From 6805a6936d90c4b347ce2cc24e0d780372975165 Mon Sep 17 00:00:00 2001 From: tortilaman Date: Tue, 1 Aug 2017 20:28:03 -0700 Subject: [PATCH] Prevent unauthorized CMS access (#323) and enable use of GitHub Enterprise (#491) * Prevent unauthorized CMS access and enable use of GitHub Enterprise --- .gitignore | 2 ++ src/actions/auth.js | 8 ++++++++ src/backends/github/API.js | 14 +++++++++++++- src/backends/github/AuthenticationPage.css | 1 + src/backends/github/AuthenticationPage.js | 5 ++++- src/backends/github/implementation.js | 16 +++++++++++----- 6 files changed, 39 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 2bc9ae31..e0329013 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ npm-debug.log .tern-project yarn-error.log .vscode/ +manifest.yml +.imdone/ diff --git a/src/actions/auth.js b/src/actions/auth.js index 0e170dde..55d66c3f 100644 --- a/src/actions/auth.js +++ b/src/actions/auth.js @@ -1,4 +1,7 @@ import { currentBackend } from '../backends/backend'; +import { actions as notifActions } from 'redux-notifications'; + +const { notifSend } = notifActions; export const AUTH_REQUEST = 'AUTH_REQUEST'; export const AUTH_SUCCESS = 'AUTH_SUCCESS'; @@ -60,6 +63,11 @@ export function loginUser(credentials) { dispatch(authenticate(user)); }) .catch((error) => { + dispatch(notifSend({ + message: `${ error.message }`, + kind: 'warning', + dismissAfter: 8000, + })); dispatch(authError(error)); }); }; diff --git a/src/backends/github/API.js b/src/backends/github/API.js index 19571f94..a4157bb8 100644 --- a/src/backends/github/API.js +++ b/src/backends/github/API.js @@ -19,6 +19,19 @@ export default class API { return this.request("/user"); } + isCollaborator(user) { + return this.request('/user/repos').then((repos) => { + let contributor = false + for (const repo of repos) { + if (repo.full_name === this.repo && repo.permissions.push) contributor = true; + } + return contributor; + }).catch((error) => { + console.error("Problem with response of /user/repos from GitHub"); + throw error; + }) + } + requestHeaders(headers = {}) { const baseHeader = { "Content-Type": "application/json", @@ -241,7 +254,6 @@ export default class API { persistFiles(entry, mediaFiles, options) { const uploadPromises = []; const files = mediaFiles.concat(entry); - files.forEach((file) => { if (file.uploaded) { return; } diff --git a/src/backends/github/AuthenticationPage.css b/src/backends/github/AuthenticationPage.css index d0d3b945..949d9b7d 100644 --- a/src/backends/github/AuthenticationPage.css +++ b/src/backends/github/AuthenticationPage.css @@ -1,5 +1,6 @@ .root { display: flex; + flex-flow: column nowrap; align-items: center; justify-content: center; height: 100vh; diff --git a/src/backends/github/AuthenticationPage.js b/src/backends/github/AuthenticationPage.js index b3d62588..db45e18b 100644 --- a/src/backends/github/AuthenticationPage.js +++ b/src/backends/github/AuthenticationPage.js @@ -2,6 +2,8 @@ import React from 'react'; import Button from 'react-toolbox/lib/button'; import Authenticator from '../../lib/netlify-auth'; import { Icon } from '../../components/UI'; +import { Notifs } from 'redux-notifications'; +import { Toast } from '../../components/UI/index'; import styles from './AuthenticationPage.css'; export default class AuthenticationPage extends React.Component { @@ -16,7 +18,7 @@ export default class AuthenticationPage extends React.Component { const cfg = { base_url: this.props.base_url, site_id: (document.location.host.split(':')[0] === 'localhost') ? 'cms.netlify.com' : this.props.siteId - } + }; const auth = new Authenticator(cfg); auth.authenticate({ provider: 'github', scope: 'repo' }, (err, data) => { @@ -33,6 +35,7 @@ export default class AuthenticationPage extends React.Component { return (
+ {loginError &&

{loginError}

}