Ghost/core/server/models/base/token.js

var Promise         = require('bluebird'),
    ghostBookshelf  = require('./index'),
    errors          = require('../../errors'),
    i18n            = require('../../i18n'),

    Basetoken;

Basetoken = ghostBookshelf.Model.extend({

    user: function user() {
        return this.belongsTo('User');
    },

    client: function client() {
        return this.belongsTo('Client');
    },

    // override for base function since we don't have
    // a updated_by field for sessions
    onSaving: function onSaving() {
        // Remove any properties which don't belong on the model
        this.attributes = this.pick(this.permittedAttributes());
    }

}, {
    destroyAllExpired:  function destroyAllExpired(options) {
        options = this.filterOptions(options, 'destroyAll');
        return ghostBookshelf.Collection.forge([], {model: this})
            .query('where', 'expires', '<', Date.now())
            .fetch(options)
            .then(function then(collection) {
                return collection.invokeThen('destroy', options);
            });
    },

    /**
     * ### destroyByUser
     * @param  {[type]} options has context and id. Context is the user doing the destroy, id is the user to destroy
     */
    destroyByUser: function destroyByUser(options) {
        var userId = options.id;

        options = this.filterOptions(options, 'destroyByUser');

        if (userId) {
            return ghostBookshelf.Collection.forge([], {model: this})
                .query('where', 'user_id', '=', userId)
                .fetch(options)
                .then(function then(collection) {
                    return collection.invokeThen('destroy', options);
                });
        }

        return Promise.reject(new errors.NotFoundError({message: i18n.t('errors.models.base.token.noUserFound')}));
    },

    /**
     * ### destroyByToken
     * @param  {[type]} options has token where token is the token to destroy
     */
    destroyByToken: function destroyByToken(options) {
        var token = options.token;

        options = this.filterOptions(options, 'destroyByUser');
        options.require = true;

        return this.forge()
            .query('where', 'token', '=', token)
            .fetch(options)
            .then(function then(model) {
                return model.destroy(options);
            });
    }
});

module.exports = Basetoken;
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`var Promise = require('bluebird'),`
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`ghostBookshelf = require('./index'),`
			`errors = require('../../errors'),`
Harvest server side strings closes #5617 - Replace all hard-coded server-side strings with i18n translations 2015-11-12 15:29:45 +03:00			`i18n = require('../../i18n'),`
Improvements for models #closes #1655 - removed models as parameter for bookshelf-session - changed to read permittedAttributes from schema.js - changed updateTags to be executed at saved event - added validate to execute after saving event - added test for published_at = null (see #2015) - fixed typo in general.hbs 2014-02-19 17:57:26 +04:00
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`Basetoken;`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`Basetoken = ghostBookshelf.Model.extend({`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`user: function user() {`
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`return this.belongsTo('User');`
			`},`

Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`client: function client() {`
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`return this.belongsTo('Client');`
			`},`
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8 2014-04-03 17:03:09 +04:00
			`// override for base function since we don't have`
			`// a updated_by field for sessions`
🎨 register events in base model (#7560) refs #7432 - all models implemented it's own initialize fn to register events - we can register all events in the base model - important: we only listen on the event, if the model has defined a hook for it - this is just a small clean up PR - register more bookshelf events 2016-10-14 15:37:01 +03:00			`onSaving: function onSaving() {`
Use current user in models closes #2058 - fixed apiContext as suggested in the issue - added user to options object for models - added api.users.register() for public registration - changed models to use options.user for created_by, updated_by, author_id and published_by - added override to session model to avoid created_by and updated_by values - added user (id: 1) to tests - added user (id: 1) for registration - added user (id: 1) for import, fixtures and default settings - added user (id: 1) for user update - added user (id: 1) for settings update (dbHash, installedApps, update check) - updated bookshelf to version 0.6.8 2014-04-03 17:03:09 +04:00			`// Remove any properties which don't belong on the model`
			`this.attributes = this.pick(this.permittedAttributes());`
Refactor API arguments closes #2610, refs #2697 - cleanup API index.js, and add docs - all API methods take consistent arguments: object & options - browse, read, destroy take options, edit and add take object and options - the context is passed as part of options, meaning no more .call everywhere - destroy expects an object, rather than an id all the way down to the model layer - route params such as :id, :slug, and :key are passed as an option & used to perform reads, updates and deletes where possible - settings / themes may need work here still - HTTP posts api can find a post by slug - Add API utils for checkData 2014-05-08 16:41:19 +04:00			`}`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00
			`}, {`
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`destroyAllExpired: function destroyAllExpired(options) {`
Sanitize models' attributes/options before passing to bookshelf/knex closes #2653 - enforce strict whitelists for model methods - create a class method that reports a model method's valid options - create a class method that filters a model's valid attributes from data - create a class method that filters valid options from a model method's options hash 2014-05-06 05:45:08 +04:00			`options = this.filterOptions(options, 'destroyAll');`
Server side cleanup - remove sessions - remove all references to csrf - create a shared base model for the 2 types of token 2014-07-14 16:29:45 +04:00			`return ghostBookshelf.Collection.forge([], {model: this})`
			`.query('where', 'expires', '<', Date.now())`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`.fetch(options)`
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`.then(function then(collection) {`
:bug: fix delete by author as transaction (#7145) closes #7137 Deleting the content from the database runs in a transaction. see https://github.com/TryGhost/Ghost/blob/master/core/server/api/users.js#L390 `destroyByAuthor` is one of the operations we trigger to delete all the conent, see https://github.com/TryGhost/Ghost/blob/master/core/server/models/post.js#L647 The post model has a specific hook for deleting content to delete the relations as well, see https://github.com/TryGhost/Ghost/blob/master/core/server/models/post.js#L122 This hook is part of the transaction. But the `options` are ignored. `(model/, attr, options/)` We use the `options` to forward the transaction reference, which we need to pass into the bookshelf queries. So `return model.load('tags').call('related', 'tags').call('detach')` does not forward the transaction and that's why it stucks when deleting the content. 2016-09-19 16:45:36 +03:00			`return collection.invokeThen('destroy', options);`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00			`});`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`},`
🐛 🎨 old accesstokens are not cleaned up (#8065) closes #8035 - create auth/utils - use authUtils.createTokens for all cases - decrease the expiry of the old access token before creating a new one 2017-03-01 13:12:03 +03:00
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`/**`
			`* ### destroyByUser`
			`* @param {[type]} options has context and id. Context is the user doing the destroy, id is the user to destroy`
			`*/`
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`destroyByUser: function destroyByUser(options) {`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`var userId = options.id;`

			`options = this.filterOptions(options, 'destroyByUser');`

			`if (userId) {`
			`return ghostBookshelf.Collection.forge([], {model: this})`
			`.query('where', 'user_id', '=', userId)`
			`.fetch(options)`
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`.then(function then(collection) {`
:bug: fix delete by author as transaction (#7145) closes #7137 Deleting the content from the database runs in a transaction. see https://github.com/TryGhost/Ghost/blob/master/core/server/api/users.js#L390 `destroyByAuthor` is one of the operations we trigger to delete all the conent, see https://github.com/TryGhost/Ghost/blob/master/core/server/models/post.js#L647 The post model has a specific hook for deleting content to delete the relations as well, see https://github.com/TryGhost/Ghost/blob/master/core/server/models/post.js#L122 This hook is part of the transaction. But the `options` are ignored. `(model/, attr, options/)` We use the `options` to forward the transaction reference, which we need to pass into the bookshelf queries. So `return model.load('tags').call('related', 'tags').call('detach')` does not forward the transaction and that's why it stucks when deleting the content. 2016-09-19 16:45:36 +03:00			`return collection.invokeThen('destroy', options);`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00			`});`
			`}`

✨ Error creation (#7477) refs #7116, refs #2001 - Changes the way Ghost errors are implemented to benefit from proper inheritance - Moves all error definitions into a single file - Changes the error constructor to take an options object, rather than needing the arguments to be passed in the correct order. - Provides a wrapper so that any errors that haven't already been converted to GhostErrors get converted before they are displayed. Summary of changes: * 🐛 set NODE_ENV in config handler * ✨ add GhostError implementation (core/server/errors.js) - register all errors in one file - inheritance from GhostError - option pattern * 🔥 remove all error files * ✨ wrap all errors into GhostError in case of HTTP * 🎨 adaptions - option pattern for errors - use GhostError when needed * 🎨 revert debug deletion and add TODO for error id's 2016-10-06 15:27:35 +03:00			`return Promise.reject(new errors.NotFoundError({message: i18n.t('errors.models.base.token.noUserFound')}));`
Delete revoked tokens closes #3758 - new API method to delete access and refresh token - use new ember-simple-auth config to revoke tokens on logout - new method to delete tokens by .. token 2014-09-01 22:02:46 +04:00			`},`

			`/**`
			`* ### destroyByToken`
			`* @param {[type]} options has token where token is the token to destroy`
			`*/`
Misc cleanup: moving files & naming functions 2015-06-14 18:58:49 +03:00			`destroyByToken: function destroyByToken(options) {`
Delete revoked tokens closes #3758 - new API method to delete access and refresh token - use new ember-simple-auth config to revoke tokens on logout - new method to delete tokens by .. token 2014-09-01 22:02:46 +04:00			`var token = options.token;`

			`options = this.filterOptions(options, 'destroyByUser');`
Refactor authentication API into pipeline format Refs #5508 2016-03-06 21:18:33 +03:00			`options.require = true;`
Delete tokens before deleting a user fixes #3750 - Updated tests to create tokens for one user. This caused the tests to fail for MySQL exposing the bug. - Delete user's tokens along with posts 2014-08-23 21:59:36 +04:00
Refactor authentication API into pipeline format Refs #5508 2016-03-06 21:18:33 +03:00			`return this.forge()`
			`.query('where', 'token', '=', token)`
			`.fetch(options)`
			`.then(function then(model) {`
			`return model.destroy(options);`
			`});`
Add jscs task to grunt file and clean up files to adhere to jscs rules. resolves #1920 - updates all files to conform to style settings. 2014-09-10 08:06:24 +04:00			`}`
Replace cookieSession with session - changed cookieSession to session - added session.regenerate for login and logout - added bookshelf session store - added session table to database - added import for databaseVersion 001 - added grunt task test-api - cleanup of gruntfile to start express when needed only - moved api tests to functional tests 2013-11-24 18:29:36 +04:00			`});`

Add jscs task to grunt file and clean up files to adhere to jscs rules. resolves #1920 - updates all files to conform to style settings. 2014-09-10 08:06:24 +04:00			`module.exports = Basetoken;`