Starship
/
CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Allow oauth2 clients to exercise permissions independent to the user
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details

Browse Source
master ci-06
Garrett Mills 4 years ago
parent 3f2680671b
commit 5eb0487c77
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File

5
app/routing/middleware/api/Permission.middleware.js
Unescape View File

@ -24,6 +24,11 @@ class PermissionMiddleware extends Middleware {
.message('Insufficient permissions (OAuth2 Client).') .message('Insufficient permissions (OAuth2 Client).')
.api() .api()
} }
// If the oauth2 client has this permission, then allow the request to continue,
// even if the user does not.
// OAuth2Clients need to be able to query users via the API.
return next()
} }
const policy_denied = await Policy.check_user_denied(req.user, check) const policy_denied = await Policy.check_user_denied(req.user, check)

5
app/routing/middleware/auth/APIRoute.middleware.js
Unescape View File

@ -11,6 +11,7 @@ class APIRouteMiddleware extends Middleware {
return next() return next()
} else if ( allow_token ) { } else if ( allow_token ) {
if ( !req.oauth ) req.oauth = {} if ( !req.oauth ) req.oauth = {}
return req.app.oauth2.authorise()(req, res, async e => { return req.app.oauth2.authorise()(req, res, async e => {
if ( e ) return next(e) if ( e ) return next(e)
// Look up the OAuth2 client an inject it into the route // Look up the OAuth2 client an inject it into the route
@ -52,9 +53,9 @@ class APIRouteMiddleware extends Middleware {
next() next()
}) })
} else {
return res.status(401).api()
} }
return res.status(401).api()
} }
} }

Write Preview
Loading…
Cancel
Save