mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-26 20:34:02 +03:00
refresh access token on app boot (#524)
refs https://github.com/TryGhost/Ghost/issues/5202 - refresh the access token after a successful authenticated application boot so that the session lifetime is continually extended
This commit is contained in:
parent
a8a7e98150
commit
dab87f9739
@ -42,6 +42,16 @@ export default Route.extend(ApplicationRouteMixin, ShortcutsRoute, {
|
||||
transition.send('loadServerNotifications');
|
||||
transition.send('checkForOutdatedDesktopApp');
|
||||
|
||||
// trigger a background refresh of the access token to enable
|
||||
// "infinite" sessions. We also trigger a logout if the refresh
|
||||
// token is invalid to prevent attackers with only the access token
|
||||
// from loading the admin
|
||||
let session = this.get('session.session');
|
||||
let authenticator = session._lookupAuthenticator(session.authenticator);
|
||||
if (authenticator && authenticator.onOnline) {
|
||||
authenticator.onOnline();
|
||||
}
|
||||
|
||||
// return the feature loading promise so that we block until settings
|
||||
// are loaded in order for synchronous access everywhere
|
||||
return this.get('feature').fetch();
|
||||
|
@ -14,6 +14,7 @@ import {authenticateSession, invalidateSession} from 'ghost-admin/tests/helpers/
|
||||
import {Response} from 'ember-cli-mirage';
|
||||
import windowProxy from 'ghost-admin/utils/window-proxy';
|
||||
import ghostPaths from 'ghost-admin/utils/ghost-paths';
|
||||
import OAuth2Authenticator from 'ghost-admin/authenticators/oauth2';
|
||||
|
||||
const Ghost = ghostPaths();
|
||||
|
||||
@ -29,6 +30,41 @@ describe('Acceptance: Authentication', function () {
|
||||
destroyApp(application);
|
||||
});
|
||||
|
||||
describe('token handling', function () {
|
||||
beforeEach(function () {
|
||||
// replace the default test authenticator with our own authenticator
|
||||
application.register('authenticator:test', OAuth2Authenticator);
|
||||
|
||||
let role = server.create('role', {name: 'Administrator'});
|
||||
server.create('user', {roles: [role], slug: 'test-user'});
|
||||
});
|
||||
|
||||
it('refreshes app tokens on boot', function () {
|
||||
/* eslint-disable camelcase */
|
||||
authenticateSession(application, {
|
||||
access_token: 'testAccessToken',
|
||||
refresh_token: 'refreshAccessToken'
|
||||
});
|
||||
/* eslint-enable camelcase */
|
||||
|
||||
visit('/');
|
||||
|
||||
andThen(() => {
|
||||
let requests = server.pretender.handledRequests;
|
||||
let refreshRequest = requests.findBy('url', '/ghost/api/v0.1/authentication/token');
|
||||
|
||||
expect(refreshRequest).to.exist;
|
||||
expect(refreshRequest.method, 'method').to.equal('POST');
|
||||
|
||||
let requestBody = $.deparam(refreshRequest.requestBody);
|
||||
expect(requestBody.grant_type, 'grant_type').to.equal('password');
|
||||
expect(requestBody.username.access_token, 'access_token').to.equal('testAccessToken');
|
||||
expect(requestBody.username.refresh_token, 'refresh_token').to.equal('refreshAccessToken');
|
||||
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('general page', function () {
|
||||
beforeEach(function () {
|
||||
originalReplaceLocation = windowProxy.replaceLocation;
|
||||
|
Loading…
Reference in New Issue
Block a user