bugfixes

backend/src/api-internal/auth-authorize-extract.middleware.ts

@@ -1,15 +1,13 @@
 import { Inject, Injectable } from "@nestjs/common";
 import { Request, Response } from "express";
-import { AuthClientService } from "src/model/services/auth-client.service";
 import { StateMiddleware } from "src/api-oauth/StateMiddleware";
 import { OAuthAuthorizeServerState } from "src/api-oauth/OAuthAuthorizeServerState";
 import { JwtService } from "@nestjs/jwt";
 import { TokenScope } from "src/backend-services/token.service";
 
 @Injectable()
-export class AuthAuthorizeExtractMiddleware extends StateMiddleware<{}, OAuthAuthorizeServerState> {
+export class AuthAuthorizeExtractMiddleware extends StateMiddleware<{}, Omit<OAuthAuthorizeServerState, "client">> {
     constructor(
-        private readonly authClientService: AuthClientService,
         @Inject("StateJwtService")
         private readonly stateJwtService: JwtService,
     ) {
@@ -25,9 +23,7 @@ export class AuthAuthorizeExtractMiddleware extends StateMiddleware<{}, OAuthAut
         const newState = this.stateJwtService.verify<Pick<OAuthAuthorizeServerState, "request">>(
             req.query.state ?? req.body.state,
         );
-        const client = await this.authClientService.findAuthClient(newState.request.clientId);
         this.appendState(res, {
-            client,
             ...newState,
             isRegisterAdditional: newState.request.scope.includes(TokenScope.LOGIN_SERVICE_REGISTER),
         });

backend/src/api-oauth/oauth-authorize-extract.middleware.ts

@@ -2,13 +2,11 @@ import { Injectable } from "@nestjs/common";
 import { Request, Response } from "express";
 import { StateMiddleware } from "./StateMiddleware";
 import { OAuthAuthorizeRequest, OAuthAuthorizeServerState } from "./OAuthAuthorizeServerState";
-import { AuthClientService } from "src/model/services/auth-client.service";
 import { TokenScope } from "src/backend-services/token.service";
-import { AuthClient } from "src/model/postgres/AuthClient.entity";
 
 @Injectable()
-export class OAuthAuthorizeExtractMiddleware extends StateMiddleware<{}, OAuthAuthorizeServerState> {
-    constructor(private readonly authClientService: AuthClientService) {
+export class OAuthAuthorizeExtractMiddleware extends StateMiddleware<{}, Omit<OAuthAuthorizeServerState, "client">> {
+    constructor() {
         super();
     }
 
@@ -27,15 +25,8 @@ export class OAuthAuthorizeExtractMiddleware extends StateMiddleware<{}, OAuthAu
             codeChallengeMethod: req.query.code_challenge_method as string,
             responseType: req.query.response_type as "code",
         };
-        let client: AuthClient | undefined;
-        try {
-            client = await this.authClientService.findAuthClient(requestParams.clientId);
-        } catch {
-            client = undefined;
-        }
         this.appendState(res, {
             request: requestParams,
-            client,
             isRegisterAdditional: requestParams.scope.includes(TokenScope.LOGIN_SERVICE_REGISTER),
         });
         next();

backend/src/api-oauth/oauth-authorize-validate.middleware.ts

@@ -4,14 +4,17 @@ import { StateMiddleware } from "./StateMiddleware";
 import { OAuthAuthorizeServerState } from "./OAuthAuthorizeServerState";
 import { OAuthHttpException } from "./OAuthHttpException";
 import { TokenService } from "src/backend-services/token.service";
+import { AuthClientService } from "src/model/services/auth-client.service";
 
 @Injectable()
 export class OAuthAuthorizeValidateMiddleware extends StateMiddleware<
     OAuthAuthorizeServerState,
     OAuthAuthorizeServerState
 > {
-
-    constructor(private readonly tokenService: TokenService) {
+    constructor(
+        private readonly tokenService: TokenService,
+        private readonly authClientService: AuthClientService,
+    ) {
         super();
     }
 
@@ -21,6 +24,10 @@ export class OAuthAuthorizeValidateMiddleware extends StateMiddleware<
         state: OAuthAuthorizeServerState & { error?: any },
         next: (error?: Error | any) => void,
     ): Promise<any> {
+        try {
+            const client = await this.authClientService.findAuthClient(state.request.clientId);
+            this.appendState(res, { client });
+        } catch {}
         if (!state.client || !state.client.isValid) {
             throw new OAuthHttpException("invalid_client", "Client unknown or unauthorized");
         }

backend/src/strategies/github/github.service.ts

@@ -155,7 +155,7 @@ export class GithubStrategyService extends StrategyUsingPassport {
         strategyInstance: StrategyInstance,
         authStateData: (AuthStateServerData & OAuthAuthorizeServerState) | undefined,
     ): passport.AuthenticateOptions {
-        const mode = authStateData?.authState.function ?? AuthFunction.LOGIN;
+        const mode = authStateData?.authState?.function ?? AuthFunction.LOGIN;
         if (mode == AuthFunction.REGISTER_WITH_SYNC) {
             return {
                 scope: ["scope", "user:email", "repo"],

backend/src/strategies/strategies.middleware.ts

@@ -70,14 +70,14 @@ export class StrategiesMiddleware extends StateMiddleware<
         const strategy = this.strategiesService.getStrategyByName(instance.type);
         this.appendState(res, { strategy });
 
+        const result = await strategy.performAuth(instance, state, req, res);
+        this.appendState(res, result.returnedState);
+
         const functionError = this.performAuthFunctionService.checkFunctionIsAllowed(state, instance, strategy);
         if (functionError != null) {
             throw new OAuthHttpException("server_error", functionError);
         }
 
-        const result = await strategy.performAuth(instance, state, req, res);
-        this.appendState(res, result.returnedState);
-
         const authResult = result.result;
         if (authResult) {
             const activeLogin = await this.performAuthFunctionService.performRequestedAction(