Ghost/core/server/models/basetoken.js

var Promise         = require('bluebird'),
    ghostBookshelf  = require('./base'),
    errors          = require('../errors'),

    Basetoken;

Basetoken = ghostBookshelf.Model.extend({

    user: function () {
        return this.belongsTo('User');
    },

    client: function () {
        return this.belongsTo('Client');
    },

    // override for base function since we don't have
    // a created_by field for sessions
    creating: function (newObj, attr, options) {
        /*jshint unused:false*/
    },

    // override for base function since we don't have
    // a updated_by field for sessions
    saving: function (newObj, attr, options) {
        /*jshint unused:false*/
        // Remove any properties which don't belong on the model
        this.attributes = this.pick(this.permittedAttributes());
    }

}, {
    destroyAllExpired:  function (options) {
        options = this.filterOptions(options, 'destroyAll');
        return ghostBookshelf.Collection.forge([], {model: this})
            .query('where', 'expires', '<', Date.now())
            .fetch(options)
            .then(function (collection) {
                collection.invokeThen('destroy', options);
            });
    },
    /**
     * ### destroyByUser
     * @param  {[type]} options has context and id. Context is the user doing the destroy, id is the user to destroy
     */
    destroyByUser: function (options) {
        var userId = options.id;

        options = this.filterOptions(options, 'destroyByUser');

        if (userId) {
            return ghostBookshelf.Collection.forge([], {model: this})
                .query('where', 'user_id', '=', userId)
                .fetch(options)
                .then(function (collection) {
                    collection.invokeThen('destroy', options);
                });
        }

        return Promise.reject(new errors.NotFoundError('No user found'));
    },

    /**
     * ### destroyByToken
     * @param  {[type]} options has token where token is the token to destroy
     */
    destroyByToken: function (options) {
        var token = options.token;

        options = this.filterOptions(options, 'destroyByUser');

        if (token) {
            return ghostBookshelf.Collection.forge([], {model: this})
                .query('where', 'token', '=', token)
                .fetch(options)
                .then(function (collection) {
                    collection.invokeThen('destroy', options);
                });
        }

        return Promise.reject(new errors.NotFoundError('Token not found'));
    }
});

module.exports = Basetoken;
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`var Promise = require('bluebird'),`
			`ghostBookshelf = require('./base'),`
			`errors = require('../errors'),`
Improvements for models #closes #1655 - removed models as parameter for bookshelf-session - changed to read permittedAttributes from schema.js - changed updateTags to be executed at saved event - added validate to execute after saving event - added test for published_at = null (see #2015) - fixed typo in general.hbs 2014-02-19 17:57:26 +04:00
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`Basetoken;`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`Basetoken = ghostBookshelf.Model.extend({`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`user: function () {`
			`return this.belongsTo('User');`
			`},`

			`client: function () {`
			`return this.belongsTo('Client');`
			`},`
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8 2014-04-03 17:03:09 +04:00
			`// override for base function since we don't have`
			`// a created_by field for sessions`
			`creating: function (newObj, attr, options) {`
			`/jshint unused:false/`
			`},`

			`// override for base function since we don't have`
			`// a updated_by field for sessions`
			`saving: function (newObj, attr, options) {`
			`/jshint unused:false/`
			`// Remove any properties which don't belong on the model`
			`this.attributes = this.pick(this.permittedAttributes());`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 16:41:19 +04:00			`}`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00
			`}, {`
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`destroyAllExpired: function (options) {`
Sanitize models' attributes/options before passing to bookshelf/knex closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash 2014-05-06 05:45:08 +04:00			`options = this.filterOptions(options, 'destroyAll');`
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`return ghostBookshelf.Collection.forge([], {model: this})`
			`.query('where', 'expires', '<', Date.now())`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`.fetch(options)`
Replace JSLint with JSHint. closes #2277 - Added ES6 linting to core/client/ - Fix typeof array comparison 2014-02-27 06:44:09 +04:00			`.then(function (collection) {`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00			`collection.invokeThen('destroy', options);`
			`});`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`},`
			`/**`
			`* ### destroyByUser`
			`* @param {[type]} options has context and id. Context is the user doing the destroy, id is the user to destroy`
			`*/`
			`destroyByUser: function (options) {`
			`var userId = options.id;`

			`options = this.filterOptions(options, 'destroyByUser');`

			`if (userId) {`
			`return ghostBookshelf.Collection.forge([], {model: this})`
			`.query('where', 'user_id', '=', userId)`
			`.fetch(options)`
			`.then(function (collection) {`
			`collection.invokeThen('destroy', options);`
			`});`
			`}`

			`return Promise.reject(new errors.NotFoundError('No user found'));`
Delete revoked tokens closes #3758 - new API method to delete access and refresh token - use new ember-simple-auth config to revoke tokens on logout - new method to delete tokens by .. token 2014-09-01 22:02:46 +04:00			`},`

			`/**`
			`* ### destroyByToken`
			`* @param {[type]} options has token where token is the token to destroy`
			`*/`
			`destroyByToken: function (options) {`
			`var token = options.token;`

			`options = this.filterOptions(options, 'destroyByUser');`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00
Delete revoked tokens closes #3758 - new API method to delete access and refresh token - use new ember-simple-auth config to revoke tokens on logout - new method to delete tokens by .. token 2014-09-01 22:02:46 +04:00			`if (token) {`
			`return ghostBookshelf.Collection.forge([], {model: this})`
			`.query('where', 'token', '=', token)`
			`.fetch(options)`
			`.then(function (collection) {`
			`collection.invokeThen('destroy', options);`
			`});`
			`}`

			`return Promise.reject(new errors.NotFoundError('Token not found'));`
Add jscs task to grunt file and clean up files to adhere to jscs rules. resolves #1920 - updates all files to conform to style settings. 2014-09-10 08:06:24 +04:00			`}`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00			`});`

Add jscs task to grunt file and clean up files to adhere to jscs rules. resolves #1920 - updates all files to conform to style settings. 2014-09-10 08:06:24 +04:00			`module.exports = Basetoken;`