diff --git a/src/server/lib/callbacks.js b/src/server/lib/callbacks.js index 4c760c20b6..865bf45676 100644 --- a/src/server/lib/callbacks.js +++ b/src/server/lib/callbacks.js @@ -12,8 +12,9 @@ * @param {object} profile User profile (e.g. user id, name, email) * @param {object} account Account used to sign in (e.g. OAuth account) * @param {object} metadata Provider specific metadata (e.g. OAuth Profile) - * @return {boolean|object} Return `true` (or a modified JWT) to allow sign in + * @return {boolean|string} Return `true` to allow sign in * Return `false` to deny access + * Return `string` to redirect to (eg.: "/unauthorized") */ const signIn = async (profile, account, metadata) => { const isAllowedToSignIn = true diff --git a/src/server/routes/callback.js b/src/server/routes/callback.js index 71ccd76dd3..72bcaf62b4 100644 --- a/src/server/routes/callback.js +++ b/src/server/routes/callback.js @@ -71,13 +71,16 @@ export default async (req, res, options, done) => { const signInCallbackResponse = await callbacks.signIn(userOrProfile, account, OAuthProfile) if (signInCallbackResponse === false) { return redirect(`${baseUrl}${basePath}/error?error=AccessDenied`) + } else if (typeof signInCallbackResponse === 'string') { + return redirect(signInCallbackResponse) } } catch (error) { if (error instanceof Error) { return redirect(`${baseUrl}${basePath}/error?error=${encodeURIComponent(error)}`) - } else { - return redirect(error) } + // TODO: Remove in a future major release + logger.warn('SIGNIN_CALLBACK_REJECT_REDIRECT') + return redirect(error) } // Sign user in @@ -162,13 +165,16 @@ export default async (req, res, options, done) => { const signInCallbackResponse = await callbacks.signIn(profile, account, { email }) if (signInCallbackResponse === false) { return redirect(`${baseUrl}${basePath}/error?error=AccessDenied`) + } else if (typeof signInCallbackResponse === 'string') { + return redirect(signInCallbackResponse) } } catch (error) { if (error instanceof Error) { return redirect(`${baseUrl}${basePath}/error?error=${encodeURIComponent(error)}`) - } else { - return redirect(error) } + // TODO: Remove in a future major release + logger.warn('SIGNIN_CALLBACK_REJECT_REDIRECT') + return redirect(error) } // Sign user in diff --git a/www/docs/configuration/callbacks.md b/www/docs/configuration/callbacks.md index 2ecc4745e1..956a8e3acc 100644 --- a/www/docs/configuration/callbacks.md +++ b/www/docs/configuration/callbacks.md @@ -44,8 +44,9 @@ callbacks: { * @param {object} user User object * @param {object} account Provider account * @param {object} profile Provider profile - * @return {boolean} Return `true` (or a modified JWT) to allow sign in + * @return {boolean|string} Return `true` to allow sign in * Return `false` to deny access + * Return `string` to redirect to (eg.: "/unauthorized") */ signIn: async (user, account, profile) => { const isAllowedToSignIn = true @@ -54,9 +55,8 @@ callbacks: { } else { // Return false to display a default error message return false - // You can also Reject this callback with an Error or with a URL: - // throw new Error('error message') // Redirect to error page - // return '/path/to/redirect' // Redirect to a URL + // Or you can return a URL to redirect to: + // return '/unauthorized' } } } diff --git a/www/docs/warnings.md b/www/docs/warnings.md index dc2912ebcd..557c3eac72 100644 --- a/www/docs/warnings.md +++ b/www/docs/warnings.md @@ -48,3 +48,23 @@ You can use [node-jose-tools](https://www.npmjs.com/package/node-jose-tools) to #### JWT_AUTO_GENERATED_ENCRYPTION_KEY +#### SIGNIN_CALLBACK_REJECT_REDIRECT + +You returned something in the `signIn` callback, that is being deprecated. + +You probably had something similar in the callback: +```js + return Promise.reject("/some/url") +``` + +or + +```js + throw "/some/url" +``` + +To remedy this, simply return the url instead: + +```js + return "/some/url" +``` \ No newline at end of file