public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Simplifies admin password role checks

pull/7715/head^2
zomars 2023-03-16 14:02:38 -07:00
parent 470ef737b5
commit 5cbd334a42
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
packages/features/auth/lib/next-auth-options.ts
View File

@ -21,6 +21,7 @@ import { clientSecretVerifier, hostedCal, isSAMLLoginEnabled } from "@calcom/fea
import { APP_NAME, IS_TEAM_BILLING_ENABLED, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants"; import { APP_NAME, IS_TEAM_BILLING_ENABLED, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";
import { symmetricDecrypt } from "@calcom/lib/crypto"; import { symmetricDecrypt } from "@calcom/lib/crypto";
import { defaultCookies } from "@calcom/lib/default-cookies"; import { defaultCookies } from "@calcom/lib/default-cookies";
import { isENVDev } from "@calcom/lib/env";
import { randomString } from "@calcom/lib/random"; import { randomString } from "@calcom/lib/random";
import rateLimit from "@calcom/lib/rateLimit"; import rateLimit from "@calcom/lib/rateLimit";
import { serverConfig } from "@calcom/lib/serverConfig"; import { serverConfig } from "@calcom/lib/serverConfig";
@ -165,28 +166,25 @@ const providers: Provider[] = [
}).length > 0; }).length > 0;
// authentication success- but does it meet the minimum password requirements? // authentication success- but does it meet the minimum password requirements?
if ( const validateRole = (role: UserPermissionRole) => {
user.role === "ADMIN" && // User's role is not "ADMIN"
((user.identityProvider === IdentityProvider.CAL && if (role !== "ADMIN") return role;
!isPasswordValid(credentials.password, false, true)) || // User's identity provider is not "CAL"
!user.twoFactorEnabled) if (user.identityProvider !== IdentityProvider.CAL) return role;
) { // User's password is valid and two-factor authentication is enabled
return { if (isPasswordValid(credentials.password, false, true) && user.twoFactorEnabled) return role;
id: user.id, // Code is running in a development environment
username: user.username, if (isENVDev) return role;
email: user.email, // By this point it is an ADMIN without valid security conditions
name: user.name, return "INACTIVE_ADMIN";
role: "INACTIVE_ADMIN", };
belongsToActiveTeam: hasActiveTeams,
};
}
return { return {
id: user.id, id: user.id,
username: user.username, username: user.username,
email: user.email, email: user.email,
name: user.name, name: user.name,
role: user.role, role: validateRole(user.role),
belongsToActiveTeam: hasActiveTeams, belongsToActiveTeam: hasActiveTeams,
}; };
}, },