Check gitlab username in verification

2022-08-25 11:52:37 +02:00 · 2022-08-25 11:52:37 +02:00 · 8e1cd73f39
commit 8e1cd73f39
parent 98acfa2e33
1 changed files with 25 additions and 12 deletions
--- a/src/services/auth.ts
+++ b/src/services/auth.ts
@ -264,18 +264,27 @@ export class AuthService {
 		return user;
 	}

-	async isGitlabATValid(user: User): Promise<boolean> {
+	async getGitlabUserInfo(
+		req: Request,
+		user: User
+	): Promise<GitlabUserResponse | null> {
 		try {
-			await axios.get(`${GITLAB_API_URL}/oauth/token/info`, {
+			const userInfoResp = await axios.get(
+				`${GITLAB_API_URL}/api/v4/user`,
+				{
 					headers: { Authorization: `Bearer ${user.gitlabAT}` }
-			});
-			return true;
+				}
+			);
+			return userInfoResp.data;
 		} catch (e) {
-			return false;
+			return null;
 		}
 	}

-	async tryRefreshGitlabTokens(req: Request, user: User): Promise<boolean> {
+	async tryRefreshGitlabTokens(
+		req: Request,
+		user: User
+	): Promise<User | null> {
 		const params = new URLSearchParams();
 		params.append('redirect_uri', this.getGitlabRedirectUrl(req));
 		params.append('client_id', GITLAB_ID);
@ -288,16 +297,20 @@ export class AuthService {
 				{}
 			);
 			const data: GitlabTokenResponse = resp.data;
-			await this.setGitlabTokens(user, data);
-			return true;
+			return this.setGitlabTokens(user, data);
 		} catch (e) {
-			return false;
+			return null;
 		}
 	}

 	async verifyGitlabUser(req: Request, user: User): Promise<boolean> {
-		if (await this.isGitlabATValid(user)) return true;
-		return await this.tryRefreshGitlabTokens(req, user);
+		let info = await this.getGitlabUserInfo(req, user);
+		if (!info) {
+			user = await this.tryRefreshGitlabTokens(req, user);
+			if (!user) return false;
+			info = await this.getGitlabUserInfo(req, user);
+		}
+		return info && info.username == user.name;
 	}
 }