TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-07 11:30:55 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6046 from ErisDS/client-enabled

Browse Source 
Check client is enabled before auth
This commit is contained in:
Sebastian Gierlinger 2015-11-05 10:36:50 +01:00
commit c354551179
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/server/middleware/auth-strategies.js
View File

@ -17,7 +17,7 @@ strategies = {
.then(function then(model) { .then(function then(model) {
if (model) { if (model) {
var client = model.toJSON({include: ['trustedDomains']}); var client = model.toJSON({include: ['trustedDomains']});
if (client.secret === clientSecret) { if (client.status === 'enabled' && client.secret === clientSecret) {
return done(null, client); return done(null, client);
} }
} }

18
core/test/unit/middleware/auth-strategies_spec.js
View File

@ -12,7 +12,8 @@ var should = require('should'),
fakeClient = { fakeClient = {
slug: 'ghost-admin', slug: 'ghost-admin',
secret: 'not_available' secret: 'not_available',
status: 'enabled'
}, },
fakeValidToken = { fakeValidToken = {
@ -96,6 +97,21 @@ describe('Auth Strategies', function () {
done(); done();
}).catch(done); }).catch(done);
}); });
it('shouldn\'t auth client that is disabled', function (done) {
var clientId = 'ghost-admin',
clientSecret = 'not_available';
fakeClient.status = 'disabled';
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
clientStub.calledOnce.should.be.true;
clientStub.calledWith({slug: clientId}).should.be.true;
next.called.should.be.true;
next.calledWith(null, false).should.be.true;
done();
}).catch(done);
});
}); });
describe('Bearer Strategy', function () { describe('Bearer Strategy', function () {