LibreChat/api/strategies
Dustin Healy bd158905b3 🔒 fix: Harden admin OAuth refresh against user bans, tenant scope gaps, and cross-tenant migration
Post-identity-resolution ban check: the initial checkBan middleware fires before the
refresh token is exchanged and req.user is populated, so it can only evaluate IP bans.
After applyGoogleAdminRefresh/applyAdminRefresh resolves the user identity, we now
synthesize req.user and re-run checkBan against the resolved user's id before emitting
the JWT, so a user-level ban is enforced even from a fresh IP.

Domain allowlist now includes userId: the getAppConfig call in isEmailAllowedForUser
was passing only role, missing user and group-level allowedDomains overrides that the
initial OAuth callback's checkDomainAllowed enforces via userId. Both branches now
pass userId so buildPrincipals takes the full user+group+role resolution path. The
tenant branch is also inlined (replacing resolveAppConfigForUser) to accept userId,
wrapped in tenantStorage.run for correct Mongoose scoping and cache-key resolution.

Cross-tenant email-fallback migration: the Passport verify callback fires before
tenantContextMiddleware, so findUser({email}) is unscoped and can return a same-email
user from another tenant. Writing googleId onto that document permanently corrupts
the other tenant's account. Migration is now blocked for users with a tenantId;
single-tenant users are unaffected.
2026-06-22 10:42:20 -07:00
..
appleStrategy.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
appleStrategy.test.js 🧪 fix: Add updateUser to appleStrategy test mock for socialLogin migration 2026-06-18 11:58:35 -07:00
discordStrategy.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
facebookStrategy.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
githubStrategy.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
googleStrategy.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
index.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00
jwtStrategy.js 🧑‍💻 refactor: Secure Field Selection for 2FA & API Build Sourcemap (#9087) 2025-08-15 18:55:49 -04:00
ldapStrategy.js 🏢 feat: Tenant-Scoped App Config in Auth Login Flows (#12434) 2026-03-27 16:08:43 -04:00
ldapStrategy.spec.js 🏢 feat: Tenant-Scoped App Config in Auth Login Flows (#12434) 2026-03-27 16:08:43 -04:00
localStrategy.js 🔐 fix: Avoid Logging Password On Login Validation Error (#12926) 2026-05-03 21:27:41 -04:00
openIdJwtStrategy.js 🌐 fix: Centralize Outbound Proxy Handling (#13726) 2026-06-14 10:47:49 -04:00
openIdJwtStrategy.spec.js 🌐 fix: Centralize Outbound Proxy Handling (#13726) 2026-06-14 10:47:49 -04:00
openidStrategy.js 🌐 fix: Centralize Outbound Proxy Handling (#13726) 2026-06-14 10:47:49 -04:00
openidStrategy.spec.js 🔧 fix: Honor NO_PROXY for OpenID requests when PROXY is set (#13716) 2026-06-13 11:39:48 -04:00
process.js 🛂 feat: Social Login by Provider ID First then Email (#10358) 2025-11-05 09:20:35 -05:00
process.test.js 🛂 feat: Social Login by Provider ID First then Email (#10358) 2025-11-05 09:20:35 -05:00
samlStrategy.js 🪪 fix: Use Shared IdP Avatar Processing (#13422) 2026-05-30 16:51:58 -07:00
samlStrategy.spec.js 🪪 fix: Use Shared IdP Avatar Processing (#13422) 2026-05-30 16:51:58 -07:00
socialLogin.js 🔒 fix: Harden admin OAuth refresh against user bans, tenant scope gaps, and cross-tenant migration 2026-06-22 10:42:20 -07:00
socialLogin.test.js 🔒 fix: Harden admin OAuth refresh against user bans, tenant scope gaps, and cross-tenant migration 2026-06-22 10:42:20 -07:00
validators.js 🔐 feat: Add Configurable Min. Password Length (#9315) 2025-08-27 16:30:56 -04:00
validators.spec.js 🔐 feat: Add Configurable Min. Password Length (#9315) 2025-08-27 16:30:56 -04:00