enable modifying profile settings for SSO users

2024-05-12 22:28:34 -04:00 · 2024-05-12 22:28:34 -04:00 · 65b29830f0
parent 861f8e55f4
commit 65b29830f0
4 changed files with 117 additions and 152 deletions
--- a/lib/api/controllers/users/userId/deleteUserById.ts
+++ b/lib/api/controllers/users/userId/deleteUserById.ts
@ -25,10 +25,8 @@ export default async function deleteUserById(
    };
  }

-  // Then, we check if the provided password matches the one stored in the database (disabled in SSO/OAuth integrations)
-  if (user.password && !isServerAdmin) {
-    console.log("isServerAdmin", isServerAdmin);
-    console.log("isServerAdmin", body.password);
+  if (!isServerAdmin) {
+    if (user.password) {
      const isPasswordValid = bcrypt.compareSync(
        body.password,
        user.password as string
@ -40,6 +38,12 @@ export default async function deleteUserById(
          status: 401, // Unauthorized
        };
      }
+    } else {
+      return {
+        response: "Invalid credentials.",
+        status: 401, // Unauthorized
+      };
+    }
  }

  // Delete the user and all related data within a transaction
--- a/lib/api/controllers/users/userId/updateUserById.ts
+++ b/lib/api/controllers/users/userId/updateUserById.ts
@ -24,41 +24,6 @@ export default async function updateUserById(
    },
  });

-  if (ssoUser) {
-    // deny changes to SSO-defined properties
-    if (data.email !== user?.email) {
-      return {
-        response: "SSO users cannot change their email.",
-        status: 400,
-      };
-    }
-    if (data.newPassword) {
-      return {
-        response: "SSO Users cannot change their password.",
-        status: 400,
-      };
-    }
-    if (data.name !== user?.name) {
-      return {
-        response: "SSO Users cannot change their name.",
-        status: 400,
-      };
-    }
-    if (data.username !== user?.username) {
-      return {
-        response: "SSO Users cannot change their username.",
-        status: 400,
-      };
-    }
-    if (data.image?.startsWith("data:image/jpeg;base64")) {
-      return {
-        response: "SSO Users cannot change their avatar.",
-        status: 400,
-      };
-    }
-  } else {
-    // verify only for non-SSO users
-    // SSO users cannot change their email, password, name, username, or avatar
  if (emailEnabled && !data.email)
    return {
      response: "Email invalid.",
@ -134,13 +99,12 @@ export default async function updateUserById(

  // Avatar Settings

-    if (data.image?.startsWith("data:image/jpeg;base64")) {
-      if (data.image.length < 1572864) {
+  if (
+    data.image?.startsWith("data:image/jpeg;base64") &&
+    data.image.length < 1572864
+  ) {
    try {
-          const base64Data = data.image.replace(
-            /^data:image\/jpeg;base64,/,
-            ""
-          );
+      const base64Data = data.image.replace(/^data:image\/jpeg;base64,/, "");

      createFolder({ filePath: `uploads/avatar` });

@ -152,17 +116,15 @@ export default async function updateUserById(
    } catch (err) {
      console.log("Error saving image:", err);
    }
-      } else {
+  } else if (data.image?.length && data.image?.length >= 1572864) {
    console.log("A file larger than 1.5MB was uploaded.");
    return {
      response: "A file larger than 1.5MB was uploaded.",
      status: 400,
    };
-      }
  } else if (data.image == "") {
    removeFile({ filePath: `uploads/avatar/${userId}.jpg` });
  }
-  }

  const previousEmail = (
    await prisma.user.findUnique({ where: { id: userId } })
@ -182,7 +144,12 @@ export default async function updateUserById(
      username: data.username?.toLowerCase().trim(),
      email: data.email?.toLowerCase().trim(),
      isPrivate: data.isPrivate,
-      image: data.image ? `uploads/avatar/${userId}.jpg` : "",
+      image:
+        data.image && data.image.startsWith("http")
+          ? data.image
+          : data.image
+            ? `uploads/avatar/${userId}.jpg`
+            : "",
      collectionOrder: data.collectionOrder.filter(
        (value, index, self) => self.indexOf(value) === index
      ),
--- a/lib/api/verifyUser.ts
+++ b/lib/api/verifyUser.ts
@ -32,19 +32,13 @@ export default async function verifyUser({
      subscriptions: true,
    },
  });
-  const ssoUser = await prisma.account.findFirst({
-    where: {
-      userId: userId,
-    },
-  });

  if (!user) {
    res.status(404).json({ response: "User not found." });
    return null;
  }

-  if (!user.username && !ssoUser) {
-    // SSO users don't need a username
+  if (!user.username) {
    res.status(401).json({
      response: "Username not found.",
    });
--- a/pages/api/v1/auth/[...nextauth].ts
+++ b/pages/api/v1/auth/[...nextauth].ts
@ -119,7 +119,7 @@ if (
          passwordMatches = bcrypt.compareSync(password, user.password);
        }

-        if (passwordMatches) {
+        if (passwordMatches && user?.password) {
          return { id: user?.id };
        } else return null as any;
      },