feat(api/private/me): include authProvider in UserInfo

This information is supposed to be used by the frontend to identify the login method that was used. The used login method is saved as a string into the session data and extracted via a new SessionAuthProvider decorator. Signed-off-by: David Mehren <git@herrmehren.de>
2025-05-24 20:14:35 -04:00 · 2022-01-30 21:54:30 +01:00 · 2022-01-30 21:54:30 +01:00 · d6ea4d29fe
commit d6ea4d29fe
parent 3f8e3b0589
7 changed files with 71 additions and 8 deletions
--- a/src/api/private/auth/auth.controller.ts
+++ b/src/api/private/auth/auth.controller.ts
@ -75,11 +75,18 @@ export class AuthController {
  @Post('local/login')
  @OpenApi(201, 400, 401)
  login(
-    @Req() request: Request & { session: { user: string } },
+    @Req()
+    request: Request & {
+      session: {
+        authProvider: string;
+        user: string;
+      };
+    },
    @Body() loginDto: LoginDto,
  ): void {
    // There is no further testing needed as we only get to this point if LocalAuthGuard was successful
    request.session.user = loginDto.username;
+    request.session.authProvider = 'local';
  }

  @UseGuards(SessionGuard)
--- a/src/api/private/me/me.controller.ts
+++ b/src/api/private/me/me.controller.ts
@ -10,11 +10,12 @@ import { SessionGuard } from '../../../identity/session.guard';
 import { ConsoleLoggerService } from '../../../logger/console-logger.service';
 import { MediaUploadDto } from '../../../media/media-upload.dto';
 import { MediaService } from '../../../media/media.service';
-import { FullUserInfoDto } from '../../../users/user-info.dto';
+import { UserLoginInfoDto } from '../../../users/user-info.dto';
 import { User } from '../../../users/user.entity';
 import { UsersService } from '../../../users/users.service';
 import { OpenApi } from '../../utils/openapi.decorator';
 import { RequestUser } from '../../utils/request-user.decorator';
+import { SessionAuthProvider } from '../../utils/session-authprovider.decorator';

@UseGuards(SessionGuard)
@OpenApi(401)
@ -31,8 +32,11 @@ export class MeController {

  @Get()
  @OpenApi(200)
-  getMe(@RequestUser() user: User): FullUserInfoDto {
-    return this.userService.toFullUserDto(user);
+  getMe(
+    @RequestUser() user: User,
+    @SessionAuthProvider() authProvider: string,
+  ): UserInfoDto {
+    return this.userService.toUserLoginInfoDto(user, authProvider);
  }

  @Get('media')
--- a/src/api/utils/session-authprovider.decorator.ts
+++ b/src/api/utils/session-authprovider.decorator.ts
@ -0,0 +1,34 @@
+/*
+ * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import {
+  createParamDecorator,
+  ExecutionContext,
+  InternalServerErrorException,
+} from '@nestjs/common';
+import { Request } from 'express';
+
+/**
+ * Extracts the auth provider identifier from a session inside a request
+ *
+ * Will throw an {@link InternalServerErrorException} if no identifier is present
+ */
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export const SessionAuthProvider = createParamDecorator(
+  (data: unknown, ctx: ExecutionContext) => {
+    const request: Request & {
+      session: {
+        authProvider: string;
+      };
+    } = ctx.switchToHttp().getRequest();
+    if (!request.session?.authProvider) {
+      // We should have an auth provider here, otherwise something is wrong
+      throw new InternalServerErrorException(
+        'Session is missing an auth provider identifier',
+      );
+    }
+    return request.session.authProvider;
+  },
+);