Check gitlab username in verification

src/services/auth.ts

@@ -264,18 +264,27 @@ export class AuthService {
 		return user;
 	}
 
-	async isGitlabATValid(user: User): Promise<boolean> {
+	async getGitlabUserInfo(
+		req: Request,
+		user: User
+	): Promise<GitlabUserResponse | null> {
 		try {
-			await axios.get(`${GITLAB_API_URL}/oauth/token/info`, {
+			const userInfoResp = await axios.get(
-				headers: { Authorization: `Bearer ${user.gitlabAT}` }
+				`${GITLAB_API_URL}/api/v4/user`,
-			});
+				{
-			return true;
+					headers: { Authorization: `Bearer ${user.gitlabAT}` }
+				}
+			);
+			return userInfoResp.data;
 		} catch (e) {
-			return false;
+			return null;
 		}
 	}
 
-	async tryRefreshGitlabTokens(req: Request, user: User): Promise<boolean> {
+	async tryRefreshGitlabTokens(
+		req: Request,
+		user: User
+	): Promise<User | null> {
 		const params = new URLSearchParams();
 		params.append('redirect_uri', this.getGitlabRedirectUrl(req));
 		params.append('client_id', GITLAB_ID);
@@ -288,16 +297,20 @@ export class AuthService {
 				{}
 			);
 			const data: GitlabTokenResponse = resp.data;
-			await this.setGitlabTokens(user, data);
+			return this.setGitlabTokens(user, data);
-			return true;
 		} catch (e) {
-			return false;
+			return null;
 		}
 	}
 
 	async verifyGitlabUser(req: Request, user: User): Promise<boolean> {
-		if (await this.isGitlabATValid(user)) return true;
+		let info = await this.getGitlabUserInfo(req, user);
-		return await this.tryRefreshGitlabTokens(req, user);
+		if (!info) {
+			user = await this.tryRefreshGitlabTokens(req, user);
+			if (!user) return false;
+			info = await this.getGitlabUserInfo(req, user);
+		}
+		return info && info.username == user.name;
 	}
 }