Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

🎨 validate ghost profile/token response (#7761)

Browse source 
no issue

- check if profile or access token exists when receiving the response from Ghost Auth server
This commit is contained in:
Katharina Irrgang 2017-01-31 11:04:09 +01:00 committed by GitHub
parent 89d40133a0
commit eebdfab7b0
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/server/auth/auth-strategies.js
View file

@ -69,14 +69,19 @@ strategies = {
* - via invite token * - via invite token
* - via normal auth * - via normal auth
* - via setup * - via setup
*
* @TODO: validate GhostAuth profile?
*/ */
ghostStrategy: function ghostStrategy(req, ghostAuthAccessToken, ghostAuthRefreshToken, profile, done) { ghostStrategy: function ghostStrategy(req, ghostAuthAccessToken, ghostAuthRefreshToken, profile, done) {
var inviteToken = req.body.inviteToken, var inviteToken = req.body.inviteToken,
options = {context: {internal: true}}, options = {context: {internal: true}},
handleInviteToken, handleSetup; handleInviteToken, handleSetup;
// CASE: socket hangs up for example
if (!ghostAuthAccessToken || !profile) {
return done(new errors.NoPermissionError({
help: 'Please try again.'
}));
}
handleInviteToken = function handleInviteToken() { handleInviteToken = function handleInviteToken() {
var user, invite; var user, invite;
inviteToken = utils.decodeBase64URLsafe(inviteToken); inviteToken = utils.decodeBase64URLsafe(inviteToken);