Fix OIDC auto register user #4485

2025-12-31 19:49:22 -05:00 · 2025-07-13 17:04:02 -05:00
6 changed files with 23 additions and 53 deletions
--- a/client/pages/config/sessions.vue
+++ b/client/pages/config/sessions.vue
@@ -68,7 +68,7 @@
              <p class="text-xs truncate" v-html="getDeviceInfoString(session.deviceInfo)" />
            </td>
            <td class="text-center w-24 min-w-24 sm:w-32 sm:min-w-32">
-              <p class="text-xs font-mono">{{ $elapsedPrettyLocalized(session.timeListening) }}</p>
+              <p class="text-xs font-mono">{{ $elapsedPretty(session.timeListening) }}</p>
            </td>
            <td class="text-center hover:underline w-24 min-w-24" @click.stop="clickCurrentTime(session)">
              <p class="text-xs font-mono">{{ $secondsToTimestamp(session.currentTime) }}</p>
--- a/client/pages/config/users/_id/sessions.vue
+++ b/client/pages/config/users/_id/sessions.vue
@@ -40,7 +40,7 @@
                <p class="text-xs truncate" v-html="getDeviceInfoString(session.deviceInfo)" />
              </td>
              <td class="text-center">
-                <p class="text-xs font-mono">{{ $elapsedPrettyLocalized(session.timeListening) }}</p>
+                <p class="text-xs font-mono">{{ $elapsedPretty(session.timeListening) }}</p>
              </td>
              <td class="text-center hover:underline" @click.stop="clickCurrentTime(session)">
                <p class="text-xs font-mono">{{ $secondsToTimestamp(session.currentTime) }}</p>
--- a/client/plugins/utils.js
+++ b/client/plugins/utils.js
@@ -37,48 +37,6 @@ Vue.prototype.$elapsedPretty = (seconds, useFullNames = false, useMilliseconds =
  return `${hours} ${useFullNames ? `hour${hours === 1 ? '' : 's'}` : 'hr'} ${minutes} ${useFullNames ? `minute${minutes === 1 ? '' : 's'}` : 'min'}`
 }

-Vue.prototype.$elapsedPrettyLocalized = (seconds, useFullNames = false, useMilliseconds = false) => {
-  if (isNaN(seconds) || seconds === null) return ''
-
-  try {
-    const df = new Intl.DurationFormat(Vue.prototype.$languageCodes.current, {
-      style: useFullNames ? 'long' : 'short'
-    })
-
-    const duration = {}
-
-    if (seconds < 60) {
-      if (useMilliseconds && seconds < 1) {
-        duration.milliseconds = Math.floor(seconds * 1000)
-      } else {
-        duration.seconds = Math.floor(seconds)
-      }
-    } else if (seconds < 3600) {
-      // 1 hour
-      duration.minutes = Math.floor(seconds / 60)
-    } else if (seconds < 86400) {
-      // 1 day
-      duration.hours = Math.floor(seconds / 3600)
-      const minutes = Math.floor((seconds % 3600) / 60)
-      if (minutes > 0) {
-        duration.minutes = minutes
-      }
-    } else {
-      duration.days = Math.floor(seconds / 86400)
-      const hours = Math.floor((seconds % 86400) / 3600)
-      if (hours > 0) {
-        duration.hours = hours
-      }
-    }
-
-    return df.format(duration)
-  } catch (error) {
-    // Handle not supported
-    console.warn('Intl.DurationFormat not supported, not localizing duration')
-    return Vue.prototype.$elapsedPretty(seconds, useFullNames, useMilliseconds)
-  }
-}
-
 Vue.prototype.$secondsToTimestamp = (seconds, includeMs = false, alwaysIncludeHours = false) => {
  if (!seconds) {
    return alwaysIncludeHours ? '00:00:00' : '0:00'
--- a/server/auth/OidcAuthStrategy.js
+++ b/server/auth/OidcAuthStrategy.js
@@ -121,7 +121,7 @@ class OidcAuthStrategy {
        throw new Error(`Group claim ${Database.serverSettings.authOpenIDGroupClaim} not found or empty in userinfo`)
      }

-      let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo, this)
+      let user = await Database.userModel.findOrCreateUserFromOpenIdUserInfo(userinfo)

      if (!user?.isActive) {
        throw new Error('User not active or not found')
--- a/server/auth/TokenManager.js
+++ b/server/auth/TokenManager.js
@@ -81,6 +81,18 @@ class TokenManager {
    }
  }

+  /**
+   * Generate a JWT token for a given user
+   * TODO: Old method with no expiration
+   * @deprecated
+   *
+   * @param {{ id:string, username:string }} user
+   * @returns {string}
+   */
+  static generateAccessToken(user) {
+    return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret)
+  }
+
  /**
   * Function to generate a jwt token for a given user
   * TODO: Old method with no expiration
@@ -90,7 +102,7 @@ class TokenManager {
   * @returns {string}
   */
  generateAccessToken(user) {
-    return jwt.sign({ userId: user.id, username: user.username }, TokenManager.TokenSecret)
+    return TokenManager.generateAccessToken(user)
  }

  /**
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -1,9 +1,11 @@
 const uuidv4 = require('uuid').v4
 const sequelize = require('sequelize')
+const { LRUCache } = require('lru-cache')
+
 const Logger = require('../Logger')
 const SocketAuthority = require('../SocketAuthority')
 const { isNullOrNaN } = require('../utils')
-const { LRUCache } = require('lru-cache')
+const TokenManager = require('../auth/TokenManager')

 class UserCache {
  constructor() {
@@ -213,10 +215,9 @@ class User extends Model {
   * or creates a new user if configured to do so.
   *
   * @param {Object} userinfo
-   * @param {import('../Auth')} auth
   * @returns {Promise<User>}
   */
-  static async findOrCreateUserFromOpenIdUserInfo(userinfo, auth) {
+  static async findOrCreateUserFromOpenIdUserInfo(userinfo) {
    let user = await this.getUserByOpenIDSub(userinfo.sub)

    // Matched by sub
@@ -290,7 +291,7 @@ class User extends Model {
    // If no existing user was matched, auto-register if configured
    if (global.ServerSettings.authOpenIDAutoRegister) {
      Logger.info(`[User] openid: Auto-registering user with sub "${userinfo.sub}"`, userinfo)
-      user = await this.createUserFromOpenIdUserInfo(userinfo, auth)
+      user = await this.createUserFromOpenIdUserInfo(userinfo)
      return user
    }

@@ -301,16 +302,15 @@ class User extends Model {
  /**
   * Create user from openid userinfo
   * @param {Object} userinfo
-   * @param {import('../Auth')} auth
   * @returns {Promise<User>}
   */
-  static async createUserFromOpenIdUserInfo(userinfo, auth) {
+  static async createUserFromOpenIdUserInfo(userinfo) {
    const userId = uuidv4()
    // TODO: Ensure username is unique?
    const username = userinfo.preferred_username || userinfo.name || userinfo.sub
    const email = userinfo.email && userinfo.email_verified ? userinfo.email : null

-    const token = auth.generateAccessToken({ id: userId, username })
+    const token = TokenManager.generateAccessToken({ id: userId, username })

    const newUser = {
      id: userId,