diff --git a/packages/sync-server/package.json b/packages/sync-server/package.json index f928880544..a393876a66 100644 --- a/packages/sync-server/package.json +++ b/packages/sync-server/package.json @@ -14,7 +14,6 @@ "db:test-migrate": "NODE_ENV=test node src/run-migrations.js up", "db:test-downgrade": "NODE_ENV=test node src/run-migrations.js down", "reset-password": "node src/scripts/reset-password.js", - "enable-openid": "node src/scripts/enable-openid.js", "disable-openid": "node src/scripts/disable-openid.js", "health-check": "node src/scripts/health-check.js" }, diff --git a/packages/sync-server/src/account-db.js b/packages/sync-server/src/account-db.js index ec8897d5f0..cbb43a0ded 100644 --- a/packages/sync-server/src/account-db.js +++ b/packages/sync-server/src/account-db.js @@ -62,15 +62,19 @@ export function getLoginMethod(req) { return req.body.loginMethod; } - if (config.get('loginMethod')) { + //BY-PASS ANY OTHER CONFIGURATION TO ENSURE HEADER AUTH + if ( + config.get('loginMethod') === 'header' && + config.get('allowedLoginMethods').includes('header') + ) { return config.get('loginMethod'); } const activeMethod = getActiveLoginMethod(); - return activeMethod || 'password'; + return activeMethod || config.get('loginMethod'); } -export async function bootstrap(loginSettings) { +export async function bootstrap(loginSettings, forced = false) { if (!loginSettings) { return { error: 'invalid-login-settings' }; } @@ -87,7 +91,7 @@ export async function bootstrap(loginSettings) { WHERE users.user_name <> '' and users.owner = 1`, ) || {}; - if (!openIdEnabled || countOfOwner > 0) { + if (!forced && (!openIdEnabled || countOfOwner > 0)) { if (!needsBootstrap()) { accountDb.mutate('ROLLBACK'); return { error: 'already-bootstrapped' }; @@ -99,7 +103,7 @@ export async function bootstrap(loginSettings) { return { error: 'no-auth-method-selected' }; } - if (passEnabled && openIdEnabled) { + if (passEnabled && openIdEnabled && !forced) { accountDb.mutate('ROLLBACK'); return { error: 'max-one-method-allowed' }; } @@ -112,7 +116,7 @@ export async function bootstrap(loginSettings) { } } - if (openIdEnabled) { + if (openIdEnabled && forced) { const { error } = await bootstrapOpenId(loginSettings.openId); if (error) { accountDb.mutate('ROLLBACK'); diff --git a/packages/sync-server/src/app.js b/packages/sync-server/src/app.js index 60deb9feae..0dda48dd90 100644 --- a/packages/sync-server/src/app.js +++ b/packages/sync-server/src/app.js @@ -6,6 +6,7 @@ import express from 'express'; import actuator from 'express-actuator'; import rateLimit from 'express-rate-limit'; +import { bootstrap } from './account-db.js'; import * as accountApp from './app-account.js'; import * as adminApp from './app-admin.js'; import * as goCardlessApp from './app-gocardless/app-gocardless.js'; @@ -107,6 +108,20 @@ function parseHTTPSConfig(value) { } export async function run() { + if (config.openId) { + console.log('OpenID configuration found. Preparing server to use it'); + try { + const { error } = await bootstrap({ openId: config.openId }, true); + if (error) { + console.log(error); + } else { + console.log('OpenID configured!'); + } + } catch (err) { + console.error(err); + } + } + if (config.get('https.key') && config.get('https.cert')) { const https = await import('node:https'); const httpsOptions = { diff --git a/packages/sync-server/src/config-types.ts b/packages/sync-server/src/config-types.ts index 3e9e76d136..5bd51cc9df 100644 --- a/packages/sync-server/src/config-types.ts +++ b/packages/sync-server/src/config-types.ts @@ -4,7 +4,7 @@ type LoginMethod = 'password' | 'header' | 'openid'; export interface Config { mode: 'test' | 'development'; - loginMethod: LoginMethod; + loginMethod?: LoginMethod; allowedLoginMethods: LoginMethod[]; trustedProxies: string[]; trustedAuthProxies?: string[]; diff --git a/upcoming-release-notes/4428.md b/upcoming-release-notes/4428.md new file mode 100644 index 0000000000..a71be00b99 --- /dev/null +++ b/upcoming-release-notes/4428.md @@ -0,0 +1,6 @@ +--- +category: Enhancements +authors: [lelemm] +--- + +OPENID Environment variables will now be used on server startup