dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Allow OIDC users to import database without password

Browse Source
This commit is contained in:
Nikola Novoselec
2025-10-21 17:02:29 +02:00
parent 40ac75de81
commit 773e22fa3d
1 changed files with 36 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/backend/database/database.ts
View File

@@ -918,17 +918,38 @@ app.post(
const userId = (req as any).userId; const userId = (req as any).userId;
const { password } = req.body; const { password } = req.body;
const mainDb = getDb();
if (!password) { const userRecords = await mainDb
return res.status(400).json({ .select()
error: "Password required for import", .from(users)
code: "PASSWORD_REQUIRED", .where(eq(users.id, userId));
});
if (!userRecords || userRecords.length === 0) {
return res.status(404).json({ error: "User not found" });
} }
const unlocked = await authManager.authenticateUser(userId, password); const isOidcUser = !!userRecords[0].is_oidc;
if (!unlocked) {
return res.status(401).json({ error: "Invalid password" }); if (!isOidcUser) {
if (!password) {
return res.status(400).json({
error: "Password required for import",
code: "PASSWORD_REQUIRED",
});
}
const unlocked = await authManager.authenticateUser(userId, password);
if (!unlocked) {
return res.status(401).json({ error: "Invalid password" });
}
} else if (!DataCrypto.getUserDataKey(userId)) {
const oidcUnlocked = await authManager.authenticateOIDCUser(userId);
if (!oidcUnlocked) {
return res.status(403).json({
error: "Failed to unlock user data with SSO credentials",
});
}
} }
apiLogger.info("Importing SQLite data", { apiLogger.info("Importing SQLite data", {
@@ -939,7 +960,13 @@ app.post(
mimetype: req.file.mimetype, mimetype: req.file.mimetype,
}); });
const userDataKey = DataCrypto.getUserDataKey(userId); let userDataKey = DataCrypto.getUserDataKey(userId);
if (!userDataKey && isOidcUser) {
const oidcUnlocked = await authManager.authenticateOIDCUser(userId);
if (oidcUnlocked) {
userDataKey = DataCrypto.getUserDataKey(userId);
}
}
if (!userDataKey) { if (!userDataKey) {
throw new Error("User data not unlocked"); throw new Error("User data not unlocked");
} }
@@ -993,7 +1020,6 @@ app.post(
}; };
try { try {
const mainDb = getDb();
try { try {
const importedHosts = importDb const importedHosts = importDb