Foundry376/Mailspring
1
1
Fork 0
mirror of https://github.com/Foundry376/Mailspring.git synced 2025-01-12 02:58:20 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix(metadata): Remove all plugin auth

Browse source
This commit is contained in:
Ben Gotow 2016-12-02 14:34:00 -08:00
parent a1a85e04be
commit db7f966f0f
3 changed files with 25 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/K2

@ -1 +1 @@
Subproject commit 4e806aa3a52aa3add6da0df8562df1626957100a
Subproject commit e0325b424d4f90da242bffc62f1cb37678e5d591

124
src/flux/nylas-api.es6
View file

@ -326,128 +326,8 @@ class NylasAPI {
return AccountStore.tokensForAccountId(aid).localSync
}
/*
IMPORTANT: In order to auth a plugin, you must have first:
1. Have an application registered on developer.nylas.com
2. Have someone on the Nylas platform team mark that application as a
"plugin" by flipping a bit on Redwood.
3. Have that application's API ID and API Secret registered in the
edgehill-sever config (etc/config.yaml and the corresponding prod
ansible setup) under APP_IDS and APP_SECRETS respectfully. The key
you use is the `appName`
4. On developer.nylas.com, you must create a callback url that points
to: https://edgehill.nylas.com/plugins/auth/<appName> where
`appName` is the heading used in the edgehill-server deploy config.
This method Returns a promise that will resolve if the user is
successfully authed to the plugin backend, and will reject if the auth
fails for any reason.
Inside the promise, we:
1. Ask the API whether this plugin is authed to this account already,
and resolve if true.
2. If not, we display a dialog to the user asking whether to auth this
plugin.
3. If the user says yes to the dialog, then we send an auth request to
the API to auth this plugin.
The returned promise will reject on the failure of any of these 3
steps, namely:
1. The API request to check that the account is authed failed. This
may mean that the plugin's Nylas Application is invalid, or that the
Nylas API couldn't be reached.
2. The user declined the plugin auth prompt.
3. The API request to auth this account to the plugin failed. This may
mean that the plugin server couldn't be reached or failed to respond
properly when authing the account, or that the Nylas API couldn't be
reached.
*/
authPlugin = (pluginId, pluginName, accountOrId) => {
if (!this.pluginsSupported) {
return Promise.reject(new Error('Sorry, this feature is only available when N1 is running against the hosted version of the Nylas Sync Engine.'))
}
let account = accountOrId
if (!(accountOrId instanceof Account)) {
AccountStore = AccountStore || require('./stores/account-store').default
account = AccountStore.accountForId(accountOrId)
}
if (!account) {
return Promise.reject(new Error('Invalid account'))
}
const cacheKey = `plugins.${pluginId}.lastAuth.${account.id}`
if (NylasEnv.config.get(cacheKey)) {
return Promise.resolve()
}
return new NylasAPIRequest({
api: this,
options: {
returnsModel: false,
method: "GET",
accountId: account.id,
path: `/auth/plugin?client_id=${pluginId}`,
},
}).run().then((result) => {
if (result.authed) {
NylasEnv.config.set(cacheKey, Date.now())
return Promise.resolve()
}
// NOTE: Uncomment this line if we want to prompt the users to
// explicitly allow permission for each of these plugins:
// return @_requestPluginAuth(pluginName, account).then =>
return new NylasAPIRequest({
api: this,
options: {
returnsModel: false,
method: "POST",
accountId: account.id,
path: "/auth/plugin",
body: {client_id: pluginId},
json: true,
},
}).run().then(() => {
NylasEnv.config.set(cacheKey, Date.now())
return Promise.resolve()
})
})
}
_requestPluginAuth = (pluginName, account) => {
return new Promise((resolve, reject) => {
remote.dialog.showMessageBox({
title: "Plugin Offline Email Access",
message: `The N1 plugin ${pluginName} requests offline access to your email.`,
detail: `The ${pluginName} plugin would like to be able to access your email account ${account.emailAddress} while you are offline. Only grant offline access to plugins you trust. You can review and revoke Offline Access for plugins at any time from Preferences > Plugins.`,
buttons: ["Grant access", "Cancel"],
type: 'info',
}, (result) => {
if (result === 0) {
resolve()
} else {
reject()
}
})
})
}
unauthPlugin = (pluginId, accountId) => {
return new NylasAPIRequest({
api: this,
options: {
returnsModel: false,
method: "DELETE",
accountId: accountId,
path: `/auth/plugin?client_id=${pluginId}`,
},
}).run()
authPlugin = () => {
return Promise.resolve();
}
}

35
src/flux/tasks/syncback-metadata-task.es6
View file

@ -1,5 +1,7 @@
import SyncbackModelTask from './syncback-model-task'
import DatabaseObjectRegistry from '../../registries/database-object-registry'
import N1CloudAPI from '../../n1-cloud-api'
import NylasAPIRequest from '../nylas-api-request'
export default class SyncbackMetadataTask extends SyncbackModelTask {
@ -13,24 +15,31 @@ export default class SyncbackMetadataTask extends SyncbackModelTask {
return DatabaseObjectRegistry.get(this.modelClassName);
}
getRequestData = (model) => {
makeRequest = (model) => {
if (!model.serverId) {
throw new Error(`Can't syncback metadata for a ${this.modelClassName} instance that doesn't have a serverId`)
}
const metadata = model.metadataObjectForPluginId(this.pluginId);
return {
path: `/metadata/${model.serverId}?client_id=${this.pluginId}`,
method: 'POST',
body: {
object_id: model.serverId,
object_type: this.modelClassName.toLowerCase(),
version: metadata.version,
value: metadata.value,
},
};
};
try {
const options = {
accountId: model.accountId,
returnsModel: false,
path: `/metadata/${model.serverId}/${this.pluginId}`,
method: 'POST',
body: {
version: metadata.version,
value: JSON.stringify(metadata.value),
},
};
return new NylasAPIRequest({
api: N1CloudAPI,
options,
}).run()
} catch (error) {
return Promise.reject(error)
}
}
applyRemoteChangesToModel = (model, {version}) => {
const metadata = model.metadataObjectForPluginId(this.pluginId);