cnpm · fengmk2 · Aug 8, 2023 · Aug 8, 2023
diff --git a/app/core/service/UserService.ts b/app/core/service/UserService.ts
@@ -106,19 +106,23 @@ export class UserService extends AbstractService {
     return { code: LoginResultCode.Success, user, token };
   }
 
-  async ensureTokenByUser({ name, email, password = crypto.randomUUID(), ip }: Optional<CreateUser, 'password'>) {
+  async findOrCreateUser({ name, email, ip, password = crypto.randomUUID() }: Optional<CreateUser, 'password'>) {
     let user = await this.userRepository.findUserByName(name);
     if (!user) {
       const createRes = await this.create({
         name,
         email,
-        // Authentication via sso
-        // should use token instead of password
         password,
         ip,
       });
       user = createRes.user;
     }
+
+    return user;
+  }
+
+  async ensureTokenByUser(opts: Optional<CreateUser, 'password'>) {
+    const user = await this.findOrCreateUser(opts);
     const token = await this.createToken(user.userId);
     return { user, token };
   }

diff --git a/app/port/controller/TokenController.ts b/app/port/controller/TokenController.ts
@@ -131,15 +131,12 @@ export class TokenController extends AbstractController {
     return { objects, total: objects.length, urls: {} };
   }
 
-  private async ensureWebUser() {
+  private async ensureWebUser(ip = '') {
     const userRes = await this.authAdapter.ensureCurrentUser();
     if (!userRes?.name || !userRes?.email) {
       throw new ForbiddenError('need login first');
     }
-    const user = await this.userService.findUserByName(userRes.name);
-    if (!user?.userId) {
-      throw new ForbiddenError('invalid user info');
-    }
+    const user = await this.userService.findOrCreateUser({ name: userRes.name, email: userRes.email, ip });
     return user;
   }
 
@@ -155,7 +152,7 @@ export class TokenController extends AbstractController {
   // 3. Need to implement ensureCurrentUser method in AuthAdapter, or pass in this.user
   async createGranularToken(@Context() ctx: EggContext, @HTTPBody() tokenOptions: GranularTokenOptions) {
     ctx.tValidate(GranularTokenOptionsRule, tokenOptions);
-    const user = await this.ensureWebUser();
+    const user = await this.ensureWebUser(ctx.ip);
 
     // 生成 Token
     const { name, description, allowedPackages, allowedScopes, cidr_whitelist, automation, readonly, expires } = tokenOptions;

diff --git a/test/port/controller/TokenController/createToken.test.ts b/test/port/controller/TokenController/createToken.test.ts
@@ -135,21 +135,20 @@ describe('test/port/controller/TokenController/createToken.test.ts', () => {
       assert.match(res.body.error, /\[FORBIDDEN\] need login first/);
     });
 
-    it('should 403 when no user info', async () => {
+    it('should auto create when no user info', async () => {
       mock(AuthAdapter.prototype, 'ensureCurrentUser', async () => {
         return {
           name: 'banana',
           email: 'banana@fruits.com',
         };
       });
-      const res = await app.httpRequest()
+      await app.httpRequest()
         .post('/-/npm/v1/tokens/gat')
         .send({
           name: 'banana',
           expires: 30,
         })
-        .expect(403);
-      assert.match(res.body.error, /\[FORBIDDEN\] invalid user info/);
+        .expect(200);
     });
 
     describe('should 200', () => {