TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-23 19:02:29 +03:00
Code Issues Projects Releases Wiki Activity

Removed user object from magic links

Browse Source 
no-issue

This means magic link will rely solely on the `sub` claim for identifying the user
This commit is contained in:
Fabien O'Carroll 2019-10-11 11:27:35 +07:00
parent d248c909d9
commit 483654a4b6
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ghost/magic-link/index.js
View File

@ -83,18 +83,16 @@ function MagicLink(options) {
*
* @param {object} options
* @param {string} options.email - The email to send magic link to
* @param {object} options.user - The user object to associate with the magic link
* @param {object} options.subject - The subject to associate with the magic link (user id, or email)
* @param {string=} [options.type='signin'] - The type to be passed to the url and content generator functions
* @returns {Promise<{token: JSONWebToken, info: SentMessageInfo}>}
*/
MagicLink.prototype.sendMagicLink = async function sendMagicLink(options) {
const token = jwt.sign({
user: options.user
}, this.secret, {
const token = jwt.sign({}, this.secret, {
audience: '@tryghost/magic-link',
issuer: '@tryghost/magic-link',
algorithm: 'HS256',
subject: options.email,
subject: options.subject,
expiresIn: '10m'
});
@ -126,5 +124,5 @@ MagicLink.prototype.getUserFromToken = function getUserFromToken(token) {
algorithms: ['HS256'],
maxAge: '10m'
});
return claims.user;
return claims.sub;
};