msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

fix: enhance logging for Google and GitHub OAuth2 authentication (#7848)

Browse Source 
Co-authored-by: Nicolas Giard <github@ngpixel.com>
pull/7822/merge
ss033 4 weeks ago committed by GitHub
parent 407aacfa19
commit a02e0131c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File

20
server/modules/authentication/github/authentication.js
Unescape View File

@ -27,6 +27,14 @@ module.exports = {
passport.use(conf.key,
new GitHubStrategy(githubConfig, async (req, accessToken, refreshToken, profile, cb) => {
try {
WIKI.logger.info(`GitHub OAuth: Processing profile for user ${profile.id || profile.username}`)
// Ensure email is available - passport-github2 should fetch it automatically with user:email scope
// but we'll log a warning if it's missing
if (!profile.emails || (Array.isArray(profile.emails) && profile.emails.length === 0)) {
WIKI.logger.warn(`GitHub OAuth: No email found in profile for user ${profile.id || profile.username}. Make sure 'user:email' scope is granted.`)
}
const user = await WIKI.models.users.processProfile({
providerKey: req.params.strategy,
profile: {
@ -34,9 +42,19 @@ module.exports = {
picture: _.get(profile, 'photos[0].value', '')
}
})
WIKI.logger.info(`GitHub OAuth: Successfully authenticated user ${user.email}`)
cb(null, user)
} catch (err) {
cb(err, null)
WIKI.logger.warn(`GitHub OAuth: Authentication failed for strategy ${req.params.strategy}:`, err)
// Provide more user-friendly error messages
if (err.message && err.message.includes('email')) {
cb(new Error('GitHub authentication failed: Email address is required but not available. Please ensure your GitHub account has a verified email address and grant email access permissions.'), null)
} else if (err instanceof WIKI.Error.AuthAccountBanned) {
cb(err, null)
} else {
cb(new Error(`GitHub authentication failed: ${err.message || 'Unknown error'}`), null)
}
}
}
))

22
server/modules/authentication/google/authentication.js
Unescape View File

@ -16,9 +16,13 @@ module.exports = {
passReqToCallback: true
}, async (req, accessToken, refreshToken, profile, cb) => {
try {
if (conf.hostedDomain && conf.hostedDomain != profile._json.hd) {
throw new Error('Google authentication should have been performed with domain ' + conf.hostedDomain)
WIKI.logger.info(`Google OAuth: Processing profile for user ${profile.id || profile.displayName}`)
// Validate hosted domain if configured
if (conf.hostedDomain && profile._json.hd !== conf.hostedDomain) {
throw new Error(`Google authentication failed: User must be from domain ${conf.hostedDomain}, but got ${profile._json.hd || 'unknown'}`)
}
const user = await WIKI.models.users.processProfile({
providerKey: req.params.strategy,
profile: {
@ -26,9 +30,21 @@ module.exports = {
picture: _.get(profile, 'photos[0].value', '')
}
})
WIKI.logger.info(`Google OAuth: Successfully authenticated user ${user.email}`)
cb(null, user)
} catch (err) {
cb(err, null)
WIKI.logger.warn(`Google OAuth: Authentication failed for strategy ${req.params.strategy}:`, err)
// Provide more user-friendly error messages
if (err.message && err.message.includes('domain')) {
cb(new Error(`Google authentication failed: ${err.message}`), null)
} else if (err.message && err.message.includes('email')) {
cb(new Error('Google authentication failed: Email address is required but not available. Please ensure your Google account has a verified email address.'), null)
} else if (err instanceof WIKI.Error.AuthAccountBanned) {
cb(err, null)
} else {
cb(new Error(`Google authentication failed: ${err.message || 'Unknown error'}`), null)
}
}
})

Write Preview
Loading…
Cancel
Save