Ghost/core/server/models/refreshtoken.js
Sebastian Gierlinger c8e8da4780 oAuth
closes #2759
closes #3027

- added oauth2orize library for server side oAuth handling
- added ember-simple-auth library for admin oAuth handling
- added tables for client, accesstoken and refreshtoken
- implemented RFC6749 4.3 Ressouce Owner Password Credentials Grant
- updated api tests with oAuth
- removed session, authentication is now token based

Known issues:
- Restore spam prevention #3128
- Signin after Signup #3125
- Signin validation #3125

**Attention**
- oldClient doesn't work with this PR anymore, session authentication
was
removed
2014-06-30 14:58:10 +02:00

53 lines
1.4 KiB
JavaScript

var ghostBookshelf = require('./base'),
User = require('./user'),
Client = require('./client'),
Refreshtoken,
Refreshtokens;
Refreshtoken = ghostBookshelf.Model.extend({
tableName: 'refreshtokens',
user: function () {
return this.belongsTo(User);
},
client: function () {
return this.belongsTo(Client);
},
// override for base function since we don't have
// a created_by field for sessions
creating: function (newObj, attr, options) {
/*jshint unused:false*/
},
// override for base function since we don't have
// a updated_by field for sessions
saving: function (newObj, attr, options) {
/*jshint unused:false*/
// Remove any properties which don't belong on the model
this.attributes = this.pick(this.permittedAttributes());
}
}, {
destroyAllExpired: function (options) {
options = this.filterOptions(options, 'destroyAll');
return ghostBookshelf.Collection.forge([], {model: this})
.query('where', 'expires', '<', Date.now())
.fetch()
.then(function (collection) {
collection.invokeThen('destroy', options);
});
}
});
Refreshtokens = ghostBookshelf.Collection.extend({
model: Refreshtoken
});
module.exports = {
Refreshtoken: Refreshtoken,
Refreshtokens: Refreshtokens
};