Merge pull request #4486 from advplyr/fix_oidc_create_user

Fix OIDC auto register user #4485
2025-07-31 14:33:52 -04:00 · 2025-07-13 17:09:40 -05:00 · 2025-07-13 17:09:40 -05:00 · b553e959e2
commit b553e959e2
parent 264ae928a9 f7b94a4b6d
3 changed files with 21 additions and 9 deletions
--- a/server/auth/OidcAuthStrategy.js
+++ b/server/auth/OidcAuthStrategy.js
@ -121,7 +121,7 @@ class OidcAuthStrategy {
        throw new Error(`Group claim ${Database.serverSettings.authOpenIDGroupClaim} not found or empty in userinfo`)
      }

-      let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo, this)
+      let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo)

      if (!user?.isActive) {
        throw new Error('User not active or not found')
--- a/server/auth/TokenManager.js
+++ b/server/auth/TokenManager.js
@ -81,6 +81,18 @@ class TokenManager {
    }
  }

+  /**
+   * Generate a JWT token for a given user
+   * TODO: Old method with no expiration
+   * @deprecated
+   *
+   * @param {{ id:string, username:string }} user
+   * @returns {string}
+   */
+  static generateAccessToken(user) {
+    return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret)
+  }
+
  /**
   * Function to generate a jwt token for a given user
   * TODO: Old method with no expiration
@ -90,7 +102,7 @@ class TokenManager {
   * @returns {string}
   */
  generateAccessToken(user) {
-    return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret)
+    return TokenManager.generateAccessToken(user)
  }

  /**
--- a/server/models/User.js
+++ b/server/models/User.js
@ -1,9 +1,11 @@
 const uuidv4 = require('uuid').v4
 const sequelize = require('sequelize')
+const { LRUCache } = require('lru-cache')
+
 const Logger = require('../Logger')
 const SocketAuthority = require('../SocketAuthority')
 const { isNullOrNaN } = require('../utils')
-const { LRUCache } = require('lru-cache')
+const TokenManager = require('../auth/TokenManager')

 class UserCache {
  constructor() {
@ -213,10 +215,9 @@ class User extends Model {
   * or creates a new user if configured to do so.
   *
   * @param {Object} userinfo
-   * @param {import('../Auth')} auth
   * @returns {Promise<User>}
   */
-  static async findOrCreateUserFromOpenIdUserInfo(userinfo, auth) {
+  static async findOrCreateUserFromOpenIdUserInfo(userinfo) {
    let user = await this.getUserByOpenIDSub(userinfo.sub)

    // Matched by sub
@ -290,7 +291,7 @@ class User extends Model {
    // If no existing user was matched, auto-register if configured
    if (global.ServerSettings.authOpenIDAutoRegister) {
      Logger.info(`[User] openid: Auto-registering user with sub "${userinfo.sub}"`, userinfo)
-      user = await this.createUserFromOpenIdUserInfo(userinfo, auth)
+      user = await this.createUserFromOpenIdUserInfo(userinfo)
      return user
    }

@ -301,16 +302,15 @@ class User extends Model {
  /**
   * Create user from openid userinfo
   * @param {Object} userinfo
-   * @param {import('../Auth')} auth
   * @returns {Promise<User>}
   */
-  static async createUserFromOpenIdUserInfo(userinfo, auth) {
+  static async createUserFromOpenIdUserInfo(userinfo) {
    const userId = uuidv4()
    // TODO: Ensure username is unique?
    const username = userinfo.preferred_username || userinfo.name || userinfo.sub
    const email = userinfo.email && userinfo.email_verified ? userinfo.email : null

-    const token = auth.generateAccessToken({ id: userId, username })
+    const token = TokenManager.generateAccessToken({ id: userId, username })

    const newUser = {
      id: userId,