✨ change ghost client redirect_uri (#7595)

closes #7580
2025-03-11 02:12:21 -05:00 · 2016-10-21 17:08:17 +02:00 · 2016-10-21 17:08:17 +02:00 · cccd8c4f8f
commit cccd8c4f8f
parent 2887602712
2 changed files with 50 additions and 7 deletions
--- a/core/server/auth/passport.js
+++ b/core/server/auth/passport.js
@ -21,10 +21,27 @@ _private.registerClient = function (options) {
        .then(function fetchedClient(client) {
            // CASE: Ghost Auth client is already registered
            if (client) {
-                return {
-                    client_id: client.get('uuid'),
-                    client_secret: client.get('secret')
-                };
+                if (client.get('redirection_uri') === url) {
+                    return {
+                        client_id: client.get('uuid'),
+                        client_secret: client.get('secret')
+                    };
+                }
+
+                logging.debug('Update ghost client callback url...');
+                return ghostOAuth2Strategy.changeCallbackURL({
+                    callbackURL: url + '/ghost/',
+                    clientId: client.get('uuid'),
+                    clientSecret: client.get('secret')
+                }).then(function changedCallbackURL() {
+                    client.set('redirection_uri', url);
+                    return client.save(null, {context: {internal: true}});
+                }).then(function updatedClient() {
+                    return {
+                        client_id: client.get('uuid'),
+                        client_secret: client.get('secret')
+                    };
+                });
            }

            return ghostOAuth2Strategy.registerClient({clientName: url})
@ -33,7 +50,8 @@ _private.registerClient = function (options) {
                        name: 'Ghost Auth',
                        slug: 'ghost-auth',
                        uuid: credentials.client_id,
-                        secret: credentials.client_secret
+                        secret: credentials.client_secret,
+                        redirection_uri: url + '/ghost/'
                    }, {context: {internal: true}});
                })
                .then(function returnClient(client) {
--- a/core/test/unit/auth/passport_spec.js
+++ b/core/test/unit/auth/passport_spec.js
@ -7,6 +7,7 @@ var passport = require('passport'),
    testUtils = require('../../utils'),
    GhostPassport = rewire('../../../server/auth/passport'),
    models = require('../../../server/models'),
+    utils = require('../../../server/utils'),
    errors = require('../../../server/errors');

 should.equal(true, true);
@ -35,6 +36,7 @@ describe('Ghost Passport', function () {

        FakeGhostOAuth2Strategy.prototype.setClient = sandbox.stub();
        FakeGhostOAuth2Strategy.prototype.registerClient = sandbox.stub().returns(Promise.resolve({}));
+        FakeGhostOAuth2Strategy.prototype.changeCallbackURL = sandbox.stub().returns(Promise.resolve({}));
    });

    afterEach(function () {
@ -53,13 +55,16 @@ describe('Ghost Passport', function () {
                models.Client.add.called.should.eql(false);
                FakeGhostOAuth2Strategy.prototype.setClient.called.should.eql(false);
                FakeGhostOAuth2Strategy.prototype.registerClient.called.should.eql(false);
+                FakeGhostOAuth2Strategy.prototype.changeCallbackURL.called.should.eql(false);
            });
        });
    });

    describe('auth_type: ghost', function () {
-        it('ghost client is already present in database', function () {
-            client = new models.Client(testUtils.DataGenerator.forKnex.createClient());
+        it('ghost client is already present in database and redirect_uri hasn\'t changed', function () {
+            client = new models.Client(testUtils.DataGenerator.forKnex.createClient({
+                redirection_uri: utils.url.getBaseUrl()
+            }));

            return GhostPassport.init({
                type: 'ghost'
@ -71,6 +76,26 @@ describe('Ghost Passport', function () {
                models.Client.add.called.should.eql(false);
                FakeGhostOAuth2Strategy.prototype.setClient.called.should.eql(true);
                FakeGhostOAuth2Strategy.prototype.registerClient.called.should.eql(false);
+                FakeGhostOAuth2Strategy.prototype.changeCallbackURL.called.should.eql(false);
+            });
+        });
+
+        it('ghost client is already present in database and redirect_uri has changed', function () {
+            client = new models.Client(testUtils.DataGenerator.forKnex.createClient({
+                redirection_uri: 'URL-HAS-CHANGED'
+            }));
+
+            return GhostPassport.init({
+                type: 'ghost'
+            }).then(function (response) {
+                should.exist(response.passport);
+                passport.use.callCount.should.eql(3);
+
+                models.Client.findOne.called.should.eql(true);
+                models.Client.add.called.should.eql(false);
+                FakeGhostOAuth2Strategy.prototype.setClient.called.should.eql(true);
+                FakeGhostOAuth2Strategy.prototype.registerClient.called.should.eql(false);
+                FakeGhostOAuth2Strategy.prototype.changeCallbackURL.called.should.eql(true);
            });
        });