@eaccess/auth 0.1.18 → 0.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +30 -7
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +10 -1
- package/dist/index.d.ts +10 -1
- package/dist/index.js +30 -7
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -785,11 +785,12 @@ var BaseOAuthProvider = class {
|
|
|
785
785
|
}
|
|
786
786
|
return data.access_token;
|
|
787
787
|
}
|
|
788
|
-
async fetchUserFromAPI(accessToken, apiUrl) {
|
|
788
|
+
async fetchUserFromAPI(accessToken, apiUrl, headers = {}) {
|
|
789
789
|
const response = await fetch(apiUrl, {
|
|
790
790
|
headers: {
|
|
791
791
|
Authorization: `Bearer ${accessToken}`,
|
|
792
|
-
Accept: "application/json"
|
|
792
|
+
Accept: "application/json",
|
|
793
|
+
...headers
|
|
793
794
|
}
|
|
794
795
|
});
|
|
795
796
|
if (!response.ok) {
|
|
@@ -820,14 +821,24 @@ var GitHubProvider = class extends BaseOAuthProvider {
|
|
|
820
821
|
throw new Error("No authorization code provided");
|
|
821
822
|
}
|
|
822
823
|
const accessToken = await this.exchangeCodeForToken(code, "https://github.com/login/oauth/access_token");
|
|
823
|
-
const
|
|
824
|
-
|
|
825
|
-
|
|
826
|
-
|
|
824
|
+
const apiHeaders = {
|
|
825
|
+
Accept: "application/vnd.github+json",
|
|
826
|
+
"User-Agent": this.authConfig.githubUserAgent || "EasyAccess",
|
|
827
|
+
"X-GitHub-Api-Version": "2022-11-28"
|
|
828
|
+
};
|
|
829
|
+
const [user, emails] = await Promise.all([
|
|
830
|
+
this.fetchUserFromAPI(accessToken, "https://api.github.com/user", apiHeaders),
|
|
831
|
+
this.fetchUserFromAPI(accessToken, "https://api.github.com/user/emails", apiHeaders)
|
|
832
|
+
]);
|
|
833
|
+
const verifiedEmails = Array.isArray(emails) ? emails.filter((email) => email.verified) : [];
|
|
834
|
+
const primaryEmail = verifiedEmails.find((email) => email.primary)?.email;
|
|
835
|
+
const fallbackEmail = primaryEmail || verifiedEmails[0]?.email;
|
|
836
|
+
if (!fallbackEmail) {
|
|
837
|
+
throw new Error("No verified email found in GitHub account");
|
|
827
838
|
}
|
|
828
839
|
return {
|
|
829
840
|
id: user.id.toString(),
|
|
830
|
-
email:
|
|
841
|
+
email: fallbackEmail,
|
|
831
842
|
username: user.login,
|
|
832
843
|
name: user.name || user.login,
|
|
833
844
|
avatar: user.avatar_url
|
|
@@ -1833,6 +1844,7 @@ var AuthManager = class {
|
|
|
1833
1844
|
this.req.session.auth.status = account.status;
|
|
1834
1845
|
this.req.session.auth.rolemask = account.rolemask;
|
|
1835
1846
|
this.req.session.auth.verified = account.verified;
|
|
1847
|
+
this.req.session.auth.hasPassword = account.password !== null;
|
|
1836
1848
|
this.req.session.auth.lastResync = /* @__PURE__ */ new Date();
|
|
1837
1849
|
}
|
|
1838
1850
|
async processRememberDirective() {
|
|
@@ -1886,6 +1898,7 @@ var AuthManager = class {
|
|
|
1886
1898
|
lastRememberCheck: /* @__PURE__ */ new Date(),
|
|
1887
1899
|
forceLogout: account.force_logout,
|
|
1888
1900
|
verified: account.verified,
|
|
1901
|
+
hasPassword: account.password !== null,
|
|
1889
1902
|
shouldForceLogout: false
|
|
1890
1903
|
};
|
|
1891
1904
|
this.req.session.auth = session;
|
|
@@ -1972,6 +1985,7 @@ var AuthManager = class {
|
|
|
1972
1985
|
lastRememberCheck: /* @__PURE__ */ new Date(),
|
|
1973
1986
|
forceLogout: 0,
|
|
1974
1987
|
verified: false,
|
|
1988
|
+
hasPassword: false,
|
|
1975
1989
|
awaitingTwoFactor: {
|
|
1976
1990
|
accountId: account.id,
|
|
1977
1991
|
expiresAt,
|
|
@@ -2110,6 +2124,14 @@ var AuthManager = class {
|
|
|
2110
2124
|
getVerified() {
|
|
2111
2125
|
return this.req.session?.auth?.verified ?? null;
|
|
2112
2126
|
}
|
|
2127
|
+
/**
|
|
2128
|
+
* Check if the current user has a password set.
|
|
2129
|
+
* OAuth-only users will return false.
|
|
2130
|
+
* @returns true if user has a password, false if OAuth-only, null if not logged in
|
|
2131
|
+
*/
|
|
2132
|
+
hasPassword() {
|
|
2133
|
+
return this.req.session?.auth?.hasPassword ?? null;
|
|
2134
|
+
}
|
|
2113
2135
|
/**
|
|
2114
2136
|
* Get human-readable role names for the current user or a specific rolemask.
|
|
2115
2137
|
* @param rolemask - Optional specific rolemask to check. If omitted, uses current user's roles
|
|
@@ -2258,6 +2280,7 @@ var AuthManager = class {
|
|
|
2258
2280
|
lastRememberCheck: /* @__PURE__ */ new Date(),
|
|
2259
2281
|
forceLogout: 0,
|
|
2260
2282
|
verified: false,
|
|
2283
|
+
hasPassword: false,
|
|
2261
2284
|
awaitingTwoFactor: {
|
|
2262
2285
|
accountId: account.id,
|
|
2263
2286
|
expiresAt,
|