentialId });
this.logger.error(errorMessage, { credentialId });
return this.renderCallbackError(res, errorMessage);
}
@ -118,7 +117,7 @@ export class OAuth2CredentialController extends AbstractOAuthController {
if (this.verifyCsrfState(decryptedDataOriginal, state)) {
const errorMessage = 'The OAuth2 callback state is invalid!';
this.logger.debug(errorMessage, { userId, credentialId });
this.logger.debug(errorMessage, { credentialId });
return this.renderCallbackError(res, errorMessage);
}
@ -157,7 +156,7 @@ export class OAuth2CredentialController extends AbstractOAuthController {
if (oauthToken === undefined) {
const errorMessage = 'Unable to get OAuth2 access tokens!';
this.logger.error(errorMessage, { userId, credentialId });
this.logger.error(errorMessage, { credentialId });
return this.renderCallbackError(res, errorMessage);
}
@ -174,7 +173,6 @@ export class OAuth2CredentialController extends AbstractOAuthController {
await this.encryptAndSaveData(credential, decryptedDataOriginal);
this.logger.verbose('OAuth2 callback successful for credential', {
userId,
credentialId,
});

4
packages/cli/src/requests.ts
View file

@ -371,7 +371,7 @@ export declare namespace MFA {
export declare namespace OAuthRequest {
namespace OAuth1Credential {
type Auth = AuthenticatedRequest<{}, {}, {}, { id: string }>;
type Callback = AuthenticatedRequest<
type Callback = AuthlessRequest<
{},
{},
{},
@ -383,7 +383,7 @@ export declare namespace OAuthRequest {
namespace OAuth2Credential {
type Auth = AuthenticatedRequest<{}, {}, {}, { id: string }>;
type Callback = AuthenticatedRequest<{}, {}, {}, { code: string; state: string }>;
type Callback = AuthlessRequest<{}, {}, {}, { code: string; state: string }>;
}
}