Added ability to fetch member by identity token (#329)

refs https://github.com/TryGhost/Team/issues/1057 This method will validate a token, and then return the member associated with it. Rather than exposing token validation and coupling consumers to the structure of the token response data.
2025-02-10 23:36:14 -05:00 · 2021-09-17 11:25:57 +02:00 · 2021-09-17 11:25:57 +02:00 · 528fd23874
commit 528fd23874
parent d99e0acf1a
3 changed files with 31 additions and 7 deletions
--- a/ghost/members-api/lib/MembersAPI.js
+++ b/ghost/members-api/lib/MembersAPI.js
@ -58,6 +58,12 @@ module.exports = function MembersAPI({
        common.logging.setLogger(logger);
    }
    const tokenService = new TokenService({
        privateKey,
        publicKey,
        issuer
    });
    const stripeConfig = paymentConfig && paymentConfig.stripe || {};
    const stripeAPIService = new StripeAPIService({
@ -90,6 +96,7 @@ module.exports = function MembersAPI({
    const memberRepository = new MemberRepository({
        stripeAPIService,
        logger,
        tokenService,
        productRepository,
        Member,
        MemberSubscribeEvent,
@ -128,12 +135,6 @@ module.exports = function MembersAPI({
        sendEmailWithMagicLink
    });
    const tokenService = new TokenService({
        privateKey,
        publicKey,
        issuer
    });
    const geolocationService = new GeolocationSerice();
    const magicLinkService = new MagicLink({
--- a/ghost/members-api/lib/repositories/member.js
+++ b/ghost/members-api/lib/repositories/member.js
@ -12,6 +12,11 @@ const messages = {
    bulkActionRequiresFilter: 'Cannot perform {action} without a filter or all=true'
 };
 /**
 * @typedef {object} ITokenService
 * @prop {(token: string) => Promise<import('jsonwebtoken').JwtPayload>} decodeToken
 */
 module.exports = class MemberRepository {
    /**
     * @param {object} deps
@ -25,6 +30,7 @@ module.exports = class MemberRepository {
     * @param {any} deps.StripeCustomerSubscription
     * @param {any} deps.productRepository
     * @param {import('../../services/stripe-api')} deps.stripeAPIService
     * @param {ITokenService} deps.tokenService
     * @param {any} deps.logger
     */
    constructor({
@ -38,6 +44,7 @@ module.exports = class MemberRepository {
        StripeCustomerSubscription,
        stripeAPIService,
        productRepository,
        tokenService,
        logger
    }) {
        this._Member = Member;
@ -50,6 +57,7 @@ module.exports = class MemberRepository {
        this._StripeCustomerSubscription = StripeCustomerSubscription;
        this._stripeAPIService = stripeAPIService;
        this._productRepository = productRepository;
        this.tokenService = tokenService;
        this._logging = logger;
    }
@ -76,6 +84,14 @@ module.exports = class MemberRepository {
        return this._Member.findOne(data, options);
    }
    async getByToken(token, options) {
        const data = await this.tokenService.decodeToken(token);
        return this.get({
            email: data.sub
        }, options);
    }
    async create(data, options) {
        const {labels} = data;
--- a/ghost/members-api/lib/services/token.js
+++ b/ghost/members-api/lib/services/token.js
@ -29,14 +29,21 @@ module.exports = class TokenService {
    /**
     * @param {string} token
     * @returns {Promise<jwt.JwtPayload>}
     */
    async decodeToken(token) {
        await this._keyStoreReady;
-        return jwt.verify(token, this._publicKey, {
+        const result = jwt.verify(token, this._publicKey, {
            algorithms: ['RS512'],
            issuer: this._issuer
        });
        if (typeof result === 'string') {
            return {sub: result};
        }
        return result;
    }
    async getPublicKeys() {