From 22006e9dbde82609440f89bde9a40887b4742682 Mon Sep 17 00:00:00 2001 From: sct Date: Mon, 21 Dec 2020 20:51:54 +0900 Subject: [PATCH] fix(api): prevent checking first admin account for plex server access --- server/lib/notifications/agents/discord.ts | 2 - server/routes/auth.ts | 70 ++++++++++--------- .../Settings/SettingsAbout/index.tsx | 6 +- 3 files changed, 38 insertions(+), 40 deletions(-) diff --git a/server/lib/notifications/agents/discord.ts b/server/lib/notifications/agents/discord.ts index 92348e43..08239980 100644 --- a/server/lib/notifications/agents/discord.ts +++ b/server/lib/notifications/agents/discord.ts @@ -143,8 +143,6 @@ class DiscordAgent } ); break; - default: - color = EmbedColors.DARK_PURPLE; } return { diff --git a/server/routes/auth.ts b/server/routes/auth.ts index cda86d5b..b1fb4bf8 100644 --- a/server/routes/auth.ts +++ b/server/routes/auth.ts @@ -71,44 +71,48 @@ authRoutes.post('/login', async (req, res, next) => { await userRepository.save(user); } - // If we get to this point, the user does not already exist so we need to create the - // user _assuming_ they have access to the plex server - const mainUser = await userRepository.findOneOrFail({ - select: ['id', 'plexToken'], - order: { id: 'ASC' }, - }); - const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? ''); - if (await mainPlexTv.checkUserAccess(account)) { - user = new User({ - email: account.email, - username: account.username, - plexId: account.id, - plexToken: account.authToken, - permissions: settings.main.defaultPermissions, - avatar: account.thumb, - }); - await userRepository.save(user); - } else { - logger.info( - 'Failed login attempt from user without access to plex server', - { - label: 'Auth', - account: { - ...account, - authentication_token: '__REDACTED__', - authToken: '__REDACTED__', - }, - } - ); - return next({ - status: 403, - message: 'You do not have access to this Plex server', + // Double check that we didn't create the first admin user before running this + if (!user) { + // If we get to this point, the user does not already exist so we need to create the + // user _assuming_ they have access to the plex server + const mainUser = await userRepository.findOneOrFail({ + select: ['id', 'plexToken'], + order: { id: 'ASC' }, }); + const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? ''); + + if (await mainPlexTv.checkUserAccess(account)) { + user = new User({ + email: account.email, + username: account.username, + plexId: account.id, + plexToken: account.authToken, + permissions: settings.main.defaultPermissions, + avatar: account.thumb, + }); + await userRepository.save(user); + } else { + logger.info( + 'Failed login attempt from user without access to plex server', + { + label: 'Auth', + account: { + ...account, + authentication_token: '__REDACTED__', + authToken: '__REDACTED__', + }, + } + ); + return next({ + status: 403, + message: 'You do not have access to this Plex server', + }); + } } } // Set logged in session - if (req.session && user) { + if (req.session) { req.session.userId = user.id; } diff --git a/src/components/Settings/SettingsAbout/index.tsx b/src/components/Settings/SettingsAbout/index.tsx index 93d20423..067f89a6 100644 --- a/src/components/Settings/SettingsAbout/index.tsx +++ b/src/components/Settings/SettingsAbout/index.tsx @@ -26,16 +26,12 @@ const SettingsAbout: React.FC = () => { '/api/v1/settings/about' ); - if (error) { - return ; - } - if (!data && !error) { return ; } if (!data) { - return ; + return ; } return (