mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-03 08:25:06 +03:00
f12f64e87b
issue https://github.com/TryGhost/Team/issues/750 - Only accessible by admins - Resets all staff users' passwords and prevents them to log-in - Sends them a reset email password to give them back access to their account - Closes all existing staff user sessions
53 lines
1.7 KiB
JavaScript
53 lines
1.7 KiB
JavaScript
const adapterManager = require('../../adapter-manager');
|
|
const createSessionService = require('@tryghost/session-service');
|
|
const sessionFromToken = require('@tryghost/mw-session-from-token');
|
|
const createSessionMiddleware = require('./middleware');
|
|
|
|
const expressSession = require('./express-session');
|
|
|
|
const models = require('../../../models');
|
|
const urlUtils = require('../../../../shared/url-utils');
|
|
const url = require('url');
|
|
|
|
function getOriginOfRequest(req) {
|
|
const origin = req.get('origin');
|
|
const referrer = req.get('referrer') || urlUtils.getAdminUrl() || urlUtils.getSiteUrl();
|
|
|
|
if (!origin && !referrer || origin === 'null') {
|
|
return null;
|
|
}
|
|
|
|
if (origin) {
|
|
return origin;
|
|
}
|
|
|
|
const {protocol, host} = url.parse(referrer);
|
|
if (protocol && host) {
|
|
return `${protocol}//${host}`;
|
|
}
|
|
return null;
|
|
}
|
|
|
|
const sessionService = createSessionService({
|
|
getOriginOfRequest,
|
|
getSession: expressSession.getSession,
|
|
findUserById({id}) {
|
|
return models.User.findOne({id});
|
|
}
|
|
});
|
|
|
|
module.exports = createSessionMiddleware({sessionService});
|
|
|
|
const ssoAdapter = adapterManager.getAdapter('sso');
|
|
// Looks funky but this is a "custom" piece of middleware
|
|
module.exports.createSessionFromToken = sessionFromToken({
|
|
callNextWithError: false,
|
|
createSession: sessionService.createSessionForUser,
|
|
findUserByLookup: ssoAdapter.getUserForIdentity.bind(ssoAdapter),
|
|
getLookupFromToken: ssoAdapter.getIdentityFromCredentials.bind(ssoAdapter),
|
|
getTokenFromRequest: ssoAdapter.getRequestCredentials.bind(ssoAdapter)
|
|
});
|
|
|
|
module.exports.sessionService = sessionService;
|
|
module.exports.deleteAllSessions = expressSession.deleteAllSessions;
|