LibreChat/api
Dustin Healy bd158905b3 🔒 fix: Harden admin OAuth refresh against user bans, tenant scope gaps, and cross-tenant migration
Post-identity-resolution ban check: the initial checkBan middleware fires before the
refresh token is exchanged and req.user is populated, so it can only evaluate IP bans.
After applyGoogleAdminRefresh/applyAdminRefresh resolves the user identity, we now
synthesize req.user and re-run checkBan against the resolved user's id before emitting
the JWT, so a user-level ban is enforced even from a fresh IP.

Domain allowlist now includes userId: the getAppConfig call in isEmailAllowedForUser
was passing only role, missing user and group-level allowedDomains overrides that the
initial OAuth callback's checkDomainAllowed enforces via userId. Both branches now
pass userId so buildPrincipals takes the full user+group+role resolution path. The
tenant branch is also inlined (replacing resolveAppConfigForUser) to accept userId,
wrapped in tenantStorage.run for correct Mongoose scoping and cache-key resolution.

Cross-tenant email-fallback migration: the Passport verify callback fires before
tenantContextMiddleware, so findUser({email}) is unscoped and can return a same-email
user from another tenant. Writing googleId onto that document permanently corrupts
the other tenant's account. Migration is now blocked for users with a tenantId;
single-tenant users are unaffected.
2026-06-22 10:42:20 -07:00
..
app 🌐 fix: Centralize Outbound Proxy Handling (#13726) 2026-06-14 10:47:49 -04:00
cache 🪂 feat: Graceful HTTP shutdown on SIGTERM/SIGINT (#13211) 2026-05-20 13:33:53 -04:00
config 🪵 refactor: Bound Log Traversal And Remove Legacy api/config Logger (#13813) 2026-06-17 12:31:32 -04:00
db ⚖️ feat: Add Operational Prometheus Metrics (#13265) 2026-05-22 20:47:41 -04:00
models 🗑️ chore: Remove Action Test Suite and Update Mock Implementations (#12268) 2026-03-21 14:28:55 -04:00
server 🔒 fix: Harden admin OAuth refresh against user bans, tenant scope gaps, and cross-tenant migration 2026-06-22 10:42:20 -07:00
strategies 🔒 fix: Harden admin OAuth refresh against user bans, tenant scope gaps, and cross-tenant migration 2026-06-22 10:42:20 -07:00
test 🪵 refactor: Bound Log Traversal And Remove Legacy api/config Logger (#13813) 2026-06-17 12:31:32 -04:00
utils 📖 feat: Add Claude Fable 5 Support (#13628) 2026-06-09 16:22:39 -04:00
jest.config.js 📦 chore: npm audit fix (#13828) 2026-06-17 21:54:04 -04:00
jsconfig.json feat(api): initial Redis support; fix(SearchBar): proper debounce (#1039) 2023-10-11 17:05:47 -04:00
package.json 📦 chore: npm audit fix (#13828) 2026-06-17 21:54:04 -04:00
typedefs.js 🧬 chore: Align LibreChat With Agents LangChain Upgrade (#12922) 2026-05-03 12:46:01 -04:00