Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-10-31 21:11:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): totp asked even if no authentication is enabled

Browse Source
This commit is contained in:
Elian Doran 2025-06-06 16:17:21 +03:00
parent 63a6f00a47
commit 091cd7a18a
No known key found for this signature in database
2 changed files with 85 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
apps/server/src/services/auth.spec.ts Normal file
View File

@ -0,0 +1,73 @@
import supertest from "supertest";
import options from "./options";
import cls from "./cls";
import { Application } from "express";
import config from "./config";
import { refreshAuth } from "./auth";
let app: Application;
describe("Auth", () => {
beforeAll(async () => {
const buildApp = (await (import("../../src/app.js"))).default;
app = await buildApp();
});
describe("Auth", () => {
beforeAll(() => {
config.General.noAuthentication = false;
refreshAuth();
});
it("goes to login and asks for TOTP if enabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "true");
options.setOption("mfaMethod", "totp");
options.setOption("totpVerificationHash", "hi");
});
const response = await supertest(app)
.get("/")
.redirects(1)
.expect(200);
expect(response.text).toContain(`id="totpToken"`);
});
it("goes to login and doesn't ask for TOTP is disabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "false");
});
const response = await supertest(app)
.get("/")
.redirects(1)
.expect(200)
expect(response.text).not.toContain(`id="totpToken"`);
});
});
describe("No auth", () => {
beforeAll(() => {
config.General.noAuthentication = true;
refreshAuth();
});
it("doesn't ask for authentication when disabled, even if TOTP is enabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "true");
options.setOption("mfaMethod", "totp");
options.setOption("totpVerificationHash", "hi");
});
await supertest(app)
.get("/")
.expect(200);
});
it("doesn't ask for authentication when disabled, with TOTP disabled", async () => {
cls.init(() => {
options.setOption("mfaEnabled", "false");
});
await supertest(app)
.get("/")
.expect(200);
});
});
}, 60_000);

15
apps/server/src/services/auth.ts
View File

@ -11,7 +11,8 @@ import options from "./options.js";
import attributes from "./attributes.js";
import type { NextFunction, Request, Response } from "express";
const noAuthentication = config.General && config.General.noAuthentication === true;
let noAuthentication = false;
refreshAuth();
function checkAuth(req: Request, res: Response, next: NextFunction) {
if (!sqlInit.isDbInitialized()) {
@ -22,7 +23,7 @@ function checkAuth(req: Request, res: Response, next: NextFunction) {
const currentSsoStatus = openID.isOpenIDEnabled();
const lastAuthState = req.session.lastAuthState || { totpEnabled: false, ssoEnabled: false };
if (isElectron) {
if (isElectron || noAuthentication) {
next();
return;
} else if (currentTotpStatus !== lastAuthState.totpEnabled || currentSsoStatus !== lastAuthState.ssoEnabled) {
@ -58,7 +59,15 @@ function checkAuth(req: Request, res: Response, next: NextFunction) {
}
}
/**
* Rechecks whether authentication is needed or not by re-reading the config.
* The value is cached to avoid reading at every request.
*
* Generally this method should only be called during tests.
*/
export function refreshAuth() {
noAuthentication = (config.General && config.General.noAuthentication === true);
}
// for electron things which need network stuff
// currently, we're doing that for file upload because handling form data seems to be difficult