2018-07-23 15:38:40 +03:00
|
|
|
const Promise = require('bluebird'),
|
|
|
|
{extend, merge, omit, cloneDeep, assign} = require('lodash'),
|
2017-09-12 18:31:14 +03:00
|
|
|
validator = require('validator'),
|
2018-09-27 17:06:57 +03:00
|
|
|
config = require('../../config'),
|
|
|
|
common = require('../../lib/common'),
|
|
|
|
security = require('../../lib/security'),
|
|
|
|
constants = require('../../lib/constants'),
|
|
|
|
pipeline = require('../../lib/promise/pipeline'),
|
|
|
|
mail = require('../../services/mail'),
|
|
|
|
urlService = require('../../services/url'),
|
2017-12-14 00:14:19 +03:00
|
|
|
localUtils = require('./utils'),
|
2018-09-27 17:06:57 +03:00
|
|
|
models = require('../../models'),
|
|
|
|
web = require('../../web'),
|
2017-09-12 18:31:14 +03:00
|
|
|
mailAPI = require('./mail'),
|
|
|
|
settingsAPI = require('./settings'),
|
2016-11-07 14:18:50 +03:00
|
|
|
tokenSecurity = {};
|
2014-06-20 13:15:01 +04:00
|
|
|
|
2018-07-23 15:38:40 +03:00
|
|
|
let authentication;
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
/**
|
|
|
|
* Returns setup status
|
|
|
|
*
|
|
|
|
* @return {Promise<Boolean>}
|
|
|
|
*/
|
|
|
|
function checkSetup() {
|
2018-09-18 16:59:56 +03:00
|
|
|
return authentication.isSetup().then((result) => {
|
2016-03-06 21:18:33 +03:00
|
|
|
return result.setup[0].status;
|
|
|
|
});
|
|
|
|
}
|
2015-05-27 07:14:43 +03:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
/**
|
|
|
|
* Allows an assertion to be made about setup status.
|
|
|
|
*
|
|
|
|
* @param {Boolean} status True: setup must be complete. False: setup must not be complete.
|
|
|
|
* @return {Function} returns a "task ready" function
|
|
|
|
*/
|
|
|
|
function assertSetupCompleted(status) {
|
|
|
|
return function checkPermission(__) {
|
2018-09-18 16:59:56 +03:00
|
|
|
return checkSetup().then((isSetup) => {
|
2016-03-06 21:18:33 +03:00
|
|
|
if (isSetup === status) {
|
|
|
|
return __;
|
|
|
|
}
|
|
|
|
|
2018-07-23 15:38:40 +03:00
|
|
|
const completed = common.i18n.t('errors.api.authentication.setupAlreadyCompleted'),
|
2017-12-12 00:47:46 +03:00
|
|
|
notCompleted = common.i18n.t('errors.api.authentication.setupMustBeCompleted');
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
function throwReason(reason) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NoPermissionError({message: reason});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (isSetup) {
|
|
|
|
throwReason(completed);
|
|
|
|
} else {
|
|
|
|
throwReason(notCompleted);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
function setupTasks(setupData) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
function validateData(setupData) {
|
2018-09-18 16:59:56 +03:00
|
|
|
return localUtils.checkObject(setupData, 'setup').then((checked) => {
|
2018-07-23 15:38:40 +03:00
|
|
|
const data = checked.setup[0];
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
return {
|
|
|
|
name: data.name,
|
|
|
|
email: data.email,
|
|
|
|
password: data.password,
|
|
|
|
blogTitle: data.blogTitle,
|
|
|
|
status: 'active'
|
|
|
|
};
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
function setupUser(userData) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const context = {context: {internal: true}},
|
2016-09-21 17:48:14 +03:00
|
|
|
User = models.User;
|
2016-03-06 21:18:33 +03:00
|
|
|
|
2018-09-18 16:59:56 +03:00
|
|
|
return User.findOne({role: 'Owner', status: 'all'}).then((owner) => {
|
2016-03-06 21:18:33 +03:00
|
|
|
if (!owner) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.GhostError({
|
|
|
|
message: common.i18n.t('errors.api.authentication.setupUnableToRun')
|
2016-10-06 15:27:35 +03:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
2018-07-23 15:38:40 +03:00
|
|
|
return User.setup(userData, extend({id: owner.id}, context));
|
2018-09-18 16:59:56 +03:00
|
|
|
}).then((user) => {
|
2016-03-06 21:18:33 +03:00
|
|
|
return {
|
|
|
|
user: user,
|
|
|
|
userData: userData
|
|
|
|
};
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
function doSettings(data) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const user = data.user,
|
2016-03-06 21:18:33 +03:00
|
|
|
blogTitle = data.userData.blogTitle,
|
2018-07-23 15:38:40 +03:00
|
|
|
context = {context: {user: data.user.id}};
|
|
|
|
|
|
|
|
let userSettings;
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
if (!blogTitle || typeof blogTitle !== 'string') {
|
|
|
|
return user;
|
2015-05-27 07:14:43 +03:00
|
|
|
}
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
userSettings = [
|
|
|
|
{key: 'title', value: blogTitle.trim()},
|
2017-12-12 00:47:46 +03:00
|
|
|
{key: 'description', value: common.i18n.t('common.api.authentication.sampleBlogDescription')}
|
2016-03-06 21:18:33 +03:00
|
|
|
];
|
|
|
|
|
2017-09-12 18:31:14 +03:00
|
|
|
return settingsAPI.edit({settings: userSettings}, context).return(user);
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
function formatResponse(user) {
|
|
|
|
return user.toJSON({context: {internal: true}});
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
validateData,
|
|
|
|
setupUser,
|
|
|
|
doSettings,
|
|
|
|
formatResponse
|
|
|
|
];
|
|
|
|
|
|
|
|
return pipeline(tasks, setupData);
|
2015-05-27 07:14:43 +03:00
|
|
|
}
|
|
|
|
|
2014-06-20 13:15:01 +04:00
|
|
|
/**
|
|
|
|
* ## Authentication API Methods
|
|
|
|
*
|
2017-12-11 22:27:09 +03:00
|
|
|
* **See:** [API Methods](events.js.html#api%20methods)
|
2014-06-20 13:15:01 +04:00
|
|
|
*/
|
|
|
|
authentication = {
|
|
|
|
/**
|
2016-03-06 21:18:33 +03:00
|
|
|
* @description generate a reset token for a given email address
|
2016-11-07 14:18:50 +03:00
|
|
|
* @param {Object} object
|
2016-03-06 21:18:33 +03:00
|
|
|
* @returns {Promise<Object>} message
|
2014-06-20 13:15:01 +04:00
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
generateResetToken(object) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
2014-07-02 18:22:18 +04:00
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
function validateRequest(object) {
|
2018-09-18 16:59:56 +03:00
|
|
|
return localUtils.checkObject(object, 'passwordreset').then((data) => {
|
2018-07-23 15:38:40 +03:00
|
|
|
const email = data.passwordreset[0].email;
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
if (typeof email !== 'string' || !validator.isEmail(email)) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.BadRequestError({
|
|
|
|
message: common.i18n.t('errors.api.authentication.noEmailProvided')
|
2016-10-06 15:27:35 +03:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
return email;
|
|
|
|
});
|
|
|
|
}
|
2014-06-27 23:08:16 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function generateToken(email) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const options = {context: {internal: true}};
|
|
|
|
let dbHash, token;
|
2016-11-07 14:18:50 +03:00
|
|
|
|
2018-07-23 15:38:40 +03:00
|
|
|
return settingsAPI.read(merge({key: 'db_hash'}, options))
|
2018-09-18 16:59:56 +03:00
|
|
|
.then((response) => {
|
2016-11-07 14:18:50 +03:00
|
|
|
dbHash = response.settings[0].value;
|
|
|
|
|
|
|
|
return models.User.getByEmail(email, options);
|
|
|
|
})
|
2018-09-18 16:59:56 +03:00
|
|
|
.then((user) => {
|
2016-11-07 14:18:50 +03:00
|
|
|
if (!user) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NotFoundError({message: common.i18n.t('errors.api.users.userNotFound')});
|
2016-11-07 14:18:50 +03:00
|
|
|
}
|
|
|
|
|
2017-12-14 15:26:48 +03:00
|
|
|
token = security.tokens.resetToken.generateHash({
|
2017-12-14 16:13:40 +03:00
|
|
|
expires: Date.now() + constants.ONE_DAY_MS,
|
2016-11-07 14:18:50 +03:00
|
|
|
email: email,
|
|
|
|
dbHash: dbHash,
|
|
|
|
password: user.get('password')
|
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
return {
|
|
|
|
email: email,
|
|
|
|
resetToken: token
|
|
|
|
};
|
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
function sendResetNotification(data) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const adminUrl = urlService.utils.urlFor('admin', true),
|
2017-12-14 15:26:48 +03:00
|
|
|
resetUrl = urlService.utils.urlJoin(adminUrl, 'reset', security.url.encodeBase64(data.resetToken), '/');
|
2016-03-06 21:18:33 +03:00
|
|
|
|
2016-06-28 21:13:01 +03:00
|
|
|
return mail.utils.generateContent({
|
2016-03-06 21:18:33 +03:00
|
|
|
data: {
|
|
|
|
resetUrl: resetUrl
|
|
|
|
},
|
|
|
|
template: 'reset-password'
|
2018-09-18 16:59:56 +03:00
|
|
|
}).then((content) => {
|
2018-07-23 15:38:40 +03:00
|
|
|
const payload = {
|
2014-07-31 04:15:34 +04:00
|
|
|
mail: [{
|
|
|
|
message: {
|
2016-03-06 21:18:33 +03:00
|
|
|
to: data.email,
|
2017-12-12 00:47:46 +03:00
|
|
|
subject: common.i18n.t('common.api.authentication.mail.resetPassword'),
|
2016-03-06 21:18:33 +03:00
|
|
|
html: content.html,
|
|
|
|
text: content.text
|
2014-07-31 04:15:34 +04:00
|
|
|
},
|
|
|
|
options: {}
|
|
|
|
}]
|
|
|
|
};
|
2016-03-06 21:18:33 +03:00
|
|
|
|
2017-09-12 18:31:14 +03:00
|
|
|
return mailAPI.send(payload, {context: {internal: true}});
|
2014-06-20 13:15:01 +04:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
function formatResponse() {
|
|
|
|
return {
|
|
|
|
passwordreset: [
|
2017-12-12 00:47:46 +03:00
|
|
|
{message: common.i18n.t('common.api.authentication.mail.checkEmailForInstructions')}
|
2016-03-06 21:18:33 +03:00
|
|
|
]
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
assertSetupCompleted(true),
|
|
|
|
validateRequest,
|
|
|
|
generateToken,
|
|
|
|
sendResetNotification,
|
|
|
|
formatResponse
|
|
|
|
];
|
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
return pipeline(tasks, object);
|
2014-06-20 13:15:01 +04:00
|
|
|
},
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ## Reset Password
|
|
|
|
* reset password if a valid token and password (2x) is passed
|
2016-11-07 14:18:50 +03:00
|
|
|
* @param {Object} object
|
2016-03-06 21:18:33 +03:00
|
|
|
* @returns {Promise<Object>} message
|
2014-06-20 13:15:01 +04:00
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
resetPassword(object, opts) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks,
|
|
|
|
tokenIsCorrect,
|
|
|
|
dbHash,
|
|
|
|
tokenParts;
|
|
|
|
const options = {context: {internal: true}};
|
2016-11-07 14:18:50 +03:00
|
|
|
|
|
|
|
function validateRequest() {
|
2017-12-14 00:14:19 +03:00
|
|
|
return localUtils.validate('passwordreset')(object, options)
|
2018-07-23 15:38:40 +03:00
|
|
|
.then((options) => {
|
|
|
|
const data = options.data.passwordreset[0];
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
if (data.newPassword !== data.ne2Password) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.ValidationError({
|
|
|
|
message: common.i18n.t('errors.models.user.newPasswordsDoNotMatch')
|
2016-11-07 14:18:50 +03:00
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
|
|
|
return Promise.resolve(options);
|
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
function extractTokenParts(options) {
|
2017-12-14 15:26:48 +03:00
|
|
|
options.data.passwordreset[0].token = security.url.decodeBase64(options.data.passwordreset[0].token);
|
2016-11-07 14:18:50 +03:00
|
|
|
|
2017-12-14 15:26:48 +03:00
|
|
|
tokenParts = security.tokens.resetToken.extract({
|
2016-11-07 14:18:50 +03:00
|
|
|
token: options.data.passwordreset[0].token
|
|
|
|
});
|
|
|
|
|
|
|
|
if (!tokenParts) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.UnauthorizedError({
|
|
|
|
message: common.i18n.t('errors.api.common.invalidTokenStructure')
|
2016-11-07 14:18:50 +03:00
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
|
|
|
return Promise.resolve(options);
|
|
|
|
}
|
|
|
|
|
|
|
|
// @TODO: use brute force middleware (see https://github.com/TryGhost/Ghost/pull/7579)
|
|
|
|
function protectBruteForce(options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
if (tokenSecurity[`${tokenParts.email}+${tokenParts.expires}`] &&
|
|
|
|
tokenSecurity[`${tokenParts.email}+${tokenParts.expires}`].count >= 10) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.NoPermissionError({
|
|
|
|
message: common.i18n.t('errors.models.user.tokenLocked')
|
2016-11-07 14:18:50 +03:00
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
|
|
|
return Promise.resolve(options);
|
|
|
|
}
|
|
|
|
|
|
|
|
function doReset(options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const data = options.data.passwordreset[0],
|
2016-03-06 21:18:33 +03:00
|
|
|
resetToken = data.token,
|
2016-11-07 14:18:50 +03:00
|
|
|
oldPassword = data.oldPassword,
|
|
|
|
newPassword = data.newPassword;
|
|
|
|
|
2018-07-23 15:38:40 +03:00
|
|
|
return settingsAPI.read(merge({key: 'db_hash'}, omit(options, 'data')))
|
2018-09-18 16:59:56 +03:00
|
|
|
.then((response) => {
|
2016-11-07 14:18:50 +03:00
|
|
|
dbHash = response.settings[0].value;
|
|
|
|
|
|
|
|
return models.User.getByEmail(tokenParts.email, options);
|
|
|
|
})
|
2018-09-18 16:59:56 +03:00
|
|
|
.then((user) => {
|
2016-11-07 14:18:50 +03:00
|
|
|
if (!user) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NotFoundError({message: common.i18n.t('errors.api.users.userNotFound')});
|
2016-11-07 14:18:50 +03:00
|
|
|
}
|
|
|
|
|
2017-12-14 15:26:48 +03:00
|
|
|
tokenIsCorrect = security.tokens.resetToken.compare({
|
2016-11-07 14:18:50 +03:00
|
|
|
token: resetToken,
|
|
|
|
dbHash: dbHash,
|
|
|
|
password: user.get('password')
|
|
|
|
});
|
|
|
|
|
|
|
|
if (!tokenIsCorrect) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.BadRequestError({
|
|
|
|
message: common.i18n.t('errors.api.common.invalidTokenStructure')
|
2016-11-07 14:18:50 +03:00
|
|
|
}));
|
|
|
|
}
|
|
|
|
|
2018-09-21 13:47:11 +03:00
|
|
|
web.shared.middlewares.api.spamPrevention.userLogin()
|
|
|
|
.reset(opts.ip, `${tokenParts.email}login`);
|
2016-11-08 14:33:19 +03:00
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
return models.User.changePassword({
|
|
|
|
oldPassword: oldPassword,
|
|
|
|
newPassword: newPassword,
|
|
|
|
user_id: user.id
|
|
|
|
}, options);
|
|
|
|
})
|
2018-09-18 16:59:56 +03:00
|
|
|
.then((updatedUser) => {
|
2016-11-07 14:18:50 +03:00
|
|
|
updatedUser.set('status', 'active');
|
|
|
|
return updatedUser.save(options);
|
|
|
|
})
|
2018-09-17 21:49:30 +03:00
|
|
|
.catch(common.errors.ValidationError, (err) => {
|
2018-09-20 21:04:34 +03:00
|
|
|
return Promise.reject(err);
|
2018-09-17 21:49:30 +03:00
|
|
|
})
|
2018-07-23 15:38:40 +03:00
|
|
|
.catch((err) => {
|
2017-12-12 00:47:46 +03:00
|
|
|
if (common.errors.utils.isIgnitionError(err)) {
|
2017-10-26 13:01:24 +03:00
|
|
|
return Promise.reject(err);
|
|
|
|
}
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.UnauthorizedError({err: err}));
|
2015-07-16 23:40:19 +03:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
function formatResponse() {
|
|
|
|
return {
|
|
|
|
passwordreset: [
|
2017-12-12 00:47:46 +03:00
|
|
|
{message: common.i18n.t('common.api.authentication.mail.passwordChanged')}
|
2016-03-06 21:18:33 +03:00
|
|
|
]
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
validateRequest,
|
2016-11-07 14:18:50 +03:00
|
|
|
assertSetupCompleted(true),
|
|
|
|
extractTokenParts,
|
|
|
|
protectBruteForce,
|
2016-03-06 21:18:33 +03:00
|
|
|
doReset,
|
|
|
|
formatResponse
|
|
|
|
];
|
|
|
|
|
2016-11-07 14:18:50 +03:00
|
|
|
return pipeline(tasks, object, options);
|
2014-07-03 19:06:07 +04:00
|
|
|
},
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ### Accept Invitation
|
2016-03-06 21:18:33 +03:00
|
|
|
* @param {Object} invitation an invitation object
|
|
|
|
* @returns {Promise<Object>}
|
2014-07-03 19:06:07 +04:00
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
acceptInvitation(invitation) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks,
|
|
|
|
invite;
|
|
|
|
const options = {context: {internal: true}};
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function validateInvitation(invitation) {
|
2017-12-14 00:14:19 +03:00
|
|
|
return localUtils.checkObject(invitation, 'invitation')
|
2018-07-23 15:38:40 +03:00
|
|
|
.then(() => {
|
2016-09-21 17:48:14 +03:00
|
|
|
if (!invitation.invitation[0].token) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.ValidationError({message: common.i18n.t('errors.api.authentication.noTokenProvided')}));
|
2016-09-21 17:48:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!invitation.invitation[0].email) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.ValidationError({message: common.i18n.t('errors.api.authentication.noEmailProvided')}));
|
2016-09-21 17:48:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!invitation.invitation[0].password) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.ValidationError({message: common.i18n.t('errors.api.authentication.noPasswordProvided')}));
|
2016-09-21 17:48:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!invitation.invitation[0].name) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return Promise.reject(new common.errors.ValidationError({message: common.i18n.t('errors.api.authentication.noNameProvided')}));
|
2016-09-21 17:48:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return invitation;
|
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2014-07-03 19:06:07 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function processInvitation(invitation) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const data = invitation.invitation[0],
|
|
|
|
inviteToken = security.url.decodeBase64(data.token);
|
2016-03-06 21:18:33 +03:00
|
|
|
|
2016-11-16 12:33:44 +03:00
|
|
|
return models.Invite.findOne({token: inviteToken, status: 'sent'}, options)
|
2018-07-23 15:38:40 +03:00
|
|
|
.then((_invite) => {
|
2016-09-21 17:48:14 +03:00
|
|
|
invite = _invite;
|
|
|
|
|
|
|
|
if (!invite) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NotFoundError({message: common.i18n.t('errors.api.invites.inviteNotFound')});
|
2016-09-21 17:48:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (invite.get('expires') < Date.now()) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NotFoundError({message: common.i18n.t('errors.api.invites.inviteExpired')});
|
2016-09-21 17:48:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return models.User.add({
|
|
|
|
email: data.email,
|
|
|
|
name: data.name,
|
|
|
|
password: data.password,
|
2016-11-16 12:33:44 +03:00
|
|
|
roles: [invite.toJSON().role_id]
|
2016-09-21 17:48:14 +03:00
|
|
|
}, options);
|
|
|
|
})
|
2018-09-17 21:49:30 +03:00
|
|
|
.then(() => {
|
2018-09-20 21:04:34 +03:00
|
|
|
return invite.destroy(options);
|
2018-09-17 21:49:30 +03:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
function formatResponse() {
|
|
|
|
return {
|
|
|
|
invitation: [
|
2017-12-12 00:47:46 +03:00
|
|
|
{message: common.i18n.t('common.api.authentication.mail.invitationAccepted')}
|
2016-03-06 21:18:33 +03:00
|
|
|
]
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
assertSetupCompleted(true),
|
|
|
|
validateInvitation,
|
|
|
|
processInvitation,
|
|
|
|
formatResponse
|
|
|
|
];
|
|
|
|
|
|
|
|
return pipeline(tasks, invitation);
|
2014-07-11 16:17:09 +04:00
|
|
|
},
|
|
|
|
|
2014-08-25 06:34:26 +04:00
|
|
|
/**
|
|
|
|
* ### Check for invitation
|
|
|
|
* @param {Object} options
|
2016-03-06 21:18:33 +03:00
|
|
|
* @returns {Promise<Object>} An invitation status
|
2014-08-25 06:34:26 +04:00
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
isInvitation(options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
|
|
|
const localOptions = cloneDeep(options || {});
|
2014-08-25 06:34:26 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function processArgs(options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const email = options.email;
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
if (typeof email !== 'string' || !validator.isEmail(email)) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.BadRequestError({
|
|
|
|
message: common.i18n.t('errors.api.authentication.invalidEmailReceived')
|
2016-10-06 15:27:35 +03:00
|
|
|
});
|
2014-08-25 06:34:26 +04:00
|
|
|
}
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
return email;
|
|
|
|
}
|
|
|
|
|
|
|
|
function checkInvitation(email) {
|
2016-09-21 17:48:14 +03:00
|
|
|
return models.Invite
|
2016-09-30 14:45:59 +03:00
|
|
|
.findOne({email: email, status: 'sent'}, options)
|
2018-09-18 16:59:56 +03:00
|
|
|
.then((invite) => {
|
2016-09-30 14:45:59 +03:00
|
|
|
if (!invite) {
|
|
|
|
return {invitation: [{valid: false}]};
|
|
|
|
}
|
2016-03-06 21:18:33 +03:00
|
|
|
|
2018-12-17 16:16:39 +03:00
|
|
|
return {invitation: [{valid: true}]};
|
2016-09-30 14:45:59 +03:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
processArgs,
|
|
|
|
assertSetupCompleted(true),
|
2016-09-30 14:45:59 +03:00
|
|
|
checkInvitation
|
2016-03-06 21:18:33 +03:00
|
|
|
];
|
|
|
|
|
|
|
|
return pipeline(tasks, localOptions);
|
2014-08-25 06:34:26 +04:00
|
|
|
},
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
/**
|
|
|
|
* Checks the setup status
|
|
|
|
* @return {Promise}
|
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
isSetup() {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
function checkSetupStatus() {
|
2017-03-02 22:50:58 +03:00
|
|
|
return models.User.isSetup();
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2014-07-11 16:17:09 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function formatResponse(isSetup) {
|
2017-12-12 00:47:46 +03:00
|
|
|
return {
|
|
|
|
setup: [
|
|
|
|
{
|
|
|
|
status: isSetup,
|
|
|
|
// Pre-populate from config if, and only if the values exist in config.
|
|
|
|
title: config.title || undefined,
|
|
|
|
name: config.user_name || undefined,
|
|
|
|
email: config.user_email || undefined
|
|
|
|
}
|
|
|
|
]
|
|
|
|
};
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2014-07-11 16:17:09 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
tasks = [
|
|
|
|
checkSetupStatus,
|
|
|
|
formatResponse
|
|
|
|
];
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
return pipeline(tasks);
|
|
|
|
},
|
2014-07-19 00:40:47 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
/**
|
|
|
|
* Executes the setup tasks and sends an email to the owner
|
|
|
|
* @param {Object} setupDetails
|
|
|
|
* @return {Promise<Object>} a user api payload
|
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
setup(setupDetails) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
2014-07-15 15:03:12 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function doSetup(setupDetails) {
|
|
|
|
return setupTasks(setupDetails);
|
|
|
|
}
|
|
|
|
|
|
|
|
function sendNotification(setupUser) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const data = {
|
2014-07-23 05:22:13 +04:00
|
|
|
ownerEmail: setupUser.email
|
|
|
|
};
|
|
|
|
|
2017-12-12 00:47:46 +03:00
|
|
|
common.events.emit('setup.completed', setupUser);
|
2016-08-17 21:59:15 +03:00
|
|
|
|
2018-12-17 17:02:47 +03:00
|
|
|
if (config.get('sendWelcomeEmail')) {
|
|
|
|
return mail.utils.generateContent({data: data, template: 'welcome'})
|
|
|
|
.then((content) => {
|
|
|
|
const message = {
|
|
|
|
to: setupUser.email,
|
|
|
|
subject: common.i18n.t('common.api.authentication.mail.yourNewGhostBlog'),
|
|
|
|
html: content.html,
|
|
|
|
text: content.text
|
|
|
|
},
|
|
|
|
payload = {
|
|
|
|
mail: [{
|
|
|
|
message: message,
|
|
|
|
options: {}
|
|
|
|
}]
|
|
|
|
};
|
|
|
|
|
|
|
|
mailAPI.send(payload, {context: {internal: true}})
|
|
|
|
.catch((err) => {
|
|
|
|
err.context = common.i18n.t('errors.api.authentication.unableToSendWelcomeEmail');
|
|
|
|
common.logging.error(err);
|
|
|
|
});
|
|
|
|
})
|
|
|
|
.return(setupUser);
|
|
|
|
}
|
|
|
|
|
|
|
|
return setupUser;
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2014-07-31 04:15:34 +04:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function formatResponse(setupUser) {
|
|
|
|
return {users: [setupUser]};
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
assertSetupCompleted(false),
|
|
|
|
doSetup,
|
|
|
|
sendNotification,
|
|
|
|
formatResponse
|
|
|
|
];
|
|
|
|
|
|
|
|
return pipeline(tasks, setupDetails);
|
2014-09-01 22:02:46 +04:00
|
|
|
},
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
/**
|
|
|
|
* Updates the blog setup
|
|
|
|
* @param {Object} setupDetails request payload with setup details
|
|
|
|
* @param {Object} options
|
|
|
|
* @return {Promise<Object>} a User API response payload
|
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
updateSetup(setupDetails, options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
|
|
|
const localOptions = cloneDeep(options || {});
|
2016-03-06 21:18:33 +03:00
|
|
|
|
|
|
|
function processArgs(setupDetails, options) {
|
|
|
|
if (!options.context || !options.context.user) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NoPermissionError({message: common.i18n.t('errors.api.authentication.notTheBlogOwner')});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
|
|
|
|
2018-07-23 15:38:40 +03:00
|
|
|
return assign({setupDetails: setupDetails}, options);
|
2014-09-01 22:02:46 +04:00
|
|
|
}
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function checkPermission(options) {
|
2016-09-21 17:48:14 +03:00
|
|
|
return models.User.findOne({role: 'Owner', status: 'all'})
|
2018-07-23 15:38:40 +03:00
|
|
|
.then((owner) => {
|
2016-03-06 21:18:33 +03:00
|
|
|
if (owner.id !== options.context.user) {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.NoPermissionError({message: common.i18n.t('errors.api.authentication.notTheBlogOwner')});
|
2016-03-06 21:18:33 +03:00
|
|
|
}
|
2015-05-27 07:14:43 +03:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
return options.setupDetails;
|
|
|
|
});
|
|
|
|
}
|
2015-05-27 07:14:43 +03:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function formatResponse(user) {
|
|
|
|
return {users: [user]};
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
processArgs,
|
|
|
|
assertSetupCompleted(true),
|
|
|
|
checkPermission,
|
|
|
|
setupTasks,
|
|
|
|
formatResponse
|
|
|
|
];
|
|
|
|
|
|
|
|
return pipeline(tasks, setupDetails, localOptions);
|
2015-07-08 00:39:43 +03:00
|
|
|
},
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
/**
|
|
|
|
* Revokes a bearer token.
|
|
|
|
* @param {Object} tokenDetails
|
|
|
|
* @param {Object} options
|
|
|
|
* @return {Promise<Object>} an object containing the revoked token.
|
|
|
|
*/
|
2018-09-18 16:59:56 +03:00
|
|
|
revoke(tokenDetails, options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
let tasks;
|
|
|
|
const localOptions = cloneDeep(options || {});
|
2015-07-08 00:39:43 +03:00
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function processArgs(tokenDetails, options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
return assign({}, tokenDetails, options);
|
2015-07-08 00:39:43 +03:00
|
|
|
}
|
|
|
|
|
2016-03-06 21:18:33 +03:00
|
|
|
function revokeToken(options) {
|
2018-07-23 15:38:40 +03:00
|
|
|
const providers = [
|
2016-09-21 17:48:14 +03:00
|
|
|
models.Refreshtoken,
|
|
|
|
models.Accesstoken
|
2016-03-06 21:18:33 +03:00
|
|
|
],
|
|
|
|
response = {token: options.token};
|
|
|
|
|
|
|
|
function destroyToken(provider, options, providers) {
|
|
|
|
return provider.destroyByToken(options)
|
|
|
|
.return(response)
|
2018-07-23 15:38:40 +03:00
|
|
|
.catch(provider.NotFoundError, () => {
|
2016-03-06 21:18:33 +03:00
|
|
|
if (!providers.length) {
|
|
|
|
return {
|
|
|
|
token: tokenDetails.token,
|
2017-12-12 00:47:46 +03:00
|
|
|
error: common.i18n.t('errors.api.authentication.invalidTokenProvided')
|
2016-03-06 21:18:33 +03:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
return destroyToken(providers.pop(), options, providers);
|
|
|
|
})
|
2018-07-23 15:38:40 +03:00
|
|
|
.catch(() => {
|
2017-12-12 00:47:46 +03:00
|
|
|
throw new common.errors.TokenRevocationError({
|
|
|
|
message: common.i18n.t('errors.api.authentication.tokenRevocationFailed')
|
2016-10-06 15:27:35 +03:00
|
|
|
});
|
2016-03-06 21:18:33 +03:00
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
return destroyToken(providers.pop(), options, providers);
|
|
|
|
}
|
|
|
|
|
|
|
|
tasks = [
|
|
|
|
processArgs,
|
|
|
|
revokeToken
|
|
|
|
];
|
|
|
|
|
|
|
|
return pipeline(tasks, tokenDetails, localOptions);
|
2014-06-20 13:15:01 +04:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2014-07-19 00:40:47 +04:00
|
|
|
module.exports = authentication;
|