Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-04-15 03:01:37 -05:00
Code Issues Activity

Removed all accesstokens and refreshtokens related code

Browse source 
no issue

- v0.1 is ☠️ so the access/refresh token based auth is no longer used
- removed all code related to the `accesstokens` and `refreshtokens` tables
- removed all `passport` related dependencies as it's no longer used
This commit is contained in:
Kevin Ansfield 2019-09-12 15:45:11 +01:00
parent 721118680d
commit d645afb416
20 changed files with 5 additions and 205 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/server/api/canary/users.js
View file

@ -126,8 +126,6 @@ module.exports = {
frame.options.transacting = t;
return Promise.all([
models.Accesstoken.destroyByUser(frame.options),
models.Refreshtoken.destroyByUser(frame.options),
models.Post.destroyByAuthor(frame.options)
]).then(() => {
return models.User.destroy(Object.assign({status: 'all'}, frame.options));

2
core/server/api/v2/users.js
View file

@ -126,8 +126,6 @@ module.exports = {
frame.options.transacting = t;
return Promise.all([
models.Accesstoken.destroyByUser(frame.options),
models.Refreshtoken.destroyByUser(frame.options),
models.Post.destroyByAuthor(frame.options)
]).then(() => {
return models.User.destroy(Object.assign({status: 'all'}, frame.options));

2
core/server/data/exporter/index.js
View file

@ -6,7 +6,7 @@ var _ = require('lodash'),
common = require('../../lib/common'),
security = require('../../lib/security'),
models = require('../../models'),
EXCLUDED_TABLES = ['accesstokens', 'refreshtokens', 'sessions', 'mobiledoc_revisions'],
EXCLUDED_TABLES = ['sessions', 'mobiledoc_revisions'],
EXCLUDED_FIELDS_CONDITIONS = {
settings: [{
operator: 'whereNot',

13
core/server/data/schema/schema.js
View file

@ -215,19 +215,6 @@ module.exports = {
updated_at: {type: 'dateTime', nullable: true},
updated_by: {type: 'string', maxlength: 24, nullable: true}
},
accesstokens: {
id: {type: 'string', maxlength: 24, nullable: false, primary: true},
token: {type: 'string', maxlength: 191, nullable: false, unique: true},
user_id: {type: 'string', maxlength: 24, nullable: false, references: 'users.id'},
issued_by: {type: 'string', maxlength: 24, nullable: true},
expires: {type: 'bigInteger', nullable: false}
},
refreshtokens: {
id: {type: 'string', maxlength: 24, nullable: false, primary: true},
token: {type: 'string', maxlength: 191, nullable: false, unique: true},
user_id: {type: 'string', maxlength: 24, nullable: false, references: 'users.id'},
expires: {type: 'bigInteger', nullable: false}
},
subscribers: {
id: {type: 'string', maxlength: 24, nullable: false, primary: true},
name: {type: 'string', maxlength: 191, nullable: true},

28
core/server/models/accesstoken.js
View file

@ -1,28 +0,0 @@
const ghostBookshelf = require('./base'),
Basetoken = require('./base/token');
let Accesstoken,
Accesstokens;
Accesstoken = Basetoken.extend({
tableName: 'accesstokens',
emitChange: function emitChange(event, options) {
const eventToTrigger = 'token' + '.' + event;
ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
},
onCreated: function onCreated(model, attrs, options) {
ghostBookshelf.Model.prototype.onCreated.apply(this, arguments);
model.emitChange('added', options);
}
});
Accesstokens = ghostBookshelf.Collection.extend({
model: Accesstoken
});
module.exports = {
Accesstoken: ghostBookshelf.model('Accesstoken', Accesstoken),
Accesstokens: ghostBookshelf.collection('Accesstokens', Accesstokens)
};

29
core/server/models/base/listeners.js
View file

@ -18,35 +18,6 @@ common.events.on('token.added', function (tokenModel) {
});
});
/**
* WHEN user get's suspended (status=inactive), we delete his tokens to ensure
* he can't login anymore
*
* NOTE:
* - this event get's triggered either on user update (suspended) or if an **active** user get's deleted.
* - if an active user get's deleted, we have to access the previous attributes, because this is how bookshelf works
* if you delete a user.
*/
common.events.on('user.deactivated', function (userModel, options) {
options = options || {};
options = _.merge({}, options, {id: userModel.id || userModel.previousAttributes().id});
if (options.importing) {
return;
}
models.Accesstoken.destroyByUser(options)
.then(function () {
return models.Refreshtoken.destroyByUser(options);
})
.catch(function (err) {
common.logging.error(new common.errors.GhostError({
err: err,
level: 'critical'
}));
});
});
/**
* WHEN timezone changes, we will:
* - reschedule all scheduled posts

2
core/server/models/index.js
View file

@ -15,13 +15,11 @@ require('./base/listeners');
exports = module.exports;
models = [
'accesstoken',
'app-field',
'app-setting',
'app',
'permission',
'post',
'refreshtoken',
'role',
'settings',
'session',

18
core/server/models/refreshtoken.js
View file

@ -1,18 +0,0 @@
var ghostBookshelf = require('./base'),
Basetoken = require('./base/token'),
Refreshtoken,
Refreshtokens;
Refreshtoken = Basetoken.extend({
tableName: 'refreshtokens'
});
Refreshtokens = ghostBookshelf.Collection.extend({
model: Refreshtoken
});
module.exports = {
Refreshtoken: ghostBookshelf.model('Refreshtoken', Refreshtoken),
Refreshtokens: ghostBookshelf.collection('Refreshtokens', Refreshtokens)
};

2
core/server/models/user.js
View file

@ -13,7 +13,7 @@ const _ = require('lodash'),
activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'],
/**
* inactive: owner user before blog setup, suspended users
* locked user: imported users, they get a random passport
* locked user: imported users, they get a random password
*/
inactiveStates = ['inactive', 'locked'],
allStates = activeStates.concat(inactiveStates);

3
core/test/acceptance/old/admin/utils.js
View file

@ -72,9 +72,6 @@ const expectedProperties = {
subscriber: _(schema.subscribers)
.keys()
,
accesstoken: _(schema.accesstokens)
.keys()
,
role: _(schema.roles)
.keys()
,

3
core/test/regression/api/canary/admin/utils.js
View file

@ -50,9 +50,6 @@ const expectedProperties = {
subscriber: _(schema.subscribers)
.keys()
,
accesstoken: _(schema.accesstokens)
.keys()
,
role: _(schema.roles)
.keys()
,

4
core/test/regression/api/v2/admin/utils.js
View file

@ -35,7 +35,6 @@ const expectedProperties = {
.without('visibility')
.without('password')
.without('locale')
.without('ghost_auth_access_token')
.without('ghost_auth_id')
.concat('url')
,
@ -50,9 +49,6 @@ const expectedProperties = {
subscriber: _(schema.subscribers)
.keys()
,
accesstoken: _(schema.accesstokens)
.keys()
,
role: _(schema.roles)
.keys()
,

1
core/test/regression/api/v2/content/utils.js
View file

@ -33,7 +33,6 @@ const expectedProperties = {
.without(
'password',
'email',
'ghost_auth_access_token',
'ghost_auth_id',
'created_at',
'created_by',

3
core/test/regression/api/v3/admin/utils.js
View file

@ -50,9 +50,6 @@ const expectedProperties = {
subscriber: _(schema.subscribers)
.keys()
,
accesstoken: _(schema.accesstokens)
.keys()
,
role: _(schema.roles)
.keys()
,

35
core/test/regression/models/base/listeners_spec.js
View file

@ -22,7 +22,7 @@ describe('Models: listeners', function () {
before(testUtils.teardown);
beforeEach(testUtils.setup('owner', 'user-token:0', 'settings'));
beforeEach(testUtils.setup('owner', 'settings'));
beforeEach(function () {
sinon.stub(common.events, 'on').callsFake(function (eventName, callback) {
@ -327,39 +327,6 @@ describe('Models: listeners', function () {
});
});
describe('on user is deactived', function () {
it('ensure tokens get deleted', function (done) {
var userId = testUtils.DataGenerator.Content.users[0].id,
timeout,
retries = 0;
(function retry() {
Promise.props({
accesstokens: models.Accesstoken.findAll({context: {internal: true}, id: userId}),
refreshtokens: models.Refreshtoken.findAll({context: {internal: true}, id: userId})
}).then(function (result) {
if (retries === 0) {
// trigger event after first check how many tokens the user has
eventsToRemember['user.deactivated']({
id: userId
});
result.accesstokens.length.should.eql(1);
result.refreshtokens.length.should.eql(1);
}
if (!result.accesstokens.length && !result.refreshtokens.length) {
return done();
}
retries = retries + 1;
clearTimeout(timeout);
timeout = setTimeout(retry, 500);
}).catch(done);
})();
});
});
describe('on notifications changed', function () {
it('nothing to delete', function (done) {
var notifications = JSON.stringify([

6
core/test/unit/data/exporter/index_spec.js
View file

@ -77,9 +77,6 @@ describe('Exporter', function () {
knexMock.getCall(13).args[0].should.eql('app_settings');
knexMock.getCall(14).args[0].should.eql('app_fields');
knexMock.calledWith('refreshtokens').should.be.false();
knexMock.calledWith('accesstokens').should.be.false();
done();
}).catch(done);
});
@ -123,9 +120,6 @@ describe('Exporter', function () {
knexMock.getCall(15).args[0].should.eql('clients');
knexMock.getCall(16).args[0].should.eql('client_trusted_domains');
knexMock.calledWith('refreshtokens').should.be.false();
knexMock.calledWith('accesstokens').should.be.false();
done();
}).catch(done);
});

2
core/test/unit/data/schema/integrity_spec.js
View file

@ -19,7 +19,7 @@ var should = require('should'),
*/
describe('DB version integrity', function () {
// Only these variables should need updating
const currentSchemaHash = 'b62a14bdddc43af7e36e304792e472b5';
const currentSchemaHash = '03cc85e710d3b421c71066afc7c25b39';
const currentFixturesHash = '4e08bb27bf16338b6eebad1f92a247d1';
// If this test is failing, then it is likely a change has been made that requires a DB version bump,

20
core/test/utils/index.js
View file

@ -353,17 +353,6 @@ fixtures = {
}, module.exports.context.internal);
},
// Creates a client, and access and refresh tokens for user with index or 2 by default
createTokensForUser: function createTokensForUser(index) {
return models.Accesstoken.add(DataGenerator.forKnex.createToken({
user_id: DataGenerator.Content.users[index || 2].id
}), module.exports.context.internal).then(function () {
return models.Refreshtoken.add(DataGenerator.forKnex.createToken({
user_id: DataGenerator.Content.users[index || 2].id
}), module.exports.context.internal);
});
},
insertOne: function insertOne(modelName, tableName, fn, index) {
const obj = DataGenerator.forKnex[fn](DataGenerator.Content[tableName][index || 0]);
return models[modelName].add(obj, module.exports.context.internal);
@ -452,10 +441,6 @@ fixtures = {
});
},
insertAccessToken: function insertAccessToken(override) {
return models.Accesstoken.insert(DataGenerator.forKnex.createToken(override), module.exports.context.internal);
},
insertInvites: function insertInvites() {
return Promise.map(DataGenerator.forKnex.invites, function (invite) {
return models.Invite.add(invite, module.exports.context.internal);
@ -592,9 +577,6 @@ toDoList = {
'users:extra': function createExtraUsers() {
return fixtures.createExtraUsers();
},
'user-token': function createTokensForUser(index) {
return fixtures.createTokensForUser(index);
},
owner: function insertOwnerUser() {
return fixtures.insertOwnerUser();
},
@ -666,7 +648,7 @@ getFixtureOps = function getFixtureOps(toDos) {
_.each(toDos, function (value, toDo) {
var tmp;
if ((toDo !== 'perms:init' && toDo.indexOf('perms:') !== -1) || toDo.indexOf('user-token:') !== -1) {
if ((toDo !== 'perms:init' && toDo.indexOf('perms:') !== -1)) {
tmp = toDo.split(':');
fixtureOps.push(function addCustomFixture() {

3
package.json
View file

@ -115,9 +115,6 @@
"nodemailer": "0.7.1",
"oauth2orize": "1.11.0",
"oembed-parser": "1.2.2",
"passport": "0.4.0",
"passport-http-bearer": "1.0.1",
"passport-oauth2-client-password": "0.1.2",
"path-match": "1.2.4",
"probe-image-size": "4.1.1",
"rss": "1.2.2",

32
yarn.lock
View file

@ -6284,33 +6284,6 @@ pascalcase@^0.1.1:
resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
integrity sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=
passport-http-bearer@1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/passport-http-bearer/-/passport-http-bearer-1.0.1.tgz#147469ea3669e2a84c6167ef99dbb77e1f0098a8"
integrity sha1-FHRp6jZp4qhMYWfvmdu3fh8AmKg=
dependencies:
passport-strategy "1.x.x"
passport-oauth2-client-password@0.1.2:
version "0.1.2"
resolved "https://registry.yarnpkg.com/passport-oauth2-client-password/-/passport-oauth2-client-password-0.1.2.tgz#4f378b678b92d16dbbd233a6c706520093e561ba"
integrity sha1-TzeLZ4uS0W270jOmxwZSAJPlYbo=
dependencies:
passport-strategy "1.x.x"
passport-strategy@1.x.x:
version "1.0.0"
resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4"
integrity sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=
passport@0.4.0:
version "0.4.0"
resolved "https://registry.yarnpkg.com/passport/-/passport-0.4.0.tgz#c5095691347bd5ad3b5e180238c3914d16f05811"
integrity sha1-xQlWkTR71a07XhgCOMORTRbwWBE=
dependencies:
passport-strategy "1.x.x"
pause "0.0.1"
path-dirname@^1.0.0:
version "1.0.2"
resolved "https://registry.yarnpkg.com/path-dirname/-/path-dirname-1.0.2.tgz#cc33d24d525e099a5388c0336c6e32b9160609e0"
@ -6401,11 +6374,6 @@ pathval@^1.1.0:
resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0"
integrity sha1-uULm1L3mUwBe9rcTYd74cn0GReA=
pause@0.0.1:
version "0.0.1"
resolved "https://registry.yarnpkg.com/pause/-/pause-0.0.1.tgz#1d408b3fdb76923b9543d96fb4c9dfd535d9cb5d"
integrity sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10=
pend@~1.2.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50"