Prevent Git Gateway users with invalid tokens from logging in. (#1209)

* Prevent Git Gateway users without permission from login. * Handle Git Gateway token expiry explicitly. This often happens when a user changes a repo from public to private, so we want to make that specific case very clear.
2018-03-28 12:08:23 -06:00 · 2018-03-28 12:08:23 -06:00 · 085c88e2b8
commit 085c88e2b8
parent 050f1a3387
2 changed files with 26 additions and 1 deletions
--- a/src/backends/git-gateway/API.js
+++ b/src/backends/git-gateway/API.js
@ -10,6 +10,22 @@ export default class API extends GithubAPI {
    this.repoURL = "";
  }

+  hasWriteAccess() {
+    return this.getBranch()
+      .then(() => true)
+      .catch(error => {
+        if (error.status === 401) {
+          if (error.message === "Bad credentials") {
+            throw new Error("Git Gateway Error: Please ask your site administrator to reissue the Git Gateway token.");
+          } else {
+            return false;
+          }
+        } else {
+          console.error("Problem fetching repo data from GitHub");
+          throw error;
+        }
+      });
+  }

  getRequestHeaders(headers = {}) {
    return this.tokenPromise()
--- a/src/backends/git-gateway/implementation.js
+++ b/src/backends/git-gateway/implementation.js
@ -75,7 +75,16 @@ export default class GitGateway extends GitHubBackend {
      } else {
        throw new Error("You don't have sufficient permissions to access Netlify CMS");
      }
-    });
+    })
+    .then(userData =>
+      this.api.hasWriteAccess().then(canWrite => {
+        if (canWrite) {
+          return userData;
+        } else {
+          throw new Error("You don't have sufficient permissions to access Netlify CMS");
+        }
+      })
+    );
  }

  logout() {