2015-07-20 00:09:47 -07:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
exports = module.exports = {
|
|
|
|
|
ClientsError: ClientsError,
|
|
|
|
|
|
|
|
|
|
add: add,
|
|
|
|
|
get: get,
|
|
|
|
|
del: del,
|
2016-06-07 12:15:17 +02:00
|
|
|
getAll: getAll,
|
2016-06-03 14:47:06 +02:00
|
|
|
getByAppIdAndType: getByAppIdAndType,
|
2018-04-28 17:55:17 -07:00
|
|
|
getTokensByUserId: getTokensByUserId,
|
|
|
|
|
delTokensByUserId: delTokensByUserId,
|
2016-06-03 14:52:59 +02:00
|
|
|
delByAppIdAndType: delByAppIdAndType,
|
2018-04-28 17:55:17 -07:00
|
|
|
addTokenByUserId: addTokenByUserId,
|
2016-06-07 15:34:27 +02:00
|
|
|
delToken: delToken,
|
2016-04-25 10:26:26 -07:00
|
|
|
|
2018-05-01 13:40:25 -07:00
|
|
|
issueDeveloperToken: issueDeveloperToken,
|
|
|
|
|
|
2017-01-09 15:25:45 -08:00
|
|
|
addDefaultClients: addDefaultClients,
|
|
|
|
|
|
2016-06-03 15:05:00 +02:00
|
|
|
// client type enums
|
|
|
|
|
TYPE_EXTERNAL: 'external',
|
2016-06-09 15:35:00 +02:00
|
|
|
TYPE_BUILT_IN: 'built-in',
|
2016-06-03 15:05:00 +02:00
|
|
|
TYPE_OAUTH: 'addon-oauth',
|
2016-06-08 14:09:06 +02:00
|
|
|
TYPE_PROXY: 'addon-proxy'
|
2015-07-20 00:09:47 -07:00
|
|
|
};
|
|
|
|
|
|
2018-01-10 14:13:43 -08:00
|
|
|
var apps = require('./apps.js'),
|
2017-01-09 15:25:45 -08:00
|
|
|
assert = require('assert'),
|
2015-07-20 00:09:47 -07:00
|
|
|
async = require('async'),
|
|
|
|
|
clientdb = require('./clientdb.js'),
|
2018-05-01 13:40:25 -07:00
|
|
|
constants = require('./constants.js'),
|
2015-07-20 00:09:47 -07:00
|
|
|
DatabaseError = require('./databaseerror.js'),
|
2017-01-09 15:25:45 -08:00
|
|
|
debug = require('debug')('box:clients'),
|
2018-05-01 13:40:25 -07:00
|
|
|
eventlog = require('./eventlog.js'),
|
2018-06-11 12:38:15 -07:00
|
|
|
hat = require('./hat.js'),
|
2018-04-26 15:54:53 -07:00
|
|
|
accesscontrol = require('./accesscontrol.js'),
|
2017-01-09 15:25:45 -08:00
|
|
|
tokendb = require('./tokendb.js'),
|
2018-05-01 13:40:25 -07:00
|
|
|
users = require('./users.js'),
|
2017-01-09 15:25:45 -08:00
|
|
|
util = require('util'),
|
2017-08-13 17:44:31 -07:00
|
|
|
uuid = require('uuid');
|
2015-07-20 00:09:47 -07:00
|
|
|
|
|
|
|
|
function ClientsError(reason, errorOrMessage) {
|
|
|
|
|
assert.strictEqual(typeof reason, 'string');
|
|
|
|
|
assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
|
|
|
|
|
|
|
|
|
|
Error.call(this);
|
|
|
|
|
Error.captureStackTrace(this, this.constructor);
|
|
|
|
|
|
|
|
|
|
this.name = this.constructor.name;
|
|
|
|
|
this.reason = reason;
|
|
|
|
|
if (typeof errorOrMessage === 'undefined') {
|
|
|
|
|
this.message = reason;
|
|
|
|
|
} else if (typeof errorOrMessage === 'string') {
|
|
|
|
|
this.message = errorOrMessage;
|
|
|
|
|
} else {
|
|
|
|
|
this.message = 'Internal error';
|
|
|
|
|
this.nestedError = errorOrMessage;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
util.inherits(ClientsError, Error);
|
|
|
|
|
ClientsError.INVALID_SCOPE = 'Invalid scope';
|
2015-10-16 11:54:43 +02:00
|
|
|
ClientsError.INVALID_CLIENT = 'Invalid client';
|
2016-06-07 15:34:27 +02:00
|
|
|
ClientsError.INVALID_TOKEN = 'Invalid token';
|
2016-06-23 10:16:02 +02:00
|
|
|
ClientsError.BAD_FIELD = 'Bad field';
|
2016-06-13 13:29:39 +02:00
|
|
|
ClientsError.NOT_FOUND = 'Not found';
|
2016-06-07 14:29:37 +02:00
|
|
|
ClientsError.INTERNAL_ERROR = 'Internal Error';
|
2016-06-08 11:24:02 +02:00
|
|
|
ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2016-06-23 10:16:02 +02:00
|
|
|
function validateName(name) {
|
|
|
|
|
assert.strictEqual(typeof name, 'string');
|
|
|
|
|
|
|
|
|
|
if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
|
|
|
|
|
if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
|
|
|
|
|
|
2018-01-10 14:13:43 -08:00
|
|
|
if (/[^a-zA-Z0-9-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');
|
2016-06-23 10:16:02 +02:00
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-15 16:31:45 -07:00
|
|
|
function add(appId, type, redirectURI, scope, callback) {
|
2015-10-15 15:51:51 -07:00
|
|
|
assert.strictEqual(typeof appId, 'string');
|
2015-10-15 16:31:45 -07:00
|
|
|
assert.strictEqual(typeof type, 'string');
|
2015-07-20 00:09:47 -07:00
|
|
|
assert.strictEqual(typeof redirectURI, 'string');
|
|
|
|
|
assert.strictEqual(typeof scope, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2018-04-26 15:54:53 -07:00
|
|
|
var error = accesscontrol.validateScope(scope);
|
|
|
|
|
if (error) return callback(new ClientsError(ClientsError.INVALID_SCOPE, error.message));
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2016-06-23 10:16:02 +02:00
|
|
|
error = validateName(appId);
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
2015-07-20 00:09:47 -07:00
|
|
|
var id = 'cid-' + uuid.v4();
|
2016-06-17 09:46:07 -05:00
|
|
|
var clientSecret = hat(8 * 128);
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2015-10-15 16:31:45 -07:00
|
|
|
clientdb.add(id, appId, type, clientSecret, redirectURI, scope, function (error) {
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
|
|
|
|
var client = {
|
|
|
|
|
id: id,
|
2015-10-15 15:51:51 -07:00
|
|
|
appId: appId,
|
2015-10-15 16:31:45 -07:00
|
|
|
type: type,
|
2015-07-20 00:09:47 -07:00
|
|
|
clientSecret: clientSecret,
|
|
|
|
|
redirectURI: redirectURI,
|
|
|
|
|
scope: scope
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
callback(null, client);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function get(id, callback) {
|
|
|
|
|
assert.strictEqual(typeof id, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
|
|
|
|
clientdb.get(id, function (error, result) {
|
2016-06-13 13:29:39 +02:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null, result);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function del(id, callback) {
|
|
|
|
|
assert.strictEqual(typeof id, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
|
|
|
|
clientdb.del(id, function (error, result) {
|
2016-06-13 13:29:39 +02:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null, result);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-07 12:15:17 +02:00
|
|
|
function getAll(callback) {
|
2016-06-07 11:17:29 +02:00
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2016-06-07 12:15:17 +02:00
|
|
|
clientdb.getAll(function (error, results) {
|
2016-06-07 11:17:29 +02:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
|
|
|
|
var tmp = [];
|
|
|
|
|
async.each(results, function (record, callback) {
|
2016-06-09 15:35:00 +02:00
|
|
|
if (record.type === exports.TYPE_EXTERNAL || record.type === exports.TYPE_BUILT_IN) {
|
2016-06-08 14:09:06 +02:00
|
|
|
// the appId in this case holds the name
|
2016-06-08 11:36:01 +02:00
|
|
|
record.name = record.appId;
|
2016-06-07 12:00:18 +02:00
|
|
|
|
|
|
|
|
tmp.push(record);
|
|
|
|
|
|
2016-06-07 11:17:29 +02:00
|
|
|
return callback(null);
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-10 14:13:43 -08:00
|
|
|
apps.get(record.appId, function (error, result) {
|
2016-06-07 11:17:29 +02:00
|
|
|
if (error) {
|
2016-06-07 15:56:22 +02:00
|
|
|
console.error('Failed to get app details for oauth client', record.appId, error);
|
2016-06-07 11:17:29 +02:00
|
|
|
return callback(null); // ignore error so we continue listing clients
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (record.type === exports.TYPE_PROXY) record.name = result.manifest.title + ' Website Proxy';
|
|
|
|
|
if (record.type === exports.TYPE_OAUTH) record.name = result.manifest.title + ' OAuth';
|
|
|
|
|
|
2018-02-08 15:07:49 +01:00
|
|
|
record.domain = result.fqdn;
|
2016-06-07 11:17:29 +02:00
|
|
|
|
|
|
|
|
tmp.push(record);
|
|
|
|
|
|
|
|
|
|
callback(null);
|
|
|
|
|
});
|
|
|
|
|
}, function (error) {
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null, tmp);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-03 14:47:06 +02:00
|
|
|
function getByAppIdAndType(appId, type, callback) {
|
|
|
|
|
assert.strictEqual(typeof appId, 'string');
|
|
|
|
|
assert.strictEqual(typeof type, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
|
|
|
|
clientdb.getByAppIdAndType(appId, type, function (error, result) {
|
2016-06-13 13:29:39 +02:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
|
2016-06-03 14:47:06 +02:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null, result);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-28 17:55:17 -07:00
|
|
|
function getTokensByUserId(clientId, userId, callback) {
|
2015-07-20 00:09:47 -07:00
|
|
|
assert.strictEqual(typeof clientId, 'string');
|
|
|
|
|
assert.strictEqual(typeof userId, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2016-06-03 12:58:39 +02:00
|
|
|
tokendb.getByIdentifierAndClientId(userId, clientId, function (error, result) {
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) {
|
|
|
|
|
// this can mean either that there are no tokens or the clientId is actually unknown
|
2016-06-13 13:51:14 +02:00
|
|
|
get(clientId, function (error/*, result*/) {
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null, []);
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null, result || []);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-28 17:55:17 -07:00
|
|
|
function delTokensByUserId(clientId, userId, callback) {
|
2015-07-20 00:09:47 -07:00
|
|
|
assert.strictEqual(typeof clientId, 'string');
|
|
|
|
|
assert.strictEqual(typeof userId, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2016-06-03 12:58:39 +02:00
|
|
|
tokendb.delByIdentifierAndClientId(userId, clientId, function (error) {
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) {
|
|
|
|
|
// this can mean either that there are no tokens or the clientId is actually unknown
|
2016-06-13 13:29:39 +02:00
|
|
|
get(clientId, function (error/*, result*/) {
|
2015-07-20 00:09:47 -07:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null);
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
callback(null);
|
|
|
|
|
});
|
|
|
|
|
}
|
2016-06-03 14:52:59 +02:00
|
|
|
|
|
|
|
|
function delByAppIdAndType(appId, type, callback) {
|
|
|
|
|
assert.strictEqual(typeof appId, 'string');
|
|
|
|
|
assert.strictEqual(typeof type, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2016-09-07 10:42:55 -07:00
|
|
|
getByAppIdAndType(appId, type, function (error, result) {
|
2016-06-03 14:52:59 +02:00
|
|
|
if (error) return callback(error);
|
2016-09-07 10:42:55 -07:00
|
|
|
|
|
|
|
|
tokendb.delByClientId(result.id, function (error) {
|
|
|
|
|
if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
|
|
|
|
|
|
|
|
|
|
clientdb.delByAppIdAndType(appId, type, function (error) {
|
|
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
|
|
|
|
callback(null);
|
|
|
|
|
});
|
|
|
|
|
});
|
2016-06-03 14:52:59 +02:00
|
|
|
});
|
|
|
|
|
}
|
2016-06-07 14:29:37 +02:00
|
|
|
|
2018-04-28 17:55:17 -07:00
|
|
|
function addTokenByUserId(clientId, userId, expiresAt, callback) {
|
2016-06-07 14:29:37 +02:00
|
|
|
assert.strictEqual(typeof clientId, 'string');
|
|
|
|
|
assert.strictEqual(typeof userId, 'string');
|
2016-06-07 15:47:13 +02:00
|
|
|
assert.strictEqual(typeof expiresAt, 'number');
|
2016-06-07 14:29:37 +02:00
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
|
|
|
|
get(clientId, function (error, result) {
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
|
|
|
|
var token = tokendb.generateToken();
|
2018-05-02 12:36:35 -07:00
|
|
|
var scope = accesscontrol.canonicalScope(result.scope);
|
2016-06-07 14:29:37 +02:00
|
|
|
|
2018-05-02 12:36:35 -07:00
|
|
|
tokendb.add(token, userId, result.id, expiresAt, scope, function (error) {
|
2016-06-07 14:29:37 +02:00
|
|
|
if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
|
|
|
|
|
|
2016-06-07 14:47:47 +02:00
|
|
|
callback(null, {
|
2016-06-07 14:29:37 +02:00
|
|
|
accessToken: token,
|
|
|
|
|
identifier: userId,
|
|
|
|
|
clientId: result.id,
|
2018-05-01 10:59:13 -07:00
|
|
|
scope: result.scope,
|
2016-06-07 14:29:37 +02:00
|
|
|
expires: expiresAt
|
2016-06-07 14:47:47 +02:00
|
|
|
});
|
2016-06-07 14:29:37 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
2016-06-07 15:34:27 +02:00
|
|
|
|
2018-05-01 13:40:25 -07:00
|
|
|
// this issues a cid-cli token that does not require a password in various routes
|
|
|
|
|
function issueDeveloperToken(userObject, ip, callback) {
|
|
|
|
|
assert.strictEqual(typeof userObject, 'object');
|
|
|
|
|
assert.strictEqual(typeof ip, 'string');
|
|
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
|
|
|
|
const expiresAt = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
|
|
|
|
|
|
|
|
|
|
addTokenByUserId('cid-cli', userObject.id, expiresAt, function (error, result) {
|
|
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
|
|
|
|
eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'cli', ip: ip }, { userId: userObject.id, user: users.removePrivateFields(userObject) });
|
|
|
|
|
|
|
|
|
|
callback(null, result);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-07 15:34:27 +02:00
|
|
|
function delToken(clientId, tokenId, callback) {
|
|
|
|
|
assert.strictEqual(typeof clientId, 'string');
|
2016-06-07 15:38:30 +02:00
|
|
|
assert.strictEqual(typeof tokenId, 'string');
|
2016-06-07 15:34:27 +02:00
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
2017-01-09 15:25:45 -08:00
|
|
|
get(clientId, function (error) {
|
2016-06-07 15:34:27 +02:00
|
|
|
if (error) return callback(error);
|
|
|
|
|
|
|
|
|
|
tokendb.del(tokenId, function (error) {
|
2016-06-13 13:29:39 +02:00
|
|
|
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN, 'Invalid token'));
|
2016-06-07 15:34:27 +02:00
|
|
|
if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
|
|
|
|
|
|
|
|
|
|
callback(null);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
2017-01-09 15:25:45 -08:00
|
|
|
|
2018-01-26 22:52:54 -08:00
|
|
|
function addDefaultClients(origin, callback) {
|
|
|
|
|
assert.strictEqual(typeof origin, 'string');
|
2017-01-09 15:25:45 -08:00
|
|
|
assert.strictEqual(typeof callback, 'function');
|
|
|
|
|
|
|
|
|
|
debug('Adding default clients');
|
|
|
|
|
|
|
|
|
|
// The domain might have changed, therefor we have to update the record
|
|
|
|
|
// id, appId, type, clientSecret, redirectURI, scope
|
|
|
|
|
async.series([
|
2018-04-30 23:03:28 -07:00
|
|
|
clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
|
|
|
|
|
clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', origin, '*'),
|
|
|
|
|
clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
|
2017-01-09 15:25:45 -08:00
|
|
|
], callback);
|
|
|
|
|
}
|
