OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eebdfab7b0
Ghost/core/server/auth/authenticate.js
Katharina Irrgang 48387e4ffd 🎨 tidy up static id (owner, internal, external) usages (#7675) 
refs #7494, refs #7495 

This PR is an extracted clean up feature of #7495.
We are using everywhere static id checks (userId === 0 or userId === 1).
This PR moves the static values into the Base model.
This makes it 1. way more readable and 2. we can change the id's in a central place.

I changed the most important occurrences - no tests are touched (yet!).

The background is: when changing from auto increment id (number) to ObjectId's (string) we still need to support id 1 and 0, because Ghost relies on these two static id's.
I would like to support using both: 0/1 as string and 0/1 as number.

1 === owner/internal
0 === external

Another important change:
User Model does not longer define the contextUser method, because i couldn't find a reason?
I looked in Git history, see 6e48275160
2016-11-09 15:01:07 +00:00

113 lines
3.9 KiB
JavaScript
Raw Blame History

var passport = require('passport'),
errors = require('../errors'),
models = require('../models'),
events = require('../events'),
i18n = require('../i18n'),
authenticate;
function isBearerAutorizationHeader(req) {
var parts,
scheme,
credentials;
if (req.headers && req.headers.authorization) {
parts = req.headers.authorization.split(' ');
} else if (req.query && req.query.access_token) {
return true;
} else {
return false;
}
if (parts.length === 2) {
scheme = parts[0];
credentials = parts[1];
if (/^Bearer$/i.test(scheme)) {
return true;
}
}
return false;
}
authenticate = {
// ### Authenticate Client Middleware
authenticateClient: function authenticateClient(req, res, next) {
// skip client authentication if bearer token is present
if (isBearerAutorizationHeader(req)) {
return next();
}
if (req.query && req.query.client_id) {
req.body.client_id = req.query.client_id;
}
if (req.query && req.query.client_secret) {
req.body.client_secret = req.query.client_secret;
}
if (!req.body.client_id || !req.body.client_secret) {
return next(new errors.UnauthorizedError({
message: i18n.t('errors.middleware.auth.accessDenied'),
context: i18n.t('errors.middleware.auth.clientCredentialsNotProvided'),
help: i18n.t('errors.middleware.auth.forInformationRead', {url: 'http://api.ghost.org/docs/client-authentication'})
}));
}
return passport.authenticate(['oauth2-client-password'], {session: false, failWithError: false},
function authenticate(err, client) {
if (err) {
return next(err); // will generate a 500 error
}
// req.body needs to be null for GET requests to build options correctly
delete req.body.client_id;
delete req.body.client_secret;
if (!client) {
return next(new errors.UnauthorizedError({
message: i18n.t('errors.middleware.auth.accessDenied'),
context: i18n.t('errors.middleware.auth.clientCredentialsNotValid'),
help: i18n.t('errors.middleware.auth.forInformationRead', {url: 'http://api.ghost.org/docs/client-authentication'})
}));
}
req.client = client;
events.emit('client.authenticated', client);
return next(null, client);
}
)(req, res, next);
},
// ### Authenticate User Middleware
authenticateUser: function authenticateUser(req, res, next) {
return passport.authenticate('bearer', {session: false, failWithError: false},
function authenticate(err, user, info) {
if (err) {
return next(err); // will generate a 500 error
}
if (user) {
req.authInfo = info;
req.user = user;
events.emit('user.authenticated', user);
return next(null, user, info);
} else if (isBearerAutorizationHeader(req)) {
return next(new errors.UnauthorizedError({
message: i18n.t('errors.middleware.auth.accessDenied')
}));
} else if (req.client) {
req.user = {id: models.User.externalUser};
return next();
}
return next(new errors.UnauthorizedError({
message: i18n.t('errors.middleware.auth.accessDenied')
}));
}
)(req, res, next);
}
};
module.exports = authenticate;
Reference in New Issue View Git Blame Copy Permalink