cloudcms-server 3.2.338 → 3.2.340

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/launchpad/index.js +2 -0
  2. package/middleware/authentication/authentication.js +3 -1
  3. package/middleware/virtual-config/virtual-config.js +15 -3
  4. package/package.json +1 -2
  5. package/util/auth.js +32 -220
package/launchpad/index.js CHANGED
@@ -10,6 +10,8 @@ process.on('uncaughtException', function(err, source) {
10
10
  // {
11
11
  console.log(`Launchpad - process received event 'uncaughtException': ${err}, source: ${source}`);
12
12
  console.log(err.stack);
13
+ console.log("ERR: ", err);
14
+ console.log("SOURCE: ", source);
13
15
  // }
14
16
  });
15
17
 
package/middleware/authentication/authentication.js CHANGED
@@ -391,7 +391,9 @@ exports = module.exports = function()
391
391
 
392
392
  if (!profile || !info)
393
393
  {
394
- return handleFailure(null, res);
394
+ return handleFailure({
395
+ "message": "Authentication callback missing both profile and info"
396
+ }, res);
395
397
  }
396
398
 
397
399
  // store these onto request
package/middleware/virtual-config/virtual-config.js CHANGED
@@ -16,6 +16,7 @@ exports = module.exports = function()
16
16
 
17
17
  var SENTINEL_NOT_FOUND_VALUE = "null";
18
18
  var BLACKLIST_TTL_SECONDS = 60 * 60 * 24 * 30; // 30 days
19
+ var DISABLED_TTL_SECONDS = 60 * 10; // 10 minutes
19
20
 
20
21
  var VIRTUAL_DRIVER_CACHE_KEY = "virtualdriver";
21
22
 
@@ -115,7 +116,8 @@ exports = module.exports = function()
115
116
  config.baseURL = configuration.virtualDriver.baseURL;
116
117
 
117
118
  // hand back
118
- callback(null, config);
119
+ var disabled = body.disabled ? true : false;
120
+ callback(null, config, disabled);
119
121
  }
120
122
  }
121
123
  else
@@ -183,7 +185,7 @@ exports = module.exports = function()
183
185
  }
184
186
 
185
187
  // load the gitana.json file from Cloud CMS
186
- loadConfigForVirtualHost(host, logMethod, function (err, virtualConfig) {
188
+ loadConfigForVirtualHost(host, logMethod, function (err, virtualConfig, disabled) {
187
189
 
188
190
  if (err)
189
191
  {
@@ -194,7 +196,7 @@ exports = module.exports = function()
194
196
 
195
197
  if (!virtualConfig)
196
198
  {
197
- // mark that it failed (30 minute TTL)
199
+ // mark that it failed (30 day blacklist TTL)
198
200
  return process.cache.write(VCSENTINEL_CACHE_KEY, true, BLACKLIST_TTL_SECONDS, function() {
199
201
  finishedLoading({
200
202
  "message": "No virtual config found for host: " + host
@@ -202,6 +204,16 @@ exports = module.exports = function()
202
204
  });
203
205
  }
204
206
 
207
+ if (disabled)
208
+ {
209
+ // mark that the virtual config is disabled (10 minutes TLL)
210
+ return process.cache.write(VCSENTINEL_CACHE_KEY, true, DISABLED_TTL_SECONDS, function() {
211
+ finishedLoading({
212
+ "message": "The virtual config was found for host: " + host + " but it has been marked as disabled"
213
+ });
214
+ });
215
+ }
216
+
205
217
  // populate gitana.json
206
218
  var gitanaJson = {
207
219
  "clientKey": virtualConfig.clientKey
package/package.json CHANGED
@@ -6,7 +6,7 @@
6
6
  },
7
7
  "name": "cloudcms-server",
8
8
  "description": "Cloud CMS Application Server Module",
9
- "version": "3.2.338",
9
+ "version": "3.2.340",
10
10
  "repository": {
11
11
  "type": "git",
12
12
  "url": "git://github.com/gitana/cloudcms-server.git"
@@ -44,7 +44,6 @@
44
44
  "hbs": "^4.2.0",
45
45
  "helmet": "^8.0.0",
46
46
  "ioredis": "5.4.1",
47
- "isolated-vm": "^5.0.3",
48
47
  "json5": "^2.2.3",
49
48
  "jsonwebtoken": "^9.0.2",
50
49
  "klaw": "^4.1.0",
package/util/auth.js CHANGED
@@ -5,8 +5,6 @@ var LRUCache = require("lru-cache");
5
5
 
6
6
  var request = require("./request");
7
7
 
8
- const IsolatedVM = require("isolated-vm");
9
-
10
8
  // trusted profile cache size 100
11
9
  var TRUSTED_PROFILE_CACHE = new LRUCache({
12
10
  max:100,
@@ -389,7 +387,9 @@ var _handleConnectAsUser = function(req, key, gitanaUser, callback) {
389
387
 
390
388
  var _handleSyncUser = function(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, groupsArray, callback) {
391
389
 
392
- __handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, function(err, gitanaUser, synced) {
390
+ var rulesArray = buildRulesArray(req, strategy, settings, groupsArray);
391
+
392
+ __handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, rulesArray, function(err, gitanaUser, synced) {
393
393
 
394
394
  if (err) {
395
395
  return callback(err);
@@ -414,25 +414,12 @@ var _handleSyncUser = function(req, strategy, settings, key, domainId, providerI
414
414
  });
415
415
  }
416
416
 
417
- if (!synced)
418
- {
419
- if (!groupsArray || groupsArray.length == 0)
420
- {
421
- return callback(null, gitanaUser);
422
- }
423
- }
424
-
425
- // sync groups
426
- __handleSyncGroups(req, strategy, settings, gitanaUser, groupsArray, function(err, gitanaUser) {
427
-
428
- return callback(null, gitanaUser);
429
-
430
- });
417
+ return callback(null, gitanaUser);
431
418
  });
432
419
 
433
420
  };
434
421
 
435
- var __handleSyncUser = function(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, callback) {
422
+ var __handleSyncUser = function(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, rulesArray, callback) {
436
423
 
437
424
  var baseURL = req.gitanaConfig.baseURL;
438
425
  var authorizationHeader = req.gitana.getDriver().getHttpHeaders()["Authorization"];
@@ -455,6 +442,11 @@ var __handleSyncUser = function(req, strategy, settings, key, domainId, provider
455
442
  "connection": connectionObject
456
443
  };
457
444
 
445
+ if (rulesArray)
446
+ {
447
+ json.rules = rulesArray;
448
+ }
449
+
458
450
  var autoCreate = strategy.autoRegister ? true : false;
459
451
 
460
452
  var requestConfig = {
@@ -480,7 +472,7 @@ var __handleSyncUser = function(req, strategy, settings, key, domainId, provider
480
472
  {
481
473
  // retry after getting new token
482
474
  return req.gitana.getDriver().reloadAuthInfo(function () {
483
- __handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, function(err, gitanaUser, synced) {
475
+ __handleSyncUser(req, strategy, settings, key, domainId, providerId, providerUserId, token, refreshToken, userObject, rulesArray, function(err, gitanaUser, synced) {
484
476
  callback(err, gitanaUser, synced);
485
477
  })
486
478
  });
@@ -525,224 +517,44 @@ var __handleSyncUser = function(req, strategy, settings, key, domainId, provider
525
517
  });
526
518
  };
527
519
 
528
- var executeRule = function(req, rule, gitanaUser, callback)
520
+ var buildRulesArray = function(req, strategy, settings, groupsArray)
529
521
  {
530
- console.log("r1: " + rule);
531
-
532
- //
533
- // addToProject(projectId)
534
- // addToProject(projectId, [teamKey]);
535
- //
536
- // removeFromProject(projectId);
537
- //
538
- // addToPlatformTeam([teamKey])
539
- // removeFromPlatformTeam([teamKey])
540
-
541
- var ensureArray = function(teamIdentifiers) {
542
- var array = [];
543
- if (!teamIdentifiers) {
544
- return array;
545
- }
546
-
547
- if (typeof(teamIdentifiers) === "string") {
548
- array.push(teamIdentifiers);
549
- }
550
-
551
- for (var i = 0; i < teamIdentifiers.length; i++) {
552
- array.push(teamIdentifiers[i]);
553
- }
554
-
555
- return array;
556
- };
557
-
558
- var addToProject = function(projectId, teamIdentifiers, finished) {
559
-
560
- console.log("r2, projectId: " + projectId + ", teamIdentifiers: " + teamIdentifiers);
561
-
562
- if (!teamIdentifiers) {
563
- teamIdentifiers = "project-users-team";
564
- }
565
-
566
- teamIdentifiers = ensureArray(teamIdentifiers);
567
-
568
- var project = null;
569
- var stack = null;
570
-
571
- console.log("r21");
572
- return req.gitana.platform().trap(function(e) {
573
- console.log("r22", e);
574
- return false;
575
- }).readProject(projectId).then(function(){
576
- project = this;
577
- }).readStack().then(function() {
578
- stack = this;
579
-
580
- var fns = [];
581
- for (var i = 0; i < teamIdentifiers.length; i++)
582
- {
583
- var fn = function(stack, teamIdentifier, user) {
584
- return function(d) {
585
-
586
- console.log("Working on stack: " + stack._doc + ", team: " + teamIdentifier + ", user: " + user._doc);
587
-
588
- Chain(stack).trap(function(e) {
589
- d();
590
- return false;
591
- }).readTeam(teamIdentifier).then(function() {
592
- var team = this;
593
-
594
- Chain(team).hasMember(user, function(has) {
595
- if (has) {
596
- return d();
597
- }
598
- Chain(team).addMember(user).then(function() {
599
- d();
600
- });
601
- });
602
- });
603
-
604
- }
605
- }(stack, teamIdentifiers[i], gitanaUser);
606
- fns.push(fn);
607
- }
608
- async.series(fns, function() {
609
- console.log("r29");
610
- finished();
611
- });
612
- });
613
- };
614
-
615
- var addToPlatformTeams = function(teamIdentifiers, finished) {
616
-
617
- console.log("r3");
618
-
619
- if (!teamIdentifiers) {
620
- teamIdentifiers = "project-users-team";
621
- }
622
-
623
- teamIdentifiers = ensureArray(teamIdentifiers);
624
-
625
- var platform = null;
626
-
627
- return Chain(req.gitana.platform()).trap(function(e) {
628
- console.log("r31: ", e);
629
- return false;
630
- }).then(function() {
631
- platform = this;
632
-
633
- var fns = [];
634
- for (var i = 0; i < teamIdentifiers.length; i++)
635
- {
636
- var fn = function(platform, teamIdentifier, user) {
637
- return function(d) {
638
-
639
- console.log("Working on platform team: " + teamIdentifier + ", user: " + user._doc);
640
-
641
- Chain(platform).trap(function(e) {
642
- d();
643
- return false;
644
- }).readTeam(teamIdentifier).then(function() {
645
- var team = this;
646
-
647
- Chain(team).hasMember(user, function(has) {
648
- if (has) {
649
- return d();
650
- }
651
- Chain(team).addMember(user).then(function() {
652
- d();
653
- });
654
- });
655
- });
656
-
657
- }
658
- }(platform, teamIdentifiers[i], gitanaUser);
659
- fns.push(fn);
660
- }
661
- async.series(fns, function() {
662
- console.log("r39");
663
- finished();
664
- });
665
- });
666
- };
667
-
668
- console.log("r4");
669
-
670
- const isolate = new IsolatedVM.Isolate({ memoryLimit: 128 });
671
- const context = isolate.createContextSync();
672
- const jail = context.global;
673
-
674
- console.log("r5");
675
- // functions
676
- jail.setSync('addToProject', function(projectId, teamIdentifiers) {
677
- return addToProject(projectId, teamIdentifiers, function() {
678
- console.log("Added user: " + gitanaUser._doc + " to project: " + projectId + ", teams: " + JSON.stringify(teamIdentifiers));
679
- });
680
- });
681
- jail.setSync("addToPlatformTeam", function(teamIdentifier) {
682
- return addToPlatformTeams([teamIdentifier], function() {
683
- console.log("Added user: " + gitanaUser._doc + " to platform team: " + teamIdentifier);
684
- });
685
- });
686
- jail.setSync("addToPlatformTeams", function(teamIdentifiers) {
687
- return addToPlatformTeams(teamIdentifiers, function() {
688
- console.log("Added user: " + gitanaUser._doc + " to platform teams: " + JSON.stringify(teamIdentifiers));
689
- });
690
- });
691
-
692
- console.log("r6");
693
- context.evalSync(rule, {
694
- "timeout": 1000 * 60 // one minute
695
- });
696
- console.log("r7");
697
-
698
- setTimeout(function() {
699
- console.log("r8");
700
- callback();
701
- }, 250);
702
- };
703
-
704
- var __handleSyncGroups = function(req, strategy, settings, gitanaUser, groupsArray, callback) {
522
+ var rules = [];
705
523
 
706
524
  if (!groupsArray || groupsArray.length === 0)
707
525
  {
708
- return callback(null, gitanaUser);
526
+ return rules;
709
527
  }
710
528
 
711
529
  // if no groupMappings defined, bail
712
530
  if (!settings || !settings.sso || !settings.sso.groupMappings || settings.sso.groupMappings.length === 0) {
713
- return callback(null, gitanaUser);
531
+ return rules;
714
532
  }
715
533
 
716
534
  // copy mappings into a lookup list
717
- var groupRules = {};
535
+ // group key -> rules
718
536
  for (var i = 0; i < settings.sso.groupMappings.length; i++)
719
537
  {
720
- groupRules[settings.sso.groupMappings[i].key] = settings.sso.groupMappings[i].values;
721
- }
722
-
723
- var fns = [];
724
- for (var i = 0; i < groupsArray.length; i++)
725
- {
726
- var groupIdentifier = groupsArray[i];
727
-
728
- var rules = groupRules[groupIdentifier];
729
- if (rules)
538
+ var key = settings.sso.groupMappings[i].key;
539
+ var values = settings.sso.groupMappings[i].values;
540
+ if (values && values.length > 0)
730
541
  {
731
- for (var x = 0; x < rules.length; x++)
542
+ for (var x = 0; x < values.length; x++)
732
543
  {
733
- var fn = function (rule, gitanaUser) {
734
- return function (done) {
735
- executeRule(req, rule, gitanaUser, function (err) {
736
- done(err);
737
- });
738
- }
739
- }(rules[x], gitanaUser);
740
- fns.push(fn);
544
+ var script = values[x];
545
+
546
+ rules.push({
547
+ // "condition": {
548
+ // "type": "belongsToGroup",
549
+ // "config": {
550
+ // "key": key
551
+ // }
552
+ // },
553
+ "script": script
554
+ });
741
555
  }
742
556
  }
743
557
  }
744
558
 
745
- async.series(fns, function() {
746
- callback(null, gitanaUser);
747
- });
559
+ return rules;
748
560
  };