mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-14 18:52:05 +03:00
c8e8da4780
closes #2759 closes #3027 - added oauth2orize library for server side oAuth handling - added ember-simple-auth library for admin oAuth handling - added tables for client, accesstoken and refreshtoken - implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant - updated api tests with oAuth - removed session, authentication is now token based Known issues: - Restore spam prevention #3128 - Signin after Signup #3125 - Signin validation #3125 **Attention** - oldClient doesn't work with this PR anymore, session authentication was removed
68 lines
2.2 KiB
JavaScript
68 lines
2.2 KiB
JavaScript
var passport = require('passport'),
|
|
BearerStrategy = require('passport-http-bearer').Strategy,
|
|
ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
|
|
models = require('../models');
|
|
|
|
/**
|
|
* ClientPasswordStrategy
|
|
*
|
|
* This strategy is used to authenticate registered OAuth clients. It is
|
|
* employed to protect the `token` endpoint, which consumers use to obtain
|
|
* access tokens. The OAuth 2.0 specification suggests that clients use the
|
|
* HTTP Basic scheme to authenticate (not implemented yet).
|
|
|
|
* Use of the client password strategy is implemented to support ember-simple-auth.
|
|
*/
|
|
passport.use(new ClientPasswordStrategy(
|
|
function (clientId, clientSecret, done) {
|
|
models.Client.forge({slug: clientId})
|
|
.fetch()
|
|
.then(function (model) {
|
|
if (model) {
|
|
var client = model.toJSON();
|
|
if (client.secret === clientSecret) {
|
|
return done(null, client);
|
|
}
|
|
}
|
|
return done(null, false);
|
|
});
|
|
}
|
|
));
|
|
|
|
/**
|
|
* BearerStrategy
|
|
*
|
|
* This strategy is used to authenticate users based on an access token (aka a
|
|
* bearer token). The user must have previously authorized a client
|
|
* application, which is issued an access token to make requests on behalf of
|
|
* the authorizing user.
|
|
*/
|
|
passport.use(new BearerStrategy(
|
|
function (accessToken, done) {
|
|
models.Accesstoken.forge({token: accessToken})
|
|
.fetch()
|
|
.then(function (model) {
|
|
if (model) {
|
|
var token = model.toJSON();
|
|
if (token.expires > Date.now()) {
|
|
models.User.forge({id: token.user_id})
|
|
.fetch()
|
|
.then(function (model) {
|
|
if (model) {
|
|
var user = model.toJSON(),
|
|
info = { scope: '*' };
|
|
return done(null, {id: user.id}, info);
|
|
}
|
|
return done(null, false);
|
|
});
|
|
} else {
|
|
return done(null, false);
|
|
}
|
|
} else {
|
|
return done(null, false);
|
|
}
|
|
});
|
|
}
|
|
));
|
|
|