feat: encode pazuz_operatoridentifier header

chore: rename cookies to fit a standard fix: small fixes
2021-09-22 21:23:22 +01:00 · 2021-09-22 21:23:22 +01:00 · 5b13ffe3d9
commit 5b13ffe3d9
parent 990ab32583
14 changed files with 41 additions and 19 deletions
--- a/lib/new-admin/graphql/modules/authentication.js
+++ b/lib/new-admin/graphql/modules/authentication.js
@ -44,7 +44,7 @@ const getUserFromCookie = context => {
 }

 const getLamassuCookie = context => {
-  return context.req.cookies && context.req.cookies.lid
+  return context.req.cookies && context.req.cookies.lamassu_sid
 }

 const initializeSession = (context, user, rememberMe) => {
--- a/lib/new-admin/graphql/resolvers/customer.resolver.js
+++ b/lib/new-admin/graphql/resolvers/customer.resolver.js
@ -13,7 +13,7 @@ const resolvers = {
  },
  Mutation: {
    setCustomer: (root, { customerId, customerInput }, context, info) => {
-      const token = !!context.req.cookies.lid && context.req.session.user.id
+      const token = !!context.req.cookies.lamassu_sid && context.req.session.user.id
      if (customerId === anonymous.uuid) return customers.getCustomerById(customerId)
      return customers.updateCustomer(customerId, customerInput, token)
    }
--- a/lib/new-admin/middlewares/context.js
+++ b/lib/new-admin/middlewares/context.js
@ -1,3 +1,5 @@
+const { AuthenticationError } = require('apollo-server-express')
+const base64 = require('base-64')
 const users = require('../../users')

 const buildApolloContext = async ({ req, res }) => {
@ -17,10 +19,9 @@ const buildApolloContext = async ({ req, res }) => {
  req.session.user.username = user.username
  req.session.user.role = user.role

-
-  res.set('role', user.role)
-  res.cookie('email', user.username)
-  res.set('Access-Control-Expose-Headers', 'role')
+  res.set('lamassu_role', user.role)
+  res.cookie('pazuz_operatoridentifier', base64.encode(user.username))
+  res.set('Access-Control-Expose-Headers', 'lamassu_role')

  return { req, res }
 }
--- a/lib/new-admin/middlewares/session.js
+++ b/lib/new-admin/middlewares/session.js
@ -29,7 +29,7 @@ router.use('*', session({
    pgPromise: lamaDb,
    tableName: USER_SESSIONS_TABLE_NAME
  }),
-  name: 'lid',
+  name: 'lamassu_sid',
  secret: getSecret(),
  resave: false,
  saveUninitialized: false,
--- a/new-lamassu-admin/package-lock.json
+++ b/new-lamassu-admin/package-lock.json
@ -8192,6 +8192,11 @@
        }
      }
    },
+    "base-64": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/base-64/-/base-64-1.0.0.tgz",
+      "integrity": "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg=="
+    },
    "base-x": {
      "version": "3.0.8",
      "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.8.tgz",
--- a/new-lamassu-admin/package.json
+++ b/new-lamassu-admin/package.json
@ -14,6 +14,7 @@
    "apollo-link-error": "^1.1.13",
    "apollo-link-http": "^1.5.17",
    "axios": "0.21.1",
+    "base-64": "^1.0.0",
    "bignumber.js": "9.0.0",
    "classnames": "2.2.6",
    "countries-and-timezones": "^2.4.0",
--- a/new-lamassu-admin/src/App.js
+++ b/new-lamassu-admin/src/App.js
@ -154,7 +154,9 @@ const App = () => {
  const [userData, setUserData] = useState(null)

  const setRole = role => {
-    if (userData && userData.role !== role) {
+    console.log('role', role)
+    console.log('userData', userData)
+    if (userData && role && userData.role !== role) {
      setUserData({ ...userData, role })
    }
  }
--- a/new-lamassu-admin/src/pages/Authentication/Input2FAState.js
+++ b/new-lamassu-admin/src/pages/Authentication/Input2FAState.js
@ -1,5 +1,6 @@
 import { useMutation, useLazyQuery } from '@apollo/react-hooks'
 import { makeStyles } from '@material-ui/core/styles'
+import base64 from 'base-64'
 import gql from 'graphql-tag'
 import React, { useContext, useState } from 'react'
 import { useHistory } from 'react-router-dom'
@ -60,8 +61,7 @@ const Input2FAState = ({ state, dispatch }) => {
        return getUserData({
          context: {
            headers: {
-              email: state.clientField,
-              'Access-Control-Expose-Headers': 'email'
+              pazuz_operatoridentifier: base64.encode(state.clientField)
            }
          }
        })
@ -95,7 +95,7 @@ const Input2FAState = ({ state, dispatch }) => {
      },
      context: {
        headers: {
-          email: state.clientField
+          pazuz_operatoridentifier: base64.encode(state.clientField)
        }
      }
    })
--- a/new-lamassu-admin/src/pages/Authentication/LoginState.js
+++ b/new-lamassu-admin/src/pages/Authentication/LoginState.js
@ -1,5 +1,6 @@
 import { useMutation } from '@apollo/react-hooks'
 import { makeStyles } from '@material-ui/core/styles'
+import base64 from 'base-64'
 import { Field, Form, Formik } from 'formik'
 import gql from 'graphql-tag'
 import React from 'react'
@ -56,7 +57,7 @@ const LoginState = ({ state, dispatch }) => {
      },
      context: {
        headers: {
-          email: username
+          pazuz_operatoridentifier: base64.encode(username)
        }
      }
    })
--- a/new-lamassu-admin/src/pages/Authentication/Setup2FAState.js
+++ b/new-lamassu-admin/src/pages/Authentication/Setup2FAState.js
@ -1,5 +1,6 @@
 import { useMutation, useQuery, useLazyQuery } from '@apollo/react-hooks'
 import { makeStyles } from '@material-ui/core/styles'
+import base64 from 'base-64'
 import gql from 'graphql-tag'
 import QRCode from 'qrcode.react'
 import React, { useContext, useState } from 'react'
@ -69,7 +70,11 @@ const Setup2FAState = ({ state, dispatch }) => {

  const { error: queryError } = useQuery(GET_2FA_SECRET, {
    variables: { username: state.clientField, password: state.passwordField },
-    context: { headers: { email: state.clientField } },
+    context: {
+      headers: {
+        pazuz_operatoridentifier: base64.encode(state.clientField)
+      }
+    },
    onCompleted: ({ get2FASecret }) => {
      setSecret(get2FASecret.secret)
      setOtpauth(get2FASecret.otpauth)
@ -89,8 +94,7 @@ const Setup2FAState = ({ state, dispatch }) => {
        ? getUserData({
            context: {
              headers: {
-                email: state.clientField,
-                'Access-Control-Expose-Headers': 'email'
+                pazuz_operatoridentifier: base64.encode(state.clientField)
              }
            }
          })
@ -166,7 +170,11 @@ const Setup2FAState = ({ state, dispatch }) => {
                  rememberMe: state.rememberMeField,
                  codeConfirmation: twoFAConfirmation
                },
-                context: { headers: { email: state.clientField } }
+                context: {
+                  headers: {
+                    pazuz_operatoridentifier: base64.encode(state.clientField)
+                  }
+                }
              })
            }}
            buttonClassName={classes.loginButton}>
--- a/new-lamassu-admin/src/routing/PrivateRoute.js
+++ b/new-lamassu-admin/src/routing/PrivateRoute.js
@ -8,8 +8,6 @@ import { isLoggedIn } from './utils'
 const PrivateRoute = ({ ...rest }) => {
  const { userData } = useContext(AppContext)

-  console.log('isLoggedIn', isLoggedIn(userData))
-
  return isLoggedIn(userData) ? <Route {...rest} /> : <Redirect to="/login" />
 }

--- a/new-lamassu-admin/src/utils/apollo.js
+++ b/new-lamassu-admin/src/utils/apollo.js
@ -36,7 +36,7 @@ const getClient = (history, location, getUserData, setUserData, setRole) =>
          } = context

          if (headers) {
-            const role = headers.get('role')
+            const role = headers.get('lamassu_role')
            setRole(role)
          }

--- a/package-lock.json
+++ b/package-lock.json
@ -5979,6 +5979,11 @@
        }
      }
    },
+    "base-64": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/base-64/-/base-64-1.0.0.tgz",
+      "integrity": "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg=="
+    },
    "base-x": {
      "version": "3.0.9",
      "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.9.tgz",
--- a/package.json
+++ b/package.json
@ -9,6 +9,7 @@
    "apollo-server-express": "2.25.1",
    "argon2": "0.28.2",
    "axios": "0.21.1",
+    "base-64": "^1.0.0",
    "base-x": "3.0.9",
    "bchaddrjs": "^0.3.0",
    "bignumber.js": "9.0.1",