feat(login): add local users functionality (#591)

2025-09-17 17:24:35 +02:00 · 2021-01-14 13:03:12 +01:00
parent f17fa2a2db
commit 492e19df40
17 changed files with 866 additions and 97 deletions
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -6,6 +6,7 @@ import { isAuthenticated } from '../middleware/auth';
 import { Permission } from '../lib/permissions';
 import logger from '../logger';
 import { getSettings } from '../lib/settings';
+import { UserType } from '../../src/hooks/useUser';

 const authRoutes = Router();

@@ -126,6 +127,53 @@ authRoutes.post('/login', async (req, res, next) => {
  }
 });

+authRoutes.post('/local', async (req, res, next) => {
+  const userRepository = getRepository(User);
+  const body = req.body as { email?: string; password?: string };
+
+  if (!body.email || !body.password) {
+    return res
+      .status(500)
+      .json({ error: 'You must provide an email and a password' });
+  }
+  try {
+    const user = await userRepository.findOne({
+      select: ['id', 'password'],
+      where: { email: body.email, userType: UserType.LOCAL },
+    });
+
+    const isCorrectCredentials = await user?.passwordMatch(body.password);
+
+    // User doesn't exist or credentials are incorrect
+    if (!isCorrectCredentials) {
+      logger.info('Failed login attempt from user with incorrect credentials', {
+        label: 'Auth',
+        account: {
+          email: body.email,
+          password: '__REDACTED__',
+        },
+      });
+      return next({
+        status: 403,
+        message: 'You do not have access to this Plex server',
+      });
+    }
+
+    // Set logged in session
+    if (user && req.session) {
+      req.session.userId = user.id;
+    }
+
+    return res.status(200).json(user?.filter() ?? {});
+  } catch (e) {
+    logger.error(e.message, { label: 'Auth' });
+    return next({
+      status: 500,
+      message: 'Something went wrong.',
+    });
+  }
+});
+
 authRoutes.get('/logout', (req, res, next) => {
  req.session?.destroy((err) => {
    if (err) {
--- a/server/routes/user.ts
+++ b/server/routes/user.ts
@@ -6,6 +6,7 @@ import { User } from '../entity/User';
 import { hasPermission, Permission } from '../lib/permissions';
 import { getSettings } from '../lib/settings';
 import logger from '../logger';
+import gravatarUrl from 'gravatar-url';

 const router = Router();

@@ -19,13 +20,34 @@ router.get('/', async (_req, res) => {

 router.post('/', async (req, res, next) => {
  try {
+    const settings = getSettings().notifications.agents.email;
+
+    const body = req.body;
    const userRepository = getRepository(User);

+    const passedExplicitPassword = body.password && body.password.length > 0;
+    const avatar = gravatarUrl(body.email);
+
+    if (!passedExplicitPassword && !settings.enabled) {
+      throw new Error('Email notifications must be enabled');
+    }
+
    const user = new User({
-      email: req.body.email,
-      permissions: req.body.permissions,
+      avatar: body.avatar ?? avatar,
+      username: body.username ?? body.email,
+      email: body.email,
+      password: body.password,
+      permissions: body.permissions,
      plexToken: '',
+      userType: body.userType,
    });
+
+    if (passedExplicitPassword) {
+      await user?.setPassword(body.password);
+    } else {
+      await user?.resetPassword();
+    }
+
    await userRepository.save(user);
    return res.status(201).json(user.filter());
  } catch (e) {