kuzzle 2.19.2 → 2.19.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/api/controllers/adminController.js +94 -80
- package/lib/api/controllers/authController.js +239 -212
- package/lib/api/controllers/baseController.js +89 -51
- package/lib/api/controllers/bulkController.js +62 -49
- package/lib/api/controllers/clusterController.js +6 -8
- package/lib/api/controllers/collectionController.js +140 -129
- package/lib/api/controllers/debugController.d.ts +2 -2
- package/lib/api/controllers/debugController.js +33 -31
- package/lib/api/controllers/documentController.js +365 -274
- package/lib/api/controllers/index.js +13 -13
- package/lib/api/controllers/indexController.js +46 -50
- package/lib/api/controllers/memoryStorageController.js +410 -360
- package/lib/api/controllers/realtimeController.js +37 -36
- package/lib/api/controllers/securityController.js +553 -412
- package/lib/api/controllers/serverController.js +111 -104
- package/lib/api/documentExtractor.js +75 -68
- package/lib/api/funnel.js +411 -312
- package/lib/api/httpRoutes.js +1493 -324
- package/lib/api/openapi/OpenApiManager.d.ts +1 -1
- package/lib/api/openapi/OpenApiManager.js +22 -22
- package/lib/api/openapi/components/document/count.yaml +1 -1
- package/lib/api/openapi/components/document/create.yaml +2 -2
- package/lib/api/openapi/components/document/delete.yaml +1 -1
- package/lib/api/openapi/components/document/deleteByQuery.yaml +1 -1
- package/lib/api/openapi/components/document/exists.yaml +1 -1
- package/lib/api/openapi/components/document/get.yaml +2 -2
- package/lib/api/openapi/components/document/index.js +12 -12
- package/lib/api/openapi/components/document/replace.yaml +1 -1
- package/lib/api/openapi/components/document/scroll.yaml +1 -1
- package/lib/api/openapi/components/document/validate.yaml +1 -1
- package/lib/api/openapi/components/index.d.ts +2 -2
- package/lib/api/openapi/components/index.js +1 -1
- package/lib/api/openapi/components/security/index.js +1 -1
- package/lib/api/openapi/components/security/upsertUser.yaml +2 -3
- package/lib/api/openapi/index.d.ts +1 -1
- package/lib/api/openapi/openApiGenerator.d.ts +1 -1
- package/lib/api/openapi/openApiGenerator.js +7 -7
- package/lib/api/rateLimiter.js +12 -13
- package/lib/api/request/index.d.ts +4 -4
- package/lib/api/request/kuzzleRequest.d.ts +9 -9
- package/lib/api/request/kuzzleRequest.js +89 -87
- package/lib/api/request/requestContext.d.ts +2 -2
- package/lib/api/request/requestContext.js +17 -17
- package/lib/api/request/requestInput.d.ts +1 -1
- package/lib/api/request/requestInput.js +19 -19
- package/lib/api/request/requestResponse.d.ts +4 -4
- package/lib/api/request/requestResponse.js +31 -33
- package/lib/cluster/command.js +48 -44
- package/lib/cluster/idCardHandler.d.ts +1 -1
- package/lib/cluster/idCardHandler.js +15 -15
- package/lib/cluster/index.js +2 -2
- package/lib/cluster/node.js +301 -269
- package/lib/cluster/publisher.js +45 -46
- package/lib/cluster/state.d.ts +5 -5
- package/lib/cluster/state.js +8 -8
- package/lib/cluster/subscriber.js +163 -113
- package/lib/cluster/workers/IDCardRenewer.js +33 -32
- package/lib/config/default.config.d.ts +1 -1
- package/lib/config/default.config.js +212 -171
- package/lib/config/documentEventAliases.js +6 -6
- package/lib/config/index.js +161 -98
- package/lib/config/sdkCompatibility.json +8 -8
- package/lib/core/auth/formatProcessing.js +7 -7
- package/lib/core/auth/passportResponse.js +7 -7
- package/lib/core/auth/passportWrapper.js +34 -30
- package/lib/core/auth/tokenManager.d.ts +2 -2
- package/lib/core/auth/tokenManager.js +11 -10
- package/lib/core/backend/applicationManager.d.ts +1 -1
- package/lib/core/backend/applicationManager.js +2 -2
- package/lib/core/backend/backend.d.ts +3 -3
- package/lib/core/backend/backend.js +34 -31
- package/lib/core/backend/backendCluster.d.ts +2 -2
- package/lib/core/backend/backendCluster.js +5 -5
- package/lib/core/backend/backendConfig.d.ts +2 -2
- package/lib/core/backend/backendConfig.js +3 -3
- package/lib/core/backend/backendController.d.ts +2 -2
- package/lib/core/backend/backendController.js +9 -10
- package/lib/core/backend/backendErrors.d.ts +3 -3
- package/lib/core/backend/backendErrors.js +2 -1
- package/lib/core/backend/backendHook.d.ts +2 -2
- package/lib/core/backend/backendHook.js +5 -5
- package/lib/core/backend/backendImport.d.ts +3 -3
- package/lib/core/backend/backendImport.js +23 -23
- package/lib/core/backend/backendOpenApi.d.ts +2 -2
- package/lib/core/backend/backendOpenApi.js +16 -16
- package/lib/core/backend/backendPipe.d.ts +2 -2
- package/lib/core/backend/backendPipe.js +6 -6
- package/lib/core/backend/backendPlugin.d.ts +4 -4
- package/lib/core/backend/backendPlugin.js +14 -14
- package/lib/core/backend/backendStorage.d.ts +2 -2
- package/lib/core/backend/backendStorage.js +1 -2
- package/lib/core/backend/backendVault.d.ts +2 -2
- package/lib/core/backend/backendVault.js +3 -3
- package/lib/core/backend/index.d.ts +14 -14
- package/lib/core/backend/internalLogger.d.ts +1 -1
- package/lib/core/backend/internalLogger.js +5 -5
- package/lib/core/cache/cacheDbEnum.js +4 -4
- package/lib/core/cache/cacheEngine.js +79 -85
- package/lib/core/network/accessLogger.js +126 -120
- package/lib/core/network/clientConnection.js +5 -5
- package/lib/core/network/context.js +8 -8
- package/lib/core/network/entryPoint.js +100 -85
- package/lib/core/network/httpRouter/index.js +63 -60
- package/lib/core/network/httpRouter/routeHandler.js +18 -19
- package/lib/core/network/httpRouter/routePart.js +23 -19
- package/lib/core/network/protocolManifest.js +3 -3
- package/lib/core/network/protocols/httpMessage.js +8 -10
- package/lib/core/network/protocols/httpwsProtocol.js +305 -250
- package/lib/core/network/protocols/internalProtocol.js +27 -24
- package/lib/core/network/protocols/mqttProtocol.js +106 -96
- package/lib/core/network/protocols/protocol.js +20 -17
- package/lib/core/network/router.js +56 -46
- package/lib/core/plugin/plugin.js +151 -120
- package/lib/core/plugin/pluginContext.d.ts +7 -7
- package/lib/core/plugin/pluginContext.js +48 -44
- package/lib/core/plugin/pluginManifest.js +13 -12
- package/lib/core/plugin/pluginRepository.js +26 -27
- package/lib/core/plugin/pluginsManager.js +425 -304
- package/lib/core/plugin/privilegedContext.js +3 -3
- package/lib/core/realtime/actionEnum.js +1 -1
- package/lib/core/realtime/channel.d.ts +1 -1
- package/lib/core/realtime/channel.js +22 -22
- package/lib/core/realtime/connectionRooms.d.ts +1 -1
- package/lib/core/realtime/hotelClerk.d.ts +2 -2
- package/lib/core/realtime/hotelClerk.js +53 -50
- package/lib/core/realtime/index.js +5 -5
- package/lib/core/realtime/notification/document.js +25 -25
- package/lib/core/realtime/notification/index.js +4 -4
- package/lib/core/realtime/notification/server.js +3 -3
- package/lib/core/realtime/notification/user.js +4 -4
- package/lib/core/realtime/notifier.js +113 -75
- package/lib/core/realtime/room.d.ts +1 -1
- package/lib/core/realtime/subscription.d.ts +1 -1
- package/lib/core/realtime/subscription.js +1 -1
- package/lib/core/security/index.js +8 -8
- package/lib/core/security/profileRepository.d.ts +6 -6
- package/lib/core/security/profileRepository.js +48 -45
- package/lib/core/security/roleRepository.js +127 -115
- package/lib/core/security/securityLoader.js +70 -63
- package/lib/core/security/tokenRepository.js +132 -118
- package/lib/core/security/userRepository.js +104 -88
- package/lib/core/shared/KoncordeWrapper.d.ts +1 -1
- package/lib/core/shared/KoncordeWrapper.js +3 -1
- package/lib/core/shared/abstractManifest.js +22 -23
- package/lib/core/shared/repository.js +69 -67
- package/lib/core/shared/sdk/embeddedSdk.d.ts +2 -2
- package/lib/core/shared/sdk/embeddedSdk.js +36 -32
- package/lib/core/shared/sdk/funnelProtocol.d.ts +1 -1
- package/lib/core/shared/sdk/funnelProtocol.js +11 -11
- package/lib/core/shared/sdk/impersonatedSdk.js +19 -18
- package/lib/core/shared/store.js +127 -32
- package/lib/core/statistics/index.js +2 -2
- package/lib/core/statistics/statistics.js +99 -85
- package/lib/core/storage/clientAdapter.js +219 -136
- package/lib/core/storage/indexCache.js +3 -3
- package/lib/core/storage/storageEngine.js +10 -13
- package/lib/core/storage/storeScopeEnum.js +3 -3
- package/lib/core/validation/baseType.js +12 -10
- package/lib/core/validation/index.js +2 -2
- package/lib/core/validation/types/anything.js +4 -4
- package/lib/core/validation/types/boolean.js +7 -7
- package/lib/core/validation/types/date.js +165 -131
- package/lib/core/validation/types/email.js +18 -21
- package/lib/core/validation/types/enum.js +34 -21
- package/lib/core/validation/types/geoPoint.js +7 -7
- package/lib/core/validation/types/geoShape.js +148 -125
- package/lib/core/validation/types/integer.js +9 -9
- package/lib/core/validation/types/ipAddress.js +17 -19
- package/lib/core/validation/types/numeric.js +36 -29
- package/lib/core/validation/types/object.js +19 -19
- package/lib/core/validation/types/string.js +36 -29
- package/lib/core/validation/types/url.js +17 -19
- package/lib/core/validation/validation.js +422 -378
- package/lib/kerror/codes/1-services.json +7 -1
- package/lib/kerror/codes/4-plugin.json +2 -2
- package/lib/kerror/codes/index.js +85 -63
- package/lib/kerror/errors/badRequestError.d.ts +1 -1
- package/lib/kerror/errors/externalServiceError.d.ts +1 -1
- package/lib/kerror/errors/forbiddenError.d.ts +1 -1
- package/lib/kerror/errors/gatewayTimeoutError.d.ts +1 -1
- package/lib/kerror/errors/index.d.ts +15 -15
- package/lib/kerror/errors/internalError.d.ts +1 -1
- package/lib/kerror/errors/kuzzleError.d.ts +1 -1
- package/lib/kerror/errors/multipleErrorsError.d.ts +1 -1
- package/lib/kerror/errors/multipleErrorsError.js +1 -1
- package/lib/kerror/errors/notFoundError.d.ts +1 -1
- package/lib/kerror/errors/partialError.d.ts +1 -1
- package/lib/kerror/errors/partialError.js +1 -1
- package/lib/kerror/errors/pluginImplementationError.d.ts +1 -1
- package/lib/kerror/errors/pluginImplementationError.js +2 -1
- package/lib/kerror/errors/preconditionError.d.ts +1 -1
- package/lib/kerror/errors/serviceUnavailableError.d.ts +1 -1
- package/lib/kerror/errors/sizeLimitError.d.ts +1 -1
- package/lib/kerror/errors/tooManyRequestsError.d.ts +1 -1
- package/lib/kerror/errors/unauthorizedError.d.ts +1 -1
- package/lib/kerror/index.d.ts +3 -3
- package/lib/kerror/index.js +17 -16
- package/lib/kuzzle/dumpGenerator.js +130 -114
- package/lib/kuzzle/event/kuzzleEventEmitter.js +96 -70
- package/lib/kuzzle/event/pipeRunner.js +25 -24
- package/lib/kuzzle/event/waterfall.js +13 -15
- package/lib/kuzzle/index.js +2 -2
- package/lib/kuzzle/internalIndexHandler.js +80 -59
- package/lib/kuzzle/kuzzle.js +99 -99
- package/lib/kuzzle/kuzzleStateEnum.js +1 -1
- package/lib/kuzzle/log.js +23 -18
- package/lib/kuzzle/vault.js +34 -19
- package/lib/model/security/profile.d.ts +3 -3
- package/lib/model/security/profile.js +38 -37
- package/lib/model/security/rights.js +5 -5
- package/lib/model/security/role.d.ts +3 -3
- package/lib/model/security/role.js +25 -26
- package/lib/model/security/token.d.ts +1 -1
- package/lib/model/security/token.js +4 -4
- package/lib/model/security/user.d.ts +2 -2
- package/lib/model/security/user.js +9 -9
- package/lib/model/storage/apiKey.js +43 -33
- package/lib/model/storage/baseModel.js +49 -45
- package/lib/service/cache/redis.js +60 -55
- package/lib/service/service.js +17 -17
- package/lib/service/storage/elasticsearch.js +839 -755
- package/lib/service/storage/esWrapper.js +103 -86
- package/lib/service/storage/queryTranslator.js +52 -59
- package/lib/types/Controller.d.ts +3 -3
- package/lib/types/ControllerDefinition.d.ts +3 -3
- package/lib/types/DebugModule.d.ts +2 -2
- package/lib/types/DebugModule.js +1 -1
- package/lib/types/Global.d.ts +1 -1
- package/lib/types/HttpStream.d.ts +2 -1
- package/lib/types/HttpStream.js +7 -5
- package/lib/types/Kuzzle.d.ts +1 -1
- package/lib/types/KuzzleDocument.d.ts +1 -1
- package/lib/types/OpenApiDefinition.d.ts +1 -1
- package/lib/types/PasswordPolicy.d.ts +1 -1
- package/lib/types/Plugin.d.ts +6 -6
- package/lib/types/Plugin.js +2 -2
- package/lib/types/Policy.d.ts +1 -1
- package/lib/types/RequestPayload.d.ts +1 -1
- package/lib/types/ResponsePayload.d.ts +1 -1
- package/lib/types/Token.d.ts +1 -1
- package/lib/types/User.d.ts +1 -1
- package/lib/types/config/DumpConfiguration.d.ts +8 -8
- package/lib/types/config/HttpConfiguration.d.ts +1 -1
- package/lib/types/config/KuzzleConfiguration.d.ts +1 -1
- package/lib/types/config/LimitsConfiguration.d.ts +8 -8
- package/lib/types/config/PluginsConfiguration.d.ts +4 -4
- package/lib/types/config/SecurityConfiguration.d.ts +62 -62
- package/lib/types/config/ServerConfiguration.d.ts +55 -55
- package/lib/types/config/ServicesConfiguration.d.ts +2 -2
- package/lib/types/config/internalCache/InternalCacheRedisConfiguration.d.ts +10 -10
- package/lib/types/config/publicCache/PublicCacheRedisConfiguration.d.ts +3 -3
- package/lib/types/config/storageEngine/StorageEngineElasticsearchConfiguration.d.ts +194 -110
- package/lib/types/errors/ErrorDefinition.d.ts +1 -1
- package/lib/types/errors/ErrorDomains.d.ts +1 -1
- package/lib/types/index.d.ts +38 -38
- package/lib/types/realtime/RealtimeScope.d.ts +1 -1
- package/lib/types/realtime/RealtimeUsers.d.ts +1 -1
- package/lib/util/assertType.js +13 -11
- package/lib/util/async.d.ts +1 -0
- package/lib/util/async.js +61 -0
- package/lib/util/asyncStore.js +19 -21
- package/lib/util/bufferedPassThrough.d.ts +2 -2
- package/lib/util/bufferedPassThrough.js +4 -4
- package/lib/util/bytes.js +9 -13
- package/lib/util/crypto.js +1 -1
- package/lib/util/debug.js +5 -5
- package/lib/util/deprecate.js +24 -21
- package/lib/util/didYouMean.js +7 -7
- package/lib/util/dump-collection.d.ts +2 -2
- package/lib/util/dump-collection.js +26 -26
- package/lib/util/esRequest.d.ts +1 -0
- package/lib/util/esRequest.js +62 -0
- package/lib/util/extractFields.js +24 -25
- package/lib/util/inflector.js +5 -5
- package/lib/util/koncordeCompat.d.ts +2 -2
- package/lib/util/koncordeCompat.js +5 -5
- package/lib/util/memoize.js +3 -5
- package/lib/util/mutex.d.ts +19 -1
- package/lib/util/mutex.js +39 -12
- package/lib/util/name-generator.js +1331 -1331
- package/lib/util/promback.js +8 -10
- package/lib/util/readYamlFile.d.ts +1 -1
- package/lib/util/readYamlFile.js +1 -1
- package/lib/util/requestAssertions.js +34 -34
- package/lib/util/safeObject.js +5 -5
- package/lib/util/stackTrace.js +20 -22
- package/lib/util/wildcard.js +15 -15
- package/package.json +6 -6
- package/npm-shrinkwrap.json +0 -19422
|
@@ -19,23 +19,23 @@
|
|
|
19
19
|
* limitations under the License.
|
|
20
20
|
*/
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
"use strict";
|
|
23
23
|
|
|
24
|
-
const { IncomingMessage } = require(
|
|
25
|
-
const Cookie = require(
|
|
24
|
+
const { IncomingMessage } = require("http");
|
|
25
|
+
const Cookie = require("cookie");
|
|
26
26
|
|
|
27
|
-
const Bluebird = require(
|
|
28
|
-
const { isEmpty } = require(
|
|
27
|
+
const Bluebird = require("bluebird");
|
|
28
|
+
const { isEmpty } = require("lodash");
|
|
29
29
|
|
|
30
|
-
const { KuzzleError } = require(
|
|
31
|
-
const { KuzzleRequest } = require(
|
|
32
|
-
const kerror = require(
|
|
33
|
-
const { has } = require(
|
|
34
|
-
const { NativeController } = require(
|
|
35
|
-
const formatProcessing = require(
|
|
36
|
-
const { User } = require(
|
|
37
|
-
const ApiKey = require(
|
|
38
|
-
const SecurityController = require(
|
|
30
|
+
const { KuzzleError } = require("../../kerror/errors");
|
|
31
|
+
const { KuzzleRequest } = require("../request");
|
|
32
|
+
const kerror = require("../../kerror");
|
|
33
|
+
const { has } = require("../../util/safeObject");
|
|
34
|
+
const { NativeController } = require("./baseController");
|
|
35
|
+
const formatProcessing = require("../../core/auth/formatProcessing");
|
|
36
|
+
const { User } = require("../../model/security/user");
|
|
37
|
+
const ApiKey = require("../../model/storage/apiKey");
|
|
38
|
+
const SecurityController = require("./securityController");
|
|
39
39
|
|
|
40
40
|
/**
|
|
41
41
|
* @class AuthController
|
|
@@ -45,26 +45,26 @@ class AuthController extends NativeController {
|
|
|
45
45
|
* @param {Kuzzle} kuzzle
|
|
46
46
|
* @constructor
|
|
47
47
|
*/
|
|
48
|
-
constructor
|
|
48
|
+
constructor() {
|
|
49
49
|
super([
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
50
|
+
"checkRights",
|
|
51
|
+
"checkToken",
|
|
52
|
+
"createApiKey",
|
|
53
|
+
"createMyCredentials",
|
|
54
|
+
"credentialsExist",
|
|
55
|
+
"deleteApiKey",
|
|
56
|
+
"deleteMyCredentials",
|
|
57
|
+
"getCurrentUser",
|
|
58
|
+
"getMyCredentials",
|
|
59
|
+
"getMyRights",
|
|
60
|
+
"getStrategies",
|
|
61
|
+
"login",
|
|
62
|
+
"logout",
|
|
63
|
+
"refreshToken",
|
|
64
|
+
"searchApiKeys",
|
|
65
|
+
"updateMyCredentials",
|
|
66
|
+
"updateSelf",
|
|
67
|
+
"validateMyCredentials",
|
|
68
68
|
]);
|
|
69
69
|
|
|
70
70
|
this.anonymousId = null;
|
|
@@ -76,31 +76,35 @@ class AuthController extends NativeController {
|
|
|
76
76
|
*
|
|
77
77
|
* @returns {Promise}
|
|
78
78
|
*/
|
|
79
|
-
async init
|
|
80
|
-
const anonymous = await global.kuzzle.ask(
|
|
79
|
+
async init() {
|
|
80
|
+
const anonymous = await global.kuzzle.ask(
|
|
81
|
+
"core:security:user:anonymous:get"
|
|
82
|
+
);
|
|
81
83
|
this.anonymousId = anonymous._id;
|
|
82
84
|
}
|
|
83
85
|
|
|
84
86
|
/**
|
|
85
87
|
* Checks if an API action can be executed by the current user
|
|
86
88
|
*/
|
|
87
|
-
async checkRights
|
|
89
|
+
async checkRights(request) {
|
|
88
90
|
const requestPayload = request.getBody();
|
|
89
91
|
|
|
90
|
-
if (typeof requestPayload.controller !==
|
|
91
|
-
throw kerror.get(
|
|
92
|
+
if (typeof requestPayload.controller !== "string") {
|
|
93
|
+
throw kerror.get("api", "assert", "missing_argument", "body.controller");
|
|
92
94
|
}
|
|
93
95
|
|
|
94
|
-
if (typeof requestPayload.action !==
|
|
95
|
-
throw kerror.get(
|
|
96
|
+
if (typeof requestPayload.action !== "string") {
|
|
97
|
+
throw kerror.get("api", "assert", "missing_argument", "body.action");
|
|
96
98
|
}
|
|
97
99
|
|
|
98
100
|
const user = request.context.user;
|
|
99
101
|
|
|
100
|
-
const allowed = await user.isActionAllowed(
|
|
102
|
+
const allowed = await user.isActionAllowed(
|
|
103
|
+
new KuzzleRequest(requestPayload)
|
|
104
|
+
);
|
|
101
105
|
|
|
102
106
|
return {
|
|
103
|
-
allowed
|
|
107
|
+
allowed,
|
|
104
108
|
};
|
|
105
109
|
}
|
|
106
110
|
|
|
@@ -108,11 +112,11 @@ class AuthController extends NativeController {
|
|
|
108
112
|
* Creates a new API key for the user
|
|
109
113
|
* @param {KuzzleRequest} request
|
|
110
114
|
*/
|
|
111
|
-
async createApiKey
|
|
115
|
+
async createApiKey(request) {
|
|
112
116
|
const expiresIn = request.input.args.expiresIn || -1;
|
|
113
|
-
const refresh = request.getRefresh(
|
|
114
|
-
const apiKeyId = request.getId({ ifMissing:
|
|
115
|
-
const description = request.getBodyString(
|
|
117
|
+
const refresh = request.getRefresh("wait_for");
|
|
118
|
+
const apiKeyId = request.getId({ ifMissing: "generate" });
|
|
119
|
+
const description = request.getBodyString("description");
|
|
116
120
|
|
|
117
121
|
const user = request.context.user;
|
|
118
122
|
|
|
@@ -128,14 +132,14 @@ class AuthController extends NativeController {
|
|
|
128
132
|
/**
|
|
129
133
|
* Search in the user API keys
|
|
130
134
|
*/
|
|
131
|
-
async searchApiKeys
|
|
135
|
+
async searchApiKeys(request) {
|
|
132
136
|
let query = request.getBody({});
|
|
133
137
|
const { from, size } = request.getSearchParams();
|
|
134
138
|
const lang = request.getLangParam();
|
|
135
139
|
|
|
136
140
|
const user = request.context.user;
|
|
137
141
|
|
|
138
|
-
if (lang ===
|
|
142
|
+
if (lang === "koncorde") {
|
|
139
143
|
query = await this.translateKoncorde(query);
|
|
140
144
|
}
|
|
141
145
|
|
|
@@ -143,23 +147,23 @@ class AuthController extends NativeController {
|
|
|
143
147
|
query: {
|
|
144
148
|
bool: {
|
|
145
149
|
filter: { bool: { must: { term: { userId: user._id } } } },
|
|
146
|
-
must: isEmpty(query) ? { match_all: {} } : query
|
|
147
|
-
}
|
|
148
|
-
}
|
|
150
|
+
must: isEmpty(query) ? { match_all: {} } : query,
|
|
151
|
+
},
|
|
152
|
+
},
|
|
149
153
|
};
|
|
150
154
|
|
|
151
155
|
const apiKeys = await ApiKey.search(searchBody, { from, size });
|
|
152
156
|
|
|
153
157
|
return {
|
|
154
|
-
hits: apiKeys.map(apiKey => apiKey.serialize()),
|
|
155
|
-
total: apiKeys.length
|
|
158
|
+
hits: apiKeys.map((apiKey) => apiKey.serialize()),
|
|
159
|
+
total: apiKeys.length,
|
|
156
160
|
};
|
|
157
161
|
}
|
|
158
162
|
|
|
159
163
|
/**
|
|
160
164
|
* Deletes an API key
|
|
161
165
|
*/
|
|
162
|
-
async deleteApiKey
|
|
166
|
+
async deleteApiKey(request) {
|
|
163
167
|
const apiKeyId = request.getId();
|
|
164
168
|
const refresh = request.getRefresh();
|
|
165
169
|
|
|
@@ -176,54 +180,56 @@ class AuthController extends NativeController {
|
|
|
176
180
|
* @param {KuzzleRequest} request
|
|
177
181
|
* @returns {Promise<object>}
|
|
178
182
|
*/
|
|
179
|
-
async logout
|
|
180
|
-
if (
|
|
181
|
-
|
|
183
|
+
async logout(request) {
|
|
184
|
+
if (
|
|
185
|
+
!global.kuzzle.config.http.cookieAuthentication ||
|
|
186
|
+
!request.getBoolean("cookieAuth")
|
|
182
187
|
) {
|
|
183
188
|
this.assertIsAuthenticated(request);
|
|
184
189
|
}
|
|
185
190
|
|
|
186
|
-
if (
|
|
191
|
+
if (
|
|
192
|
+
global.kuzzle.config.internal.notifiableProtocols.includes(
|
|
193
|
+
request.context.connection.protocol
|
|
194
|
+
)
|
|
195
|
+
) {
|
|
187
196
|
// Unlink connection so the connection will not be notified when the token expires.
|
|
188
197
|
global.kuzzle.tokenManager.unlink(
|
|
189
198
|
request.context.token,
|
|
190
|
-
request.context.connection.id
|
|
199
|
+
request.context.connection.id
|
|
200
|
+
);
|
|
191
201
|
}
|
|
192
202
|
|
|
193
203
|
if (request.context.user._id !== this.anonymousId) {
|
|
194
|
-
|
|
195
|
-
if (request.getBoolean('global')) {
|
|
204
|
+
if (request.getBoolean("global")) {
|
|
196
205
|
await global.kuzzle.ask(
|
|
197
|
-
|
|
206
|
+
"core:security:token:deleteByKuid",
|
|
198
207
|
request.getKuid(),
|
|
199
|
-
{ keepApiKeys: true }
|
|
200
|
-
|
|
201
|
-
else if (
|
|
202
|
-
|
|
208
|
+
{ keepApiKeys: true }
|
|
209
|
+
);
|
|
210
|
+
} else if (
|
|
211
|
+
request.context.token &&
|
|
212
|
+
request.context.token.type !== "apiKey"
|
|
203
213
|
) {
|
|
204
214
|
await global.kuzzle.ask(
|
|
205
|
-
|
|
215
|
+
"core:security:token:delete",
|
|
206
216
|
request.context.token
|
|
207
217
|
);
|
|
208
218
|
}
|
|
209
|
-
|
|
210
219
|
}
|
|
211
220
|
|
|
212
|
-
if (
|
|
213
|
-
&&
|
|
221
|
+
if (
|
|
222
|
+
global.kuzzle.config.http.cookieAuthentication &&
|
|
223
|
+
request.getBoolean("cookieAuth")
|
|
214
224
|
) {
|
|
215
225
|
request.response.configure({
|
|
216
226
|
headers: {
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
sameSite: 'strict',
|
|
224
|
-
}
|
|
225
|
-
)
|
|
226
|
-
}
|
|
227
|
+
"Set-Cookie": Cookie.serialize("authToken", null, {
|
|
228
|
+
httpOnly: true,
|
|
229
|
+
path: "/",
|
|
230
|
+
sameSite: "strict",
|
|
231
|
+
}),
|
|
232
|
+
},
|
|
227
233
|
});
|
|
228
234
|
}
|
|
229
235
|
|
|
@@ -231,13 +237,14 @@ class AuthController extends NativeController {
|
|
|
231
237
|
}
|
|
232
238
|
|
|
233
239
|
// Used to send the Token using different ways when in cookieAuth mode. (DRY)
|
|
234
|
-
async _sendToken
|
|
240
|
+
async _sendToken(token, request) {
|
|
235
241
|
// Only if the support of Browser Cookie as Authentication Token is enabled
|
|
236
242
|
// otherwise we should send a normal response because
|
|
237
243
|
// even if the SDK / Browser can handle the cookie,
|
|
238
244
|
// Kuzzle would not be capable of doing anything with it
|
|
239
|
-
if (
|
|
240
|
-
&&
|
|
245
|
+
if (
|
|
246
|
+
global.kuzzle.config.http.cookieAuthentication &&
|
|
247
|
+
request.getBoolean("cookieAuth")
|
|
241
248
|
) {
|
|
242
249
|
// Here we are not sending auth token when cookieAuth is set to true
|
|
243
250
|
// This allow us to detect if kuzzle does support cookie as auth token directly from the SDK
|
|
@@ -245,17 +252,13 @@ class AuthController extends NativeController {
|
|
|
245
252
|
|
|
246
253
|
request.response.configure({
|
|
247
254
|
headers: {
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
sameSite: 'strict',
|
|
256
|
-
}
|
|
257
|
-
)
|
|
258
|
-
}
|
|
255
|
+
"Set-Cookie": Cookie.serialize("authToken", token.jwt, {
|
|
256
|
+
expires: new Date(token.expiresAt),
|
|
257
|
+
httpOnly: true,
|
|
258
|
+
path: "/",
|
|
259
|
+
sameSite: "strict",
|
|
260
|
+
}),
|
|
261
|
+
},
|
|
259
262
|
});
|
|
260
263
|
|
|
261
264
|
return {
|
|
@@ -269,7 +272,7 @@ class AuthController extends NativeController {
|
|
|
269
272
|
_id: token.userId,
|
|
270
273
|
expiresAt: token.expiresAt,
|
|
271
274
|
jwt: token.jwt,
|
|
272
|
-
ttl: token.ttl
|
|
275
|
+
ttl: token.ttl,
|
|
273
276
|
};
|
|
274
277
|
}
|
|
275
278
|
|
|
@@ -280,15 +283,15 @@ class AuthController extends NativeController {
|
|
|
280
283
|
* @param {KuzzleRequest} request
|
|
281
284
|
* @returns {Promise<Token>}
|
|
282
285
|
*/
|
|
283
|
-
async login
|
|
284
|
-
const strategy = request.getString(
|
|
286
|
+
async login(request) {
|
|
287
|
+
const strategy = request.getString("strategy");
|
|
285
288
|
const passportRequest = new IncomingMessage();
|
|
286
289
|
|
|
287
290
|
// Even in http, the url and the method are not pushed back to the request object
|
|
288
291
|
// set some arbitrary values to get a pseudo-valid object.
|
|
289
292
|
passportRequest.url = `/login?strategy=${strategy}`;
|
|
290
|
-
passportRequest.method =
|
|
291
|
-
passportRequest.httpVersion =
|
|
293
|
+
passportRequest.method = "POST";
|
|
294
|
+
passportRequest.httpVersion = "1.1";
|
|
292
295
|
passportRequest.httpVersionMajor = 1;
|
|
293
296
|
passportRequest.httpVersionMinor = 1;
|
|
294
297
|
passportRequest.body = request.input.body;
|
|
@@ -301,26 +304,27 @@ class AuthController extends NativeController {
|
|
|
301
304
|
}
|
|
302
305
|
passportRequest.original = request;
|
|
303
306
|
|
|
304
|
-
if (!
|
|
305
|
-
throw kerror.get(
|
|
307
|
+
if (!has(global.kuzzle.pluginsManager.strategies, strategy)) {
|
|
308
|
+
throw kerror.get("security", "credentials", "unknown_strategy", strategy);
|
|
306
309
|
}
|
|
307
310
|
|
|
308
311
|
const content = await global.kuzzle.passport.authenticate(
|
|
309
312
|
passportRequest,
|
|
310
|
-
strategy
|
|
313
|
+
strategy
|
|
314
|
+
);
|
|
311
315
|
|
|
312
316
|
// do not trigger the "auth:strategyAutenticated" pipe if the result is
|
|
313
317
|
// not a User object, i.e. if we are a intermediate step of a multi-step
|
|
314
318
|
// authentication strategy
|
|
315
319
|
// (example: first redirection call for oAuth strategies)
|
|
316
|
-
const authResponse =
|
|
320
|
+
const authResponse = !(content instanceof User)
|
|
317
321
|
? { content, strategy }
|
|
318
|
-
: await this.pipe(
|
|
322
|
+
: await this.pipe("auth:strategyAuthenticated", { content, strategy });
|
|
319
323
|
|
|
320
|
-
if (!
|
|
324
|
+
if (!(authResponse.content instanceof User)) {
|
|
321
325
|
request.response.configure({
|
|
322
326
|
headers: authResponse.content.headers,
|
|
323
|
-
status: authResponse.content.statusCode || 200
|
|
327
|
+
status: authResponse.content.statusCode || 200,
|
|
324
328
|
});
|
|
325
329
|
|
|
326
330
|
return authResponse.content;
|
|
@@ -333,7 +337,8 @@ class AuthController extends NativeController {
|
|
|
333
337
|
|
|
334
338
|
const existingToken = global.kuzzle.tokenManager.getConnectedUserToken(
|
|
335
339
|
authResponse.content._id,
|
|
336
|
-
request.context.connection.id
|
|
340
|
+
request.context.connection.id
|
|
341
|
+
);
|
|
337
342
|
|
|
338
343
|
/**
|
|
339
344
|
* If a previous token from the same User is linked to this connection
|
|
@@ -341,24 +346,30 @@ class AuthController extends NativeController {
|
|
|
341
346
|
* we dont need to create a new token or refresh anything, just send back the exact same token
|
|
342
347
|
* to avoid breaking changes.
|
|
343
348
|
*/
|
|
344
|
-
if (
|
|
349
|
+
if (
|
|
350
|
+
existingToken &&
|
|
351
|
+
(existingToken.type === "apiKey" || existingToken.ttl < 0)
|
|
352
|
+
) {
|
|
345
353
|
return this._sendToken(existingToken, request);
|
|
346
354
|
}
|
|
347
355
|
|
|
348
356
|
const token = await this.ask(
|
|
349
|
-
|
|
357
|
+
"core:security:token:create",
|
|
350
358
|
authResponse.content,
|
|
351
|
-
options
|
|
359
|
+
options
|
|
360
|
+
);
|
|
352
361
|
|
|
353
362
|
if (existingToken) {
|
|
354
363
|
global.kuzzle.tokenManager.refresh(existingToken, token);
|
|
355
364
|
}
|
|
356
365
|
|
|
357
|
-
if (
|
|
366
|
+
if (
|
|
367
|
+
global.kuzzle.config.internal.notifiableProtocols.includes(
|
|
368
|
+
request.context.connection.protocol
|
|
369
|
+
)
|
|
370
|
+
) {
|
|
358
371
|
// Link the connection with the token, this way the connection can be notified when the token has expired.
|
|
359
|
-
global.kuzzle.tokenManager.link(
|
|
360
|
-
token,
|
|
361
|
-
request.context.connection.id);
|
|
372
|
+
global.kuzzle.tokenManager.link(token, request.context.connection.id);
|
|
362
373
|
}
|
|
363
374
|
|
|
364
375
|
return this._sendToken(token, request);
|
|
@@ -370,36 +381,35 @@ class AuthController extends NativeController {
|
|
|
370
381
|
* @param {KuzzleRequest} request
|
|
371
382
|
* @returns {Promise<Object>}
|
|
372
383
|
*/
|
|
373
|
-
getCurrentUser
|
|
374
|
-
const
|
|
375
|
-
userId = request.context.token.userId,
|
|
384
|
+
getCurrentUser(request) {
|
|
385
|
+
const userId = request.context.token.userId,
|
|
376
386
|
formattedUser = formatProcessing.serializeUser(request.context.user),
|
|
377
387
|
promises = [];
|
|
378
388
|
|
|
379
389
|
if (this.anonymousId === userId) {
|
|
380
390
|
promises.push(Bluebird.resolve([]));
|
|
381
|
-
}
|
|
382
|
-
else {
|
|
391
|
+
} else {
|
|
383
392
|
for (const strategy of global.kuzzle.pluginsManager.listStrategies()) {
|
|
384
393
|
const existsMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
385
394
|
strategy,
|
|
386
|
-
|
|
395
|
+
"exists"
|
|
396
|
+
);
|
|
387
397
|
|
|
388
398
|
promises.push(
|
|
389
399
|
existsMethod(request, userId, strategy)
|
|
390
|
-
.then(exists => exists ? strategy : null)
|
|
391
|
-
.catch(err => wrapPluginError(err))
|
|
400
|
+
.then((exists) => (exists ? strategy : null))
|
|
401
|
+
.catch((err) => wrapPluginError(err))
|
|
402
|
+
);
|
|
392
403
|
}
|
|
393
404
|
}
|
|
394
405
|
|
|
395
|
-
return Bluebird.all(promises)
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
}
|
|
406
|
+
return Bluebird.all(promises).then((strategies) => {
|
|
407
|
+
if (strategies.length > 0) {
|
|
408
|
+
formattedUser.strategies = strategies.filter((item) => item !== null);
|
|
409
|
+
}
|
|
400
410
|
|
|
401
|
-
|
|
402
|
-
|
|
411
|
+
return formattedUser;
|
|
412
|
+
});
|
|
403
413
|
}
|
|
404
414
|
|
|
405
415
|
/**
|
|
@@ -408,12 +418,16 @@ class AuthController extends NativeController {
|
|
|
408
418
|
* @param {KuzzleRequest} request
|
|
409
419
|
* @returns {Promise<object>}
|
|
410
420
|
*/
|
|
411
|
-
getMyRights
|
|
412
|
-
return request.context.user
|
|
413
|
-
.
|
|
414
|
-
|
|
421
|
+
getMyRights(request) {
|
|
422
|
+
return request.context.user
|
|
423
|
+
.getRights(global.kuzzle)
|
|
424
|
+
.then((rights) =>
|
|
425
|
+
Object.keys(rights).reduce(
|
|
426
|
+
(array, item) => array.concat(rights[item]),
|
|
427
|
+
[]
|
|
428
|
+
)
|
|
415
429
|
)
|
|
416
|
-
.then(rights => ({ hits: rights, total: rights.length }));
|
|
430
|
+
.then((rights) => ({ hits: rights, total: rights.length }));
|
|
417
431
|
}
|
|
418
432
|
|
|
419
433
|
/**
|
|
@@ -422,24 +436,26 @@ class AuthController extends NativeController {
|
|
|
422
436
|
* @param {KuzzleRequest} request
|
|
423
437
|
* @returns {Promise<object>}
|
|
424
438
|
*/
|
|
425
|
-
async checkToken
|
|
426
|
-
let token =
|
|
439
|
+
async checkToken(request) {
|
|
440
|
+
let token = "";
|
|
427
441
|
|
|
428
|
-
if (
|
|
429
|
-
&&
|
|
442
|
+
if (
|
|
443
|
+
global.kuzzle.config.http.cookieAuthentication &&
|
|
444
|
+
request.getBoolean("cookieAuth")
|
|
430
445
|
) {
|
|
431
446
|
token = request.input.jwt;
|
|
432
|
-
}
|
|
433
|
-
|
|
434
|
-
token = request.getBodyString('token', '') || null;
|
|
447
|
+
} else {
|
|
448
|
+
token = request.getBodyString("token", "") || null;
|
|
435
449
|
}
|
|
436
450
|
|
|
437
451
|
try {
|
|
438
|
-
const { expiresAt = -1, userId } = await this.ask(
|
|
452
|
+
const { expiresAt = -1, userId } = await this.ask(
|
|
453
|
+
"core:security:token:verify",
|
|
454
|
+
token
|
|
455
|
+
);
|
|
439
456
|
|
|
440
457
|
return { expiresAt, kuid: userId, valid: true };
|
|
441
|
-
}
|
|
442
|
-
catch (error) {
|
|
458
|
+
} catch (error) {
|
|
443
459
|
if (error.status === 401) {
|
|
444
460
|
return { state: error.message, valid: false };
|
|
445
461
|
}
|
|
@@ -454,25 +470,30 @@ class AuthController extends NativeController {
|
|
|
454
470
|
* @param {KuzzleRequest} request
|
|
455
471
|
* @returns {Promise<object>}
|
|
456
472
|
*/
|
|
457
|
-
async updateSelf
|
|
473
|
+
async updateSelf(request) {
|
|
458
474
|
this.assertIsAuthenticated(request);
|
|
459
|
-
this.assertBodyHasNotAttributes(request,
|
|
475
|
+
this.assertBodyHasNotAttributes(request, "_id", "profileIds");
|
|
460
476
|
|
|
461
477
|
const userId = request.getKuid();
|
|
462
478
|
const body = request.getBody();
|
|
463
479
|
|
|
464
480
|
const user = await this.ask(
|
|
465
|
-
|
|
481
|
+
"core:security:user:update",
|
|
466
482
|
userId,
|
|
467
483
|
null,
|
|
468
484
|
body,
|
|
469
485
|
{
|
|
470
|
-
refresh: request.getRefresh(
|
|
471
|
-
retryOnConflict: request.getInteger(
|
|
486
|
+
refresh: request.getRefresh("wait_for"),
|
|
487
|
+
retryOnConflict: request.getInteger("retryOnConflict", 10),
|
|
472
488
|
userId,
|
|
473
|
-
}
|
|
489
|
+
}
|
|
490
|
+
);
|
|
474
491
|
|
|
475
|
-
global.kuzzle.log.info(
|
|
492
|
+
global.kuzzle.log.info(
|
|
493
|
+
`[SECURITY] ${SecurityController.userOrSdk(userId)} applied action "${
|
|
494
|
+
request.input.action
|
|
495
|
+
}" on user "${userId}."`
|
|
496
|
+
);
|
|
476
497
|
|
|
477
498
|
return formatProcessing.serializeUser(user);
|
|
478
499
|
}
|
|
@@ -482,7 +503,7 @@ class AuthController extends NativeController {
|
|
|
482
503
|
*
|
|
483
504
|
* @returns {Promise.<string[]>}
|
|
484
505
|
*/
|
|
485
|
-
getStrategies
|
|
506
|
+
getStrategies() {
|
|
486
507
|
return Bluebird.resolve(global.kuzzle.pluginsManager.listStrategies());
|
|
487
508
|
}
|
|
488
509
|
|
|
@@ -490,181 +511,187 @@ class AuthController extends NativeController {
|
|
|
490
511
|
* @param {KuzzleRequest} request
|
|
491
512
|
* @returns {Promise.<Object>}
|
|
492
513
|
*/
|
|
493
|
-
createMyCredentials
|
|
514
|
+
createMyCredentials(request) {
|
|
494
515
|
this.assertIsAuthenticated(request);
|
|
495
516
|
|
|
496
|
-
const
|
|
497
|
-
|
|
498
|
-
strategy = request.getString('strategy'),
|
|
517
|
+
const userId = request.getKuid(),
|
|
518
|
+
strategy = request.getString("strategy"),
|
|
499
519
|
credentials = request.getBody();
|
|
500
520
|
|
|
501
521
|
this.assertIsStrategyRegistered(strategy);
|
|
502
522
|
|
|
503
|
-
const
|
|
504
|
-
createMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
523
|
+
const createMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
505
524
|
strategy,
|
|
506
|
-
|
|
525
|
+
"create"
|
|
526
|
+
),
|
|
507
527
|
validateMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
508
528
|
strategy,
|
|
509
|
-
|
|
529
|
+
"validate"
|
|
530
|
+
);
|
|
510
531
|
|
|
511
532
|
return validateMethod(request, credentials, userId, strategy, false)
|
|
512
533
|
.then(() => createMethod(request, credentials, userId, strategy))
|
|
513
|
-
.catch(err => wrapPluginError(err));
|
|
534
|
+
.catch((err) => wrapPluginError(err));
|
|
514
535
|
}
|
|
515
536
|
|
|
516
537
|
/**
|
|
517
538
|
* @param {KuzzleRequest} request
|
|
518
539
|
* @returns {Promise.<Object>}
|
|
519
540
|
*/
|
|
520
|
-
updateMyCredentials
|
|
541
|
+
updateMyCredentials(request) {
|
|
521
542
|
this.assertIsAuthenticated(request);
|
|
522
543
|
|
|
523
|
-
const
|
|
524
|
-
|
|
525
|
-
strategy = request.getString('strategy'),
|
|
544
|
+
const userId = request.getKuid(),
|
|
545
|
+
strategy = request.getString("strategy"),
|
|
526
546
|
credentials = request.getBody();
|
|
527
547
|
|
|
528
548
|
this.assertIsStrategyRegistered(strategy);
|
|
529
549
|
|
|
530
|
-
const
|
|
531
|
-
updateMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
550
|
+
const updateMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
532
551
|
request.input.args.strategy,
|
|
533
|
-
|
|
552
|
+
"update"
|
|
553
|
+
),
|
|
534
554
|
validateMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
535
555
|
request.input.args.strategy,
|
|
536
|
-
|
|
556
|
+
"validate"
|
|
557
|
+
);
|
|
537
558
|
|
|
538
559
|
return validateMethod(request, credentials, userId, strategy, true)
|
|
539
560
|
.then(() => updateMethod(request, credentials, userId, strategy))
|
|
540
|
-
.catch(err => wrapPluginError(err));
|
|
561
|
+
.catch((err) => wrapPluginError(err));
|
|
541
562
|
}
|
|
542
563
|
|
|
543
564
|
/**
|
|
544
565
|
* @param {KuzzleRequest} request
|
|
545
566
|
* @returns {Promise.<Object>}
|
|
546
567
|
*/
|
|
547
|
-
credentialsExist
|
|
568
|
+
credentialsExist(request) {
|
|
548
569
|
this.assertIsAuthenticated(request);
|
|
549
570
|
|
|
550
|
-
const
|
|
551
|
-
|
|
552
|
-
strategy = request.getString('strategy');
|
|
571
|
+
const userId = request.getKuid(),
|
|
572
|
+
strategy = request.getString("strategy");
|
|
553
573
|
|
|
554
574
|
this.assertIsStrategyRegistered(strategy);
|
|
555
575
|
|
|
556
576
|
const existsMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
557
577
|
strategy,
|
|
558
|
-
|
|
578
|
+
"exists"
|
|
579
|
+
);
|
|
559
580
|
|
|
560
|
-
return existsMethod(request, userId, strategy)
|
|
561
|
-
|
|
581
|
+
return existsMethod(request, userId, strategy).catch((err) =>
|
|
582
|
+
wrapPluginError(err)
|
|
583
|
+
);
|
|
562
584
|
}
|
|
563
585
|
|
|
564
586
|
/**
|
|
565
587
|
* @param {KuzzleRequest} request
|
|
566
588
|
* @returns {Promise.<Object>}
|
|
567
589
|
*/
|
|
568
|
-
validateMyCredentials
|
|
590
|
+
validateMyCredentials(request) {
|
|
569
591
|
this.assertIsAuthenticated(request);
|
|
570
592
|
|
|
571
|
-
const
|
|
572
|
-
|
|
573
|
-
strategy = request.getString('strategy'),
|
|
593
|
+
const userId = request.getKuid(),
|
|
594
|
+
strategy = request.getString("strategy"),
|
|
574
595
|
credentials = request.getBody();
|
|
575
596
|
|
|
576
597
|
this.assertIsStrategyRegistered(strategy);
|
|
577
598
|
|
|
578
599
|
const validateMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
579
600
|
strategy,
|
|
580
|
-
|
|
601
|
+
"validate"
|
|
602
|
+
);
|
|
581
603
|
|
|
582
|
-
return validateMethod(request, credentials, userId, strategy, false)
|
|
583
|
-
|
|
604
|
+
return validateMethod(request, credentials, userId, strategy, false).catch(
|
|
605
|
+
(err) => wrapPluginError(err)
|
|
606
|
+
);
|
|
584
607
|
}
|
|
585
608
|
|
|
586
609
|
/**
|
|
587
610
|
* @param {KuzzleRequest} request
|
|
588
611
|
* @returns {Promise.<Object>}
|
|
589
612
|
*/
|
|
590
|
-
deleteMyCredentials
|
|
613
|
+
deleteMyCredentials(request) {
|
|
591
614
|
this.assertIsAuthenticated(request);
|
|
592
615
|
|
|
593
|
-
const
|
|
594
|
-
|
|
595
|
-
strategy = request.getString('strategy');
|
|
616
|
+
const userId = request.getKuid(),
|
|
617
|
+
strategy = request.getString("strategy");
|
|
596
618
|
|
|
597
619
|
this.assertIsStrategyRegistered(strategy);
|
|
598
620
|
|
|
599
621
|
const deleteMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
600
622
|
strategy,
|
|
601
|
-
|
|
623
|
+
"delete"
|
|
624
|
+
);
|
|
602
625
|
|
|
603
626
|
return deleteMethod(request, userId, strategy)
|
|
604
627
|
.then(() => ({ acknowledged: true }))
|
|
605
|
-
.catch(err => wrapPluginError(err));
|
|
628
|
+
.catch((err) => wrapPluginError(err));
|
|
606
629
|
}
|
|
607
630
|
|
|
608
631
|
/**
|
|
609
632
|
* @param {KuzzleRequest} request
|
|
610
633
|
* @returns {Promise.<Object>}
|
|
611
634
|
*/
|
|
612
|
-
getMyCredentials
|
|
635
|
+
getMyCredentials(request) {
|
|
613
636
|
this.assertIsAuthenticated(request);
|
|
614
637
|
|
|
615
|
-
const
|
|
616
|
-
|
|
617
|
-
strategy = request.getString('strategy');
|
|
638
|
+
const userId = request.getKuid(),
|
|
639
|
+
strategy = request.getString("strategy");
|
|
618
640
|
|
|
619
641
|
this.assertIsStrategyRegistered(strategy);
|
|
620
642
|
|
|
621
|
-
if (!
|
|
643
|
+
if (!global.kuzzle.pluginsManager.hasStrategyMethod(strategy, "getInfo")) {
|
|
622
644
|
return Bluebird.resolve({});
|
|
623
645
|
}
|
|
624
646
|
|
|
625
647
|
const getInfoMethod = global.kuzzle.pluginsManager.getStrategyMethod(
|
|
626
648
|
strategy,
|
|
627
|
-
|
|
649
|
+
"getInfo"
|
|
650
|
+
);
|
|
628
651
|
|
|
629
|
-
return getInfoMethod(request, userId, strategy)
|
|
630
|
-
|
|
652
|
+
return getInfoMethod(request, userId, strategy).catch((err) =>
|
|
653
|
+
wrapPluginError(err)
|
|
654
|
+
);
|
|
631
655
|
}
|
|
632
656
|
|
|
633
657
|
/**
|
|
634
658
|
* @param {KuzzleRequest} request
|
|
635
659
|
*/
|
|
636
|
-
async refreshToken
|
|
660
|
+
async refreshToken(request) {
|
|
637
661
|
this.assertIsAuthenticated(request);
|
|
638
662
|
|
|
639
663
|
const token = await this.ask(
|
|
640
|
-
|
|
664
|
+
"core:security:token:refresh",
|
|
641
665
|
request.context.user,
|
|
642
666
|
request.context.token,
|
|
643
|
-
request.input.args.expiresIn
|
|
667
|
+
request.input.args.expiresIn
|
|
668
|
+
);
|
|
644
669
|
|
|
645
670
|
return this._sendToken(token, request);
|
|
646
671
|
}
|
|
647
672
|
|
|
648
|
-
assertIsAuthenticated
|
|
673
|
+
assertIsAuthenticated(request) {
|
|
649
674
|
if (request.context.user._id === this.anonymousId) {
|
|
650
675
|
throw kerror.get(
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
676
|
+
"security",
|
|
677
|
+
"rights",
|
|
678
|
+
"unauthorized",
|
|
654
679
|
request.input.controller,
|
|
655
|
-
request.input.action
|
|
680
|
+
request.input.action
|
|
681
|
+
);
|
|
656
682
|
}
|
|
657
683
|
}
|
|
658
684
|
}
|
|
659
685
|
|
|
660
|
-
function wrapPluginError
|
|
661
|
-
if (!
|
|
686
|
+
function wrapPluginError(error) {
|
|
687
|
+
if (!(error instanceof KuzzleError)) {
|
|
662
688
|
throw kerror.getFrom(
|
|
663
689
|
error,
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
error.message
|
|
690
|
+
"plugin",
|
|
691
|
+
"runtime",
|
|
692
|
+
"unexpected_error",
|
|
693
|
+
error.message
|
|
694
|
+
);
|
|
668
695
|
}
|
|
669
696
|
|
|
670
697
|
throw error;
|