diff --git a/src/clientdb.js b/src/clientdb.js index 4b2f0416e..7ac3a17db 100644 --- a/src/clientdb.js +++ b/src/clientdb.js @@ -172,7 +172,7 @@ function delByAppIdAndType(appId, type, callback) { function clear(callback) { assert.strictEqual(typeof callback, 'function'); - database.query('DELETE FROM clients WHERE id!="cid-webadmin" AND id!="cid-sdk" AND id!="cid-cli"', function (error) { + database.query('DELETE FROM clients', function (error) { if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error)); callback(null); diff --git a/src/clients.js b/src/clients.js index 496dfca22..c19752cac 100644 --- a/src/clients.js +++ b/src/clients.js @@ -18,6 +18,11 @@ exports = module.exports = { removeTokenPrivateFields: removeTokenPrivateFields, + // client ids. we categorize them so we can have different restrictions based on the client + ID_WEBADMIN: 'cid-webadmin', // dashboard oauth + ID_SDK: 'cid-sdk', // created by user via dashboard + ID_CLI: 'cid-cli', // created via cli tool + // client type enums TYPE_EXTERNAL: 'external', TYPE_BUILT_IN: 'built-in', @@ -272,7 +277,6 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) { }); } -// this issues a cid-cli token that does not require a password in various routes function issueDeveloperToken(userObject, auditSource, callback) { assert.strictEqual(typeof userObject, 'object'); assert.strictEqual(typeof auditSource, 'object'); @@ -280,7 +284,7 @@ function issueDeveloperToken(userObject, auditSource, callback) { const expiresAt = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION; - addTokenByUserId('cid-cli', userObject.id, expiresAt, {}, function (error, result) { + addTokenByUserId(exports.ID_CLI, userObject.id, expiresAt, {}, function (error, result) { if (error) return callback(error); eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: userObject.id, user: users.removePrivateFields(userObject) }); @@ -314,9 +318,9 @@ function addDefaultClients(origin, callback) { // The domain might have changed, therefor we have to update the record // id, appId, type, clientSecret, redirectURI, scope async.series([ - clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', origin, '*'), - clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', origin, '*'), - clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*') + clientdb.upsert.bind(null, exports.ID_WEBADMIN, 'Settings', 'built-in', 'secret-webadmin', origin, '*'), + clientdb.upsert.bind(null, exports.ID_SDK, 'SDK', 'built-in', 'secret-sdk', origin, '*'), + clientdb.upsert.bind(null, exports.ID_CLI, 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*') ], callback); } diff --git a/src/routes/test/apps-test.js b/src/routes/test/apps-test.js index 67381b42a..a5d70a1e6 100644 --- a/src/routes/test/apps-test.js +++ b/src/routes/test/apps-test.js @@ -211,7 +211,7 @@ function startBox(done) { token_1 = hat(8 * 32); // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...) - tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: 'cid-sdk', expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback); + tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: clients.ID_SDK, expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback); }); },