2014-07-11 14:17:09 +02:00
|
|
|
var _ = require('lodash'),
|
|
|
|
|
dataProvider = require('../models'),
|
2014-06-20 11:15:01 +02:00
|
|
|
settings = require('./settings'),
|
|
|
|
|
mail = require('./mail'),
|
2014-07-28 15:19:49 +02:00
|
|
|
globalUtils = require('../utils'),
|
2014-06-20 11:15:01 +02:00
|
|
|
utils = require('./utils'),
|
2014-08-17 08:17:23 +02:00
|
|
|
Promise = require('bluebird'),
|
2014-06-20 11:15:01 +02:00
|
|
|
errors = require('../errors'),
|
|
|
|
|
config = require('../config'),
|
2015-11-12 13:29:45 +01:00
|
|
|
i18n = require('../i18n'),
|
2014-06-20 11:15:01 +02:00
|
|
|
authentication;
|
|
|
|
|
|
2015-05-27 06:14:43 +02:00
|
|
|
function setupTasks(object) {
|
|
|
|
|
var setupUser,
|
|
|
|
|
internal = {context: {internal: true}};
|
|
|
|
|
|
|
|
|
|
return utils.checkObject(object, 'setup').then(function (checkedSetupData) {
|
|
|
|
|
setupUser = {
|
|
|
|
|
name: checkedSetupData.setup[0].name,
|
|
|
|
|
email: checkedSetupData.setup[0].email,
|
|
|
|
|
password: checkedSetupData.setup[0].password,
|
|
|
|
|
blogTitle: checkedSetupData.setup[0].blogTitle,
|
|
|
|
|
status: 'active'
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return dataProvider.User.findOne({role: 'Owner', status: 'all'});
|
|
|
|
|
}).then(function (ownerUser) {
|
|
|
|
|
if (ownerUser) {
|
|
|
|
|
return dataProvider.User.setup(setupUser, _.extend({id: ownerUser.id}, internal));
|
|
|
|
|
} else {
|
|
|
|
|
return dataProvider.Role.findOne({name: 'Owner'}).then(function (ownerRole) {
|
|
|
|
|
setupUser.roles = [ownerRole.id];
|
|
|
|
|
return dataProvider.User.add(setupUser, internal);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}).then(function (user) {
|
|
|
|
|
var userSettings = [];
|
|
|
|
|
|
|
|
|
|
// Handles the additional values set by the setup screen.
|
|
|
|
|
if (!_.isEmpty(setupUser.blogTitle)) {
|
|
|
|
|
userSettings.push({key: 'title', value: setupUser.blogTitle});
|
2015-11-12 13:29:45 +01:00
|
|
|
userSettings.push({key: 'description', value: i18n.t('common.api.authentication.sampleBlogDescription')});
|
2015-05-27 06:14:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
setupUser = user.toJSON(internal);
|
|
|
|
|
return settings.edit({settings: userSettings}, {context: {user: setupUser.id}});
|
|
|
|
|
}).then(function () {
|
|
|
|
|
return Promise.resolve(setupUser);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-20 11:15:01 +02:00
|
|
|
/**
|
|
|
|
|
* ## Authentication API Methods
|
|
|
|
|
*
|
|
|
|
|
* **See:** [API Methods](index.js.html#api%20methods)
|
|
|
|
|
*/
|
|
|
|
|
authentication = {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* ## Generate Reset Token
|
|
|
|
|
* generate a reset token for a given email address
|
2014-09-10 06:06:24 +02:00
|
|
|
* @param {Object} object
|
2014-06-20 11:15:01 +02:00
|
|
|
* @returns {Promise(passwordreset)} message
|
|
|
|
|
*/
|
|
|
|
|
generateResetToken: function generateResetToken(object) {
|
2014-07-28 15:19:49 +02:00
|
|
|
var expires = Date.now() + globalUtils.ONE_DAY_MS,
|
2014-06-20 11:15:01 +02:00
|
|
|
email;
|
2014-07-02 16:22:18 +02:00
|
|
|
|
2014-07-18 22:40:47 +02:00
|
|
|
return authentication.isSetup().then(function (result) {
|
|
|
|
|
var setup = result.setup[0].status;
|
|
|
|
|
|
|
|
|
|
if (!setup) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.setupMustBeCompleted')));
|
2014-07-18 22:40:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return utils.checkObject(object, 'passwordreset');
|
|
|
|
|
}).then(function (checkedPasswordReset) {
|
2014-06-20 11:15:01 +02:00
|
|
|
if (checkedPasswordReset.passwordreset[0].email) {
|
|
|
|
|
email = checkedPasswordReset.passwordreset[0].email;
|
|
|
|
|
} else {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.BadRequestError(i18n.t('errors.api.authentication.noEmailProvided')));
|
2014-06-20 11:15:01 +02:00
|
|
|
}
|
2014-06-27 21:08:16 +02:00
|
|
|
|
2014-10-21 23:18:45 +02:00
|
|
|
return settings.read({context: {internal: true}, key: 'dbHash'})
|
|
|
|
|
.then(function (response) {
|
2014-06-20 11:15:01 +02:00
|
|
|
var dbHash = response.settings[0].value;
|
2014-07-02 16:22:18 +02:00
|
|
|
return dataProvider.User.generateResetToken(email, expires, dbHash);
|
|
|
|
|
}).then(function (resetToken) {
|
2014-07-17 16:33:21 +02:00
|
|
|
var baseUrl = config.forceAdminSSL ? (config.urlSSL || config.url) : config.url,
|
2014-12-01 16:59:49 +01:00
|
|
|
resetUrl = baseUrl.replace(/\/$/, '') + '/ghost/reset/' + globalUtils.encodeBase64URLsafe(resetToken) + '/';
|
2014-07-31 02:15:34 +02:00
|
|
|
|
2014-09-10 06:06:24 +02:00
|
|
|
return mail.generateContent({data: {resetUrl: resetUrl}, template: 'reset-password'});
|
2014-07-31 02:15:34 +02:00
|
|
|
}).then(function (emailContent) {
|
|
|
|
|
var payload = {
|
|
|
|
|
mail: [{
|
|
|
|
|
message: {
|
|
|
|
|
to: email,
|
2015-11-12 13:29:45 +01:00
|
|
|
subject: i18n.t('common.api.authentication.mail.resetPassword'),
|
2014-07-31 02:15:34 +02:00
|
|
|
html: emailContent.html,
|
|
|
|
|
text: emailContent.text
|
|
|
|
|
},
|
|
|
|
|
options: {}
|
|
|
|
|
}]
|
|
|
|
|
};
|
|
|
|
|
return mail.send(payload, {context: {internal: true}});
|
2014-07-02 16:22:18 +02:00
|
|
|
}).then(function () {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.resolve({passwordreset: [{message: i18n.t('common.api.authentication.mail.checkEmailForInstructions')}]});
|
2014-08-17 08:17:23 +02:00
|
|
|
}).catch(function (error) {
|
|
|
|
|
return Promise.reject(error);
|
2014-06-20 11:15:01 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* ## Reset Password
|
|
|
|
|
* reset password if a valid token and password (2x) is passed
|
2014-09-10 06:06:24 +02:00
|
|
|
* @param {Object} object
|
2014-06-20 11:15:01 +02:00
|
|
|
* @returns {Promise(passwordreset)} message
|
|
|
|
|
*/
|
|
|
|
|
resetPassword: function resetPassword(object) {
|
|
|
|
|
var resetToken,
|
|
|
|
|
newPassword,
|
|
|
|
|
ne2Password;
|
2014-07-18 22:40:47 +02:00
|
|
|
|
|
|
|
|
return authentication.isSetup().then(function (result) {
|
|
|
|
|
var setup = result.setup[0].status;
|
|
|
|
|
|
|
|
|
|
if (!setup) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.setupMustBeCompleted')));
|
2014-07-18 22:40:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return utils.checkObject(object, 'passwordreset');
|
|
|
|
|
}).then(function (checkedPasswordReset) {
|
2014-06-20 11:15:01 +02:00
|
|
|
resetToken = checkedPasswordReset.passwordreset[0].token;
|
|
|
|
|
newPassword = checkedPasswordReset.passwordreset[0].newPassword;
|
|
|
|
|
ne2Password = checkedPasswordReset.passwordreset[0].ne2Password;
|
|
|
|
|
|
|
|
|
|
return settings.read({context: {internal: true}, key: 'dbHash'}).then(function (response) {
|
|
|
|
|
var dbHash = response.settings[0].value;
|
2015-07-16 22:40:19 +02:00
|
|
|
return dataProvider.User.resetPassword({
|
|
|
|
|
token: resetToken,
|
|
|
|
|
newPassword: newPassword,
|
|
|
|
|
ne2Password: ne2Password,
|
|
|
|
|
dbHash: dbHash
|
|
|
|
|
});
|
2014-06-20 11:15:01 +02:00
|
|
|
}).then(function () {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.resolve({passwordreset: [{message: i18n.t('common.api.authentication.mail.passwordChanged')}]});
|
2014-08-17 08:17:23 +02:00
|
|
|
}).catch(function (error) {
|
|
|
|
|
return Promise.reject(new errors.UnauthorizedError(error.message));
|
2014-06-20 11:15:01 +02:00
|
|
|
});
|
|
|
|
|
});
|
2014-07-03 17:06:07 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* ### Accept Invitation
|
|
|
|
|
* @param {User} object the user to create
|
|
|
|
|
* @returns {Promise(User}} Newly created user
|
|
|
|
|
*/
|
|
|
|
|
acceptInvitation: function acceptInvitation(object) {
|
|
|
|
|
var resetToken,
|
|
|
|
|
newPassword,
|
|
|
|
|
ne2Password,
|
|
|
|
|
name,
|
|
|
|
|
email;
|
|
|
|
|
|
2014-07-18 22:40:47 +02:00
|
|
|
return authentication.isSetup().then(function (result) {
|
|
|
|
|
var setup = result.setup[0].status;
|
|
|
|
|
|
|
|
|
|
if (!setup) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.setupMustBeCompleted')));
|
2014-07-18 22:40:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return utils.checkObject(object, 'invitation');
|
|
|
|
|
}).then(function (checkedInvitation) {
|
2014-07-03 17:06:07 +02:00
|
|
|
resetToken = checkedInvitation.invitation[0].token;
|
|
|
|
|
newPassword = checkedInvitation.invitation[0].password;
|
|
|
|
|
ne2Password = checkedInvitation.invitation[0].password;
|
|
|
|
|
email = checkedInvitation.invitation[0].email;
|
|
|
|
|
name = checkedInvitation.invitation[0].name;
|
|
|
|
|
|
|
|
|
|
return settings.read({context: {internal: true}, key: 'dbHash'}).then(function (response) {
|
|
|
|
|
var dbHash = response.settings[0].value;
|
2015-07-16 22:40:19 +02:00
|
|
|
return dataProvider.User.resetPassword({
|
|
|
|
|
token: resetToken,
|
|
|
|
|
newPassword: newPassword,
|
|
|
|
|
ne2Password: ne2Password,
|
|
|
|
|
dbHash: dbHash
|
|
|
|
|
});
|
2014-07-03 17:06:07 +02:00
|
|
|
}).then(function (user) {
|
2014-10-13 14:22:27 +02:00
|
|
|
// Setting the slug to '' has the model regenerate the slug from the user's name
|
|
|
|
|
return dataProvider.User.edit({name: name, email: email, slug: ''}, {id: user.id});
|
2014-07-03 17:06:07 +02:00
|
|
|
}).then(function () {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.resolve({invitation: [{message: i18n.t('common.api.authentication.mail.invitationAccepted')}]});
|
2014-08-17 08:17:23 +02:00
|
|
|
}).catch(function (error) {
|
|
|
|
|
return Promise.reject(new errors.UnauthorizedError(error.message));
|
2014-07-03 17:06:07 +02:00
|
|
|
});
|
|
|
|
|
});
|
2014-07-11 14:17:09 +02:00
|
|
|
},
|
|
|
|
|
|
2014-08-25 04:34:26 +02:00
|
|
|
/**
|
|
|
|
|
* ### Check for invitation
|
|
|
|
|
* @param {Object} options
|
|
|
|
|
* @param {string} options.email The email to check for an invitation on
|
|
|
|
|
* @returns {Promise(Invitation}} An invitation status
|
|
|
|
|
*/
|
2015-05-27 06:14:43 +02:00
|
|
|
isInvitation: function isInvitation(options) {
|
2014-08-25 04:34:26 +02:00
|
|
|
return authentication.isSetup().then(function (result) {
|
|
|
|
|
var setup = result.setup[0].status;
|
|
|
|
|
|
|
|
|
|
if (!setup) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.setupMustBeCompleted')));
|
2014-08-25 04:34:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (options.email) {
|
|
|
|
|
return dataProvider.User.findOne({email: options.email, status: 'invited'}).then(function (response) {
|
|
|
|
|
if (response) {
|
|
|
|
|
return {invitation: [{valid: true}]};
|
|
|
|
|
} else {
|
|
|
|
|
return {invitation: [{valid: false}]};
|
|
|
|
|
}
|
|
|
|
|
});
|
2014-09-19 06:50:15 +02:00
|
|
|
} else {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.BadRequestError(i18n.t('errors.api.authentication.invalidEmailReceived')));
|
2014-08-25 04:34:26 +02:00
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
|
2015-05-27 06:14:43 +02:00
|
|
|
isSetup: function isSetup() {
|
2014-07-17 14:22:32 +02:00
|
|
|
return dataProvider.User.query(function (qb) {
|
2014-09-10 06:06:24 +02:00
|
|
|
qb.whereIn('status', ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4', 'locked']);
|
|
|
|
|
}).fetch().then(function (users) {
|
|
|
|
|
if (users) {
|
|
|
|
|
return Promise.resolve({setup: [{status: true}]});
|
|
|
|
|
} else {
|
|
|
|
|
return Promise.resolve({setup: [{status: false}]});
|
|
|
|
|
}
|
|
|
|
|
});
|
2014-07-11 14:17:09 +02:00
|
|
|
},
|
|
|
|
|
|
2015-05-27 06:14:43 +02:00
|
|
|
setup: function setup(object) {
|
|
|
|
|
var setupUser;
|
2014-07-11 14:17:09 +02:00
|
|
|
|
2014-07-18 22:40:47 +02:00
|
|
|
return authentication.isSetup().then(function (result) {
|
|
|
|
|
var setup = result.setup[0].status;
|
|
|
|
|
|
|
|
|
|
if (setup) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.setupAlreadyCompleted')));
|
2014-07-18 22:40:47 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-27 06:14:43 +02:00
|
|
|
return setupTasks(object);
|
|
|
|
|
}).then(function (result) {
|
|
|
|
|
setupUser = result;
|
2014-07-15 13:03:12 +02:00
|
|
|
|
2014-07-23 03:22:13 +02:00
|
|
|
var data = {
|
|
|
|
|
ownerEmail: setupUser.email
|
|
|
|
|
};
|
|
|
|
|
|
2014-07-31 02:15:34 +02:00
|
|
|
return mail.generateContent({data: data, template: 'welcome'});
|
|
|
|
|
}).then(function (emailContent) {
|
|
|
|
|
var message = {
|
|
|
|
|
to: setupUser.email,
|
2015-11-12 13:29:45 +01:00
|
|
|
subject: i18n.t('common.api.authentication.mail.yourNewGhostBlog'),
|
2014-07-31 02:15:34 +02:00
|
|
|
html: emailContent.html,
|
|
|
|
|
text: emailContent.text
|
|
|
|
|
},
|
|
|
|
|
payload = {
|
|
|
|
|
mail: [{
|
|
|
|
|
message: message,
|
|
|
|
|
options: {}
|
|
|
|
|
}]
|
|
|
|
|
};
|
|
|
|
|
|
2015-08-25 10:08:11 +02:00
|
|
|
mail.send(payload, {context: {internal: true}}).catch(function (error) {
|
2014-07-31 02:15:34 +02:00
|
|
|
errors.logError(
|
|
|
|
|
error.message,
|
2015-11-12 13:29:45 +01:00
|
|
|
i18n.t('errors.api.authentication.unableToSendWelcomeEmail', {url: 'http://support.ghost.org/mail/'}),
|
|
|
|
|
i18n.t('errors.api.authentication.checkEmailConfigInstructions')
|
2014-07-31 02:15:34 +02:00
|
|
|
);
|
2014-07-11 14:17:09 +02:00
|
|
|
});
|
|
|
|
|
}).then(function () {
|
2014-09-10 06:06:24 +02:00
|
|
|
return Promise.resolve({users: [setupUser]});
|
2014-07-11 14:17:09 +02:00
|
|
|
});
|
2014-09-01 20:02:46 +02:00
|
|
|
},
|
|
|
|
|
|
2015-05-27 06:14:43 +02:00
|
|
|
updateSetup: function updateSetup(object, options) {
|
|
|
|
|
if (!options.context || !options.context.user) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.notLoggedIn')));
|
2014-09-01 20:02:46 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-27 06:14:43 +02:00
|
|
|
return dataProvider.User.findOne({role: 'Owner', status: 'all'}).then(function (result) {
|
|
|
|
|
var user = result.toJSON();
|
|
|
|
|
|
|
|
|
|
if (user.id !== options.context.user) {
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.reject(new errors.NoPermissionError(i18n.t('errors.api.authentication.notTheBlogOwner')));
|
2015-05-27 06:14:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return setupTasks(object);
|
|
|
|
|
}).then(function (result) {
|
|
|
|
|
return Promise.resolve({users: [result]});
|
2014-09-01 20:02:46 +02:00
|
|
|
});
|
2015-07-07 23:39:43 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
revoke: function (object) {
|
|
|
|
|
var token;
|
|
|
|
|
|
|
|
|
|
if (object.token_type_hint && object.token_type_hint === 'access_token') {
|
|
|
|
|
token = dataProvider.Accesstoken;
|
|
|
|
|
} else if (object.token_type_hint && object.token_type_hint === 'refresh_token') {
|
|
|
|
|
token = dataProvider.Refreshtoken;
|
|
|
|
|
} else {
|
2015-11-12 13:29:45 +01:00
|
|
|
return errors.BadRequestError(i18n.t('errors.api.authentication.invalidTokenTypeHint'));
|
2015-07-07 23:39:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return token.destroyByToken({token: object.token}).then(function () {
|
|
|
|
|
return Promise.resolve({token: object.token});
|
|
|
|
|
}, function () {
|
|
|
|
|
// On error we still want a 200. See https://tools.ietf.org/html/rfc7009#page-5
|
2015-11-12 13:29:45 +01:00
|
|
|
return Promise.resolve({token: object.token, error: i18n.t('errors.api.authentication.invalidTokenProvided')});
|
2015-07-07 23:39:43 +02:00
|
|
|
});
|
2014-06-20 11:15:01 +02:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2014-07-18 22:40:47 +02:00
|
|
|
module.exports = authentication;
|
