mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-23 11:55:01 +03:00
1d121c52f4
refs 92986b77e3
- I thought we did this a while ago, but uses in comments and elsewhere in the codebase were missed
1059 lines
39 KiB
JavaScript
1059 lines
39 KiB
JavaScript
const _ = require('lodash');
|
|
const Promise = require('bluebird');
|
|
const validator = require('@tryghost/validator');
|
|
const ObjectId = require('bson-objectid');
|
|
const ghostBookshelf = require('./base');
|
|
const baseUtils = require('./base/utils');
|
|
const limitService = require('../services/limits');
|
|
const tpl = require('@tryghost/tpl');
|
|
const errors = require('@tryghost/errors');
|
|
const security = require('@tryghost/security');
|
|
const {pipeline} = require('@tryghost/promise');
|
|
const validatePassword = require('../lib/validate-password');
|
|
const permissions = require('../services/permissions');
|
|
const urlUtils = require('../../shared/url-utils');
|
|
const activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'];
|
|
|
|
const messages = {
|
|
valueCannotBeBlank: 'Value in [{tableName}.{columnKey}] cannot be blank.',
|
|
onlyOneRolePerUserSupported: 'Only one role per user is supported at the moment.',
|
|
methodDoesNotSupportOwnerRole: 'This method does not support assigning the owner role',
|
|
userNotFound: 'User not found',
|
|
ownerNotFound: 'Owner not found',
|
|
notEnoughPermission: 'You do not have permission to perform this action',
|
|
cannotChangeStatus: 'You cannot change your own status.',
|
|
cannotChangeOwnRole: 'You cannot change your own role.',
|
|
cannotChangeOwnersRole: 'Cannot change Owner\'s role',
|
|
noUserWithEnteredEmailAddr: 'There is no user with that email address.',
|
|
accountSuspended: 'Your account was suspended.',
|
|
passwordRequiredForOperation: 'Password is required for this operation',
|
|
incorrectPassword: 'Your password is incorrect.',
|
|
onlyOwnerCanTransferOwnerRole: 'Only owners are able to transfer the owner role.',
|
|
onlyAdmCanBeAssignedOwnerRole: 'Only administrators can be assigned the owner role.',
|
|
onlyActiveAdmCanBeAssignedOwnerRole: 'Only active administrators can be assigned the owner role.',
|
|
userUpdateError: {
|
|
emailIsAlreadyInUse: 'Email is already in use',
|
|
help: 'Visit and save your profile after logging in to check for problems.'
|
|
}
|
|
};
|
|
|
|
/**
|
|
* inactive: owner user before blog setup, suspended users
|
|
* locked user: imported users, they get a random password
|
|
*/
|
|
const inactiveStates = ['inactive', 'locked'];
|
|
|
|
const allStates = activeStates.concat(inactiveStates);
|
|
let User;
|
|
let Users;
|
|
|
|
User = ghostBookshelf.Model.extend({
|
|
|
|
tableName: 'users',
|
|
|
|
defaults: function defaults() {
|
|
return {
|
|
password: security.identifier.uid(50),
|
|
visibility: 'public',
|
|
status: 'active'
|
|
};
|
|
},
|
|
|
|
format(options) {
|
|
if (!_.isEmpty(options.website) &&
|
|
!validator.isURL(options.website, {
|
|
require_protocol: true,
|
|
protocols: ['http', 'https']
|
|
})) {
|
|
options.website = 'http://' + options.website;
|
|
}
|
|
|
|
const attrs = ghostBookshelf.Model.prototype.format.call(this, options);
|
|
|
|
['profile_image', 'cover_image'].forEach((attr) => {
|
|
if (attrs[attr]) {
|
|
attrs[attr] = urlUtils.toTransformReady(attrs[attr]);
|
|
}
|
|
});
|
|
|
|
return attrs;
|
|
},
|
|
|
|
parse() {
|
|
const attrs = ghostBookshelf.Model.prototype.parse.apply(this, arguments);
|
|
|
|
['profile_image', 'cover_image'].forEach((attr) => {
|
|
if (attrs[attr]) {
|
|
attrs[attr] = urlUtils.transformReadyToAbsolute(attrs[attr]);
|
|
}
|
|
});
|
|
|
|
return attrs;
|
|
},
|
|
|
|
emitChange: function emitChange(event, options) {
|
|
const eventToTrigger = 'user' + '.' + event;
|
|
ghostBookshelf.Model.prototype.emitChange.bind(this)(this, eventToTrigger, options);
|
|
},
|
|
|
|
/**
|
|
* @TODO:
|
|
*
|
|
* The user model does not use bookshelf-relations yet.
|
|
* Therefore we have to remove the relations manually.
|
|
*/
|
|
onDestroying(model, options) {
|
|
ghostBookshelf.Model.prototype.onDestroying.apply(this, arguments);
|
|
|
|
return (options.transacting || ghostBookshelf.knex)('roles_users')
|
|
.where('user_id', model.id)
|
|
.del();
|
|
},
|
|
|
|
onDestroyed: function onDestroyed(model, options) {
|
|
ghostBookshelf.Model.prototype.onDestroyed.apply(this, arguments);
|
|
|
|
if (_.includes(activeStates, model.previous('status'))) {
|
|
model.emitChange('deactivated', options);
|
|
}
|
|
|
|
model.emitChange('deleted', options);
|
|
},
|
|
|
|
onCreated: function onCreated(model, options) {
|
|
ghostBookshelf.Model.prototype.onCreated.apply(this, arguments);
|
|
|
|
model.emitChange('added', options);
|
|
|
|
// active is the default state, so if status isn't provided, this will be an active user
|
|
if (!model.get('status') || _.includes(activeStates, model.get('status'))) {
|
|
model.emitChange('activated', options);
|
|
}
|
|
},
|
|
|
|
onUpdated: function onUpdated(model, options) {
|
|
ghostBookshelf.Model.prototype.onUpdated.apply(this, arguments);
|
|
|
|
model.statusChanging = model.get('status') !== model.previous('status');
|
|
model.isActive = _.includes(activeStates, model.get('status'));
|
|
|
|
if (model.statusChanging) {
|
|
model.emitChange(model.isActive ? 'activated' : 'deactivated', options);
|
|
} else {
|
|
if (model.isActive) {
|
|
model.emitChange('activated.edited', options);
|
|
}
|
|
}
|
|
|
|
model.emitChange('edited', options);
|
|
},
|
|
|
|
isActive: function isActive() {
|
|
return activeStates.indexOf(this.get('status')) !== -1;
|
|
},
|
|
|
|
isLocked: function isLocked() {
|
|
return this.get('status') === 'locked';
|
|
},
|
|
|
|
isInactive: function isInactive() {
|
|
return this.get('status') === 'inactive';
|
|
},
|
|
|
|
/**
|
|
* Lookup Gravatar if email changes to update image url
|
|
* Generating a slug requires a db call to look for conflicting slugs
|
|
*/
|
|
onSaving: function onSaving(newPage, attr, options) {
|
|
const self = this;
|
|
const tasks = [];
|
|
let passwordValidation = {};
|
|
|
|
ghostBookshelf.Model.prototype.onSaving.apply(this, arguments);
|
|
|
|
/**
|
|
* Bookshelf call order:
|
|
* - onSaving
|
|
* - onValidate (validates the model against the schema)
|
|
*
|
|
* Before we can generate a slug, we have to ensure that the name is not blank.
|
|
*/
|
|
if (!this.get('name')) {
|
|
throw new errors.ValidationError({
|
|
message: tpl(messages.valueCannotBeBlank, {
|
|
tableName: this.tableName,
|
|
columnKey: 'name'
|
|
})
|
|
});
|
|
}
|
|
|
|
// If the user's email is set & has changed & we are not importing
|
|
if (self.hasChanged('email') && self.get('email') && !options.importing) {
|
|
tasks.gravatar = (function lookUpGravatar() {
|
|
const {gravatar} = require('../lib/image');
|
|
|
|
return gravatar.lookup({
|
|
email: self.get('email')
|
|
}).then(function (response) {
|
|
if (response && response.image) {
|
|
self.set('profile_image', response.image);
|
|
}
|
|
});
|
|
})();
|
|
}
|
|
|
|
if (this.hasChanged('slug') || !this.get('slug')) {
|
|
tasks.slug = (function generateSlug() {
|
|
return ghostBookshelf.Model.generateSlug(
|
|
User,
|
|
self.get('slug') || self.get('name'),
|
|
{
|
|
status: 'all',
|
|
transacting: options.transacting,
|
|
shortSlug: !self.get('slug')
|
|
})
|
|
.then(function then(slug) {
|
|
self.set({slug: slug});
|
|
});
|
|
})();
|
|
}
|
|
|
|
/**
|
|
* CASE: add model, hash password
|
|
* CASE: update model, hash password
|
|
*
|
|
* Important:
|
|
* - Password hashing happens when we import a database
|
|
* - we do some pre-validation checks, because onValidate is called AFTER onSaving
|
|
* - when importing, we set the password to a random uid and don't validate, just hash it and lock the user
|
|
* - when importing with `importPersistUser` we check if the password is a bcrypt hash already and fall back to
|
|
* normal behaviour if not (set random password, lock user, and hash password)
|
|
* - no validations should run, when importing
|
|
*/
|
|
if (self.hasChanged('password')) {
|
|
this.set('password', String(this.get('password')));
|
|
|
|
// CASE: import with `importPersistUser` should always be an bcrypt password already,
|
|
// and won't re-hash or overwrite it.
|
|
// In case the password is not bcrypt hashed we fall back to the standard behaviour.
|
|
if (options.importPersistUser && this.get('password').match(/^\$2[ayb]\$.{56}$/i)) {
|
|
return;
|
|
}
|
|
|
|
if (options.importing) {
|
|
// always set password to a random uid when importing
|
|
this.set('password', security.identifier.uid(50));
|
|
|
|
// lock users so they have to follow the password reset flow
|
|
if (this.get('status') !== 'inactive') {
|
|
this.set('status', 'locked');
|
|
}
|
|
} else {
|
|
// CASE: we're not importing data, validate the data
|
|
passwordValidation = validatePassword(this.get('password'), this.get('email'));
|
|
|
|
if (!passwordValidation.isValid) {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: passwordValidation.message
|
|
}));
|
|
}
|
|
}
|
|
|
|
tasks.hashPassword = (function hashPassword() {
|
|
return security.password.hash(self.get('password'))
|
|
.then(function (hash) {
|
|
self.set('password', hash);
|
|
});
|
|
})();
|
|
}
|
|
|
|
return Promise.props(tasks);
|
|
},
|
|
|
|
toJSON: function toJSON(unfilteredOptions) {
|
|
const options = User.filterOptions(unfilteredOptions, 'toJSON');
|
|
const attrs = ghostBookshelf.Model.prototype.toJSON.call(this, options);
|
|
|
|
// remove password hash for security reasons
|
|
delete attrs.password;
|
|
|
|
return attrs;
|
|
},
|
|
|
|
posts: function posts() {
|
|
return this.hasMany('Posts', 'created_by');
|
|
},
|
|
|
|
sessions: function sessions() {
|
|
return this.hasMany('Session');
|
|
},
|
|
|
|
roles: function roles() {
|
|
return this.belongsToMany('Role');
|
|
},
|
|
|
|
permissions: function permissionsFn() {
|
|
return this.belongsToMany('Permission');
|
|
},
|
|
|
|
apiKeys() {
|
|
return this.hasMany('ApiKey', 'user_id');
|
|
},
|
|
|
|
hasRole: function hasRole(roleName) {
|
|
const roles = this.related('roles');
|
|
|
|
return roles.some(function getRole(role) {
|
|
return role.get('name') === roleName;
|
|
});
|
|
},
|
|
|
|
updateLastSeen: function updateLastSeen() {
|
|
this.set({last_seen: new Date()});
|
|
return this.save();
|
|
},
|
|
|
|
enforcedFilters: function enforcedFilters(options) {
|
|
if (options.context && options.context.internal) {
|
|
return null;
|
|
}
|
|
|
|
return options.context && options.context.public ? 'status:[' + allStates.join(',') + ']' : null;
|
|
},
|
|
|
|
defaultFilters: function defaultFilters(options) {
|
|
if (options.context && options.context.internal) {
|
|
return null;
|
|
}
|
|
|
|
return options.context && options.context.public ? null : 'status:[' + allStates.join(',') + ']';
|
|
},
|
|
|
|
/**
|
|
* You can pass an extra `status=VALUES` field.
|
|
* Long-Term: We should deprecate these short cuts and force users to use the filter param.
|
|
*/
|
|
extraFilters: function extraFilters(options) {
|
|
if (!options.status) {
|
|
return null;
|
|
}
|
|
|
|
let filter = null;
|
|
|
|
// CASE: Check if the incoming status value is valid, otherwise fallback to "active"
|
|
if (options.status !== 'all') {
|
|
options.status = allStates.indexOf(options.status) > -1 ? options.status : 'active';
|
|
}
|
|
|
|
if (options.status === 'active') {
|
|
filter = `status:[${activeStates}]`;
|
|
} else if (options.status === 'all') {
|
|
filter = `status:[${allStates}]`;
|
|
} else {
|
|
filter = `status:${options.status}`;
|
|
}
|
|
|
|
delete options.status;
|
|
|
|
return filter;
|
|
},
|
|
|
|
getAction(event, options) {
|
|
const actor = this.getActor(options);
|
|
|
|
// @NOTE: we ignore internal updates (`options.context.internal`) for now
|
|
if (!actor) {
|
|
return;
|
|
}
|
|
|
|
// @TODO: implement context
|
|
return {
|
|
event: event,
|
|
resource_id: this.id || this.previous('id'),
|
|
resource_type: 'user',
|
|
actor_id: actor.id,
|
|
actor_type: actor.type
|
|
};
|
|
}
|
|
}, {
|
|
orderDefaultOptions: function orderDefaultOptions() {
|
|
return {
|
|
last_seen: 'DESC',
|
|
name: 'ASC',
|
|
created_at: 'DESC'
|
|
};
|
|
},
|
|
|
|
/**
|
|
* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
|
|
* @param {String} methodName The name of the method to check valid options for.
|
|
* @return {Array} Keys allowed in the `options` hash of the model's method.
|
|
*/
|
|
permittedOptions: function permittedOptions(methodName, options) {
|
|
let permittedOptionsToReturn = ghostBookshelf.Model.permittedOptions.call(this, methodName);
|
|
|
|
// allowlists for the `options` hash argument on methods, by method name.
|
|
// these are the only options that can be passed to Bookshelf / Knex.
|
|
const validOptions = {
|
|
findOne: ['withRelated', 'status'],
|
|
setup: ['id'],
|
|
edit: ['withRelated', 'importPersistUser'],
|
|
add: ['importPersistUser'],
|
|
findPage: ['status'],
|
|
findAll: ['filter']
|
|
};
|
|
|
|
if (validOptions[methodName]) {
|
|
permittedOptionsToReturn = permittedOptionsToReturn.concat(validOptions[methodName]);
|
|
}
|
|
|
|
// CASE: The `withRelated` parameter is allowed when using the public API, but not the `roles` value.
|
|
// Otherwise we expose too much information.
|
|
// @TODO: the target controller should define the allowed includes, but not the model layer O_O (https://github.com/TryGhost/Ghost/issues/10106)
|
|
if (options && options.context && options.context.public) {
|
|
if (options.withRelated && options.withRelated.indexOf('roles') !== -1) {
|
|
options.withRelated.splice(options.withRelated.indexOf('roles'), 1);
|
|
}
|
|
}
|
|
|
|
return permittedOptionsToReturn;
|
|
},
|
|
|
|
/**
|
|
* ### Find One
|
|
*
|
|
* We have to clone the data, because we remove values from this object.
|
|
* This is not expected from outside!
|
|
*
|
|
* @TODO: use base class
|
|
*
|
|
* @extends ghostBookshelf.Model.findOne to include roles
|
|
* **See:** [ghostBookshelf.Model.findOne](base.js.html#Find%20One)
|
|
*/
|
|
findOne: function findOne(dataToClone, unfilteredOptions) {
|
|
const options = this.filterOptions(unfilteredOptions, 'findOne');
|
|
let query;
|
|
let status;
|
|
let data = _.cloneDeep(dataToClone);
|
|
const lookupRole = data.role;
|
|
|
|
// Ensure only valid fields/columns are added to query
|
|
if (options.columns) {
|
|
options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
|
|
}
|
|
|
|
delete data.role;
|
|
data = _.defaults(data || {}, {
|
|
status: 'all'
|
|
});
|
|
|
|
status = data.status;
|
|
delete data.status;
|
|
|
|
data = this.filterData(data);
|
|
|
|
// Support finding by role
|
|
if (lookupRole) {
|
|
options.withRelated = _.union(options.withRelated, ['roles']);
|
|
query = this.forge(data);
|
|
|
|
query.query('join', 'roles_users', 'users.id', '=', 'roles_users.user_id');
|
|
query.query('join', 'roles', 'roles_users.role_id', '=', 'roles.id');
|
|
query.query('where', 'roles.name', '=', lookupRole);
|
|
} else {
|
|
query = this.forge(data);
|
|
}
|
|
|
|
if (status === 'active') {
|
|
query.query('whereIn', 'status', activeStates);
|
|
} else if (status !== 'all') {
|
|
query.query('where', {status: status});
|
|
}
|
|
|
|
return query.fetch(options);
|
|
},
|
|
|
|
/**
|
|
* ### Edit
|
|
*
|
|
* Note: In case of login the last_seen attribute gets updated.
|
|
*
|
|
* @extends ghostBookshelf.Model.edit to handle returning the full object
|
|
* **See:** [ghostBookshelf.Model.edit](base.js.html#edit)
|
|
*/
|
|
edit: function edit(data, unfilteredOptions) {
|
|
const options = this.filterOptions(unfilteredOptions, 'edit');
|
|
const self = this;
|
|
const ops = [];
|
|
|
|
if (data.roles && data.roles.length > 1) {
|
|
return Promise.reject(
|
|
new errors.ValidationError({
|
|
message: tpl(messages.onlyOneRolePerUserSupported)
|
|
})
|
|
);
|
|
}
|
|
|
|
if (data.email) {
|
|
ops.push(function checkForDuplicateEmail() {
|
|
return self.getByEmail(data.email, options).then(function then(user) {
|
|
if (user && user.id !== options.id) {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: tpl(messages.userUpdateError.emailIsAlreadyInUse)
|
|
}));
|
|
}
|
|
});
|
|
});
|
|
}
|
|
|
|
ops.push(function update() {
|
|
return ghostBookshelf.Model.edit.call(self, data, options).then((user) => {
|
|
let roleId;
|
|
|
|
if (!data.roles || !data.roles.length) {
|
|
return user;
|
|
}
|
|
|
|
roleId = data.roles[0].id || data.roles[0];
|
|
|
|
return user.roles().fetch().then((roles) => {
|
|
// return if the role is already assigned
|
|
if (roles.models[0].id === roleId) {
|
|
return;
|
|
}
|
|
return ghostBookshelf.model('Role').findOne({id: roleId});
|
|
}).then((roleToAssign) => {
|
|
if (roleToAssign && roleToAssign.get('name') === 'Owner') {
|
|
return Promise.reject(
|
|
new errors.ValidationError({
|
|
message: tpl(messages.methodDoesNotSupportOwnerRole)
|
|
})
|
|
);
|
|
} else {
|
|
// assign all other roles
|
|
return user.roles().updatePivot({role_id: roleId});
|
|
}
|
|
}).then(() => {
|
|
options.status = 'all';
|
|
return self.findOne({id: user.id}, options);
|
|
}).then((model) => {
|
|
model._changed = user._changed;
|
|
return model;
|
|
});
|
|
});
|
|
});
|
|
|
|
return pipeline(ops);
|
|
},
|
|
|
|
/**
|
|
* ## Add
|
|
* Naive user add
|
|
* Hashes the password provided before saving to the database.
|
|
*
|
|
* We have to clone the data, because we remove values from this object.
|
|
* This is not expected from outside!
|
|
*
|
|
* @param {object} dataToClone
|
|
* @param {object} unfilteredOptions
|
|
* @extends ghostBookshelf.Model.add to manage all aspects of user signup
|
|
* **See:** [ghostBookshelf.Model.add](base.js.html#Add)
|
|
*/
|
|
add: function add(dataToClone, unfilteredOptions) {
|
|
const options = this.filterOptions(unfilteredOptions, 'add');
|
|
const self = this;
|
|
const data = _.cloneDeep(dataToClone);
|
|
let userData = this.filterData(data);
|
|
let roles;
|
|
|
|
// check for too many roles
|
|
if (data.roles && data.roles.length > 1) {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: tpl(messages.onlyOneRolePerUserSupported)
|
|
}));
|
|
}
|
|
|
|
function getAuthorRole() {
|
|
return ghostBookshelf.model('Role').findOne({name: 'Author'}, _.pick(options, 'transacting'))
|
|
.then(function then(authorRole) {
|
|
return [authorRole.get('id')];
|
|
});
|
|
}
|
|
|
|
/**
|
|
* We need this default author role because of the following Ghost feature:
|
|
* You setup your blog and you can invite people instantly, but without choosing a role.
|
|
* roles: [] -> no default role (used for owner creation, see fixtures.json)
|
|
* roles: undefined -> default role
|
|
*/
|
|
roles = data.roles;
|
|
delete data.roles;
|
|
|
|
return ghostBookshelf.Model.add.call(self, userData, options)
|
|
.then(function then(addedUser) {
|
|
// Assign the userData to our created user so we can pass it back
|
|
userData = addedUser;
|
|
})
|
|
.then(function () {
|
|
if (!roles) {
|
|
return getAuthorRole();
|
|
}
|
|
|
|
return Promise.resolve(roles);
|
|
})
|
|
.then(function (_roles) {
|
|
roles = _roles;
|
|
|
|
// CASE: it is possible to add roles by name, by id or by object
|
|
if (_.isString(roles[0]) && !ObjectId.isValid(roles[0])) {
|
|
return Promise.map(roles, function (roleName) {
|
|
return ghostBookshelf.model('Role').findOne({
|
|
name: roleName
|
|
}, options);
|
|
}).then(function (roleModels) {
|
|
roles = [];
|
|
|
|
_.each(roleModels, function (roleModel) {
|
|
roles.push(roleModel.id);
|
|
});
|
|
});
|
|
}
|
|
|
|
return Promise.resolve();
|
|
})
|
|
.then(function () {
|
|
return baseUtils.attach(User, userData.id, 'roles', roles, options);
|
|
})
|
|
.then(function then() {
|
|
// find and return the added user
|
|
return self.findOne({id: userData.id, status: 'all'}, options);
|
|
});
|
|
},
|
|
|
|
destroy: function destroy(unfilteredOptions) {
|
|
const options = this.filterOptions(unfilteredOptions, 'destroy', {extraAllowedProperties: ['id']});
|
|
|
|
const destroyUser = () => {
|
|
return ghostBookshelf.Model.destroy.call(this, options);
|
|
};
|
|
|
|
if (!options.transacting) {
|
|
return ghostBookshelf.transaction((transacting) => {
|
|
options.transacting = transacting;
|
|
return destroyUser();
|
|
});
|
|
}
|
|
|
|
return destroyUser();
|
|
},
|
|
|
|
/**
|
|
* We override the owner!
|
|
* Owner already has a slug -> force setting a new one by setting slug to null
|
|
* @TODO: kill setup function?
|
|
*/
|
|
setup: function setup(data, unfilteredOptions) {
|
|
const options = this.filterOptions(unfilteredOptions, 'setup');
|
|
const self = this;
|
|
const userData = this.filterData(data);
|
|
let passwordValidation = {};
|
|
|
|
passwordValidation = validatePassword(userData.password, userData.email, data.blogTitle);
|
|
|
|
if (!passwordValidation.isValid) {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: passwordValidation.message
|
|
}));
|
|
}
|
|
|
|
userData.slug = null;
|
|
return self.edit(userData, options);
|
|
},
|
|
|
|
/**
|
|
* Right now the setup of the blog depends on the user status.
|
|
* Only if the owner user is `inactive`, then the blog is not setup.
|
|
* e.g. if you transfer ownership to a locked user, you blog is still setup.
|
|
*
|
|
* @TODO: Rename `inactive` status to something else, it's confusing. e.g. requires-setup
|
|
* @TODO: Depending on the user status results in https://github.com/TryGhost/Ghost/issues/8003
|
|
*/
|
|
isSetup: function isSetup(options) {
|
|
return this.getOwnerUser(options)
|
|
.then(function (owner) {
|
|
return owner.get('status') !== 'inactive';
|
|
});
|
|
},
|
|
|
|
getOwnerUser: function getOwnerUser(options) {
|
|
options = options || {};
|
|
|
|
return this.findOne({
|
|
role: 'Owner',
|
|
status: 'all'
|
|
}, options).then(function (owner) {
|
|
if (!owner) {
|
|
return Promise.reject(new errors.NotFoundError({
|
|
message: tpl(messages.ownerNotFound)
|
|
}));
|
|
}
|
|
|
|
return owner;
|
|
});
|
|
},
|
|
|
|
permissible: async function permissible(userModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {
|
|
const self = this;
|
|
const userModel = userModelOrId;
|
|
let origArgs;
|
|
|
|
// If we passed in a model without its related roles, we need to fetch it again
|
|
if (_.isObject(userModelOrId) && !_.isObject(userModelOrId.related('roles'))) {
|
|
userModelOrId = userModelOrId.id;
|
|
}
|
|
// If we passed in an id instead of a model get the model first
|
|
if (_.isNumber(userModelOrId) || _.isString(userModelOrId)) {
|
|
// Grab the original args without the first one
|
|
origArgs = _.toArray(arguments).slice(1);
|
|
|
|
// Get the actual user model
|
|
return this.findOne({
|
|
id: userModelOrId,
|
|
status: 'all'
|
|
}, {withRelated: ['roles']}).then(function then(foundUserModel) {
|
|
if (!foundUserModel) {
|
|
throw new errors.NotFoundError({
|
|
message: tpl(messages.userNotFound)
|
|
});
|
|
}
|
|
|
|
// Build up the original args but substitute with actual model
|
|
const newArgs = [foundUserModel].concat(origArgs);
|
|
|
|
return self.permissible.apply(self, newArgs);
|
|
});
|
|
}
|
|
|
|
const isUnsuspending = unsafeAttrs.status && unsafeAttrs.status === 'active' && userModel.get('status') === 'inactive';
|
|
|
|
// If we have a staff user limit & the staff user is being unsuspended (don't count contributors)
|
|
if (limitService.isLimited('staff') && action === 'edit' && isUnsuspending && !userModel.hasRole('Contributor')) {
|
|
await limitService.errorIfWouldGoOverLimit('staff');
|
|
}
|
|
|
|
if (action === 'edit') {
|
|
// Users with the role 'Editor', 'Author', and 'Contributor' have complex permissions when the action === 'edit'
|
|
// We now have all the info we need to construct the permissions
|
|
|
|
if (context.user === userModel.get('id')) {
|
|
// If this is the same user that requests the operation allow it.
|
|
hasUserPermission = true;
|
|
} else if (loadedPermissions.user && userModel.hasRole('Owner')) {
|
|
// Owner can only be edited by owner
|
|
hasUserPermission = loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Owner'});
|
|
} else if (loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Editor'})) {
|
|
// If the user we are trying to edit is an Author or Contributor, allow it
|
|
hasUserPermission = userModel.hasRole('Author') || userModel.hasRole('Contributor');
|
|
}
|
|
}
|
|
|
|
if (action === 'destroy') {
|
|
// Owner cannot be deleted EVER
|
|
if (userModel.hasRole('Owner')) {
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.notEnoughPermission)
|
|
}));
|
|
}
|
|
|
|
// Users with the role 'Editor' have complex permissions when the action === 'destroy'
|
|
if (loadedPermissions.user && _.some(loadedPermissions.user.roles, {name: 'Editor'})) {
|
|
// Alternatively, if the user we are trying to edit is an Author, allow it
|
|
hasUserPermission = context.user === userModel.get('id') || userModel.hasRole('Author') || userModel.hasRole('Contributor');
|
|
}
|
|
}
|
|
|
|
// CASE: can't edit my own status to inactive or locked
|
|
if (action === 'edit' && userModel.id === context.user) {
|
|
if (User.inactiveStates.indexOf(unsafeAttrs.status) !== -1) {
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.cannotChangeStatus)
|
|
}));
|
|
}
|
|
}
|
|
|
|
// CASE: i want to edit roles
|
|
if (action === 'edit' && unsafeAttrs.roles && unsafeAttrs.roles[0]) {
|
|
let role = unsafeAttrs.roles[0];
|
|
let roleId = role.id || role;
|
|
let editedUserId = userModel.id;
|
|
// @NOTE: role id of logged in user
|
|
let contextRoleId = loadedPermissions.user.roles[0].id;
|
|
|
|
if (roleId !== contextRoleId && editedUserId === context.user) {
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.cannotChangeOwnRole)
|
|
}));
|
|
}
|
|
|
|
if (limitService.isLimited('staff') && userModel.hasRole('Contributor') && role.name !== 'Contributor') {
|
|
// CASE: if your site is limited to a certain number of staff users
|
|
// Trying to change the role of a contributor, who doesn't count towards the limit, to any other role requires a limit check
|
|
// To check if it's OK to add one more staff user
|
|
await limitService.errorIfWouldGoOverLimit('staff');
|
|
}
|
|
|
|
return User.getOwnerUser()
|
|
.then((owner) => {
|
|
// CASE: owner can assign role to any user
|
|
if (context.user === owner.id) {
|
|
if (hasUserPermission && hasApiKeyPermission) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.notEnoughPermission)
|
|
}));
|
|
}
|
|
|
|
// CASE: You try to change the role of the owner user
|
|
if (editedUserId === owner.id) {
|
|
if (owner.related('roles').at(0).id !== roleId) {
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.cannotChangeOwnersRole)
|
|
}));
|
|
}
|
|
} else if (roleId !== contextRoleId) {
|
|
// CASE: you are trying to change a role, but you are not owner
|
|
// @NOTE: your role is not the same than the role you try to change (!)
|
|
// e.g. admin can assign admin role to a user, but not owner
|
|
|
|
return permissions.canThis(context).assign.role(role)
|
|
.then(() => {
|
|
if (hasUserPermission && hasApiKeyPermission) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.notEnoughPermission)
|
|
}));
|
|
});
|
|
}
|
|
|
|
if (hasUserPermission && hasApiKeyPermission) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.notEnoughPermission)
|
|
}));
|
|
});
|
|
}
|
|
|
|
if (hasUserPermission && hasApiKeyPermission) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.notEnoughPermission)
|
|
}));
|
|
},
|
|
|
|
// Finds the user by email, and checks the password
|
|
// @TODO: shorten this function and rename...
|
|
check: function check(object) {
|
|
const self = this;
|
|
|
|
return this.getByEmail(object.email)
|
|
.then((user) => {
|
|
if (!user) {
|
|
throw new errors.NotFoundError({
|
|
message: tpl(messages.noUserWithEnteredEmailAddr)
|
|
});
|
|
}
|
|
|
|
if (user.isLocked()) {
|
|
throw new errors.PasswordResetRequiredError();
|
|
}
|
|
|
|
if (user.isInactive()) {
|
|
throw new errors.NoPermissionError({
|
|
message: tpl(messages.accountSuspended)
|
|
});
|
|
}
|
|
|
|
return self.isPasswordCorrect({plainPassword: object.password, hashedPassword: user.get('password')})
|
|
.then(() => {
|
|
return user.updateLastSeen();
|
|
})
|
|
.then(() => {
|
|
user.set({status: 'active'});
|
|
return user.save();
|
|
});
|
|
})
|
|
.catch((err) => {
|
|
if (err.message === 'NotFound' || err.message === 'EmptyResponse') {
|
|
throw new errors.NotFoundError({
|
|
message: tpl(messages.noUserWithEnteredEmailAddr)
|
|
});
|
|
}
|
|
|
|
throw err;
|
|
});
|
|
},
|
|
|
|
isPasswordCorrect: function isPasswordCorrect(object) {
|
|
const plainPassword = object.plainPassword;
|
|
const hashedPassword = object.hashedPassword;
|
|
|
|
if (!plainPassword || !hashedPassword) {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: tpl(messages.passwordRequiredForOperation)
|
|
}));
|
|
}
|
|
|
|
return security.password.compare(plainPassword, hashedPassword)
|
|
.then(function (matched) {
|
|
if (matched) {
|
|
return;
|
|
}
|
|
|
|
return Promise.reject(new errors.ValidationError({
|
|
context: tpl(messages.incorrectPassword),
|
|
message: tpl(messages.incorrectPassword),
|
|
help: tpl(messages.userUpdateError.help),
|
|
code: 'PASSWORD_INCORRECT'
|
|
}));
|
|
});
|
|
},
|
|
|
|
/**
|
|
* Naive change password method
|
|
* @param {Object} object
|
|
* @param {Object} unfilteredOptions
|
|
*/
|
|
changePassword: async function changePassword(object, unfilteredOptions) {
|
|
const options = this.filterOptions(unfilteredOptions, 'changePassword');
|
|
const newPassword = object.newPassword;
|
|
const userId = object.user_id;
|
|
const oldPassword = object.oldPassword;
|
|
const isLoggedInUser = userId === options.context.user;
|
|
const skipSessionID = unfilteredOptions.skipSessionID;
|
|
|
|
options.require = true;
|
|
options.withRelated = ['sessions'];
|
|
|
|
const user = await this.forge({id: userId}).fetch(options);
|
|
|
|
if (isLoggedInUser) {
|
|
await this.isPasswordCorrect({
|
|
plainPassword: oldPassword,
|
|
hashedPassword: user.get('password')
|
|
});
|
|
}
|
|
|
|
const updatedUser = await user.save({password: newPassword});
|
|
|
|
const sessions = user.related('sessions');
|
|
for (const session of sessions) {
|
|
if (session.get('session_id') !== skipSessionID) {
|
|
await session.destroy(options);
|
|
}
|
|
}
|
|
|
|
return updatedUser;
|
|
},
|
|
|
|
transferOwnership: function transferOwnership(object, unfilteredOptions) {
|
|
const options = ghostBookshelf.Model.filterOptions(unfilteredOptions, 'transferOwnership');
|
|
let ownerRole;
|
|
let contextUser;
|
|
|
|
return Promise.join(
|
|
ghostBookshelf.model('Role').findOne({name: 'Owner'}),
|
|
User.findOne({id: options.context.user}, {withRelated: ['roles']})
|
|
)
|
|
.then((results) => {
|
|
ownerRole = results[0];
|
|
contextUser = results[1];
|
|
|
|
// check if user has the owner role
|
|
const currentRoles = contextUser.toJSON(options).roles;
|
|
if (!_.some(currentRoles, {id: ownerRole.id})) {
|
|
return Promise.reject(new errors.NoPermissionError({
|
|
message: tpl(messages.onlyOwnerCanTransferOwnerRole)
|
|
}));
|
|
}
|
|
|
|
return Promise.join(ghostBookshelf.model('Role').findOne({name: 'Administrator'}),
|
|
User.findOne({id: object.id}, {withRelated: ['roles']}));
|
|
})
|
|
.then((results) => {
|
|
const adminRole = results[0];
|
|
const user = results[1];
|
|
|
|
if (!user) {
|
|
return Promise.reject(new errors.NotFoundError({
|
|
message: tpl(messages.userNotFound)
|
|
}));
|
|
}
|
|
|
|
const {roles: currentRoles, status} = user.toJSON(options);
|
|
|
|
if (!_.some(currentRoles, {id: adminRole.id})) {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: tpl(messages.onlyAdmCanBeAssignedOwnerRole)
|
|
}));
|
|
}
|
|
|
|
if (status !== 'active') {
|
|
return Promise.reject(new errors.ValidationError({
|
|
message: tpl(messages.onlyActiveAdmCanBeAssignedOwnerRole)
|
|
}));
|
|
}
|
|
|
|
// convert owner to admin
|
|
return Promise.join(contextUser.roles().updatePivot({role_id: adminRole.id}),
|
|
user.roles().updatePivot({role_id: ownerRole.id}),
|
|
user.id);
|
|
})
|
|
.then((results) => {
|
|
return Users.forge()
|
|
.query('whereIn', 'id', [contextUser.id, results[2]])
|
|
.fetch({withRelated: ['roles']});
|
|
});
|
|
},
|
|
|
|
// Get the user by email address, enforces case insensitivity rejects if the user is not found
|
|
// When multi-user support is added, email addresses must be deduplicated with case insensitivity, so that
|
|
// joe@bloggs.com and JOE@BLOGGS.COM cannot be created as two separate users.
|
|
getByEmail: function getByEmail(email, unfilteredOptions) {
|
|
const options = ghostBookshelf.Model.filterOptions(unfilteredOptions, 'getByEmail');
|
|
|
|
// We fetch all users and process them in JS as there is no easy way to make this query across all DBs
|
|
// Although they all support `lower()`, sqlite can't case transform unicode characters
|
|
// This is somewhat mute, as validator.isEmail() also doesn't support unicode, but this is much easier / more
|
|
// likely to be fixed in the near future.
|
|
options.require = true;
|
|
|
|
return Users.forge().fetch(options).then(function then(users) {
|
|
const userWithEmail = users.find(function findUser(user) {
|
|
return user.get('email').toLowerCase() === email.toLowerCase();
|
|
});
|
|
|
|
if (userWithEmail) {
|
|
return userWithEmail;
|
|
}
|
|
});
|
|
},
|
|
inactiveStates: inactiveStates
|
|
});
|
|
|
|
Users = ghostBookshelf.Collection.extend({
|
|
model: User
|
|
});
|
|
|
|
module.exports = {
|
|
User: ghostBookshelf.model('User', User),
|
|
Users: ghostBookshelf.collection('Users', Users)
|
|
};
|