tqt
/
Ghost
mirror of https://github.com/TryGhost/Ghost.git
2
1
Fork 0
Code Issues 1 Releases Wiki Activity
Ghost/core/server/api/authentication.js

556 lines
17 KiB
JavaScript
Raw Normal View History

Move setup to API closes #3136 - moved setup to authentication API - added `POST /ghost/api/v0.1/authentication/setup` to execute the setup process - added `GET /ghost/api/v0.1/authentication/setup` to check if blog is already set up (needed for #3145) - removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
var _ = require('lodash'),
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
validator = require('validator'),
pipeline = require('../utils/pipeline'),
Move setup to API closes #3136 - moved setup to authentication API - added `POST /ghost/api/v0.1/authentication/setup` to execute the setup process - added `GET /ghost/api/v0.1/authentication/setup` to check if blog is already set up (needed for #3145) - removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
dataProvider = require('../models'),
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
settings = require('./settings'),
mail = require('./mail'),
Change refresh token expiry no issue - acquiring a new access token using a refresh token sets the expiration time of the refresh token to now + 24 hrs. - moved all occurrences of ONE_HOUR, ONE_DAY and ONE_YEAR to `core/server/utils`
2014-07-28 15:19:49 +02:00
globalUtils = require('../utils'),
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
utils = require('./utils'),
errors = require('../errors'),
config = require('../config'),
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
i18n = require('../i18n'),
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
authentication;
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
/**
* Returns setup status
*
* @return {Promise<Boolean>}
*/
function checkSetup() {
return authentication.isSetup().then(function then(result) {
return result.setup[0].status;
});
}
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
/**
* Allows an assertion to be made about setup status.
*
* @param {Boolean} status True: setup must be complete. False: setup must not be complete.
* @return {Function} returns a "task ready" function
*/
function assertSetupCompleted(status) {
return function checkPermission(__) {
return checkSetup().then(function then(isSetup) {
if (isSetup === status) {
return __;
}
var completed = i18n.t('errors.api.authentication.setupAlreadyCompleted'),
notCompleted = i18n.t('errors.api.authentication.setupMustBeCompleted');
function throwReason(reason) {
throw new errors.NoPermissionError(reason);
}
if (isSetup) {
throwReason(completed);
} else {
throwReason(notCompleted);
}
});
};
}
function setupTasks(setupData) {
var tasks;
function validateData(setupData) {
return utils.checkObject(setupData, 'setup').then(function then(checked) {
var data = checked.setup[0];
return {
name: data.name,
email: data.email,
password: data.password,
blogTitle: data.blogTitle,
status: 'active'
};
});
}
function setupUser(userData) {
var context = {context: {internal: true}},
User = dataProvider.User;
return User.findOne({role: 'Owner', status: 'all'}).then(function then(owner) {
if (!owner) {
throw new errors.InternalServerError(
i18n.t('errors.api.authentication.setupUnableToRun')
);
}
return User.setup(userData, _.extend({id: owner.id}, context));
}).then(function then(user) {
return {
user: user,
userData: userData
};
});
}
function doSettings(data) {
var user = data.user,
blogTitle = data.userData.blogTitle,
context = {context: {user: data.user.id}},
userSettings;
if (!blogTitle || typeof blogTitle !== 'string') {
return user;
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
}
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
userSettings = [
{key: 'title', value: blogTitle.trim()},
{key: 'description', value: i18n.t('common.api.authentication.sampleBlogDescription')}
];
return settings.edit({settings: userSettings}, context).return(user);
}
function formatResponse(user) {
return user.toJSON({context: {internal: true}});
}
tasks = [
validateData,
setupUser,
doSettings,
formatResponse
];
return pipeline(tasks, setupData);
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
}
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
/**
* ## Authentication API Methods
*
* **See:** [API Methods](index.js.html#api%20methods)
*/
authentication = {
/**
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
* @description generate a reset token for a given email address
* @param {Object} resetRequest
* @returns {Promise<Object>} message
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
*/
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
generateResetToken: function generateResetToken(resetRequest) {
var tasks;
Invite user API closes #3080 - added users.invite() to add user from email with random password - added `GET /ghost/api/v0.1/users/` to invite users and resend invitations - removed one user limit - added global utils for uid generation - changed some „“ to ‚‘
2014-07-02 16:22:18 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function validateRequest(resetRequest) {
return utils.checkObject(resetRequest, 'passwordreset').then(function then(data) {
var email = data.passwordreset[0].email;
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
if (typeof email !== 'string' || !validator.isEmail(email)) {
throw new errors.BadRequestError(
i18n.t('errors.api.authentication.noEmailProvided')
);
}
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return email;
});
}
Made ember version of reset password work Closes #2843 * Implemnted the ember validator correctly for both reset request and actual reset (with the token) * added reset validator * changed the request route addresses to be `/authentication/passwordreset` * changed the format of data to be `{ thing: [ {data } ] }` Missing: * notifications * tests for these use cases
2014-06-27 21:08:16 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function generateToken(email) {
var settingsQuery = {context: {internal: true}, key: 'dbHash'};
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 02:15:34 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return settings.read(settingsQuery).then(function then(response) {
var dbHash = response.settings[0].value,
expiresAt = Date.now() + globalUtils.ONE_DAY_MS;
return dataProvider.User.generateResetToken(email, expiresAt, dbHash);
}).then(function then(resetToken) {
return {
email: email,
resetToken: resetToken
};
});
}
function sendResetNotification(data) {
var baseUrl = config.forceAdminSSL ? (config.urlSSL || config.url) : config.url,
resetUrl = baseUrl.replace(/\/$/, '') +
'/ghost/reset/' +
globalUtils.encodeBase64URLsafe(data.resetToken) + '/';
return mail.generateContent({
data: {
resetUrl: resetUrl
},
template: 'reset-password'
}).then(function then(content) {
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 02:15:34 +02:00
var payload = {
mail: [{
message: {
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
to: data.email,
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations
2015-11-12 13:29:45 +01:00
subject: i18n.t('common.api.authentication.mail.resetPassword'),
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
html: content.html,
text: content.text
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 02:15:34 +02:00
},
options: {}
}]
};
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 02:15:34 +02:00
return mail.send(payload, {context: {internal: true}});
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
});
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
}
function formatResponse() {
return {
passwordreset: [
{message: i18n.t('common.api.authentication.mail.checkEmailForInstructions')}
]
};
}
tasks = [
assertSetupCompleted(true),
validateRequest,
generateToken,
sendResetNotification,
formatResponse
];
return pipeline(tasks, resetRequest);
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
},
/**
* ## Reset Password
* reset password if a valid token and password (2x) is passed
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
* @param {Object} resetRequest
* @returns {Promise<Object>} message
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
*/
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
resetPassword: function resetPassword(resetRequest) {
var tasks;
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function validateRequest(resetRequest) {
return utils.checkObject(resetRequest, 'passwordreset');
}
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function doReset(resetRequest) {
var settingsQuery = {context: {internal: true}, key: 'dbHash'},
data = resetRequest.passwordreset[0],
resetToken = data.token,
newPassword = data.newPassword,
ne2Password = data.ne2Password;
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return settings.read(settingsQuery).then(function then(response) {
Fix regressions with password reset fixes #5564 - adds missing part of `/setup/` url in authentication middleware - ensures data is passed through from API to model in correct (new) format for password reset - re-adds missing/incorrectly commented out auth tests, and verifies that reset as far as token validation
2015-07-16 22:40:19 +02:00
return dataProvider.User.resetPassword({
token: resetToken,
newPassword: newPassword,
ne2Password: ne2Password,
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
dbHash: response.settings[0].value
Fix regressions with password reset fixes #5564 - adds missing part of `/setup/` url in authentication middleware - ensures data is passed through from API to model in correct (new) format for password reset - re-adds missing/incorrectly commented out auth tests, and verifies that reset as far as token validation
2015-07-16 22:40:19 +02:00
});
Replace the when promise library with bluebird. Closes #968
2014-08-17 08:17:23 +02:00
}).catch(function (error) {
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
throw new errors.UnauthorizedError(error.message);
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
});
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
}
function formatResponse() {
return {
passwordreset: [
{message: i18n.t('common.api.authentication.mail.passwordChanged')}
]
};
}
tasks = [
assertSetupCompleted(true),
validateRequest,
doReset,
formatResponse
];
return pipeline(tasks, resetRequest);
Allow user to accept invitation closes #3081 - added route `/ghost/api/v0.1/authentication/invitation` - added accept invitation - added signup with token - removed check() from users api - fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
},
/**
* ### Accept Invitation
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
* @param {Object} invitation an invitation object
* @returns {Promise<Object>}
Allow user to accept invitation closes #3081 - added route `/ghost/api/v0.1/authentication/invitation` - added accept invitation - added signup with token - removed check() from users api - fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
*/
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
acceptInvitation: function acceptInvitation(invitation) {
var tasks;
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function validateInvitation(invitation) {
return utils.checkObject(invitation, 'invitation');
}
Allow user to accept invitation closes #3081 - added route `/ghost/api/v0.1/authentication/invitation` - added accept invitation - added signup with token - removed check() from users api - fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function processInvitation(invitation) {
var User = dataProvider.User,
settingsQuery = {context: {internal: true}, key: 'dbHash'},
data = invitation.invitation[0],
resetToken = data.token,
newPassword = data.password,
email = data.email,
name = data.name;
return settings.read(settingsQuery).then(function then(response) {
return User.resetPassword({
Fix regressions with password reset fixes #5564 - adds missing part of `/setup/` url in authentication middleware - ensures data is passed through from API to model in correct (new) format for password reset - re-adds missing/incorrectly commented out auth tests, and verifies that reset as far as token validation
2015-07-16 22:40:19 +02:00
token: resetToken,
newPassword: newPassword,
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
ne2Password: newPassword,
dbHash: response.settings[0].value
Fix regressions with password reset fixes #5564 - adds missing part of `/setup/` url in authentication middleware - ensures data is passed through from API to model in correct (new) format for password reset - re-adds missing/incorrectly commented out auth tests, and verifies that reset as far as token validation
2015-07-16 22:40:19 +02:00
});
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
}).then(function then(user) {
return User.edit({name: name, email: email, slug: ''}, {id: user.id});
Replace the when promise library with bluebird. Closes #968
2014-08-17 08:17:23 +02:00
}).catch(function (error) {
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
throw new errors.UnauthorizedError(error.message);
Allow user to accept invitation closes #3081 - added route `/ghost/api/v0.1/authentication/invitation` - added accept invitation - added signup with token - removed check() from users api - fixed promise in resetPassword()
2014-07-03 17:06:07 +02:00
});
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
}
function formatResponse() {
return {
invitation: [
{message: i18n.t('common.api.authentication.mail.invitationAccepted')}
]
};
}
tasks = [
assertSetupCompleted(true),
validateInvitation,
processInvitation,
formatResponse
];
return pipeline(tasks, invitation);
Move setup to API closes #3136 - moved setup to authentication API - added `POST /ghost/api/v0.1/authentication/setup` to execute the setup process - added `GET /ghost/api/v0.1/authentication/setup` to check if blog is already set up (needed for #3145) - removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
},
Redirect user if signup invitation isn't valid Closes #3565 - Added server API isInvitation (analog to isSetup), checking if an invitation exists for a given email address. - If the invitation is no longer valid (or didn’t exist in the first place), the user is redirected and an error notification is shown.
2014-08-25 04:34:26 +02:00
/**
* ### Check for invitation
* @param {Object} options
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
* @returns {Promise<Object>} An invitation status
Redirect user if signup invitation isn't valid Closes #3565 - Added server API isInvitation (analog to isSetup), checking if an invitation exists for a given email address. - If the invitation is no longer valid (or didn’t exist in the first place), the user is redirected and an error notification is shown.
2014-08-25 04:34:26 +02:00
*/
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
isInvitation: function isInvitation(options) {
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
var tasks,
localOptions = _.cloneDeep(options || {});
Redirect user if signup invitation isn't valid Closes #3565 - Added server API isInvitation (analog to isSetup), checking if an invitation exists for a given email address. - If the invitation is no longer valid (or didn’t exist in the first place), the user is redirected and an error notification is shown.
2014-08-25 04:34:26 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function processArgs(options) {
var email = options.email;
if (typeof email !== 'string' || !validator.isEmail(email)) {
throw new errors.BadRequestError(
i18n.t('errors.api.authentication.invalidEmailReceived')
);
Redirect user if signup invitation isn't valid Closes #3565 - Added server API isInvitation (analog to isSetup), checking if an invitation exists for a given email address. - If the invitation is no longer valid (or didn’t exist in the first place), the user is redirected and an error notification is shown.
2014-08-25 04:34:26 +02:00
}
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return email;
}
function checkInvitation(email) {
return dataProvider.User
.where({email: email, status: 'invited'})
.count('id')
.then(function then(count) {
return !!count;
Redirect user if signup invitation isn't valid Closes #3565 - Added server API isInvitation (analog to isSetup), checking if an invitation exists for a given email address. - If the invitation is no longer valid (or didn’t exist in the first place), the user is redirected and an error notification is shown.
2014-08-25 04:34:26 +02:00
});
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
}
function formatResponse(isInvited) {
return {invitation: [{valid: isInvited}]};
}
tasks = [
processArgs,
assertSetupCompleted(true),
checkInvitation,
formatResponse
];
return pipeline(tasks, localOptions);
Redirect user if signup invitation isn't valid Closes #3565 - Added server API isInvitation (analog to isSetup), checking if an invitation exists for a given email address. - If the invitation is no longer valid (or didn’t exist in the first place), the user is redirected and an error notification is shown.
2014-08-25 04:34:26 +02:00
},
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
/**
* Checks the setup status
* @return {Promise}
*/
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
isSetup: function isSetup() {
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
var tasks,
validStatuses = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4', 'locked'];
function checkSetupStatus() {
return dataProvider.User
.where('status', 'in', validStatuses)
.count('id')
.then(function (count) {
return !!count;
});
}
Move setup to API closes #3136 - moved setup to authentication API - added `POST /ghost/api/v0.1/authentication/setup` to execute the setup process - added `GET /ghost/api/v0.1/authentication/setup` to check if blog is already set up (needed for #3145) - removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function formatResponse(isSetup) {
Cleanup indentation now JSCS can see it - this is needed to make #6925 mergable
2016-06-11 21:25:15 +02:00
return {setup: [
{
status: isSetup,
// Pre-populate from config if, and only if the values exist in config.
title: config.title || undefined,
name: config.user_name || undefined,
email: config.user_email || undefined
}
]};
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
}
Move setup to API closes #3136 - moved setup to authentication API - added `POST /ghost/api/v0.1/authentication/setup` to execute the setup process - added `GET /ghost/api/v0.1/authentication/setup` to check if blog is already set up (needed for #3145) - removed unused methods from api/users.js
2014-07-11 14:17:09 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
tasks = [
checkSetupStatus,
formatResponse
];
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return pipeline(tasks);
},
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
/**
* Executes the setup tasks and sends an email to the owner
* @param {Object} setupDetails
* @return {Promise<Object>} a user api payload
*/
setup: function setup(setupDetails) {
var tasks;
Extending context concept to models fixes #3275, fixes #3290, ref #3086, ref #3084 - Ensure that we use the current logged in user and not just user 1 when - removing hard coded user: 1 except where absolutely necessary - passing context, rather than user to models - base model has a new function to determine what id to use for created_by etc
2014-07-15 13:03:12 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function doSetup(setupDetails) {
return setupTasks(setupDetails);
}
function sendNotification(setupUser) {
Implementing HTML emails closes #3082 - no more in-line HTML strings - adding files for "welcome", "reset password", and "invite user" emails - added mail.generateContent() to create HTML and plain-text email content - refactored methods that trigger emails to send both HTML and plain-text emails
2014-07-23 03:22:13 +02:00
var data = {
ownerEmail: setupUser.email
};
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return mail.generateContent({data: data, template: 'welcome'})
.then(function then(content) {
var message = {
to: setupUser.email,
subject: i18n.t('common.api.authentication.mail.yourNewGhostBlog'),
html: content.html,
text: content.text
},
payload = {
mail: [{
message: message,
options: {}
}]
};
mail.send(payload, {context: {internal: true}}).catch(function (error) {
errors.logError(
error.message,
i18n.t(
fix email error log templat
2016-04-13 08:51:00 +02:00
'errors.api.authentication.unableToSendWelcomeEmail'
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
),
fix email error log templat
2016-04-13 08:51:00 +02:00
i18n.t('errors.api.authentication.checkEmailConfigInstructions', {url: 'http://support.ghost.org/mail/'})
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
);
});
})
.return(setupUser);
}
User edit & add endpoints cleanup - edit and add endpoints don't assume role - edit and add endpoints cope with no role, role objects, and strings - resend user invite was failing at one point due to no role being sent, but this shouldn't be required - other random api cleanup
2014-07-31 02:15:34 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function formatResponse(setupUser) {
return {users: [setupUser]};
}
tasks = [
assertSetupCompleted(false),
doSetup,
sendNotification,
formatResponse
];
return pipeline(tasks, setupDetails);
Delete revoked tokens closes #3758 - new API method to delete access and refresh token - use new ember-simple-auth config to revoke tokens on logout - new method to delete tokens by .. token
2014-09-01 20:02:46 +02:00
},
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
/**
* Updates the blog setup
* @param {Object} setupDetails request payload with setup details
* @param {Object} options
* @return {Promise<Object>} a User API response payload
*/
updateSetup: function updateSetup(setupDetails, options) {
var tasks,
localOptions = _.cloneDeep(options || {});
function processArgs(setupDetails, options) {
if (!options.context || !options.context.user) {
throw new errors.NoPermissionError(i18n.t('errors.api.authentication.notTheBlogOwner'));
}
return _.assign({setupDetails: setupDetails}, options);
Delete revoked tokens closes #3758 - new API method to delete access and refresh token - use new ember-simple-auth config to revoke tokens on logout - new method to delete tokens by .. token
2014-09-01 20:02:46 +02:00
}
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function checkPermission(options) {
return dataProvider.User.findOne({role: 'Owner', status: 'all'})
.then(function (owner) {
if (owner.id !== options.context.user) {
throw new errors.NoPermissionError(i18n.t('errors.api.authentication.notTheBlogOwner'));
}
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
return options.setupDetails;
});
}
adds put route to authentication setup closes #5342 - adds put version of authentication/setup that allows for updating of owner/settings values - doesn't send welcome email - adds tests for new put route
2015-05-27 06:14:43 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function formatResponse(user) {
return {users: [user]};
}
tasks = [
processArgs,
assertSetupCompleted(true),
checkPermission,
setupTasks,
formatResponse
];
return pipeline(tasks, setupDetails, localOptions);
re-added revoke method to authentication api closes #5530 - adds revoke api method back into code base
2015-07-07 23:39:43 +02:00
},
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
/**
* Revokes a bearer token.
* @param {Object} tokenDetails
* @param {Object} options
* @return {Promise<Object>} an object containing the revoked token.
*/
revoke: function revokeToken(tokenDetails, options) {
var tasks,
localOptions = _.cloneDeep(options || {});
re-added revoke method to authentication api closes #5530 - adds revoke api method back into code base
2015-07-07 23:39:43 +02:00
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function processArgs(tokenDetails, options) {
return _.assign({}, tokenDetails, options);
re-added revoke method to authentication api closes #5530 - adds revoke api method back into code base
2015-07-07 23:39:43 +02:00
}
Refactor authentication API into pipeline format Refs #5508
2016-03-06 19:18:33 +01:00
function revokeToken(options) {
var providers = [
dataProvider.Refreshtoken,
dataProvider.Accesstoken
],
response = {token: options.token};
function destroyToken(provider, options, providers) {
return provider.destroyByToken(options)
.return(response)
.catch(provider.NotFoundError, function () {
if (!providers.length) {
return {
token: tokenDetails.token,
error: i18n.t('errors.api.authentication.invalidTokenProvided')
};
}
return destroyToken(providers.pop(), options, providers);
})
.catch(function () {
throw new errors.TokenRevocationError(
i18n.t('errors.api.authentication.tokenRevocationFailed')
);
});
}
return destroyToken(providers.pop(), options, providers);
}
tasks = [
processArgs,
revokeToken
];
return pipeline(tasks, tokenDetails, localOptions);
User API changes closes #2822 - added destroy user method - added remove user permission - added API end point for get reset token - added API end point for reset password - added API end point for change password
2014-06-20 11:15:01 +02:00
}
};
Check setup status when making API responses Closes #3303, Closes #3299 - Check whether or not setup has been completed when deciding how to respond to certain API requests. - Add tests.
2014-07-18 22:40:47 +02:00
module.exports = authentication;