TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-18 16:01:40 +03:00
Code Issues Projects Releases Wiki Activity
4f3f01ef56
Ghost/core/server/auth/passport.js

193 lines
7.3 KiB
JavaScript
Raw Normal View History

✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
var ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
BearerStrategy = require('passport-http-bearer').Strategy,
GhostOAuth2Strategy = require('passport-ghost').Strategy,
passport = require('passport'),
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
_ = require('lodash'),
🎨 logging improvements (#7597) * 🎨 rotation config - every parameter is configureable - increase default number of files to 100 * 🎨 ghost.log location - example: content/logs/http___my_ghost_blog_com_ghost.log - user can change the path to something custom by setting logging.path * 🛠 add response-time as dependency * 🎨 readable PrettyStream - tidy up - generic handling (was important to support more use cases, for example: logging.info({ anyKey: anyValue })) - common log format - less code 🕵🏻 * 🎨 GhostLogger cleanup - remove setLoggers -> this function had too much of redundant code - instead: add smart this.log function - remove logging.request (---> GhostLogger just forwards the values, it doesn't matter if that is a request or not a request) - make .warn .debug .info .error small and smart * 🎨 app.js: add response time as middleware and remove logging.request * 🎨 setStdoutStream and setFileStream - redesign GhostLogger to add CustomLoggers very easily ----> Example CustomLogger function CustomLogger(options) { // Base iterates over defined transports // EXAMPLE: ['stdout', 'elasticsearch'] Base.call(this, options); } util.inherits(...); // OVERRIDE default stdout stream and your own!!! CustomLogger.prototype.setStdoutStream = function() {} // add a new stream // get's called automatically when transport elasticsearch is defined CustomLogger.prototype.setElasticsearchStream = function() {} * 🎨 log into multiple file by default - content/logs/domain.error.log --> contains only the errors - content/logs/domain.log --> contains everything - rotation for both files * 🔥 remove logging.debug and use npm debug only * ✨ shortcuts for mode and level * 🎨 jshint/jscs * 🎨 stdout as much as possible for an error * 🎨 fix tests * 🎨 remove req.ip from log output, remove response-time dependency * 🎨 create middleware for logging - added TODO to move logging middleware to ignition
2016-10-25 14:17:43 +03:00
debug = require('debug')('ghost:auth'),
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
Promise = require('bluebird'),
authStrategies = require('./auth-strategies'),
errors = require('../errors'),
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
events = require('../events'),
✨ Error creation (#7477) refs #7116, refs #2001 - Changes the way Ghost errors are implemented to benefit from proper inheritance - Moves all error definitions into a single file - Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order. - Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed. Summary of changes: * 🐛 set NODE_ENV in config handler * ✨ add GhostError implementation (core/server/errors.js) - register all errors in one file - inheritance from GhostError - option pattern * 🔥 remove all error files * ✨ wrap all errors into GhostError in case of HTTP * 🎨 adaptions - option pattern for errors - use GhostError when needed * 🎨 revert debug deletion and add TODO for error id's
2016-10-06 15:27:35 +03:00
logging = require('../logging'),
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
models = require('../models'),
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
_private = {};
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
/**
* Update client name and description if changes in the blog settings
*/
_private.registerEvents = function registerEvents() {
events.on('settings.edited', function onSettingsChanged(settingModel) {
var titleHasChanged = settingModel.attributes.key === 'title' && settingModel.attributes.value !== settingModel._updatedAttributes.value,
descriptionHasChanged = settingModel.attributes.key === 'description' && settingModel.attributes.value !== settingModel._updatedAttributes.value,
options = {
ghostOAuth2Strategy: passport._strategies.ghost
};
if (!titleHasChanged && !descriptionHasChanged) {
return;
}
if (titleHasChanged) {
options.clientName = settingModel.attributes.value;
debug('Ghost Auth Client title has changed: ' + options.clientName);
}
if (descriptionHasChanged) {
options.clientDescription = settingModel.attributes.value;
debug('Ghost AuthClient description has changed: ' + options.clientDescription);
}
_private.updateClient(options).catch(function onUpdatedClientError(err) {
// @TODO: see https://github.com/TryGhost/Ghost/issues/7627
if (_.isArray(err)) {
err = err[0];
}
logging.error(err);
});
});
};
/**
* smart function
*/
_private.updateClient = function updateClient(options) {
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
var ghostOAuth2Strategy = options.ghostOAuth2Strategy,
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
redirectUri = options.redirectUri,
clientUri = options.clientUri,
Ghost Auth: register client with blog_uri (#7680) * 🛠 passport-ghost 1.1.0 * ✨ register client: add blog_uri refs #7654 - improve readability - get rid of all the url util usages - add blog_uri [ci skip] * 🎨 tests
2016-11-07 14:38:05 +03:00
clientName = options.clientName,
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
clientDescription = options.clientDescription;
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
return models.Client.findOne({slug: 'ghost-auth'}, {context: {internal: true}})
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
.then(function (client) {
// CASE: we have to create the client
if (!client) {
debug('Client does not exist');
return ghostOAuth2Strategy.registerClient({
name: clientName,
description: clientDescription
}).then(function registeredRemoteClient(credentials) {
debug('Registered remote client: ' + JSON.stringify(credentials));
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
return models.Client.add({
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
name: credentials.name,
description: credentials.description,
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
slug: 'ghost-auth',
uuid: credentials.client_id,
✨ change ghost client redirect_uri (#7595) closes #7580
2016-10-21 18:08:17 +03:00
secret: credentials.client_secret,
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
redirection_uri: credentials.redirect_uri,
client_uri: credentials.blog_uri
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
}, {context: {internal: true}});
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
}).then(function addedLocalClient(client) {
debug('Added local client: ' + JSON.stringify(client.toJSON()));
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
return {
client_id: client.get('uuid'),
client_secret: client.get('secret')
};
});
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
}
✨ Error creation (#7477) refs #7116, refs #2001 - Changes the way Ghost errors are implemented to benefit from proper inheritance - Moves all error definitions into a single file - Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order. - Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed. Summary of changes: * 🐛 set NODE_ENV in config handler * ✨ add GhostError implementation (core/server/errors.js) - register all errors in one file - inheritance from GhostError - option pattern * 🔥 remove all error files * ✨ wrap all errors into GhostError in case of HTTP * 🎨 adaptions - option pattern for errors - use GhostError when needed * 🎨 revert debug deletion and add TODO for error id's
2016-10-06 15:27:35 +03:00
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
// CASE: nothing changed
if (client.get('redirection_uri') === redirectUri &&
client.get('name') === clientName &&
client.get('description') === clientDescription &&
client.get('client_uri') === clientUri) {
debug('Client did not change');
return {
client_id: client.get('uuid'),
client_secret: client.get('secret')
};
}
debug('Update client...');
return ghostOAuth2Strategy.updateClient(_.omit({
clientId: client.get('uuid'),
clientSecret: client.get('secret'),
redirectUri: redirectUri,
blogUri: clientUri,
name: clientName,
description: clientDescription
}, _.isUndefined)).then(function updatedRemoteClient(updatedRemoteClient) {
debug('Update remote client: ' + JSON.stringify(updatedRemoteClient));
client.set('redirection_uri', updatedRemoteClient.redirect_uri);
client.set('client_uri', updatedRemoteClient.blog_uri);
client.set('name', updatedRemoteClient.name);
client.set('description', updatedRemoteClient.description);
return client.save(null, {context: {internal: true}});
}).then(function updatedLocalClient() {
return {
client_id: client.get('uuid'),
client_secret: client.get('secret')
};
});
});
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
};
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
/**
* auth types:
* - password: local login
* - ghost: remote login at Ghost.org
*/
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
exports.init = function initPassport(options) {
Ghost Auth: register client with blog_uri (#7680) * 🛠 passport-ghost 1.1.0 * ✨ register client: add blog_uri refs #7654 - improve readability - get rid of all the url util usages - add blog_uri [ci skip] * 🎨 tests
2016-11-07 14:38:05 +03:00
var authType = options.authType,
clientName = options.clientName,
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
clientDescription = options.clientDescription,
Ghost Auth: register client with blog_uri (#7680) * 🛠 passport-ghost 1.1.0 * ✨ register client: add blog_uri refs #7654 - improve readability - get rid of all the url util usages - add blog_uri [ci skip] * 🎨 tests
2016-11-07 14:38:05 +03:00
ghostAuthUrl = options.ghostAuthUrl,
redirectUri = options.redirectUri,
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
clientUri = options.clientUri;
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
return new Promise(function (resolve, reject) {
passport.use(new ClientPasswordStrategy(authStrategies.clientPasswordStrategy));
passport.use(new BearerStrategy(authStrategies.bearerStrategy));
Ghost Auth: register client with blog_uri (#7680) * 🛠 passport-ghost 1.1.0 * ✨ register client: add blog_uri refs #7654 - improve readability - get rid of all the url util usages - add blog_uri [ci skip] * 🎨 tests
2016-11-07 14:38:05 +03:00
if (authType !== 'ghost') {
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
return resolve({passport: passport.initialize()});
}
var ghostOAuth2Strategy = new GhostOAuth2Strategy({
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
redirectUri: redirectUri,
blogUri: clientUri,
Ghost Auth: register client with blog_uri (#7680) * 🛠 passport-ghost 1.1.0 * ✨ register client: add blog_uri refs #7654 - improve readability - get rid of all the url util usages - add blog_uri [ci skip] * 🎨 tests
2016-11-07 14:38:05 +03:00
url: ghostAuthUrl,
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
passReqToCallback: true
}, authStrategies.ghostStrategy);
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
_private.updateClient({
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
ghostOAuth2Strategy: ghostOAuth2Strategy,
Ghost Auth: register client with blog_uri (#7680) * 🛠 passport-ghost 1.1.0 * ✨ register client: add blog_uri refs #7654 - improve readability - get rid of all the url util usages - add blog_uri [ci skip] * 🎨 tests
2016-11-07 14:38:05 +03:00
clientName: clientName,
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
clientDescription: clientDescription,
redirectUri: redirectUri,
clientUri: clientUri
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
}).then(function setClient(client) {
ghostOAuth2Strategy.setClient(client);
passport.use(ghostOAuth2Strategy);
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
_private.registerEvents();
🎨 Ghost OAuth improvements (#7550) refs #7452 - 🎨 logging.debug for public client registration - 🎨 add tests for passport ghost - improve readability for passport file - add basic tests
2016-10-12 14:11:56 +03:00
return resolve({passport: passport.initialize()});
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
}).catch(function onError(err) {
🎨 optimise public client registration error handling (#7992) no issue - auth.init happens in background and if an error occurs, Ghost will log this error to stdout/file - do not double create Ignition error - update passport-ghost to handle a none response from the auth service (e.g. wrong auth url), see https://github.com/TryGhost/passport-ghost/commit/123da4dd948a2bf9939ebde59675b0fd22fc2662
2017-02-14 15:09:52 +03:00
debug('Public registration failed:' + err.message);
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
// @TODO: see https://github.com/TryGhost/Ghost/issues/7627
🎨 optimise public client registration error handling (#7992) no issue - auth.init happens in background and if an error occurs, Ghost will log this error to stdout/file - do not double create Ignition error - update passport-ghost to handle a none response from the auth service (e.g. wrong auth url), see https://github.com/TryGhost/passport-ghost/commit/123da4dd948a2bf9939ebde59675b0fd22fc2662
2017-02-14 15:09:52 +03:00
// CASE: can happen if database query fails
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
if (_.isArray(err)) {
err = err[0];
}
🎨 optimise public client registration error handling (#7992) no issue - auth.init happens in background and if an error occurs, Ghost will log this error to stdout/file - do not double create Ignition error - update passport-ghost to handle a none response from the auth service (e.g. wrong auth url), see https://github.com/TryGhost/passport-ghost/commit/123da4dd948a2bf9939ebde59675b0fd22fc2662
2017-02-14 15:09:52 +03:00
if (!errors.utils.isIgnitionError(err)) {
err = new errors.GhostError({
err: err
});
}
err.level = 'critical';
err.context = err.context || 'Public client registration failed';
err.help = err.help || 'Please verify the configured url: ' + ghostOAuth2Strategy.url;
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
🎨 optimise public client registration error handling (#7992) no issue - auth.init happens in background and if an error occurs, Ghost will log this error to stdout/file - do not double create Ignition error - update passport-ghost to handle a none response from the auth service (e.g. wrong auth url), see https://github.com/TryGhost/passport-ghost/commit/123da4dd948a2bf9939ebde59675b0fd22fc2662
2017-02-14 15:09:52 +03:00
return reject(err);
🎨 public client registration updates (#7690) * 🎨 use updateClient function to update redirectUri refs #7654 * 🎨 name instead of clientName * 🎨 config.get('theme:title') for client name - initial read can happen from config * ✨ register public client: client name and description - no update yet - for initial client creation - we forward title/description to Ghost Auth - TODO: use settings-cache when merged * ✨ store blog_uri in db * 🎨 passport logic changes - use updateClient instead of changeCallbackURL - be able to update: blog title, blog description, redirectUri and blogUri - remove retries, they get implemented in passport-ghost soon - reorder logic a bit * 🛠 passport-ghost 1.2.0 * 🎨 tests: extend DataGenerator createClient - set some defaults * 🎨 tests - extend tests - 👻 * ✨ run auth.init in background - no need to block the bootstrap process - if client can't be registered, you will see an error - ensure Ghost-Admin renders correctly * 🛠 passport-ghost 1.3.0 - retries * 🎨 use client_uri in Client Schema - adapt changes - use blog_uri only when calling the passport-ghost instance - Ghost uses the client_uri notation to improve readability * ✨ read blog title/description from settings cache * 🚨 Ghost Auth returns email instead of email_address - adapt Ghost
2016-11-08 17:21:25 +03:00
});
✨ Ghost OAuth (#7451) issue #7452 Remote oauth2 authentication with Ghost.org. This PR supports: - oauth2 login or local login - authentication on blog setup - authentication on invite - normal authentication - does not contain many, many tests, but we'll improve in the next alpha weeks
2016-09-30 14:45:59 +03:00
});
};
Reference in New Issue Copy Permalink