Ghost/core/server/auth/validation.js
Katharina Irrgang 9fafc38b79 🎨 deny auto switch (#8086)
* 🎨  deny auto switch

no issue

- deny auth switch after the blog was setup
- setup completed depends on the status of the user right now, see comments

* Updates from comments

- re-use statuses in user model
- update error message
2017-03-02 19:50:58 +00:00

32 lines
1.2 KiB
JavaScript

var Promise = require('bluebird'),
models = require('../models'),
errors = require('../errors');
/**
* If the setup is completed and...
* 1. the public client does exist, deny to switch to local
* 2. the public client does not exist, deny to switch to remote
*/
exports.switch = function validate(options) {
var authType = options.authType;
return models.User.isSetup()
.then(function (isSetup) {
if (!isSetup) {
return;
}
return models.Client.findOne({slug: 'ghost-auth'}, {columns: 'id'})
.then(function (client) {
if ((client && authType === 'password') || !client && authType === 'ghost') {
return Promise.reject(new errors.InternalServerError({
code: 'AUTH_SWITCH',
message: 'Switching the auth strategy is not allowed.',
context: 'Please reset your database and start from scratch.',
help: 'NODE_ENV=production|development knex-migrator reset && NODE_ENV=production|development knex-migrator init\n'
}));
}
});
});
};