Commit Graph

16 Commits

Author SHA1 Message Date
Miroslav Bajtoš 6808159427 Allow tokens with eternal TTL (value -1)
- Add a new User setting 'allowEternalTokens'
 - Enhance 'AccessToken.validate' to support eternal tokens with ttl
   value -1 when the user model allows it.
2016-10-10 13:27:22 +02:00
Candy 640f3a8ca7 Update globalization structure 2016-09-22 11:58:00 +02:00
Candy b52a7217a9 Add globalization 2016-08-04 15:08:16 -04:00
Ryan Graham 6964914bab
update copyright statements 2016-05-03 15:50:21 -07:00
Miroslav Bajtoš f9702b0ace Use eslint with loopback config
Drop jshint and jscs in favour of eslint.

Fix style violations.

While we are at this, reduce the max line length from 150 to 100.
2016-04-06 10:45:30 +02:00
Owen Brotherwood 86ed4721a5 access-token: add option "searchDefaultTokenKeys"
Set this option to false to prevent AccessToken from checking default
places like "access_token" in query.
2015-05-29 12:06:31 +02:00
Miroslav Bajtoš e20cc66787 Replace deprecated hooks with Operation hooks
AccessToken.beforeCreate -> AccessToken.observe('before save')
Application.beforeCreate -> Application.observe('before save')
Checkpoint.beforeSave -> Checkpoint.observe('before save')
2015-03-03 18:06:15 +01:00
crandmck a82b33ec5c Add docs for settings per #1069 2015-02-23 13:13:52 -08:00
Miroslav Bajtoš a77b3bbac7 Remove usages of deprecated `req.param()`
Express has recently deprecated `req.param()` to force developers
to be explicit about the source of the value. To avoid deprecation
warnings, this commit replaces all calls of `req.param()` with a
simplified inline version.
2015-01-21 19:27:53 +01:00
Ron Edgecomb a028d9d198 Add error code property to known error responses.
Enhance the error objects with a `code` property containing
a machine-readable string code describing the error, for example
INVALID_TOKEN or USER_NOT_FOUND.

Also improve 404 error messages to include the model name.
2015-01-21 19:04:47 +01:00
Ryan Graham fbb091e3b3 Extend AccessToken to parse Basic auth headers
Allow convenient URLs for curl and browsers such as:
 - http://some-long-token@localhost:3000/
 - http://token:some-long-token@localhost:3000/

Basic Auth specifies a 'Basic' scheme for the Authorization header
similar to how OAuth specifies 'Bearer' as an auth scheme.

Following a similar convention, extract the access token from the
Authorization header when it specifies the 'Basic' scheme, assuming
it is the larger of the <user>:<pass> segments.
2015-01-15 22:53:09 -08:00
Miroslav Bajtoš a603ffa0f5 AccessToken: optional `options` in findForRequest
Fix `AccessToken.findForRequest` to correctly handle the case when
the options argument was omitted:

    AccessToken.findForRequest(req, cb);
2014-11-14 10:42:21 +01:00
Miroslav Bajtoš dc762d2514 common: coding style cleanup 2014-11-04 13:52:49 +01:00
Miroslav Bajtoš 7c01d59d80 models: move ACL LDL def into a json file 2014-10-14 09:04:43 +02:00
Miroslav Bajtoš 5f20652241 models: move AccessToken LDL def into a json file 2014-10-14 08:58:17 +02:00
Miroslav Bajtoš 1fe0110849 Dismantle `lib/models`.
- Move core models `Model` and `PersistedModel` to `lib/`.
 - Move `AccessContext` class to `lib/`, since it is not a model.
 - Move all other built-in models to `common/models`.

This is a preparation for extracting model definitions to JSON files.
By splitting the change into multiple commits, git is able to keep track
of file moves (renames).
2014-10-13 12:09:27 +02:00