diff --git a/core/server/auth/passport.js b/core/server/auth/passport.js index 3081e42c15..e86dabbe34 100644 --- a/core/server/auth/passport.js +++ b/core/server/auth/passport.js @@ -5,7 +5,6 @@ var ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy debug = require('debug')('ghost:auth'), Promise = require('bluebird'), authStrategies = require('./auth-strategies'), - utils = require('../utils'), errors = require('../errors'), logging = require('../logging'), models = require('../models'), @@ -16,13 +15,14 @@ var ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy _private.registerClient = function (options) { var ghostOAuth2Strategy = options.ghostOAuth2Strategy, - url = options.url; + clientName = options.clientName, + redirectUri = options.redirectUri; return models.Client.findOne({slug: 'ghost-auth'}, {context: {internal: true}}) .then(function fetchedClient(client) { // CASE: Ghost Auth client is already registered if (client) { - if (client.get('redirection_uri') === url) { + if (client.get('redirection_uri') === redirectUri) { return { client_id: client.get('uuid'), client_secret: client.get('secret') @@ -31,11 +31,11 @@ _private.registerClient = function (options) { debug('Update ghost client callback url...'); return ghostOAuth2Strategy.changeCallbackURL({ - callbackURL: utils.url.urlJoin(url, 'ghost', '/'), + callbackURL: redirectUri, clientId: client.get('uuid'), clientSecret: client.get('secret') }).then(function changedCallbackURL() { - client.set('redirection_uri', url); + client.set('redirection_uri', redirectUri); return client.save(null, {context: {internal: true}}); }).then(function updatedClient() { return { @@ -45,14 +45,14 @@ _private.registerClient = function (options) { }); } - return ghostOAuth2Strategy.registerClient({clientName: url}) + return ghostOAuth2Strategy.registerClient({clientName: clientName}) .then(function addClient(credentials) { return models.Client.add({ name: 'Ghost Auth', slug: 'ghost-auth', uuid: credentials.client_id, secret: credentials.client_secret, - redirection_uri: utils.url.urlJoin(url, 'ghost', '/') + redirection_uri: redirectUri }, {context: {internal: true}}); }) .then(function returnClient(client) { @@ -99,26 +99,31 @@ _private.startPublicClientRegistration = function startPublicClientRegistration( * - ghost: remote login at Ghost.org */ exports.init = function initPassport(options) { - var type = options.type, - url = options.url; + var authType = options.authType, + clientName = options.clientName, + ghostAuthUrl = options.ghostAuthUrl, + redirectUri = options.redirectUri, + blogUri = options.blogUri; return new Promise(function (resolve, reject) { passport.use(new ClientPasswordStrategy(authStrategies.clientPasswordStrategy)); passport.use(new BearerStrategy(authStrategies.bearerStrategy)); - if (type !== 'ghost') { + if (authType !== 'ghost') { return resolve({passport: passport.initialize()}); } var ghostOAuth2Strategy = new GhostOAuth2Strategy({ - callbackURL: utils.url.urlJoin(utils.url.getBaseUrl(), 'ghost', '/'), - url: url, + callbackURL: redirectUri, + blogUri: blogUri, + url: ghostAuthUrl, passReqToCallback: true }, authStrategies.ghostStrategy); _private.startPublicClientRegistration({ ghostOAuth2Strategy: ghostOAuth2Strategy, - url: utils.url.getBaseUrl() + clientName: clientName, + redirectUri: redirectUri }).then(function setClient(client) { debug('Public Client Registration was successful'); diff --git a/core/server/index.js b/core/server/index.js index fcb1dd7983..66dc865f7a 100644 --- a/core/server/index.js +++ b/core/server/index.js @@ -115,10 +115,16 @@ function init(options) { debug('Express Apps done'); - return auth.init(config.get('auth')) - .then(function (response) { - parentApp.use(response.auth); - }); + return auth.init({ + authType: config.get('auth:type'), + ghostAuthUrl: config.get('auth:url'), + redirectUri: utils.url.urlJoin(utils.url.getBaseUrl(), 'ghost', '/'), + blogUri: utils.url.urlJoin(utils.url.getBaseUrl(), '/'), + // @TODO: set blog title + clientName: utils.url.getBaseUrl() + }).then(function (response) { + parentApp.use(response.auth); + }); }).then(function () { debug('Auth done'); return new GhostServer(parentApp); diff --git a/core/test/unit/auth/passport_spec.js b/core/test/unit/auth/passport_spec.js index 4f570ad052..5f562d7fc0 100644 --- a/core/test/unit/auth/passport_spec.js +++ b/core/test/unit/auth/passport_spec.js @@ -15,8 +15,13 @@ should.equal(true, true); describe('Ghost Passport', function () { var client; - function FakeGhostOAuth2Strategy() { + function FakeGhostOAuth2Strategy(options) { this.name = 'FakeGhostOAuth2Strategy'; + + should.exist(options.blogUri); + should.exist(options.url); + should.exist(options.callbackURL); + options.passReqToCallback.should.eql(true); } before(function () { @@ -46,7 +51,7 @@ describe('Ghost Passport', function () { describe('auth_type: password', function () { it('initialise passport with passport auth type', function () { return GhostPassport.init({ - type: 'passport' + authType: 'passport' }).then(function (response) { should.exist(response.passport); passport.use.callCount.should.eql(2); @@ -67,7 +72,10 @@ describe('Ghost Passport', function () { })); return GhostPassport.init({ - type: 'ghost' + authType: 'ghost', + blogUri: 'http://my-blog.com', + ghostAuthUrl: 'http://devauth.ghost.org', + redirectUri: utils.url.getBaseUrl() }).then(function (response) { should.exist(response.passport); passport.use.callCount.should.eql(3); @@ -86,7 +94,10 @@ describe('Ghost Passport', function () { })); return GhostPassport.init({ - type: 'ghost' + authType: 'ghost', + blogUri: 'http://my-blog.com', + ghostAuthUrl: 'http://devauth.ghost.org', + redirectUri: utils.url.getBaseUrl() }).then(function (response) { should.exist(response.passport); passport.use.callCount.should.eql(3); @@ -103,7 +114,10 @@ describe('Ghost Passport', function () { client = null; return GhostPassport.init({ - type: 'ghost' + authType: 'ghost', + blogUri: 'http://my-blog.com', + ghostAuthUrl: 'http://devauth.ghost.org', + redirectUri: utils.url.getBaseUrl() }).then(function (response) { should.exist(response.passport); passport.use.callCount.should.eql(3); @@ -121,7 +135,10 @@ describe('Ghost Passport', function () { FakeGhostOAuth2Strategy.prototype.registerClient.returns(Promise.reject(new Error('cannot connect to ghost.org'))); return GhostPassport.init({ - type: 'ghost' + authType: 'ghost', + blogUri: 'http://my-blog.com', + ghostAuthUrl: 'http://devauth.ghost.org', + redirectUri: utils.url.getBaseUrl() }).catch(function (err) { (err instanceof errors.IncorrectUsageError).should.eql(true); FakeGhostOAuth2Strategy.prototype.registerClient.callCount.should.eql(12); diff --git a/package.json b/package.json index 903bf15381..b9e6878acb 100644 --- a/package.json +++ b/package.json @@ -68,7 +68,7 @@ "nodemailer": "0.7.1", "oauth2orize": "1.5.1", "passport": "0.3.2", - "passport-ghost": "1.0.3", + "passport-ghost": "1.1.0", "passport-http-bearer": "1.0.1", "passport-oauth2-client-password": "0.1.2", "path-match": "1.2.4",