Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenID #498

Merged
merged 162 commits into from
Nov 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
162 commits
Select commit Hold shift + click to select a range
2426f79
OpenID implementation
apilat Jun 21, 2023
d410086
Fix password login and session token initialization
apilat Jun 21, 2023
0331665
Disallow multiple authentication methods simultaneously.
apilat Jun 23, 2023
8f87966
Refactored account-db.js into separate files in accounts/
apilat Jun 23, 2023
579115c
Migrate old database version
apilat Jun 25, 2023
78b0df7
Fix lint errors
apilat Jun 27, 2023
26bc94c
Add release note
apilat Jun 27, 2023
abfe693
Add unit tests for runMigrations
apilat Jul 1, 2023
efc07b8
Integrate secrets database into migration system
apilat Jul 1, 2023
ce15097
Remove unused imports
j-f1 Jul 8, 2023
614aaa9
Merge branch 'master' into openid
apilat Sep 28, 2023
b0a2111
trying local package
lelemm Jun 17, 2024
1bced80
merge
lelemm Jun 20, 2024
7102bce
Merge remote-tracking branch 'source/master' into openid
lelemm Jun 20, 2024
bee6d5a
Merge branch 'master' into openid
lelemm Jun 20, 2024
4f261db
working example
lelemm Jun 26, 2024
9c1cfee
working example
lelemm Jun 26, 2024
930d0fd
working example
lelemm Jun 26, 2024
7999fa8
forbidden instead of 401 when session expired
lelemm Jun 26, 2024
10c9507
cleanup
lelemm Jun 26, 2024
71299b0
small fix
lelemm Jul 12, 2024
f25824c
moving to another pc
lelemm Jul 15, 2024
c66712a
features
lelemm Jul 23, 2024
290819b
more features
lelemm Jul 24, 2024
54783ca
added multiuser configuration
lelemm Jul 24, 2024
a3a75cf
lint fixes
lelemm Jul 24, 2024
517586c
adjustments and linter
lelemm Jul 25, 2024
95f09a0
making code more readible
lelemm Jul 25, 2024
b077cb7
Merge remote-tracking branch 'source/master' into openid
lelemm Jul 25, 2024
2f56c8b
added token expiration and fixes
lelemm Jul 30, 2024
0011112
fix on custom token_expiration
lelemm Jul 30, 2024
3234c2b
lint
lelemm Jul 30, 2024
1abfbd4
Merge branch 'master' into openid
lelemm Jul 30, 2024
78b27af
build fixes
lelemm Jul 30, 2024
f6d9e61
fixes
lelemm Jul 31, 2024
e47f35c
missing file
lelemm Jul 31, 2024
c800458
linter
lelemm Jul 31, 2024
22a44e5
linter
lelemm Jul 31, 2024
c7b7a18
test fixes
lelemm Jul 31, 2024
56eaf89
linter
lelemm Jul 31, 2024
86f0deb
first tests
lelemm Jul 31, 2024
b0989ec
tests
lelemm Jul 31, 2024
a7053bf
typo fix
lelemm Aug 1, 2024
497c2af
remove the init code from the old PR
lelemm Aug 1, 2024
5bd5e92
minor bug when enabling openid is deleting the password user
lelemm Aug 1, 2024
501f553
fix bug when disabling openid
lelemm Aug 1, 2024
52b0abc
another fix bug when disabling openid
lelemm Aug 1, 2024
bff7c55
added option to login without discovery url
lelemm Aug 1, 2024
86b8697
adjustments for keycloak
lelemm Aug 1, 2024
4fb25c9
linter
lelemm Aug 1, 2024
aedd246
more tests
lelemm Aug 2, 2024
585b87b
Merge branch 'master' into openid
lelemm Aug 2, 2024
468b39b
Merge branch 'master' into openid
lelemm Aug 6, 2024
c15d69a
adjustments
lelemm Aug 6, 2024
34e9b49
linter fix
lelemm Aug 6, 2024
a11f5a0
added environment variable
lelemm Sep 4, 2024
52c1179
Merge remote-tracking branch 'source/master' into openid
lelemm Sep 4, 2024
260915f
merge fixes for using middleware
lelemm Sep 4, 2024
5909781
linter fix
lelemm Sep 4, 2024
1fa13ec
linter and tests
lelemm Sep 4, 2024
075cb48
tests adjustments
lelemm Sep 4, 2024
5356b02
added environment variables
lelemm Sep 4, 2024
f64bb2a
linter
lelemm Sep 5, 2024
2147ede
enhancements
lelemm Sep 5, 2024
a1f1400
removed old files
lelemm Sep 5, 2024
8924150
Added token expiration as environment variable
lelemm Sep 5, 2024
d84b867
fixes
lelemm Sep 5, 2024
b472a7f
typescript fix
lelemm Sep 5, 2024
e7d9aa1
linter
lelemm Sep 5, 2024
affec8c
Merge branch 'master' into openid
lelemm Oct 3, 2024
fae869b
unwanted code
lelemm Oct 3, 2024
66c8e31
changed master to owner
lelemm Oct 4, 2024
5514ec6
fixed down migrations and added transactions to it
lelemm Oct 4, 2024
7a6f06d
changed to the 'in' operator
lelemm Oct 4, 2024
4d8102d
fixed typo
lelemm Oct 4, 2024
83cd13f
code review
lelemm Oct 4, 2024
157801a
code review
lelemm Oct 4, 2024
b26448d
json.parse may fail
lelemm Oct 4, 2024
0505b0e
code review and removed duplicated methods
lelemm Oct 4, 2024
cccd995
multiple fixes and refactories
lelemm Oct 4, 2024
484abab
bunch of fixes
lelemm Oct 4, 2024
03872ff
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Oct 4, 2024
10f6c08
removed logs
lelemm Oct 4, 2024
026d8b9
descriptive variable names
lelemm Oct 4, 2024
0036a28
linter
lelemm Oct 4, 2024
4b89829
code review
lelemm Oct 7, 2024
9796d79
linter
lelemm Oct 7, 2024
fa5ff86
improved variables
lelemm Oct 7, 2024
24d8c4f
fixes and refactories
lelemm Oct 8, 2024
306f38d
more code review
lelemm Oct 8, 2024
1a0b573
variable name
lelemm Oct 9, 2024
c7faccd
code review
lelemm Oct 9, 2024
ea92e45
linter
lelemm Oct 9, 2024
880b34b
wrong logic after refactor
lelemm Oct 9, 2024
450f78a
refactor query
lelemm Oct 9, 2024
727dea7
fixes
lelemm Oct 9, 2024
af515cd
Merge branch 'master' into openid
lelemm Oct 9, 2024
9fa99d4
changes from code review
lelemm Nov 8, 2024
b3cbc8b
added logs to toggleAuthentication
lelemm Nov 8, 2024
fe68940
removed not used route
lelemm Nov 8, 2024
78df3bd
Merge remote-tracking branch 'org/master' into openid
lelemm Nov 8, 2024
c220322
merged master into the branch
lelemm Nov 8, 2024
de15697
removed toggleAuthenticatiomethod because you have to pass thru passw…
lelemm Nov 8, 2024
74612f6
changed md file
lelemm Nov 8, 2024
fb5ad07
fixes on merge
lelemm Nov 8, 2024
508a4db
linter
lelemm Nov 8, 2024
65b6872
fix on tests
lelemm Nov 8, 2024
2dd2170
more fixes
lelemm Nov 8, 2024
95fa654
fix
lelemm Nov 8, 2024
e7680b8
another fix
lelemm Nov 8, 2024
490f010
Update src/app-admin.js
lelemm Nov 8, 2024
1ccf2ae
Update jest.global-setup.js
lelemm Nov 8, 2024
097c5cb
code rabbit reviews
lelemm Nov 8, 2024
8948fed
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Nov 8, 2024
a96ae90
linter
lelemm Nov 8, 2024
37b639d
Update migrations/1719409568000-multiuser.js
lelemm Nov 11, 2024
859bec8
Update migrations/1719409568000-multiuser.js
lelemm Nov 11, 2024
c3d3dff
Update src/account-db.js
lelemm Nov 11, 2024
b33da56
Update src/accounts/openid.js
lelemm Nov 11, 2024
e49e391
Apply suggestions from code review
lelemm Nov 11, 2024
e56b8d8
fix on code suggestion
lelemm Nov 11, 2024
78c1242
suggestion from coderabbit
lelemm Nov 11, 2024
f730a73
linter
lelemm Nov 11, 2024
20d8e40
Apply suggestions from code review
lelemm Nov 11, 2024
d0b21ab
linter and code review
lelemm Nov 11, 2024
b9cc5a5
Apply suggestions from code review
lelemm Nov 11, 2024
f6273a6
Update src/util/middlewares.js
lelemm Nov 11, 2024
3111644
fixes, ai code review, linter
lelemm Nov 11, 2024
2a49e21
reverting res.locals and fixes
lelemm Nov 11, 2024
f0d45e3
Update src/accounts/openid.js
lelemm Nov 11, 2024
f9c4175
Update src/load-config.js
lelemm Nov 11, 2024
81cda3f
Apply suggestions from code review
lelemm Nov 11, 2024
83a4033
Apply suggestions from code review
lelemm Nov 11, 2024
d71f81f
Apply suggestions from code review
lelemm Nov 11, 2024
c478da1
Update src/account-db.js
lelemm Nov 11, 2024
c595911
fixes and refactories
lelemm Nov 11, 2024
d9da53f
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Nov 11, 2024
bb75c51
merge fix
lelemm Nov 11, 2024
f19ab54
fix
lelemm Nov 11, 2024
1d58228
merge fix
lelemm Nov 11, 2024
4362254
linter
lelemm Nov 11, 2024
8d56358
Update src/accounts/openid.js
lelemm Nov 11, 2024
bf473aa
Update src/services/user-service.js
lelemm Nov 11, 2024
da16b19
Update src/services/user-service.js
lelemm Nov 11, 2024
3fd8546
Update src/services/user-service.js
lelemm Nov 11, 2024
5987c08
more code review
lelemm Nov 11, 2024
5810558
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Nov 11, 2024
cbf217e
linter accepted code
lelemm Nov 11, 2024
30610fd
typo
lelemm Nov 11, 2024
6ff1c59
Merge branch 'master' into openid
lelemm Nov 11, 2024
3c5e12e
code review suggestion
lelemm Nov 11, 2024
2233ba1
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Nov 11, 2024
f0656b0
change to enable backward compatibility
lelemm Nov 14, 2024
10eee0b
removed the userId = null
lelemm Nov 18, 2024
e9bf045
fixes from code review
lelemm Nov 18, 2024
557b488
Update jest.global-setup.js
lelemm Nov 18, 2024
1b57b91
code review
lelemm Nov 21, 2024
45fa1d5
minor change
lelemm Nov 21, 2024
e5d7250
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Nov 21, 2024
3cab0c6
Merge branch 'master' into openid
lelemm Nov 21, 2024
58c237b
code rabbit commit was wrong
lelemm Nov 22, 2024
86424f1
Merge branch 'openid' of https://github.com/lelemm/actual-server into…
lelemm Nov 22, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 91 additions & 1 deletion jest.global-setup.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,100 @@
import getAccountDb from './src/account-db.js';
import runMigrations from './src/migrations.js';

const GENERIC_ADMIN_ID = 'genericAdmin';
const GENERIC_USER_ID = 'genericUser';
const ADMIN_ROLE_ID = 'ADMIN';
const BASIC_ROLE_ID = 'BASIC';

const createUser = (userId, userName, role, owner = 0, enabled = 1) => {
const missingParams = [];
if (!userId) missingParams.push('userId');
if (!userName) missingParams.push('userName');
if (!role) missingParams.push('role');
if (missingParams.length > 0) {
throw new Error(`Missing required parameters: ${missingParams.join(', ')}`);
}

if (
typeof userId !== 'string' ||
typeof userName !== 'string' ||
typeof role !== 'string'
) {
throw new Error(
'Invalid parameter types. userId, userName, and role must be strings',
);
}

try {
getAccountDb().mutate(
'INSERT INTO users (id, user_name, display_name, enabled, owner, role) VALUES (?, ?, ?, ?, ?, ?)',
[userId, userName, userName, enabled, owner, role],
);
} catch (error) {
console.error(`Error creating user ${userName}:`, error);
throw error;
}
};

const setSessionUser = (userId, token = 'valid-token') => {
if (!userId) {
throw new Error('userId is required');
}

try {
const db = getAccountDb();
const session = db.first('SELECT token FROM sessions WHERE token = ?', [
token,
]);
if (!session) {
throw new Error(`Session not found for token: ${token}`);
}

db.mutate('UPDATE sessions SET user_id = ? WHERE token = ?', [
userId,
token,
]);
} catch (error) {
console.error(`Error updating session for user ${userId}:`, error);
throw error;
}
};

export default async function setup() {
const NEVER_EXPIRES = -1; // or consider using a far future timestamp

await runMigrations();

createUser(GENERIC_ADMIN_ID, 'admin', ADMIN_ROLE_ID, 1);

// Insert a fake "valid-token" fixture that can be reused
const db = getAccountDb();
await db.mutate('INSERT INTO sessions (token) VALUES (?)', ['valid-token']);
try {
await db.mutate('BEGIN TRANSACTION');

await db.mutate('DELETE FROM sessions');
await db.mutate(
'INSERT INTO sessions (token, expires_at, user_id) VALUES (?, ?, ?)',
['valid-token', NEVER_EXPIRES, 'genericAdmin'],
);
await db.mutate(
'INSERT INTO sessions (token, expires_at, user_id) VALUES (?, ?, ?)',
['valid-token-admin', NEVER_EXPIRES, 'genericAdmin'],
);

await db.mutate(
'INSERT INTO sessions (token, expires_at, user_id) VALUES (?, ?, ?)',
['valid-token-user', NEVER_EXPIRES, 'genericUser'],
);

await db.mutate('COMMIT');
} catch (error) {
await db.mutate('ROLLBACK');
throw new Error(`Failed to setup test sessions: ${error.message}`);
}

setSessionUser('genericAdmin');
setSessionUser('genericAdmin', 'valid-token-admin');

createUser(GENERIC_USER_ID, 'user', BASIC_ROLE_ID, 1);
}
41 changes: 41 additions & 0 deletions migrations/1718889148000-openid.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
import getAccountDb from '../src/account-db.js';

export const up = async function () {
await getAccountDb().exec(
`
BEGIN TRANSACTION;
CREATE TABLE auth_new
(method TEXT PRIMARY KEY,
display_name TEXT,
extra_data TEXT, active INTEGER);

INSERT INTO auth_new (method, display_name, extra_data, active)
SELECT 'password', 'Password', password, 1 FROM auth;
lelemm marked this conversation as resolved.
Show resolved Hide resolved
DROP TABLE auth;
ALTER TABLE auth_new RENAME TO auth;

CREATE TABLE pending_openid_requests
(state TEXT PRIMARY KEY,
code_verifier TEXT,
return_url TEXT,
expiry_time INTEGER);
COMMIT;`,
);
};

export const down = async function () {
await getAccountDb().exec(
`
BEGIN TRANSACTION;
ALTER TABLE auth RENAME TO auth_temp;
CREATE TABLE auth
(password TEXT);
INSERT INTO auth (password)
SELECT extra_data FROM auth_temp WHERE method = 'password';
DROP TABLE auth_temp;

DROP TABLE pending_openid_requests;
COMMIT;
`,
);
};
104 changes: 104 additions & 0 deletions migrations/1719409568000-multiuser.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
import getAccountDb from '../src/account-db.js';

export const up = async function () {
await getAccountDb().exec(
`
BEGIN TRANSACTION;

CREATE TABLE users
(id TEXT PRIMARY KEY,
user_name TEXT,
display_name TEXT,
role TEXT,
enabled INTEGER NOT NULL DEFAULT 1,
owner INTEGER NOT NULL DEFAULT 0);

CREATE TABLE user_access
(user_id TEXT,
file_id TEXT,
PRIMARY KEY (user_id, file_id),
FOREIGN KEY (user_id) REFERENCES users(id),
FOREIGN KEY (file_id) REFERENCES files(id)
);

ALTER TABLE files
ADD COLUMN owner TEXT;

DELETE FROM sessions;

ALTER TABLE sessions
ADD COLUMN expires_at INTEGER;

ALTER TABLE sessions
ADD COLUMN user_id TEXT;

ALTER TABLE sessions
ADD COLUMN auth_method TEXT;
COMMIT;
`,
);
};

export const down = async function () {
await getAccountDb().exec(
`
BEGIN TRANSACTION;

DROP TABLE IF EXISTS user_access;

CREATE TABLE sessions_backup (
token TEXT PRIMARY KEY
);

INSERT INTO sessions_backup (token)
SELECT token FROM sessions;

DROP TABLE sessions;

ALTER TABLE sessions_backup RENAME TO sessions;

CREATE TABLE files_backup (
id TEXT PRIMARY KEY,
group_id TEXT,
sync_version SMALLINT,
encrypt_meta TEXT,
encrypt_keyid TEXT,
encrypt_salt TEXT,
encrypt_test TEXT,
deleted BOOLEAN DEFAULT FALSE,
name TEXT
);

INSERT INTO files_backup (
id,
group_id,
sync_version,
encrypt_meta,
encrypt_keyid,
encrypt_salt,
encrypt_test,
deleted,
name
)
SELECT
id,
group_id,
sync_version,
encrypt_meta,
encrypt_keyid,
encrypt_salt,
encrypt_test,
deleted,
name
FROM files;

DROP TABLE files;

ALTER TABLE files_backup RENAME TO files;

DROP TABLE IF EXISTS users;

COMMIT;
`,
);
};
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
"jws": "^4.0.0",
"migrate": "^2.0.1",
"nordigen-node": "^1.4.0",
"openid-client": "^5.4.2",
"uuid": "^9.0.0",
"winston": "^3.14.2"
},
Expand Down
Loading