cloudcms-server 3.2.337 → 3.2.339
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/launchpad/index.js +2 -0
- package/package.json +1 -2
- package/util/auth.js +32 -201
package/launchpad/index.js
CHANGED
|
@@ -10,6 +10,8 @@ process.on('uncaughtException', function(err, source) {
|
|
|
10
10
|
// {
|
|
11
11
|
console.log(`Launchpad - process received event 'uncaughtException': ${err}, source: ${source}`);
|
|
12
12
|
console.log(err.stack);
|
|
13
|
+
console.log("ERR: ", err);
|
|
14
|
+
console.log("SOURCE: ", source);
|
|
13
15
|
// }
|
|
14
16
|
});
|
|
15
17
|
|
package/package.json
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
},
|
|
7
7
|
"name": "cloudcms-server",
|
|
8
8
|
"description": "Cloud CMS Application Server Module",
|
|
9
|
-
"version": "3.2.
|
|
9
|
+
"version": "3.2.339",
|
|
10
10
|
"repository": {
|
|
11
11
|
"type": "git",
|
|
12
12
|
"url": "git://github.com/gitana/cloudcms-server.git"
|
|
@@ -44,7 +44,6 @@
|
|
|
44
44
|
"hbs": "^4.2.0",
|
|
45
45
|
"helmet": "^8.0.0",
|
|
46
46
|
"ioredis": "5.4.1",
|
|
47
|
-
"isolated-vm": "5.0.3",
|
|
48
47
|
"json5": "^2.2.3",
|
|
49
48
|
"jsonwebtoken": "^9.0.2",
|
|
50
49
|
"klaw": "^4.1.0",
|
package/util/auth.js
CHANGED
|
@@ -5,8 +5,6 @@ var LRUCache = require("lru-cache");
|
|
|
5
5
|
|
|
6
6
|
var request = require("./request");
|
|
7
7
|
|
|
8
|
-
const IsolatedVM = require("isolated-vm");
|
|
9
|
-
|
|
10
8
|
// trusted profile cache size 100
|
|
11
9
|
var TRUSTED_PROFILE_CACHE = new LRUCache({
|
|
12
10
|
max:100,
|
|
@@ -389,7 +387,9 @@ var _handleConnectAsUser = function(req, key, gitanaUser, callback) {
|
|
|
389
387
|
|
|
390
388
|
var _handleSyncUser = function(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, groupsArray, callback) {
|
|
391
389
|
|
|
392
|
-
|
|
390
|
+
var rulesArray = buildRulesArray(req, strategy, settings, groupsArray);
|
|
391
|
+
|
|
392
|
+
__handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, rulesArray, function(err, gitanaUser, synced) {
|
|
393
393
|
|
|
394
394
|
if (err) {
|
|
395
395
|
return callback(err);
|
|
@@ -414,25 +414,12 @@ var _handleSyncUser = function(req, strategy, settings, key, domainId, providerI
|
|
|
414
414
|
});
|
|
415
415
|
}
|
|
416
416
|
|
|
417
|
-
|
|
418
|
-
{
|
|
419
|
-
if (!groupsArray || groupsArray.length == 0)
|
|
420
|
-
{
|
|
421
|
-
return callback(null, gitanaUser);
|
|
422
|
-
}
|
|
423
|
-
}
|
|
424
|
-
|
|
425
|
-
// sync groups
|
|
426
|
-
__handleSyncGroups(req, strategy, settings, gitanaUser, groupsArray, function(err, gitanaUser) {
|
|
427
|
-
|
|
428
|
-
return callback(null, gitanaUser);
|
|
429
|
-
|
|
430
|
-
});
|
|
417
|
+
return callback(null, gitanaUser);
|
|
431
418
|
});
|
|
432
419
|
|
|
433
420
|
};
|
|
434
421
|
|
|
435
|
-
var __handleSyncUser = function(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, callback) {
|
|
422
|
+
var __handleSyncUser = function(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, rulesArray, callback) {
|
|
436
423
|
|
|
437
424
|
var baseURL = req.gitanaConfig.baseURL;
|
|
438
425
|
var authorizationHeader = req.gitana.getDriver().getHttpHeaders()["Authorization"];
|
|
@@ -455,6 +442,11 @@ var __handleSyncUser = function(req, strategy, settings, key, domainId, provider
|
|
|
455
442
|
"connection": connectionObject
|
|
456
443
|
};
|
|
457
444
|
|
|
445
|
+
if (rulesArray)
|
|
446
|
+
{
|
|
447
|
+
json.rules = rulesArray;
|
|
448
|
+
}
|
|
449
|
+
|
|
458
450
|
var autoCreate = strategy.autoRegister ? true : false;
|
|
459
451
|
|
|
460
452
|
var requestConfig = {
|
|
@@ -480,7 +472,7 @@ var __handleSyncUser = function(req, strategy, settings, key, domainId, provider
|
|
|
480
472
|
{
|
|
481
473
|
// retry after getting new token
|
|
482
474
|
return req.gitana.getDriver().reloadAuthInfo(function () {
|
|
483
|
-
__handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, function(err, gitanaUser, synced) {
|
|
475
|
+
__handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, rulesArray, function(err, gitanaUser, synced) {
|
|
484
476
|
callback(err, gitanaUser, synced);
|
|
485
477
|
})
|
|
486
478
|
});
|
|
@@ -525,205 +517,44 @@ var __handleSyncUser = function(req, strategy, settings, key, domainId, provider
|
|
|
525
517
|
});
|
|
526
518
|
};
|
|
527
519
|
|
|
528
|
-
var
|
|
520
|
+
var buildRulesArray = function(req, strategy, settings, groupsArray)
|
|
529
521
|
{
|
|
530
|
-
|
|
531
|
-
// addToProject(projectId)
|
|
532
|
-
// addToProject(projectId, [teamKey]);
|
|
533
|
-
//
|
|
534
|
-
// removeFromProject(projectId);
|
|
535
|
-
//
|
|
536
|
-
// addToPlatformTeam([teamKey])
|
|
537
|
-
// removeFromPlatformTeam([teamKey])
|
|
538
|
-
|
|
539
|
-
var ensureArray = function(teamIdentifiers) {
|
|
540
|
-
var array = [];
|
|
541
|
-
if (!teamIdentifiers) {
|
|
542
|
-
return array;
|
|
543
|
-
}
|
|
544
|
-
|
|
545
|
-
if (typeof(teamIdentifiers) === "string") {
|
|
546
|
-
array.push(teamIdentifiers);
|
|
547
|
-
}
|
|
548
|
-
|
|
549
|
-
for (var i = 0; i < teamIdentifiers.length; i++) {
|
|
550
|
-
array.push(teamIdentifiers[i]);
|
|
551
|
-
}
|
|
552
|
-
|
|
553
|
-
return array;
|
|
554
|
-
};
|
|
555
|
-
|
|
556
|
-
var addToProject = function(projectId, teamIdentifiers, finished) {
|
|
557
|
-
|
|
558
|
-
if (!teamIdentifiers) {
|
|
559
|
-
teamIdentifiers = "project-users-team";
|
|
560
|
-
}
|
|
561
|
-
|
|
562
|
-
teamIdentifiers = ensureArray(teamIdentifiers);
|
|
563
|
-
|
|
564
|
-
var project = null;
|
|
565
|
-
var stack = null;
|
|
566
|
-
|
|
567
|
-
return req.gitana.platform().trap(function(e) {
|
|
568
|
-
return false;
|
|
569
|
-
}).readProject(projectId).then(function(){
|
|
570
|
-
project = this;
|
|
571
|
-
}).readStack().then(function() {
|
|
572
|
-
stack = this;
|
|
573
|
-
|
|
574
|
-
var fns = [];
|
|
575
|
-
for (var i = 0; i < teamIdentifiers.length; i++)
|
|
576
|
-
{
|
|
577
|
-
var fn = function(stack, teamIdentifier, user) {
|
|
578
|
-
return function(d) {
|
|
579
|
-
|
|
580
|
-
console.log("Working on stack: " + stack._doc + ", team: " + teamIdentifier + ", user: " + user._doc);
|
|
581
|
-
|
|
582
|
-
Chain(stack).trap(function(e) {
|
|
583
|
-
d();
|
|
584
|
-
return false;
|
|
585
|
-
}).readTeam(teamIdentifier).then(function() {
|
|
586
|
-
var team = this;
|
|
587
|
-
|
|
588
|
-
Chain(team).hasMember(user, function(has) {
|
|
589
|
-
if (has) {
|
|
590
|
-
return d();
|
|
591
|
-
}
|
|
592
|
-
Chain(team).addMember(user).then(function() {
|
|
593
|
-
d();
|
|
594
|
-
});
|
|
595
|
-
});
|
|
596
|
-
});
|
|
597
|
-
|
|
598
|
-
}
|
|
599
|
-
}(stack, teamIdentifiers[i], gitanaUser);
|
|
600
|
-
fns.push(fn);
|
|
601
|
-
}
|
|
602
|
-
async.series(fns, function() {
|
|
603
|
-
finished();
|
|
604
|
-
});
|
|
605
|
-
});
|
|
606
|
-
};
|
|
607
|
-
|
|
608
|
-
var addToPlatformTeams = function(teamIdentifiers, finished) {
|
|
609
|
-
|
|
610
|
-
if (!teamIdentifiers) {
|
|
611
|
-
teamIdentifiers = "project-users-team";
|
|
612
|
-
}
|
|
613
|
-
|
|
614
|
-
teamIdentifiers = ensureArray(teamIdentifiers);
|
|
615
|
-
|
|
616
|
-
var platform = null;
|
|
617
|
-
|
|
618
|
-
return Chain(req.gitana.platform()).trap(function(e) {
|
|
619
|
-
return false;
|
|
620
|
-
}).then(function() {
|
|
621
|
-
platform = this;
|
|
622
|
-
|
|
623
|
-
var fns = [];
|
|
624
|
-
for (var i = 0; i < teamIdentifiers.length; i++)
|
|
625
|
-
{
|
|
626
|
-
var fn = function(platform, teamIdentifier, user) {
|
|
627
|
-
return function(d) {
|
|
628
|
-
|
|
629
|
-
console.log("Working on platform team: " + teamIdentifier + ", user: " + user._doc);
|
|
630
|
-
|
|
631
|
-
Chain(platform).trap(function(e) {
|
|
632
|
-
d();
|
|
633
|
-
return false;
|
|
634
|
-
}).readTeam(teamIdentifier).then(function() {
|
|
635
|
-
var team = this;
|
|
636
|
-
|
|
637
|
-
Chain(team).hasMember(user, function(has) {
|
|
638
|
-
if (has) {
|
|
639
|
-
return d();
|
|
640
|
-
}
|
|
641
|
-
Chain(team).addMember(user).then(function() {
|
|
642
|
-
d();
|
|
643
|
-
});
|
|
644
|
-
});
|
|
645
|
-
});
|
|
646
|
-
|
|
647
|
-
}
|
|
648
|
-
}(platform, teamIdentifiers[i], gitanaUser);
|
|
649
|
-
fns.push(fn);
|
|
650
|
-
}
|
|
651
|
-
async.series(fns, function() {
|
|
652
|
-
finished();
|
|
653
|
-
});
|
|
654
|
-
});
|
|
655
|
-
};
|
|
656
|
-
|
|
657
|
-
const isolate = new IsolatedVM.Isolate({ memoryLimit: 32 });
|
|
658
|
-
const context = isolate.createContextSync();
|
|
659
|
-
const jail = context.global;
|
|
660
|
-
|
|
661
|
-
// functions
|
|
662
|
-
jail.setSync('addToProject', function(projectId, teamIdentifiers) {
|
|
663
|
-
return addToProject(projectId, teamIdentifiers, function() {
|
|
664
|
-
console.log("Added user: " + gitanaUser._doc + " to project: " + projectId + ", teams: " + JSON.stringify(teamIdentifiers));
|
|
665
|
-
});
|
|
666
|
-
});
|
|
667
|
-
jail.setSync("addToPlatformTeam", function(teamIdentifier) {
|
|
668
|
-
return addToPlatformTeams([teamIdentifier], function() {
|
|
669
|
-
console.log("Added user: " + gitanaUser._doc + " to platform team: " + teamIdentifier);
|
|
670
|
-
});
|
|
671
|
-
});
|
|
672
|
-
jail.setSync("addToPlatformTeams", function(teamIdentifiers) {
|
|
673
|
-
return addToPlatformTeams(teamIdentifiers, function() {
|
|
674
|
-
console.log("Added user: " + gitanaUser._doc + " to platform teams: " + JSON.stringify(teamIdentifiers));
|
|
675
|
-
});
|
|
676
|
-
});
|
|
677
|
-
|
|
678
|
-
context.evalSync(rule);
|
|
679
|
-
|
|
680
|
-
setTimeout(function() {
|
|
681
|
-
callback();
|
|
682
|
-
}, 250);
|
|
683
|
-
};
|
|
684
|
-
|
|
685
|
-
var __handleSyncGroups = function(req, strategy, settings, gitanaUser, groupsArray, callback) {
|
|
522
|
+
var rules = [];
|
|
686
523
|
|
|
687
524
|
if (!groupsArray || groupsArray.length === 0)
|
|
688
525
|
{
|
|
689
|
-
return
|
|
526
|
+
return rules;
|
|
690
527
|
}
|
|
691
528
|
|
|
692
529
|
// if no groupMappings defined, bail
|
|
693
530
|
if (!settings || !settings.sso || !settings.sso.groupMappings || settings.sso.groupMappings.length === 0) {
|
|
694
|
-
return
|
|
531
|
+
return rules;
|
|
695
532
|
}
|
|
696
533
|
|
|
697
534
|
// copy mappings into a lookup list
|
|
698
|
-
|
|
535
|
+
// group key -> rules
|
|
699
536
|
for (var i = 0; i < settings.sso.groupMappings.length; i++)
|
|
700
537
|
{
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
var fns = [];
|
|
705
|
-
for (var i = 0; i < groupsArray.length; i++)
|
|
706
|
-
{
|
|
707
|
-
var groupIdentifier = groupsArray[i];
|
|
708
|
-
|
|
709
|
-
var rules = groupRules[groupIdentifier];
|
|
710
|
-
if (rules)
|
|
538
|
+
var key = settings.sso.groupMappings[i].key;
|
|
539
|
+
var values = settings.sso.groupMappings[i].values;
|
|
540
|
+
if (values && values.length > 0)
|
|
711
541
|
{
|
|
712
|
-
for (var x = 0; x <
|
|
542
|
+
for (var x = 0; x < values.length; x++)
|
|
713
543
|
{
|
|
714
|
-
var
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
544
|
+
var script = values[x];
|
|
545
|
+
|
|
546
|
+
rules.push({
|
|
547
|
+
// "condition": {
|
|
548
|
+
// "type": "belongsToGroup",
|
|
549
|
+
// "config": {
|
|
550
|
+
// "key": key
|
|
551
|
+
// }
|
|
552
|
+
// },
|
|
553
|
+
"script": script
|
|
554
|
+
});
|
|
722
555
|
}
|
|
723
556
|
}
|
|
724
557
|
}
|
|
725
558
|
|
|
726
|
-
|
|
727
|
-
callback(null, gitanaUser);
|
|
728
|
-
});
|
|
559
|
+
return rules;
|
|
729
560
|
};
|