Comparing version 0.3.0-9 to 0.3.0-10
## 0.3.0 | ||
Primary motivation here is to begin work on a version of autohost that will work well with a hypermedia library ( [hyped](https://github.com/leankit-labs/hyped) ). This is a breaking change because of several structural and naming changes to how resources get modeled. | ||
### prerelease 10 | ||
Pass user object to auth libs vs. user.name. | ||
### prerelease 9 | ||
@@ -5,0 +8,0 @@ Fix edge case causing passport middleware to re-authenticate users already in the session if the user object didn't have a `name` property. |
@@ -92,4 +92,3 @@ var crypt = require( 'bcrypt' ), | ||
actionRoles = _.isEmpty( action.roles ) ? actions.getRoles( actionName ) : action.roles, | ||
userName = user.name ? user.name : user, | ||
userRoles = _.isEmpty( user.roles ) ? users.getRoles( userName ) : user.roles; | ||
userRoles = _.isEmpty( user.roles ) ? users.getRoles( user ) : user.roles; | ||
if( user.roles && user.disabled ) { | ||
@@ -96,0 +95,0 @@ userRoles = []; |
@@ -48,3 +48,3 @@ # Autohost Auth Provider API | ||
* getActionRoles: function( actionname ) {} // return a promised array of the action's roles | ||
* getUserRoles: function( username ) {} // return a promised array of the user's roles | ||
* getUserRoles: function( user ) {} // return a promised array of the user's roles | ||
* hasUsers: function() {} // return a promised boolean to indicate if any users exist in the system | ||
@@ -89,4 +89,3 @@ * initPassport: function( passport ) {} // initialize passport here - autohost passes in its instance | ||
actionRoles = _.isEmpty( action.roles ) ? db.getActionRoles( actionName ) : action.roles, | ||
userName = user.name ? user.name : user, | ||
userRoles = _.isEmpty( user.roles ) ? db.getUserRoles( userName ) : user.roles; | ||
userRoles = _.isEmpty( user.roles ) ? db.getUserRoles( user ) : user.roles; | ||
if( user.roles && user.disabled ) { | ||
@@ -123,4 +122,4 @@ userRoles = []; | ||
### getUserRoles( username ) -> promise( string array ) | ||
This takes the name of a user and returns a promise that should resolve to the list of roles for the user. | ||
### getUserRoles( user ) -> promise( string array ) | ||
This takes the user and returns a promise that should resolve to the list of roles for the user. | ||
@@ -127,0 +126,0 @@ ### hasUsers() -> promise( boolean ) |
{ | ||
"name": "autohost", | ||
"version": "0.3.0-9", | ||
"version": "0.3.0-10", | ||
"description": "Resource driven, transport agnostic host", | ||
@@ -5,0 +5,0 @@ "main": "src/index.js", |
@@ -72,10 +72,12 @@ // this mock is intended to support tests as well as provide a memory-based implementation | ||
function checkPermission( user, action, context ) { | ||
var userName = user.name ? user.name : user; | ||
var userRoles = user.roles ? user.roles : getUserRoles( userName ); | ||
debug( 'checking user %s for action %s', userName, action ); | ||
var userRoles = !_.isEmpty( user.roles ) ? user.roles : getUserRoles( user ); | ||
debug( 'checking user %s for action %s', getUserString( user ), action ); | ||
return when.try( hasPermissions, userRoles, getActionRoles( action ), context ); | ||
} | ||
function getUserString( user ) { | ||
return user.name ? user.name : JSON.stringify( user ); | ||
} | ||
function hasPermissions( userRoles, actionRoles, context ) { | ||
debug( 'user roles: %s, action roles: %s', userRoles, actionRoles ); | ||
if( context.noSoupForYou ) { | ||
@@ -96,4 +98,5 @@ return false ; | ||
function getUserRoles( user ) { | ||
var userName = user.name ? user.name : user; | ||
return when.promise( function( resolve ) { | ||
var tmp = wrapper.users[ user ]; | ||
var tmp = wrapper.users[ userName ]; | ||
resolve( tmp ? tmp.roles : [] ); | ||
@@ -100,0 +103,0 @@ } ); |
@@ -17,3 +17,7 @@ var should = require( 'should' ); //jshint ignore:line | ||
var userRoles = function( user, roles ) { | ||
authProvider.users[ user ].roles = roles; | ||
if( authProvider.users[ user ] ) { | ||
authProvider.users[ user ].roles = roles; | ||
} else { | ||
authProvider.users[ user ] = { roles: roles }; | ||
} | ||
}; | ||
@@ -20,0 +24,0 @@ |
@@ -49,3 +49,3 @@ var path = require( 'path' ); | ||
function checkPermissionFor( user, context, action ) { | ||
debug( 'Checking %s\'s permissions for %s', ( user ? user.name : 'nouser' ), action ); | ||
debug( 'Checking %s\'s permissions for %s', getUserString( user ), action ); | ||
return authStrategy.checkPermission( user, action, context ) | ||
@@ -61,2 +61,6 @@ .then( null, function( err ) { | ||
function getUserString( user ) { | ||
return user.name ? user.name : JSON.stringify( user ); | ||
} | ||
function hasPrefix( url ) { | ||
@@ -105,6 +109,6 @@ var prefix = http.buildUrl( config.urlPrefix || '', config.apiPrefix || '' ); | ||
if( pass ) { | ||
debug( 'HTTP activation of action %s (%s %s) for %s granted', alias, action.method, url, req.user.name ); | ||
debug( 'HTTP activation of action %s (%s %s) for %s granted', alias, action.method, url, getUserString( req.user ) ); | ||
respond(); | ||
} else { | ||
debug( 'User %s was denied HTTP activation of action %s (%s %s)', req.user.name, alias, action.method, url ); | ||
debug( 'User %s was denied HTTP activation of action %s (%s %s)', getUserString( req.user ), alias, action.method, url ); | ||
res.status( 403 ).send( "User lacks sufficient permissions" ); | ||
@@ -111,0 +115,0 @@ } |
@@ -68,3 +68,3 @@ var _ = require( 'lodash' ); | ||
metrics.timer( authorizationTimer ).start(); | ||
authProvider.getUserRoles( req.user.name ) | ||
authProvider.getUserRoles( req.user ) | ||
.then( null, function( err ) { | ||
@@ -74,7 +74,7 @@ metrics.counter( authorizationErrorCount ).incr(); | ||
metrics.timer( authorizationTimer ).record(); | ||
debug( 'Failed to get roles for %s with %s', userName, err.stack ); | ||
debug( 'Failed to get roles for %s with %s', getUserString( user ), err.stack ); | ||
res.status( 500 ).send( 'Could not determine user permissions' ); | ||
} ) | ||
.then( function( roles ) { | ||
debug( 'Got roles [ %s ] for %s', roles, req.user.name ); | ||
debug( 'Got roles [ %s ] for %s', roles, req.user ); | ||
req.user.roles = roles; | ||
@@ -87,4 +87,4 @@ metrics.timer( authorizationTimer ).record(); | ||
function getSocketRoles( userName ) { | ||
if( userName === 'anonymous' ) { | ||
function getSocketRoles( user ) { | ||
if( user.name === 'anonymous' ) { | ||
return when( [ 'anonymous' ] ); | ||
@@ -98,7 +98,7 @@ } else { | ||
metrics.timer( authorizationTimer ).record(); | ||
debug( 'Failed to get roles for %s with %s', userName, err.stack ); | ||
debug( 'Failed to get roles for %s with %s', getUserString( user ), err.stack ); | ||
return []; | ||
} ) | ||
.then( function( roles ) { | ||
debug( 'Got roles [ %s ] for %s', roles, userName ); | ||
debug( 'Got roles [ %s ] for %s', roles, getUserString( user ) ); | ||
metrics.timer( authorizationTimer ).record(); | ||
@@ -110,2 +110,6 @@ return roles; | ||
function getUserString( user ) { | ||
return user.name ? user.name : JSON.stringify( user ); | ||
} | ||
function resetUserCount() { | ||
@@ -112,0 +116,0 @@ userCountCheck = authProvider.hasUsers; |
@@ -25,4 +25,4 @@ var config, | ||
function checkPermissionFor( user, context, action ) { | ||
debug( 'Checking %s\'s permissions for %s', ( user ? user.name : 'nouser' ), action ); | ||
return authStrategy.checkPermission( user.name, action, context ) | ||
debug( 'Checking %s\'s permissions for %s', getUserString( user ), action ); | ||
return authStrategy.checkPermission( user, action, context ) | ||
.then( null, function(err) { | ||
@@ -37,2 +37,6 @@ debug( 'Error during check permissions: %s', err.stack ); | ||
function getUserString( user ) { | ||
return user.name ? user.name : JSON.stringify( user ); | ||
} | ||
function start() { | ||
@@ -70,6 +74,6 @@ socket.start( authStrategy ); | ||
if( pass ) { | ||
debug( 'WS activation of action %s for %s granted', alias, socket.user.name ); | ||
debug( 'WS activation of action %s for %s granted', alias, getUserString( socket.user ) ); | ||
respond(); | ||
} else { | ||
debug( 'User %s was denied WS activation of action %s', socket.user.name, alias ); | ||
debug( 'User %s was denied WS activation of action %s', getUserString( socket.user ), alias ); | ||
socket.publish( data.replyTo || topic, 'User lacks sufficient permission' ); | ||
@@ -76,0 +80,0 @@ } |
@@ -16,5 +16,5 @@ var _ = require( 'lodash' ); | ||
// grab user from request | ||
socket.user = { | ||
id: handshake.id || handshake.user || 'anonymous', | ||
name: handshake.user || 'anonymous' | ||
socket.user = handshake.user || { | ||
id: 'anonymous', | ||
name: 'anonymous' | ||
}; | ||
@@ -36,3 +36,3 @@ | ||
if( authStrategy ) { | ||
authStrategy.getSocketRoles( socket.user.name ) | ||
authStrategy.getSocketRoles( socket.user ) | ||
.then( function( roles ) { | ||
@@ -39,0 +39,0 @@ socket.user.roles = roles; |
@@ -21,7 +21,7 @@ var authStrategy, | ||
// grab user from request | ||
socket.user = { | ||
id: request.user.name, | ||
name: request.user.name | ||
socket.user = request.user || { | ||
id: 'anonymous', | ||
name: 'anonymous' | ||
}; | ||
@@ -34,3 +34,3 @@ // grab session and cookies parsed from middleware | ||
if( authStrategy ) { | ||
authStrategy.getSocketRoles( socket.user.name ) | ||
authStrategy.getSocketRoles( socket.user ) | ||
.then( function( roles ) { | ||
@@ -37,0 +37,0 @@ socket.user.roles = roles; |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
155589
3315