From a5297f8c6e12d8dce9751b0d903e000b714f1b36 Mon Sep 17 00:00:00 2001 From: Lucas Date: Sat, 7 Mar 2020 19:59:10 -0300 Subject: [PATCH] feat: option to restrict Discord auth to a specific server (#1548) * Optionally restrict discord authentication to members of a specific server * fix: discord auth module code linting Co-authored-by: Lucas Neves Co-authored-by: Nicolas Giard --- server/modules/authentication/discord/authentication.js | 6 +++++- server/modules/authentication/discord/definition.yml | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/server/modules/authentication/discord/authentication.js b/server/modules/authentication/discord/authentication.js index 82351ef9..ce180616 100644 --- a/server/modules/authentication/discord/authentication.js +++ b/server/modules/authentication/discord/authentication.js @@ -5,6 +5,7 @@ // ------------------------------------ const DiscordStrategy = require('passport-discord').Strategy +const _ = require('lodash') module.exports = { init (passport, conf) { @@ -14,9 +15,12 @@ module.exports = { clientSecret: conf.clientSecret, authorizationURL: 'https://discordapp.com/api/oauth2/authorize?prompt=none', callbackURL: conf.callbackURL, - scope: 'identify email' + scope: 'identify email guilds' }, async (accessToken, refreshToken, profile, cb) => { try { + if (conf.guildId && !_.some(profile.guilds, { id: conf.guildId })) { + throw new WIKI.Error.AuthLoginFailed() + } const user = await WIKI.models.users.processProfile({ profile: { ...profile, diff --git a/server/modules/authentication/discord/definition.yml b/server/modules/authentication/discord/definition.yml index 0436c067..7540ad6d 100644 --- a/server/modules/authentication/discord/definition.yml +++ b/server/modules/authentication/discord/definition.yml @@ -18,3 +18,8 @@ props: title: Client Secret hint: Application Client Secret order: 2 + guildId: + type: String + title: Server ID + hint: Optional - Your unique server identifier, such that only members are authorized + order: 3