mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-03 16:38:22 +03:00
parent
e0f31c67ba
commit
2a6e9aac55
28
core/server/services/auth/members/index.js
Normal file
28
core/server/services/auth/members/index.js
Normal file
@ -0,0 +1,28 @@
|
||||
const jwt = require('jsonwebtoken');
|
||||
const common = require('../../../lib/common');
|
||||
|
||||
const authenticateMembersToken = (req, res, next) => {
|
||||
if (!req.get('authorization')) {
|
||||
return next();
|
||||
}
|
||||
|
||||
const [scheme, credentials] = req.get('authorization').split(/\s+/);
|
||||
|
||||
if (scheme !== 'GhostMembers') {
|
||||
return next();
|
||||
}
|
||||
|
||||
return jwt.verify(credentials, null, {
|
||||
algorithms: ['none']
|
||||
}, function (err, claims) {
|
||||
if (err) {
|
||||
return next(new common.errors.UnauthorizedError({err}));
|
||||
}
|
||||
req.member = claims;
|
||||
return next();
|
||||
});
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
authenticateMembersToken
|
||||
};
|
67
core/test/unit/services/auth/members/index_spec.js
Normal file
67
core/test/unit/services/auth/members/index_spec.js
Normal file
@ -0,0 +1,67 @@
|
||||
const jwt = require('jsonwebtoken');
|
||||
const should = require('should');
|
||||
const {UnauthorizedError} = require('../../../../../server/lib/common/errors');
|
||||
const members = require('../../../../../server/services/auth/members');
|
||||
|
||||
describe('Auth Service - Members', function () {
|
||||
it('exports an authenticateMembersToken method', function () {
|
||||
const actual = typeof members.authenticateMembersToken;
|
||||
const expected = 'function';
|
||||
should.equal(actual, expected);
|
||||
});
|
||||
|
||||
describe('authenticateMembersToken', function () {
|
||||
it('calls next without an error if there is no authorization header', function () {
|
||||
members.authenticateMembersToken({
|
||||
get() { return null; }
|
||||
}, {}, function next(err) {
|
||||
const actual = err;
|
||||
const expected = undefined;
|
||||
|
||||
should.equal(actual, expected);
|
||||
});
|
||||
});
|
||||
|
||||
it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
|
||||
members.authenticateMembersToken({
|
||||
get() { return 'DodgyScheme credscredscreds'; }
|
||||
}, {}, function next(err) {
|
||||
const actual = err;
|
||||
const expected = undefined;
|
||||
|
||||
should.equal(actual, expected);
|
||||
});
|
||||
});
|
||||
describe('attempts to verify the credentials as a JWT, allowing the "NONE" algorithm', function () {
|
||||
it('calls next with an UnauthorizedError if the verification fails', function () {
|
||||
members.authenticateMembersToken({
|
||||
get() { return 'GhostMembers notafuckentoken'; }
|
||||
}, {}, function next(err) {
|
||||
const actual = err instanceof UnauthorizedError;
|
||||
const expected = true;
|
||||
|
||||
should.equal(actual, expected);
|
||||
});
|
||||
});
|
||||
it('calls next without an error after attaching the JWT claims to req.member if the verification suceeds', function () {
|
||||
const claims = {
|
||||
rumpel: 'stiltskin'
|
||||
};
|
||||
const token = jwt.sign(claims, null, {
|
||||
algorithm: 'none'
|
||||
});
|
||||
const req = {
|
||||
get() { return `GhostMembers ${token}`; }
|
||||
};
|
||||
members.authenticateMembersToken(req, {}, function next(err) {
|
||||
should.equal(err, undefined);
|
||||
|
||||
const actual = req.member.rumpel;
|
||||
const expected = claims.rumpel;
|
||||
|
||||
should.deepEqual(actual, expected);
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
Loading…
Reference in New Issue
Block a user