Prevent Git Gateway users with invalid tokens from logging in. (#1209)

* Prevent Git Gateway users without permission from login. * Handle Git Gateway token expiry explicitly. This often happens when a user changes a repo from public to private, so we want to make that specific case very clear.
decaporg · Mar 28, 2018 · 085c88e · 085c88e
1 parent 050f1a3
commit 085c88e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/src/backends/git-gateway/API.js b/src/backends/git-gateway/API.js
@@ -10,6 +10,22 @@ export default class API extends GithubAPI {
     this.repoURL = "";
   }
 
+  hasWriteAccess() {
+    return this.getBranch()
+      .then(() => true)
+      .catch(error => {
+        if (error.status === 401) {
+          if (error.message === "Bad credentials") {
+            throw new Error("Git Gateway Error: Please ask your site administrator to reissue the Git Gateway token.");
+          } else {
+            return false;
+          }
+        } else {
+          console.error("Problem fetching repo data from GitHub");
+          throw error;
+        }
+      });
+  }
 
   getRequestHeaders(headers = {}) {
     return this.tokenPromise()

diff --git a/src/backends/git-gateway/implementation.js b/src/backends/git-gateway/implementation.js
@@ -75,7 +75,16 @@ export default class GitGateway extends GitHubBackend {
       } else {
         throw new Error("You don't have sufficient permissions to access Netlify CMS");
       }
-    });
+    })
+    .then(userData =>
+      this.api.hasWriteAccess().then(canWrite => {
+        if (canWrite) {
+          return userData;
+        } else {
+          throw new Error("You don't have sufficient permissions to access Netlify CMS");
+        }
+      })
+    );
   }
 
   logout() {