|
@@ -40,6 +40,7 @@ exports.csrfVerify = function(crowi, app) {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (crowi.getTokens().verify(csrfKey, token)) {
|
|
if (crowi.getTokens().verify(csrfKey, token)) {
|
|
|
|
|
+ debug('csrf successfully verified');
|
|
|
return next();
|
|
return next();
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -190,23 +191,25 @@ exports.loginRequired = function(crowi, app) {
|
|
|
exports.accessTokenParser = function(crowi, app) {
|
|
exports.accessTokenParser = function(crowi, app) {
|
|
|
return function(req, res, next) {
|
|
return function(req, res, next) {
|
|
|
var accessToken = req.query.access_token || req.body.access_token || req.get('Authorization') || null;
|
|
var accessToken = req.query.access_token || req.body.access_token || req.get('Authorization') || null;
|
|
|
|
|
+
|
|
|
|
|
+ debug(`accessToken=${accessToken}`);
|
|
|
|
|
+
|
|
|
if (!accessToken) {
|
|
if (!accessToken) {
|
|
|
return next();
|
|
return next();
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- var User = crowi.model('User')
|
|
|
|
|
-
|
|
|
|
|
- debug('accessToken is', accessToken);
|
|
|
|
|
|
|
+ var User = crowi.model('User');
|
|
|
User.findUserByApiToken(accessToken)
|
|
User.findUserByApiToken(accessToken)
|
|
|
- .then(function(userData) {
|
|
|
|
|
- req.user = userData;
|
|
|
|
|
- req.skipCsrfVerify = true;
|
|
|
|
|
- debug('Access token parsed: skipCsrfVerify');
|
|
|
|
|
-
|
|
|
|
|
- next();
|
|
|
|
|
- }).catch(function(err) {
|
|
|
|
|
- next();
|
|
|
|
|
- });
|
|
|
|
|
|
|
+ .then((userData) => {
|
|
|
|
|
+ if (userData !== null) {
|
|
|
|
|
+ req.user = userData;
|
|
|
|
|
+ req.skipCsrfVerify = true;
|
|
|
|
|
+ debug('Access token parsed: skipCsrfVerify');
|
|
|
|
|
+ }
|
|
|
|
|
+ next();
|
|
|
|
|
+ }).catch(function(err) {
|
|
|
|
|
+ next();
|
|
|
|
|
+ });
|
|
|
};
|
|
};
|
|
|
};
|
|
};
|
|
|
|
|
|
Yuki Takei