jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Move skip password verification logic to accesscontrol.js

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-06-17 15:17:39 -07:00
parent c3631350cf
commit db8b6838bb
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/routes/accesscontrol.js
View File

@@ -106,8 +106,11 @@ function accessTokenAuth(accessToken, callback) {
// scopes here can define what capabilities that token carries
// passport put the 'info' object into req.authInfo, where we can further validate the scopes
var scope = accesscontrol.intersectScope(user.scope, token.scope);
var info = { scope: scope, clientId: token.clientId };
const userScope = user.admin ? '*' : 'profile';
var scope = accesscontrol.intersectScope(userScope, token.scope);
// these clients do not require password checks unlike UI
const skipPasswordVerification = token.clientId === 'cid-sdk' || token.clientId === 'cid-cli';
var info = { scope: scope, skipPasswordVerification: skipPasswordVerification };
callback(null, user, info);
});