diff --git a/migrations/1719409568000-multiuser.js b/migrations/1719409568000-multiuser.js index 345da8ebd..228bcdc89 100644 --- a/migrations/1719409568000-multiuser.js +++ b/migrations/1719409568000-multiuser.js @@ -1,10 +1,12 @@ import getAccountDb from '../src/account-db.js'; +import * as uuid from 'uuid'; export const up = async function () { - await getAccountDb().exec( - ` - BEGIN TRANSACTION; - + const accountDb = getAccountDb(); + + accountDb.transaction(() => { + accountDb.exec( + ` CREATE TABLE users (id TEXT PRIMARY KEY, user_name TEXT, @@ -24,8 +26,6 @@ export const up = async function () { ALTER TABLE files ADD COLUMN owner TEXT; - DELETE FROM sessions; - ALTER TABLE sessions ADD COLUMN expires_at INTEGER; @@ -34,9 +34,20 @@ export const up = async function () { ALTER TABLE sessions ADD COLUMN auth_method TEXT; - COMMIT; `, - ); + ); + + const userId = uuid.v4(); + accountDb.mutate( + 'INSERT INTO users (id, user_name, display_name, enabled, owner, role) VALUES (?, ?, ?, 1, 1, ?)', + [userId, '', '', 'ADMIN'], + ); + + accountDb.mutate( + 'UPDATE sessions SET user_id = ?, expires_at = ?, auth_method = ? WHERE auth_method IS NULL', + [userId, -1, 'password'], + ); + }); }; export const down = async function () { diff --git a/src/account-db.js b/src/account-db.js index aa6678fd2..c8c30bf0b 100644 --- a/src/account-db.js +++ b/src/account-db.js @@ -53,7 +53,9 @@ export function getLoginMethod(req) { return req.body.loginMethod; } - return config.loginMethod || 'password'; + const activeMethod = getActiveLoginMethod(); + + return config.loginMethod || activeMethod || 'password'; } export async function bootstrap(loginSettings) { diff --git a/src/accounts/openid.js b/src/accounts/openid.js index 784a6e5b3..18169c595 100644 --- a/src/accounts/openid.js +++ b/src/accounts/openid.js @@ -304,8 +304,7 @@ export function isValidRedirectUrl(url) { const redirectUrl = new URL(url); const serverUrl = new URL(serverHostname); - // Compare origin (protocol + hostname + port) - if (redirectUrl.origin === serverUrl.origin) { + if (redirectUrl.hostname === serverUrl.hostname) { return true; } else { return false; diff --git a/src/app-account.js b/src/app-account.js index 057c97d06..d1867d2a4 100644 --- a/src/app-account.js +++ b/src/app-account.js @@ -33,7 +33,8 @@ app.get('/needs-bootstrap', (req, res) => { status: 'ok', data: { bootstrapped: !needsBootstrap(), - loginMethods: listLoginMethods(), + loginMethod: getLoginMethod(), + availableLoginMethods: listLoginMethods(), multiuser: getActiveLoginMethod() === 'openid', }, }); diff --git a/upcoming-release-notes/507.md b/upcoming-release-notes/507.md new file mode 100644 index 000000000..32961ec26 --- /dev/null +++ b/upcoming-release-notes/507.md @@ -0,0 +1,6 @@ +--- +category: Bugfix +authors: [lelemm] +--- + +Fixed bug where the openid migration was removing access for users