@openneuro/server 4.35.0-alpha.0 → 4.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@openneuro/server",
|
|
3
|
-
"version": "4.35.0
|
|
3
|
+
"version": "4.35.0",
|
|
4
4
|
"description": "Core service for the OpenNeuro platform.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"main": "src/server.js",
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"@elastic/elasticsearch": "8.13.1",
|
|
22
22
|
"@graphql-tools/schema": "^10.0.0",
|
|
23
23
|
"@keyv/redis": "^2.7.0",
|
|
24
|
-
"@openneuro/search": "^4.35.0
|
|
24
|
+
"@openneuro/search": "^4.35.0",
|
|
25
25
|
"@sentry/node": "^8.25.0",
|
|
26
26
|
"@sentry/profiling-node": "^8.25.0",
|
|
27
27
|
"base64url": "^3.0.0",
|
|
@@ -85,5 +85,5 @@
|
|
|
85
85
|
"publishConfig": {
|
|
86
86
|
"access": "public"
|
|
87
87
|
},
|
|
88
|
-
"gitHead": "
|
|
88
|
+
"gitHead": "ce3f98fbbe9da0c9463dcae9fe6357c1000d0fa5"
|
|
89
89
|
}
|
|
@@ -68,9 +68,15 @@ describe("resolver permissions helpers", () => {
|
|
|
68
68
|
})
|
|
69
69
|
it("resolves to true for admins", () => {
|
|
70
70
|
return expect(
|
|
71
|
-
checkDatasetWrite(
|
|
72
|
-
|
|
73
|
-
|
|
71
|
+
checkDatasetWrite(
|
|
72
|
+
"ds000001",
|
|
73
|
+
"1234",
|
|
74
|
+
{ email: "test@example.com", admin: true },
|
|
75
|
+
undefined,
|
|
76
|
+
{
|
|
77
|
+
checkExists: false,
|
|
78
|
+
},
|
|
79
|
+
),
|
|
74
80
|
).resolves.toBe(true)
|
|
75
81
|
})
|
|
76
82
|
})
|
|
@@ -104,7 +110,7 @@ describe("resolver permissions helpers", () => {
|
|
|
104
110
|
checkDatasetAdmin(
|
|
105
111
|
"ds000001",
|
|
106
112
|
"1234",
|
|
107
|
-
{ admin: true },
|
|
113
|
+
{ email: "test@example.com", admin: true },
|
|
108
114
|
{ checkExists: false },
|
|
109
115
|
),
|
|
110
116
|
).resolves.toBe(true)
|
|
@@ -138,6 +138,9 @@ export const checkDatasetWrite = async (
|
|
|
138
138
|
// Quick path for anonymous writes
|
|
139
139
|
throw new Error(state.errorMessage)
|
|
140
140
|
}
|
|
141
|
+
if (userId && !(userInfo.email)) {
|
|
142
|
+
throw new Error("Connect an email to make contributions to OpenNeuro.")
|
|
143
|
+
}
|
|
141
144
|
if (userId && userInfo.admin) {
|
|
142
145
|
// Always allow site admins
|
|
143
146
|
return true
|
|
@@ -7,6 +7,27 @@ export const requestAuth = passport.authenticate("orcid", {
|
|
|
7
7
|
session: false,
|
|
8
8
|
})
|
|
9
9
|
|
|
10
|
+
/**
|
|
11
|
+
* Complete a successful login
|
|
12
|
+
*/
|
|
13
|
+
export function completeRequestLogin(req, res, next, user) {
|
|
14
|
+
return req.logIn(user, { session: false }, (err) => {
|
|
15
|
+
if (err) {
|
|
16
|
+
Sentry.captureException(err)
|
|
17
|
+
return next(err)
|
|
18
|
+
}
|
|
19
|
+
// If no email is provided for a logged in user, warn the user
|
|
20
|
+
if (!req.user.email && req.user && req.user.token) {
|
|
21
|
+
// Set the access token manually and redirect
|
|
22
|
+
res.cookie("accessToken", req.user.token, { sameSite: "Lax" as const })
|
|
23
|
+
res.redirect("/error/email-warning")
|
|
24
|
+
} else {
|
|
25
|
+
// Login normally
|
|
26
|
+
return next()
|
|
27
|
+
}
|
|
28
|
+
})
|
|
29
|
+
}
|
|
30
|
+
|
|
10
31
|
export const authCallback = (req, res, next) =>
|
|
11
32
|
passport.authenticate("orcid", (err, user) => {
|
|
12
33
|
if (err) {
|
|
@@ -26,16 +47,10 @@ export const authCallback = (req, res, next) =>
|
|
|
26
47
|
// Migrate Google to ORCID
|
|
27
48
|
if (existingAuth.provider === "google") {
|
|
28
49
|
return userMigration(user.providerId, existingAuth.sub).then(() => {
|
|
29
|
-
|
|
30
|
-
req.logIn(user, { session: false }, (err) => {
|
|
31
|
-
return next(err)
|
|
32
|
-
})
|
|
50
|
+
return completeRequestLogin(req, res, next, user)
|
|
33
51
|
})
|
|
34
52
|
}
|
|
35
53
|
} else {
|
|
36
|
-
|
|
37
|
-
req.logIn(user, { session: false }, (err) => {
|
|
38
|
-
return next(err)
|
|
39
|
-
})
|
|
54
|
+
return completeRequestLogin(req, res, next, user)
|
|
40
55
|
}
|
|
41
56
|
})(req, res, next)
|