mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-24 23:48:13 -05:00
b875cc339d
no issue - Drops `ghost_auth_access_token` and `ghost_auth_id` fields since not used anymore - Adds migration for dropping these columns from users table - Drops Auth strategy - `ghostStrategy` - since its not used anymore
73 lines
2.9 KiB
JavaScript
73 lines
2.9 KiB
JavaScript
const models = require('../../models');
|
|
const common = require('../../lib/common');
|
|
let strategies;
|
|
|
|
strategies = {
|
|
|
|
/**
|
|
* ClientPasswordStrategy
|
|
*
|
|
* This strategy is used to authenticate registered OAuth clients. It is
|
|
* employed to protect the `token` endpoint, which consumers use to obtain
|
|
* access tokens. The OAuth 2.0 specification suggests that clients use the
|
|
* HTTP Basic scheme to authenticate (not implemented yet).
|
|
* Use of the client password strategy is implemented to support ember-simple-auth.
|
|
*/
|
|
clientPasswordStrategy: function clientPasswordStrategy(clientId, clientSecret, done) {
|
|
return models.Client.findOne({slug: clientId}, {withRelated: ['trustedDomains']})
|
|
.then(function then(model) {
|
|
if (model) {
|
|
var client = model.toJSON({withRelated: ['trustedDomains']});
|
|
if (client.status === 'enabled' && client.secret === clientSecret) {
|
|
return done(null, client);
|
|
}
|
|
}
|
|
return done(null, false);
|
|
});
|
|
},
|
|
|
|
/**
|
|
* BearerStrategy
|
|
*
|
|
* This strategy is used to authenticate users based on an access token (aka a
|
|
* bearer token). The user must have previously authorized a client
|
|
* application, which is issued an access token to make requests on behalf of
|
|
* the authorizing user.
|
|
*/
|
|
bearerStrategy: function bearerStrategy(accessToken, done) {
|
|
return models.Accesstoken.findOne({token: accessToken})
|
|
.then(function then(model) {
|
|
if (model) {
|
|
var token = model.toJSON();
|
|
if (token.expires > Date.now()) {
|
|
return models.User.findOne({id: token.user_id})
|
|
.then(function then(model) {
|
|
if (!model) {
|
|
return done(null, false);
|
|
}
|
|
|
|
if (!model.isActive()) {
|
|
throw new common.errors.NoPermissionError({
|
|
message: common.i18n.t('errors.models.user.accountSuspended')
|
|
});
|
|
}
|
|
|
|
var user = model.toJSON(),
|
|
info = {scope: '*'};
|
|
|
|
return done(null, {id: user.id}, info);
|
|
})
|
|
.catch(function (err) {
|
|
return done(err);
|
|
});
|
|
} else {
|
|
return done(null, false);
|
|
}
|
|
} else {
|
|
return done(null, false);
|
|
}
|
|
});
|
|
}
|
|
};
|
|
|
|
module.exports = strategies;
|