mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-06 22:40:14 -05:00
c8e8da4780
closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
53 lines
No EOL
1.4 KiB
JavaScript
53 lines
No EOL
1.4 KiB
JavaScript
var ghostBookshelf = require('./base'),
|
|
User = require('./user'),
|
|
Client = require('./client'),
|
|
|
|
Accesstoken,
|
|
Accesstokens;
|
|
|
|
Accesstoken = ghostBookshelf.Model.extend({
|
|
|
|
tableName: 'accesstokens',
|
|
|
|
user: function () {
|
|
return this.belongsTo(User);
|
|
},
|
|
|
|
client: function () {
|
|
return this.belongsTo(Client);
|
|
},
|
|
|
|
// override for base function since we don't have
|
|
// a created_by field for sessions
|
|
creating: function (newObj, attr, options) {
|
|
/*jshint unused:false*/
|
|
},
|
|
|
|
// override for base function since we don't have
|
|
// a updated_by field for sessions
|
|
saving: function (newObj, attr, options) {
|
|
/*jshint unused:false*/
|
|
// Remove any properties which don't belong on the model
|
|
this.attributes = this.pick(this.permittedAttributes());
|
|
}
|
|
|
|
}, {
|
|
destroyAllExpired: function (options) {
|
|
options = this.filterOptions(options, 'destroyAll');
|
|
return ghostBookshelf.Collection.forge([], {model: this})
|
|
.query('where', 'expires', '<', Date.now())
|
|
.fetch()
|
|
.then(function (collection) {
|
|
collection.invokeThen('destroy', options);
|
|
});
|
|
}
|
|
});
|
|
|
|
Accesstokens = ghostBookshelf.Collection.extend({
|
|
model: Accesstoken
|
|
});
|
|
|
|
module.exports = {
|
|
Accesstoken: Accesstoken,
|
|
Accesstokens: Accesstokens
|
|
}; |