src/accesscontrol.js

'use strict';

exports = module.exports = {
    ROLE_ADMIN: 'admin',
    ROLE_USER: 'user',

    verifyToken: verifyToken,
    hasRole: hasRole
};

var assert = require('assert'),
    BoxError = require('./boxerror.js'),
    tokendb = require('./tokendb.js'),
    users = require('./users.js');

function hasRole(user, requiredRole) {
    assert.strictEqual(typeof user, 'object');
    assert.strictEqual(typeof requiredRole, 'string');

    if (requiredRole === exports.ROLE_USER) return null;
    if (requiredRole === exports.ROLE_ADMIN && user.admin) return null;

    return new BoxError(BoxError.ACCESS_DENIED, 'Not allowed');
}

function verifyToken(accessToken, callback) {
    assert.strictEqual(typeof accessToken, 'string');
    assert.strictEqual(typeof callback, 'function');

    tokendb.getByAccessToken(accessToken, function (error, token) {
        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
        if (error) return callback(error);

        users.get(token.identifier, function (error, user) {
            if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
            if (error) return callback(error);

            if (!user.active) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));

            callback(null, user);
        });
    });
}
refactor scopes into accesscontrol.js 2018-04-26 15:54:53 -07:00			`'use strict';`

			`exports = module.exports = {`
Remove token scope business 2020-02-06 16:44:46 +01:00			`ROLE_ADMIN: 'admin',`
			`ROLE_USER: 'user',`
refactor scopes into accesscontrol.js 2018-04-26 15:54:53 -07:00
Remove token scope business 2020-02-06 16:44:46 +01:00			`verifyToken: verifyToken,`
			`hasRole: hasRole`
Map group roles to scopes 2018-06-18 14:21:54 -07:00			`};`

refactor scopes into accesscontrol.js 2018-04-26 15:54:53 -07:00			`var assert = require('assert'),`
Move ClientsError to BoxError 2019-10-22 21:16:00 -07:00			`BoxError = require('./boxerror.js'),`
When issuing token intersect with the existing user roles 2018-06-27 23:17:04 -07:00			`tokendb = require('./tokendb.js'),`
Remove token scope business 2020-02-06 16:44:46 +01:00			`users = require('./users.js');`
merge auth.js into accesscontrol.js 2018-05-01 13:34:46 -07:00
Remove token scope business 2020-02-06 16:44:46 +01:00			`function hasRole(user, requiredRole) {`
make scopesForUser async 2018-08-02 19:07:33 -07:00			`assert.strictEqual(typeof user, 'object');`
Remove token scope business 2020-02-06 16:44:46 +01:00			`assert.strictEqual(typeof requiredRole, 'string');`
make scopesForUser async 2018-08-02 19:07:33 -07:00
Remove token scope business 2020-02-06 16:44:46 +01:00			`if (requiredRole === exports.ROLE_USER) return null;`
			`if (requiredRole === exports.ROLE_ADMIN && user.admin) return null;`
spaces: verify app ownership in app management routes 2018-08-03 17:21:24 -07:00
Remove token scope business 2020-02-06 16:44:46 +01:00			`return new BoxError(BoxError.ACCESS_DENIED, 'Not allowed');`
When issuing token intersect with the existing user roles 2018-06-27 23:17:04 -07:00			`}`

Remove token scope business 2020-02-06 16:44:46 +01:00			`function verifyToken(accessToken, callback) {`
When issuing token intersect with the existing user roles 2018-06-27 23:17:04 -07:00			`assert.strictEqual(typeof accessToken, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

Make token API id based 2019-02-15 13:57:18 -08:00			`tokendb.getByAccessToken(accessToken, function (error, token) {`
Remove token scope business 2020-02-06 16:44:46 +01:00			`if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));`
Remove passport 2020-02-06 14:50:12 +01:00			`if (error) return callback(error);`
When issuing token intersect with the existing user roles 2018-06-27 23:17:04 -07:00
Revert role support 2018-07-26 10:20:19 -07:00			`users.get(token.identifier, function (error, user) {`
Remove token scope business 2020-02-06 16:44:46 +01:00			`if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));`
When issuing token intersect with the existing user roles 2018-06-27 23:17:04 -07:00			`if (error) return callback(error);`

Remove token scope business 2020-02-06 16:44:46 +01:00			`if (!user.active) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));`
make scopesForUser async 2018-08-02 19:07:33 -07:00
Remove token scope business 2020-02-06 16:44:46 +01:00			`callback(null, user);`
When issuing token intersect with the existing user roles 2018-06-27 23:17:04 -07:00			`});`
			`});`
Map group roles to scopes 2018-06-18 14:21:54 -07:00			`}`