2016-09-30 14:45:59 +03:00
|
|
|
var ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
|
|
|
|
BearerStrategy = require('passport-http-bearer').Strategy,
|
|
|
|
GhostOAuth2Strategy = require('passport-ghost').Strategy,
|
|
|
|
passport = require('passport'),
|
|
|
|
Promise = require('bluebird'),
|
|
|
|
authStrategies = require('./auth-strategies'),
|
|
|
|
utils = require('../utils'),
|
|
|
|
errors = require('../errors'),
|
2016-10-06 15:27:35 +03:00
|
|
|
logging = require('../logging'),
|
2016-09-30 14:45:59 +03:00
|
|
|
models = require('../models'),
|
2016-10-12 14:11:56 +03:00
|
|
|
_private = {
|
|
|
|
retryTimeout: 3000,
|
|
|
|
retries: 10
|
|
|
|
};
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
_private.registerClient = function (options) {
|
2016-09-30 14:45:59 +03:00
|
|
|
var ghostOAuth2Strategy = options.ghostOAuth2Strategy,
|
|
|
|
url = options.url;
|
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
return models.Client.findOne({slug: 'ghost-auth'}, {context: {internal: true}})
|
|
|
|
.then(function fetchedClient(client) {
|
|
|
|
// CASE: Ghost Auth client is already registered
|
|
|
|
if (client) {
|
2016-10-21 18:08:17 +03:00
|
|
|
if (client.get('redirection_uri') === url) {
|
|
|
|
return {
|
|
|
|
client_id: client.get('uuid'),
|
|
|
|
client_secret: client.get('secret')
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
logging.debug('Update ghost client callback url...');
|
|
|
|
return ghostOAuth2Strategy.changeCallbackURL({
|
|
|
|
callbackURL: url + '/ghost/',
|
|
|
|
clientId: client.get('uuid'),
|
|
|
|
clientSecret: client.get('secret')
|
|
|
|
}).then(function changedCallbackURL() {
|
|
|
|
client.set('redirection_uri', url);
|
|
|
|
return client.save(null, {context: {internal: true}});
|
|
|
|
}).then(function updatedClient() {
|
|
|
|
return {
|
|
|
|
client_id: client.get('uuid'),
|
|
|
|
client_secret: client.get('secret')
|
|
|
|
};
|
|
|
|
});
|
2016-10-12 14:11:56 +03:00
|
|
|
}
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
return ghostOAuth2Strategy.registerClient({clientName: url})
|
|
|
|
.then(function addClient(credentials) {
|
|
|
|
return models.Client.add({
|
|
|
|
name: 'Ghost Auth',
|
|
|
|
slug: 'ghost-auth',
|
|
|
|
uuid: credentials.client_id,
|
2016-10-21 18:08:17 +03:00
|
|
|
secret: credentials.client_secret,
|
|
|
|
redirection_uri: url + '/ghost/'
|
2016-10-12 14:11:56 +03:00
|
|
|
}, {context: {internal: true}});
|
|
|
|
})
|
|
|
|
.then(function returnClient(client) {
|
|
|
|
return {
|
|
|
|
client_id: client.get('uuid'),
|
|
|
|
client_secret: client.get('secret')
|
|
|
|
};
|
|
|
|
});
|
|
|
|
});
|
|
|
|
};
|
2016-10-06 15:27:35 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
_private.startPublicClientRegistration = function startPublicClientRegistration(options) {
|
|
|
|
return new Promise(function (resolve, reject) {
|
|
|
|
(function retry(retries) {
|
|
|
|
options.retryCount = retries;
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
_private.registerClient(options)
|
|
|
|
.then(resolve)
|
|
|
|
.catch(function publicClientRegistrationError(err) {
|
|
|
|
logging.error(err);
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
if (options.retryCount < 0) {
|
|
|
|
return reject(new errors.IncorrectUsageError({
|
|
|
|
message: 'Public client registration failed: ' + err.code || err.message,
|
|
|
|
context: 'Please verify that the url can be reached: ' + options.ghostOAuth2Strategy.url
|
|
|
|
}));
|
|
|
|
}
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
logging.debug('Trying to register Public Client...');
|
|
|
|
var timeout = setTimeout(function () {
|
|
|
|
clearTimeout(timeout);
|
|
|
|
|
|
|
|
options.retryCount = options.retryCount - 1;
|
|
|
|
retry(options.retryCount);
|
|
|
|
}, _private.retryTimeout);
|
|
|
|
});
|
|
|
|
})(_private.retries);
|
2016-09-30 14:45:59 +03:00
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
/**
|
|
|
|
* auth types:
|
|
|
|
* - password: local login
|
|
|
|
* - ghost: remote login at Ghost.org
|
|
|
|
*/
|
2016-09-30 14:45:59 +03:00
|
|
|
exports.init = function initPassport(options) {
|
|
|
|
var type = options.type,
|
|
|
|
url = options.url;
|
|
|
|
|
|
|
|
return new Promise(function (resolve, reject) {
|
|
|
|
passport.use(new ClientPasswordStrategy(authStrategies.clientPasswordStrategy));
|
|
|
|
passport.use(new BearerStrategy(authStrategies.bearerStrategy));
|
|
|
|
|
2016-10-03 17:11:43 +03:00
|
|
|
if (type !== 'ghost') {
|
2016-09-30 14:45:59 +03:00
|
|
|
return resolve({passport: passport.initialize()});
|
|
|
|
}
|
|
|
|
|
|
|
|
var ghostOAuth2Strategy = new GhostOAuth2Strategy({
|
|
|
|
callbackURL: utils.url.getBaseUrl() + '/ghost/',
|
|
|
|
url: url,
|
|
|
|
passReqToCallback: true
|
|
|
|
}, authStrategies.ghostStrategy);
|
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
_private.startPublicClientRegistration({
|
|
|
|
ghostOAuth2Strategy: ghostOAuth2Strategy,
|
|
|
|
url: utils.url.getBaseUrl()
|
|
|
|
}).then(function setClient(client) {
|
|
|
|
logging.debug('Public Client Registration was successful');
|
2016-09-30 14:45:59 +03:00
|
|
|
|
2016-10-12 14:11:56 +03:00
|
|
|
ghostOAuth2Strategy.setClient(client);
|
|
|
|
passport.use(ghostOAuth2Strategy);
|
|
|
|
return resolve({passport: passport.initialize()});
|
|
|
|
}).catch(reject);
|
2016-09-30 14:45:59 +03:00
|
|
|
});
|
|
|
|
};
|