dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Handle OIDC users during database import #424

Merged
nikolanovoselec merged 12 commits from feature/oidc-import into dev-1.8.0 2025-10-21 21:24:58 +00:00
Conversation 1 Commits 12 Files Changed 2 +3
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6f1b92b07b - Show all commits

3
src/backend/database/database.ts
View File

@@ -932,6 +932,7 @@ app.post(
const isOidcUser = !!userRecords[0].is_oidc;
if (!isOidcUser) {
// Local accounts still prove knowledge of the password so their DEK can be derived again.
if (!password) {
return res.status(400).json({
error: "Password required for import",
@@ -944,6 +945,7 @@ app.post(
return res.status(401).json({ error: "Invalid password" });
}
} else if (!DataCrypto.getUserDataKey(userId)) {
// OIDC users skip the password prompt; make sure their DEK is unlocked via the OIDC session.
const oidcUnlocked = await authManager.authenticateOIDCUser(userId);
if (!oidcUnlocked) {
return res.status(403).json({
@@ -962,6 +964,7 @@ app.post(
let userDataKey = DataCrypto.getUserDataKey(userId);
if (!userDataKey && isOidcUser) {
// authenticateOIDCUser lazily provisions the session key; retry the fetch when it succeeds.
const oidcUnlocked = await authManager.authenticateOIDCUser(userId);
if (oidcUnlocked) {
userDataKey = DataCrypto.getUserDataKey(userId);