go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-03-20 14:31:09 +02:00
Code Issues Releases Activity

[#6402] load the request info context during password/OAuth2/OTP authentication

Browse Source
This commit is contained in:
Gani Georgiev 2025-02-10 16:56:48 +02:00
parent 6a7f3a21fb
commit 26f0df36bc
8 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -2,6 +2,11 @@
- ⚠️ Prioritized the user submitted non-empty `createData.email` (_it will be unverified_) when creating the PocketBase user during the first OAuth2 auth. - ⚠️ Prioritized the user submitted non-empty `createData.email` (_it will be unverified_) when creating the PocketBase user during the first OAuth2 auth.
- Load the request info context during password/OAuth2/OTP authentication ([#6402](https://github.com/pocketbase/pocketbase/issues/6402)).
This could be helpful in case you want to target the auth method as part of the MFA and Auth API rules.
For example, to disable MFA for the OAuth2 auth could be expressed as `@request.context != "oauth2"` MFA rule.
(@todo docs)
- Added `$os.stat(file)` JSVM helper ([#6407](https://github.com/pocketbase/pocketbase/discussions/6407)). - Added `$os.stat(file)` JSVM helper ([#6407](https://github.com/pocketbase/pocketbase/discussions/6407)).

2
apis/record_auth_with_oauth2.go
View File

@ -35,6 +35,8 @@ func recordAuthWithOAuth2(e *core.RequestEvent) error {
fallbackAuthRecord = e.Auth fallbackAuthRecord = e.Auth
} }
e.Set(core.RequestEventKeyInfoContext, core.RequestInfoContextOAuth2)
form := new(recordOAuth2LoginForm) form := new(recordOAuth2LoginForm)
form.collection = collection form.collection = collection
if err = e.BindBody(form); err != nil { if err = e.BindBody(form); err != nil {

14
apis/record_auth_with_oauth2_test.go
View File

@ -175,6 +175,20 @@ func TestRecordAuthWithOAuth2(t *testing.T) {
if err := app.Save(ea); err != nil { if err := app.Save(ea); err != nil {
t.Fatal(err) t.Fatal(err)
} }
// test at least once that the correct request info context is properly loaded
app.OnRecordAuthRequest().BindFunc(func(e *core.RecordAuthRequestEvent) error {
info, err := e.RequestInfo()
if err != nil {
t.Fatal(err)
}
if info.Context != core.RequestInfoContextOAuth2 {
t.Fatalf("Expected request context %q, got %q", core.RequestInfoContextOAuth2, info.Context)
}
return e.Next()
})
}, },
ExpectedStatus: 200, ExpectedStatus: 200,
ExpectedContent: []string{ ExpectedContent: []string{

2
apis/record_auth_with_otp.go
View File

@ -26,6 +26,8 @@ func recordAuthWithOTP(e *core.RequestEvent) error {
return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err))
} }
e.Set(core.RequestEventKeyInfoContext, core.RequestInfoContextOTP)
event := new(core.RecordAuthWithOTPRequestEvent) event := new(core.RecordAuthWithOTPRequestEvent)
event.RequestEvent = e event.RequestEvent = e
event.Collection = collection event.Collection = collection

14
apis/record_auth_with_otp_test.go
View File

@ -269,6 +269,20 @@ func TestRecordAuthWithOTP(t *testing.T) {
if err := app.Save(otp); err != nil { if err := app.Save(otp); err != nil {
t.Fatal(err) t.Fatal(err)
} }
// test at least once that the correct request info context is properly loaded
app.OnRecordAuthRequest().BindFunc(func(e *core.RecordAuthRequestEvent) error {
info, err := e.RequestInfo()
if err != nil {
t.Fatal(err)
}
if info.Context != core.RequestInfoContextOTP {
t.Fatalf("Expected request context %q, got %q", core.RequestInfoContextOTP, info.Context)
}
return e.Next()
})
}, },
ExpectedStatus: 200, ExpectedStatus: 200,
ExpectedContent: []string{ ExpectedContent: []string{

2
apis/record_auth_with_password.go
View File

@ -32,6 +32,8 @@ func recordAuthWithPassword(e *core.RequestEvent) error {
return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err))
} }
e.Set(core.RequestEventKeyInfoContext, core.RequestInfoContextPasswordAuth)
var foundRecord *core.Record var foundRecord *core.Record
var foundErr error var foundErr error

15
apis/record_auth_with_password_test.go
View File

@ -126,6 +126,21 @@ func TestRecordAuthWithPassword(t *testing.T) {
"identity":"test@example.com", "identity":"test@example.com",
"password":"1234567890" "password":"1234567890"
}`), }`),
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
// test at least once that the correct request info context is properly loaded
app.OnRecordAuthRequest().BindFunc(func(e *core.RecordAuthRequestEvent) error {
info, err := e.RequestInfo()
if err != nil {
t.Fatal(err)
}
if info.Context != core.RequestInfoContextPasswordAuth {
t.Fatalf("Expected request context %q, got %q", core.RequestInfoContextPasswordAuth, info.Context)
}
return e.Next()
})
},
ExpectedStatus: 200, ExpectedStatus: 200,
ExpectedContent: []string{ ExpectedContent: []string{
`"email":"test@example.com"`, `"email":"test@example.com"`,

4
core/event_request.go
View File

@ -154,8 +154,10 @@ const (
RequestInfoContextExpand = "expand" RequestInfoContextExpand = "expand"
RequestInfoContextRealtime = "realtime" RequestInfoContextRealtime = "realtime"
RequestInfoContextProtectedFile = "protectedFile" RequestInfoContextProtectedFile = "protectedFile"
RequestInfoContextOAuth2 = "oauth2"
RequestInfoContextBatch = "batch" RequestInfoContextBatch = "batch"
RequestInfoContextOAuth2 = "oauth2"
RequestInfoContextOTP = "otp"
RequestInfoContextPasswordAuth = "password"
) )
// RequestInfo defines a HTTP request data struct, usually used // RequestInfo defines a HTTP request data struct, usually used