From 5b13ffe3d9e766c99916b8406bb832169d601f99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20Salgado?= Date: Wed, 22 Sep 2021 21:23:22 +0100 Subject: [PATCH] feat: encode pazuz_operatoridentifier header chore: rename cookies to fit a standard fix: small fixes --- lib/new-admin/graphql/modules/authentication.js | 2 +- .../graphql/resolvers/customer.resolver.js | 2 +- lib/new-admin/middlewares/context.js | 9 +++++---- lib/new-admin/middlewares/session.js | 2 +- new-lamassu-admin/package-lock.json | 5 +++++ new-lamassu-admin/package.json | 1 + new-lamassu-admin/src/App.js | 4 +++- .../src/pages/Authentication/Input2FAState.js | 6 +++--- .../src/pages/Authentication/LoginState.js | 3 ++- .../src/pages/Authentication/Setup2FAState.js | 16 ++++++++++++---- new-lamassu-admin/src/routing/PrivateRoute.js | 2 -- new-lamassu-admin/src/utils/apollo.js | 2 +- package-lock.json | 5 +++++ package.json | 1 + 14 files changed, 41 insertions(+), 19 deletions(-) diff --git a/lib/new-admin/graphql/modules/authentication.js b/lib/new-admin/graphql/modules/authentication.js index 690bc907..c5be75b6 100644 --- a/lib/new-admin/graphql/modules/authentication.js +++ b/lib/new-admin/graphql/modules/authentication.js @@ -44,7 +44,7 @@ const getUserFromCookie = context => { } const getLamassuCookie = context => { - return context.req.cookies && context.req.cookies.lid + return context.req.cookies && context.req.cookies.lamassu_sid } const initializeSession = (context, user, rememberMe) => { diff --git a/lib/new-admin/graphql/resolvers/customer.resolver.js b/lib/new-admin/graphql/resolvers/customer.resolver.js index f33c3276..6863e8b3 100644 --- a/lib/new-admin/graphql/resolvers/customer.resolver.js +++ b/lib/new-admin/graphql/resolvers/customer.resolver.js @@ -13,7 +13,7 @@ const resolvers = { }, Mutation: { setCustomer: (root, { customerId, customerInput }, context, info) => { - const token = !!context.req.cookies.lid && context.req.session.user.id + const token = !!context.req.cookies.lamassu_sid && context.req.session.user.id if (customerId === anonymous.uuid) return customers.getCustomerById(customerId) return customers.updateCustomer(customerId, customerInput, token) } diff --git a/lib/new-admin/middlewares/context.js b/lib/new-admin/middlewares/context.js index aeba75eb..70e7d62f 100644 --- a/lib/new-admin/middlewares/context.js +++ b/lib/new-admin/middlewares/context.js @@ -1,3 +1,5 @@ +const { AuthenticationError } = require('apollo-server-express') +const base64 = require('base-64') const users = require('../../users') const buildApolloContext = async ({ req, res }) => { @@ -17,10 +19,9 @@ const buildApolloContext = async ({ req, res }) => { req.session.user.username = user.username req.session.user.role = user.role - - res.set('role', user.role) - res.cookie('email', user.username) - res.set('Access-Control-Expose-Headers', 'role') + res.set('lamassu_role', user.role) + res.cookie('pazuz_operatoridentifier', base64.encode(user.username)) + res.set('Access-Control-Expose-Headers', 'lamassu_role') return { req, res } } diff --git a/lib/new-admin/middlewares/session.js b/lib/new-admin/middlewares/session.js index 24d07dad..6c7ea98c 100644 --- a/lib/new-admin/middlewares/session.js +++ b/lib/new-admin/middlewares/session.js @@ -29,7 +29,7 @@ router.use('*', session({ pgPromise: lamaDb, tableName: USER_SESSIONS_TABLE_NAME }), - name: 'lid', + name: 'lamassu_sid', secret: getSecret(), resave: false, saveUninitialized: false, diff --git a/new-lamassu-admin/package-lock.json b/new-lamassu-admin/package-lock.json index f6429e07..cad5fe31 100644 --- a/new-lamassu-admin/package-lock.json +++ b/new-lamassu-admin/package-lock.json @@ -8192,6 +8192,11 @@ } } }, + "base-64": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/base-64/-/base-64-1.0.0.tgz", + "integrity": "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg==" + }, "base-x": { "version": "3.0.8", "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.8.tgz", diff --git a/new-lamassu-admin/package.json b/new-lamassu-admin/package.json index 24c17fa3..5b66bd32 100644 --- a/new-lamassu-admin/package.json +++ b/new-lamassu-admin/package.json @@ -14,6 +14,7 @@ "apollo-link-error": "^1.1.13", "apollo-link-http": "^1.5.17", "axios": "0.21.1", + "base-64": "^1.0.0", "bignumber.js": "9.0.0", "classnames": "2.2.6", "countries-and-timezones": "^2.4.0", diff --git a/new-lamassu-admin/src/App.js b/new-lamassu-admin/src/App.js index 48373584..1c0eedae 100644 --- a/new-lamassu-admin/src/App.js +++ b/new-lamassu-admin/src/App.js @@ -154,7 +154,9 @@ const App = () => { const [userData, setUserData] = useState(null) const setRole = role => { - if (userData && userData.role !== role) { + console.log('role', role) + console.log('userData', userData) + if (userData && role && userData.role !== role) { setUserData({ ...userData, role }) } } diff --git a/new-lamassu-admin/src/pages/Authentication/Input2FAState.js b/new-lamassu-admin/src/pages/Authentication/Input2FAState.js index dad864f3..b899db26 100644 --- a/new-lamassu-admin/src/pages/Authentication/Input2FAState.js +++ b/new-lamassu-admin/src/pages/Authentication/Input2FAState.js @@ -1,5 +1,6 @@ import { useMutation, useLazyQuery } from '@apollo/react-hooks' import { makeStyles } from '@material-ui/core/styles' +import base64 from 'base-64' import gql from 'graphql-tag' import React, { useContext, useState } from 'react' import { useHistory } from 'react-router-dom' @@ -60,8 +61,7 @@ const Input2FAState = ({ state, dispatch }) => { return getUserData({ context: { headers: { - email: state.clientField, - 'Access-Control-Expose-Headers': 'email' + pazuz_operatoridentifier: base64.encode(state.clientField) } } }) @@ -95,7 +95,7 @@ const Input2FAState = ({ state, dispatch }) => { }, context: { headers: { - email: state.clientField + pazuz_operatoridentifier: base64.encode(state.clientField) } } }) diff --git a/new-lamassu-admin/src/pages/Authentication/LoginState.js b/new-lamassu-admin/src/pages/Authentication/LoginState.js index 936c7cd5..8ef4e848 100644 --- a/new-lamassu-admin/src/pages/Authentication/LoginState.js +++ b/new-lamassu-admin/src/pages/Authentication/LoginState.js @@ -1,5 +1,6 @@ import { useMutation } from '@apollo/react-hooks' import { makeStyles } from '@material-ui/core/styles' +import base64 from 'base-64' import { Field, Form, Formik } from 'formik' import gql from 'graphql-tag' import React from 'react' @@ -56,7 +57,7 @@ const LoginState = ({ state, dispatch }) => { }, context: { headers: { - email: username + pazuz_operatoridentifier: base64.encode(username) } } }) diff --git a/new-lamassu-admin/src/pages/Authentication/Setup2FAState.js b/new-lamassu-admin/src/pages/Authentication/Setup2FAState.js index abf2c2e5..3cbafebc 100644 --- a/new-lamassu-admin/src/pages/Authentication/Setup2FAState.js +++ b/new-lamassu-admin/src/pages/Authentication/Setup2FAState.js @@ -1,5 +1,6 @@ import { useMutation, useQuery, useLazyQuery } from '@apollo/react-hooks' import { makeStyles } from '@material-ui/core/styles' +import base64 from 'base-64' import gql from 'graphql-tag' import QRCode from 'qrcode.react' import React, { useContext, useState } from 'react' @@ -69,7 +70,11 @@ const Setup2FAState = ({ state, dispatch }) => { const { error: queryError } = useQuery(GET_2FA_SECRET, { variables: { username: state.clientField, password: state.passwordField }, - context: { headers: { email: state.clientField } }, + context: { + headers: { + pazuz_operatoridentifier: base64.encode(state.clientField) + } + }, onCompleted: ({ get2FASecret }) => { setSecret(get2FASecret.secret) setOtpauth(get2FASecret.otpauth) @@ -89,8 +94,7 @@ const Setup2FAState = ({ state, dispatch }) => { ? getUserData({ context: { headers: { - email: state.clientField, - 'Access-Control-Expose-Headers': 'email' + pazuz_operatoridentifier: base64.encode(state.clientField) } } }) @@ -166,7 +170,11 @@ const Setup2FAState = ({ state, dispatch }) => { rememberMe: state.rememberMeField, codeConfirmation: twoFAConfirmation }, - context: { headers: { email: state.clientField } } + context: { + headers: { + pazuz_operatoridentifier: base64.encode(state.clientField) + } + } }) }} buttonClassName={classes.loginButton}> diff --git a/new-lamassu-admin/src/routing/PrivateRoute.js b/new-lamassu-admin/src/routing/PrivateRoute.js index c17ba94f..2861612d 100644 --- a/new-lamassu-admin/src/routing/PrivateRoute.js +++ b/new-lamassu-admin/src/routing/PrivateRoute.js @@ -8,8 +8,6 @@ import { isLoggedIn } from './utils' const PrivateRoute = ({ ...rest }) => { const { userData } = useContext(AppContext) - console.log('isLoggedIn', isLoggedIn(userData)) - return isLoggedIn(userData) ? : } diff --git a/new-lamassu-admin/src/utils/apollo.js b/new-lamassu-admin/src/utils/apollo.js index 594490fb..f4fb1b88 100644 --- a/new-lamassu-admin/src/utils/apollo.js +++ b/new-lamassu-admin/src/utils/apollo.js @@ -36,7 +36,7 @@ const getClient = (history, location, getUserData, setUserData, setRole) => } = context if (headers) { - const role = headers.get('role') + const role = headers.get('lamassu_role') setRole(role) } diff --git a/package-lock.json b/package-lock.json index 1a48e424..faf61a02 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5979,6 +5979,11 @@ } } }, + "base-64": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/base-64/-/base-64-1.0.0.tgz", + "integrity": "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg==" + }, "base-x": { "version": "3.0.9", "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.9.tgz", diff --git a/package.json b/package.json index ae4647ff..b75034b6 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,7 @@ "apollo-server-express": "2.25.1", "argon2": "0.28.2", "axios": "0.21.1", + "base-64": "^1.0.0", "base-x": "3.0.9", "bchaddrjs": "^0.3.0", "bignumber.js": "9.0.1",