fix(core): Do not applying auth if UM is disabled (#3218)
* 🔓 not applying auth if UM is disabled * 🛠 add helpers for UM enabled/disabled * 👕 fix lint issue * 🔥 remove unused imports
This commit is contained in:
Ben Hesseldieck
GitHub
@@ -32,6 +32,20 @@ export function isEmailSetUp(): boolean {
|
||||
return smtp && host && user && pass;
|
||||
}
|
||||
|
||||
export function isUserManagementEnabled(): boolean {
|
||||
return (
|
||||
!config.getEnv('userManagement.disabled') ||
|
||||
config.getEnv('userManagement.isInstanceOwnerSetUp')
|
||||
);
|
||||
}
|
||||
|
||||
export function isUserManagementDisabled(): boolean {
|
||||
return (
|
||||
config.getEnv('userManagement.disabled') &&
|
||||
!config.getEnv('userManagement.isInstanceOwnerSetUp')
|
||||
);
|
||||
}
|
||||
|
||||
async function getInstanceOwnerRole(): Promise<Role> {
|
||||
const ownerRole = await Db.collections.Role.findOneOrFail({
|
||||
where: {
|
||||
|
||||
@@ -19,7 +19,13 @@ import { usersNamespace } from './users';
|
||||
import { passwordResetNamespace } from './passwordReset';
|
||||
import { AuthenticatedRequest } from '../../requests';
|
||||
import { ownerNamespace } from './owner';
|
||||
import { isAuthExcluded, isPostUsersId, isAuthenticatedRequest } from '../UserManagementHelper';
|
||||
import {
|
||||
isAuthExcluded,
|
||||
isPostUsersId,
|
||||
isAuthenticatedRequest,
|
||||
isUserManagementDisabled,
|
||||
} from '../UserManagementHelper';
|
||||
import { Db } from '../..';
|
||||
|
||||
export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint: string): void {
|
||||
// needed for testing; not adding overhead since it directly returns if req.cookies exists
|
||||
@@ -47,7 +53,7 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
|
||||
|
||||
this.app.use(passport.initialize());
|
||||
|
||||
this.app.use((req: Request, res: Response, next: NextFunction) => {
|
||||
this.app.use(async (req: Request, res: Response, next: NextFunction) => {
|
||||
if (
|
||||
// TODO: refactor me!!!
|
||||
// skip authentication for preflight requests
|
||||
@@ -73,6 +79,17 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
|
||||
return next();
|
||||
}
|
||||
|
||||
// skip authentication if user management is disabled
|
||||
if (isUserManagementDisabled()) {
|
||||
req.user = await Db.collections.User.findOneOrFail(
|
||||
{},
|
||||
{
|
||||
relations: ['globalRole'],
|
||||
},
|
||||
);
|
||||
return next();
|
||||
}
|
||||
|
||||
return passport.authenticate('jwt', { session: false })(req, res, next);
|
||||
});
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@ import {
|
||||
getInstanceBaseUrl,
|
||||
hashPassword,
|
||||
isEmailSetUp,
|
||||
isUserManagementDisabled,
|
||||
sanitizeUser,
|
||||
validatePassword,
|
||||
} from '../UserManagementHelper';
|
||||
@@ -55,7 +56,7 @@ export function usersNamespace(this: N8nApp): void {
|
||||
}
|
||||
|
||||
// TODO: this should be checked in the middleware rather than here
|
||||
if (config.getEnv('userManagement.disabled')) {
|
||||
if (isUserManagementDisabled()) {
|
||||
Logger.debug(
|
||||
'Request to send email invite(s) to user(s) failed because user management is disabled',
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user