Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 | 1x 1x 1x 1x 1x 4x 4x 3x 2x 2x 2x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x | /* * GPII Untrusted Settings Put Handler * * Copyright 2017 OCAD University * * Licensed under the New BSD license. You may not use this file except in * compliance with this License. * * You may obtain a copy of the License at * https://github.com/GPII/universal/blob/master/LICENSE.txt */ "use strict"; var fluid = require("infusion"), gpii = fluid.registerNamespace("gpii"); // Update preferences by first ensuring the client that requests the update action does have the privilege // to update, by verifying the access token embedded in the request "Authorization" header. fluid.defaults("gpii.flowManager.cloudBased.untrustedSettings.put.handler", { gradeNames: ["kettle.request.http"], invokers: { handleRequest: { funcName: "gpii.flowManager.cloudBased.untrustedSettings.put.handleRequest", args: [ "{flowManager}.preferencesDataSource", "{request}", "{request}.req.params.userToken", "{request}.req.body", "{gpii.flowManager.cloudBased.oauth2}.authGrantFinder" ] } } }); gpii.flowManager.cloudBased.untrustedSettings.put.messages = { success: "Successfully updated." }; gpii.flowManager.cloudBased.untrustedSettings.put.handleRequest = function (preferencesDataSource, request, userToken, preferences, authGrantFinder) { var authorizationPromise = gpii.oauth2.getAuthorization(request.req, authGrantFinder); authorizationPromise.then(function (authorization) { if (authorization && authorization.gpiiToken === userToken && authorization.allowUntrustedSettingsPut) { // TODO: Verify the received preferences with metadata to make sure they are the ones that are allowed to be updated. // This is not supported at the first release of PSP var directModel = { userToken: userToken }; // Verify the existence of the preferences set that associates with the key var queryPromise = preferencesDataSource.get(directModel); queryPromise.then(function (origPreferences) { var targetPreferences = fluid.merge("replace", origPreferences, preferences); // Call the preferences server endpoint to update preferences var updatePromise = preferencesDataSource.set(directModel, targetPreferences, { writeMethod: "PUT" }); fluid.log("The preferences set for the key (", userToken, ") is being updated to: ", targetPreferences); updatePromise.then(function (response) { // The default success response from the preference server contains the updated preferences, request.events.onSuccess.fire({ userToken: response.userToken, message: gpii.flowManager.cloudBased.untrustedSettings.put.messages.success }); }, request.events.onError.fire); }, function (error) { request.events.onError.fire(error); return; }); } else { fluid.log("CloudBased flowManager: unauthorized PUT request at /untrusted-settings due to one of these reasons: 1. authorization record is missing; 2. gpiiToken associated with the authorization does not match the in-used token " + userToken + "; 3. the access token is unauthorized for using PUT method at /untrusted-settings endpoint."); request.events.onError.fire(gpii.oauth2.errors.unauthorized); return; } }, function (error) { fluid.log("CloudBased flowManager: PUT request at /untrusted-settings failed with error ", error); request.events.onError.fire(gpii.oauth2.errors.unauthorized); return; }); }; |