ep_oauth 11.0.27 → 11.0.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/.github/workflows/backend-tests.yml +1 -1
  2. package/auth.js +38 -18
  3. package/package.json +1 -1
package/.github/workflows/backend-tests.yml CHANGED
@@ -16,7 +16,7 @@ jobs:
16
16
  steps:
17
17
  -
18
18
  name: Install libreoffice
19
- uses: awalsh128/cache-apt-pkgs-action@v1.6.0
19
+ uses: awalsh128/cache-apt-pkgs-action@v1.6.1
20
20
  with:
21
21
  packages: libreoffice libreoffice-pdfimport
22
22
  version: 1.0
package/auth.js CHANGED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- const db = require('ep_etherpad-lite/node/db/DB').db;
3
+ const db = require('ep_etherpad-lite/node/db/DB');
4
4
  const settings = require('ep_etherpad-lite/node/utils/Settings');
5
5
  const request = require('request');
6
6
 
@@ -76,7 +76,11 @@ exports.expressConfigure = (hookName, args, cb) => {
76
76
  userInfo: user,
77
77
  };
78
78
  console.debug('Database Write -> ', sessionID, '---', userBlob);
79
- db.set(`oauth:${sessionID}`, userBlob);
79
+ // ueberdb2 v6 is promise-only; await so a failure surfaces
80
+ // instead of producing an unhandled rejection.
81
+ db.set(`oauth:${sessionID}`, userBlob).catch((err) => {
82
+ console.error('ep_oauth db.set failed:', err);
83
+ });
80
84
  } else {
81
85
  console.error(error, response, body);
82
86
  }
@@ -91,37 +95,53 @@ exports.expressConfigure = (hookName, args, cb) => {
91
95
  });
92
96
 
93
97
  // FOURTH AND FINAL STEP
94
- args.app.get('/auth/callback', (req, res) => {
98
+ args.app.get('/auth/callback', async (req, res) => {
95
99
  // Read redirect lookup URL from database
96
- db.get(`oauthredirectlookup:${req.query.state}`, (k, url) => {
97
- console.debug('Oauth redirect lookup record found', url);
98
- // Send the user to the pad they were trying to access
99
- // Note that we could lookup the user data and append it so suggest their name
100
- // Or we might lookup this users UID in some form of permission table
101
- // Either way we have that data and can get to it by db.get("oauth:"+req.query.state,...
102
- res.redirect(url || '/');
103
- });
100
+ // ueberdb2 v6 is promise-only; the legacy db.get(key, cb) callback
101
+ // never fires, which previously hung this endpoint forever.
102
+ let url;
103
+ try {
104
+ url = await db.get(`oauthredirectlookup:${req.query.state}`);
105
+ } catch (err) {
106
+ console.error('ep_oauth /auth/callback db.get failed:', err);
107
+ }
108
+ console.debug('Oauth redirect lookup record found', url);
109
+ // Send the user to the pad they were trying to access
110
+ // Note that we could lookup the user data and append it so suggest their name
111
+ // Or we might lookup this users UID in some form of permission table
112
+ res.redirect(url || '/');
104
113
  });
105
114
  };
106
115
 
107
116
  // FIRST STEP
108
- exports.authorize = (hookName, args, cb) => {
117
+ exports.authorize = async (hookName, args, cb) => {
109
118
  if (!oauth2) return cb([true]); // plugin disabled, don't block the request
110
119
  // Never lands here for url /auth/callback
111
120
  if (args.req.url.indexOf('/auth') === 0) return cb([true]);
112
121
 
113
122
  console.debug(`Database lookup -> oauth:${args.req.sessionID}`);
114
- db.get(`oauth:${args.req.sessionID}`, (k, user) => {
115
- console.debug(`Oauth session found ->${args.req.sessionID}`, 'has user data of ', user);
116
- return cb([!!user]);
117
- });
123
+ // ueberdb2 v6 is promise-only; await directly rather than relying on the
124
+ // legacy callback signature (which never fires under v6 and previously
125
+ // hung every authorize check, blocking the request pipeline).
126
+ let user;
127
+ try {
128
+ user = await db.get(`oauth:${args.req.sessionID}`);
129
+ } catch (err) {
130
+ console.error('ep_oauth authorize db.get failed:', err);
131
+ }
132
+ console.debug(`Oauth session found ->${args.req.sessionID}`, 'has user data of ', user);
133
+ return cb([!!user]);
118
134
  };
119
135
 
120
136
  // SECOND STEP
121
- exports.authenticate = (hookName, args, cb) => {
137
+ exports.authenticate = async (hookName, args, cb) => {
122
138
  if (!oauth2) return cb([]); // plugin disabled, defer to other auth plugins
123
139
  console.debug(`Database Write -> oauthredirectlookup:${args.req.sessionID}`, '---', args.req.url);
124
- db.set(`oauthredirectlookup:${args.req.sessionID}`, args.req.url);
140
+ try {
141
+ await db.set(`oauthredirectlookup:${args.req.sessionID}`, args.req.url);
142
+ } catch (err) {
143
+ console.error('ep_oauth authenticate db.set failed:', err);
144
+ }
125
145
  // User is not authorized so we need to do the authentication step
126
146
  // Gets an authoritzation URL for the user to hit..
127
147
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "ep_oauth",
3
3
  "description": "Oauth2 authentication for Etherpad",
4
- "version": "11.0.27",
4
+ "version": "11.0.29",
5
5
  "author": {
6
6
  "name": "John McLear",
7
7
  "email": "john@mclear.co.uk",