🔨 OPENID: Refactor mixed stuff (#4428)

* Refactor

* changed the variable name back to loginMethod

* md

* Update packages/sync-server/src/app.js

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

packages/sync-server/package.json

@@ -14,7 +14,6 @@
     "db:test-migrate": "NODE_ENV=test node src/run-migrations.js up",
     "db:test-downgrade": "NODE_ENV=test node src/run-migrations.js down",
     "reset-password": "node src/scripts/reset-password.js",
-    "enable-openid": "node src/scripts/enable-openid.js",
     "disable-openid": "node src/scripts/disable-openid.js",
     "health-check": "node src/scripts/health-check.js"
   },

packages/sync-server/src/account-db.js

@@ -62,15 +62,19 @@ export function getLoginMethod(req) {
     return req.body.loginMethod;
   }
 
-  if (config.get('loginMethod')) {
+  //BY-PASS ANY OTHER CONFIGURATION TO ENSURE HEADER AUTH
+  if (
+    config.get('loginMethod') === 'header' &&
+    config.get('allowedLoginMethods').includes('header')
+  ) {
     return config.get('loginMethod');
   }
 
   const activeMethod = getActiveLoginMethod();
-  return activeMethod || 'password';
+  return activeMethod || config.get('loginMethod');
 }
 
-export async function bootstrap(loginSettings) {
+export async function bootstrap(loginSettings, forced = false) {
   if (!loginSettings) {
     return { error: 'invalid-login-settings' };
   }
@@ -87,7 +91,7 @@ export async function bootstrap(loginSettings) {
    WHERE users.user_name <> '' and users.owner = 1`,
       ) || {};
 
-    if (!openIdEnabled || countOfOwner > 0) {
+    if (!forced && (!openIdEnabled || countOfOwner > 0)) {
       if (!needsBootstrap()) {
         accountDb.mutate('ROLLBACK');
         return { error: 'already-bootstrapped' };
@@ -99,7 +103,7 @@ export async function bootstrap(loginSettings) {
       return { error: 'no-auth-method-selected' };
     }
 
-    if (passEnabled && openIdEnabled) {
+    if (passEnabled && openIdEnabled && !forced) {
       accountDb.mutate('ROLLBACK');
       return { error: 'max-one-method-allowed' };
     }
@@ -112,7 +116,7 @@ export async function bootstrap(loginSettings) {
       }
     }
 
-    if (openIdEnabled) {
+    if (openIdEnabled && forced) {
       const { error } = await bootstrapOpenId(loginSettings.openId);
       if (error) {
         accountDb.mutate('ROLLBACK');

packages/sync-server/src/app.js

@@ -6,6 +6,7 @@ import express from 'express';
 import actuator from 'express-actuator';
 import rateLimit from 'express-rate-limit';
 
+import { bootstrap } from './account-db.js';
 import * as accountApp from './app-account.js';
 import * as adminApp from './app-admin.js';
 import * as goCardlessApp from './app-gocardless/app-gocardless.js';
@@ -107,6 +108,20 @@ function parseHTTPSConfig(value) {
 }
 
 export async function run() {
+  if (config.openId) {
+    console.log('OpenID configuration found. Preparing server to use it');
+    try {
+      const { error } = await bootstrap({ openId: config.openId }, true);
+      if (error) {
+        console.log(error);
+      } else {
+        console.log('OpenID configured!');
+      }
+    } catch (err) {
+      console.error(err);
+    }
+  }
+
   if (config.get('https.key') && config.get('https.cert')) {
     const https = await import('node:https');
     const httpsOptions = {

packages/sync-server/src/config-types.ts

@@ -4,7 +4,7 @@ type LoginMethod = 'password' | 'header' | 'openid';
 
 export interface Config {
   mode: 'test' | 'development';
-  loginMethod: LoginMethod;
+  loginMethod?: LoginMethod;
   allowedLoginMethods: LoginMethod[];
   trustedProxies: string[];
   trustedAuthProxies?: string[];

upcoming-release-notes/4428.md

@@ -0,0 +1,6 @@
+---
+category: Enhancements
+authors: [lelemm]
+---
+
+OPENID Environment variables will now be used on server startup