wiki-cafe/wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check user identity against owner.json (and admin for admin access)

Browse Source
This commit is contained in:
Paul Rodwell
2016-06-24 11:33:17 +01:00
parent f27889a043
commit 5c43486b9b
1 changed files with 25 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
server/social.coffee
View File

@ -39,9 +39,7 @@ module.exports = exports = (log, loga, argv) ->
console.log "statusDir: ", statusDir console.log "statusDir: ", statusDir
idFile = path.join(statusDir, "owner.json") idFile = argv.id
personaIDFile = argv.id
usingPersona = false usingPersona = false
if argv.security_useHttps if argv.security_useHttps
@ -70,32 +68,20 @@ module.exports = exports = (log, loga, argv) ->
# if it is return the owner. # if it is return the owner.
security.retrieveOwner = (cb) -> security.retrieveOwner = (cb) ->
fs.exists personaIDFile, (exists) ->
if exists
fs.readFile(personaIDFile, (err, data) ->
if err then return cb err
owner += data
usingPersona = true
cb())
else
fs.exists idFile, (exists) -> fs.exists idFile, (exists) ->
if exists if exists
fs.readFile(idFile, (err, data) -> fs.readFile(idFile, (err, data) ->
if err then return cb err if err then return cb err
owner = JSON.parse(data) owner = JSON.parse(data)
console.log 'retrieveOwner owner: ', owner
if _.has(owner, 'persona')
usingPersona = true
cb()) cb())
else else
owner = '' owner = ''
cb() cb()
security.getOwner = getOwner = -> security.getOwner = getOwner = ->
if usingPersona
if ~owner.indexOf '@'
ownerName = owner.substr(0, owner.indexOf('@'))
else
ownerName = owner
ownerName = ownerName.split('.').join(' ')
else
if !owner.name? if !owner.name?
ownerName = '' ownerName = ''
else else
@ -124,37 +110,32 @@ module.exports = exports = (log, loga, argv) ->
return '' return ''
security.isAuthorized = isAuthorized = (req) -> security.isAuthorized = isAuthorized = (req) ->
if usingPersona if owner is ''
try console.log 'isAuthorized: site not claimed'
if req.session.passport.user.email is owner
return true
else
return false
return false
else if owner is ''
# site not claimed?
return true return true
else else
try try
if owner[req.session.passport.user.provider].id is req.session.passport.user.id idProvider = _.first(_.keys(_.pick(owner, _.keys(req.session.passport.user))))
if _.isEqual(owner[idProvider], req.session.passport.user[idProvider])
return true return true
else else
return false return false
catch error
return false return false
security.isAdmin = (req) -> security.isAdmin = (req) ->
if usingPersona
# not added legacy support yet, so...
return false
else
try try
if admin is req.session.passport.user.id if admin
idProvider = _.first(_.keys(_.pick(admin, _.keys(req.session.passport.user))))
if _.isEqual(admin[idProvider], req.session.passport.user[idProvider])
return true return true
else else
return false return false
catch error
return false return false
security.login = (updateOwner) -> security.login = (updateOwner) ->
console.log "Login...." console.log "Login...."
@ -234,8 +215,7 @@ module.exports = exports = (log, loga, argv) ->
audience: callbackProtocol + '//' + callbackHost audience: callbackProtocol + '//' + callbackHost
}, (email, cb) -> }, (email, cb) ->
user = { user = {
provider: 'persona' persona: { email: email }
email: email
} }
cb(null, user))) cb(null, user)))