lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: encode pazuz_operatoridentifier header

Browse source 
chore: rename cookies to fit a standard
fix: small fixes
This commit is contained in:
Sérgio Salgado 2021-09-22 21:23:22 +01:00
parent 990ab32583
commit 5b13ffe3d9
14 changed files with 41 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/new-admin/graphql/modules/authentication.js
View file

@ -44,7 +44,7 @@ const getUserFromCookie = context => {
} }
const getLamassuCookie = context => { const getLamassuCookie = context => {
return context.req.cookies && context.req.cookies.lid return context.req.cookies && context.req.cookies.lamassu_sid
} }
const initializeSession = (context, user, rememberMe) => { const initializeSession = (context, user, rememberMe) => {

2
lib/new-admin/graphql/resolvers/customer.resolver.js
View file

@ -13,7 +13,7 @@ const resolvers = {
}, },
Mutation: { Mutation: {
setCustomer: (root, { customerId, customerInput }, context, info) => { setCustomer: (root, { customerId, customerInput }, context, info) => {
const token = !!context.req.cookies.lid && context.req.session.user.id const token = !!context.req.cookies.lamassu_sid && context.req.session.user.id
if (customerId === anonymous.uuid) return customers.getCustomerById(customerId) if (customerId === anonymous.uuid) return customers.getCustomerById(customerId)
return customers.updateCustomer(customerId, customerInput, token) return customers.updateCustomer(customerId, customerInput, token)
} }

9
lib/new-admin/middlewares/context.js
View file

@ -1,3 +1,5 @@
const { AuthenticationError } = require('apollo-server-express')
const base64 = require('base-64')
const users = require('../../users') const users = require('../../users')
const buildApolloContext = async ({ req, res }) => { const buildApolloContext = async ({ req, res }) => {
@ -17,10 +19,9 @@ const buildApolloContext = async ({ req, res }) => {
req.session.user.username = user.username req.session.user.username = user.username
req.session.user.role = user.role req.session.user.role = user.role
res.set('lamassu_role', user.role)
res.set('role', user.role) res.cookie('pazuz_operatoridentifier', base64.encode(user.username))
res.cookie('email', user.username) res.set('Access-Control-Expose-Headers', 'lamassu_role')
res.set('Access-Control-Expose-Headers', 'role')
return { req, res } return { req, res }
} }

2
lib/new-admin/middlewares/session.js
View file

@ -29,7 +29,7 @@ router.use('*', session({
pgPromise: lamaDb, pgPromise: lamaDb,
tableName: USER_SESSIONS_TABLE_NAME tableName: USER_SESSIONS_TABLE_NAME
}), }),
name: 'lid', name: 'lamassu_sid',
secret: getSecret(), secret: getSecret(),
resave: false, resave: false,
saveUninitialized: false, saveUninitialized: false,

5
new-lamassu-admin/package-lock.json generated
View file

@ -8192,6 +8192,11 @@
} }
} }
}, },
"base-64": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/base-64/-/base-64-1.0.0.tgz",
"integrity": "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg=="
},
"base-x": { "base-x": {
"version": "3.0.8", "version": "3.0.8",
"resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.8.tgz", "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.8.tgz",

1
new-lamassu-admin/package.json
View file

@ -14,6 +14,7 @@
"apollo-link-error": "^1.1.13", "apollo-link-error": "^1.1.13",
"apollo-link-http": "^1.5.17", "apollo-link-http": "^1.5.17",
"axios": "0.21.1", "axios": "0.21.1",
"base-64": "^1.0.0",
"bignumber.js": "9.0.0", "bignumber.js": "9.0.0",
"classnames": "2.2.6", "classnames": "2.2.6",
"countries-and-timezones": "^2.4.0", "countries-and-timezones": "^2.4.0",

4
new-lamassu-admin/src/App.js
View file

@ -154,7 +154,9 @@ const App = () => {
const [userData, setUserData] = useState(null) const [userData, setUserData] = useState(null)
const setRole = role => { const setRole = role => {
if (userData && userData.role !== role) { console.log('role', role)
console.log('userData', userData)
if (userData && role && userData.role !== role) {
setUserData({ ...userData, role }) setUserData({ ...userData, role })
} }
} }

6
new-lamassu-admin/src/pages/Authentication/Input2FAState.js
View file

@ -1,5 +1,6 @@
import { useMutation, useLazyQuery } from '@apollo/react-hooks' import { useMutation, useLazyQuery } from '@apollo/react-hooks'
import { makeStyles } from '@material-ui/core/styles' import { makeStyles } from '@material-ui/core/styles'
import base64 from 'base-64'
import gql from 'graphql-tag' import gql from 'graphql-tag'
import React, { useContext, useState } from 'react' import React, { useContext, useState } from 'react'
import { useHistory } from 'react-router-dom' import { useHistory } from 'react-router-dom'
@ -60,8 +61,7 @@ const Input2FAState = ({ state, dispatch }) => {
return getUserData({ return getUserData({
context: { context: {
headers: { headers: {
email: state.clientField, pazuz_operatoridentifier: base64.encode(state.clientField)
'Access-Control-Expose-Headers': 'email'
} }
} }
}) })
@ -95,7 +95,7 @@ const Input2FAState = ({ state, dispatch }) => {
}, },
context: { context: {
headers: { headers: {
email: state.clientField pazuz_operatoridentifier: base64.encode(state.clientField)
} }
} }
}) })

3
new-lamassu-admin/src/pages/Authentication/LoginState.js
View file

@ -1,5 +1,6 @@
import { useMutation } from '@apollo/react-hooks' import { useMutation } from '@apollo/react-hooks'
import { makeStyles } from '@material-ui/core/styles' import { makeStyles } from '@material-ui/core/styles'
import base64 from 'base-64'
import { Field, Form, Formik } from 'formik' import { Field, Form, Formik } from 'formik'
import gql from 'graphql-tag' import gql from 'graphql-tag'
import React from 'react' import React from 'react'
@ -56,7 +57,7 @@ const LoginState = ({ state, dispatch }) => {
}, },
context: { context: {
headers: { headers: {
email: username pazuz_operatoridentifier: base64.encode(username)
} }
} }
}) })

16
new-lamassu-admin/src/pages/Authentication/Setup2FAState.js
View file

@ -1,5 +1,6 @@
import { useMutation, useQuery, useLazyQuery } from '@apollo/react-hooks' import { useMutation, useQuery, useLazyQuery } from '@apollo/react-hooks'
import { makeStyles } from '@material-ui/core/styles' import { makeStyles } from '@material-ui/core/styles'
import base64 from 'base-64'
import gql from 'graphql-tag' import gql from 'graphql-tag'
import QRCode from 'qrcode.react' import QRCode from 'qrcode.react'
import React, { useContext, useState } from 'react' import React, { useContext, useState } from 'react'
@ -69,7 +70,11 @@ const Setup2FAState = ({ state, dispatch }) => {
const { error: queryError } = useQuery(GET_2FA_SECRET, { const { error: queryError } = useQuery(GET_2FA_SECRET, {
variables: { username: state.clientField, password: state.passwordField }, variables: { username: state.clientField, password: state.passwordField },
context: { headers: { email: state.clientField } }, context: {
headers: {
pazuz_operatoridentifier: base64.encode(state.clientField)
}
},
onCompleted: ({ get2FASecret }) => { onCompleted: ({ get2FASecret }) => {
setSecret(get2FASecret.secret) setSecret(get2FASecret.secret)
setOtpauth(get2FASecret.otpauth) setOtpauth(get2FASecret.otpauth)
@ -89,8 +94,7 @@ const Setup2FAState = ({ state, dispatch }) => {
? getUserData({ ? getUserData({
context: { context: {
headers: { headers: {
email: state.clientField, pazuz_operatoridentifier: base64.encode(state.clientField)
'Access-Control-Expose-Headers': 'email'
} }
} }
}) })
@ -166,7 +170,11 @@ const Setup2FAState = ({ state, dispatch }) => {
rememberMe: state.rememberMeField, rememberMe: state.rememberMeField,
codeConfirmation: twoFAConfirmation codeConfirmation: twoFAConfirmation
}, },
context: { headers: { email: state.clientField } } context: {
headers: {
pazuz_operatoridentifier: base64.encode(state.clientField)
}
}
}) })
}} }}
buttonClassName={classes.loginButton}> buttonClassName={classes.loginButton}>

2
new-lamassu-admin/src/routing/PrivateRoute.js
View file

@ -8,8 +8,6 @@ import { isLoggedIn } from './utils'
const PrivateRoute = ({ ...rest }) => { const PrivateRoute = ({ ...rest }) => {
const { userData } = useContext(AppContext) const { userData } = useContext(AppContext)
console.log('isLoggedIn', isLoggedIn(userData))
return isLoggedIn(userData) ? <Route {...rest} /> : <Redirect to="/login" /> return isLoggedIn(userData) ? <Route {...rest} /> : <Redirect to="/login" />
} }

2
new-lamassu-admin/src/utils/apollo.js
View file

@ -36,7 +36,7 @@ const getClient = (history, location, getUserData, setUserData, setRole) =>
} = context } = context
if (headers) { if (headers) {
const role = headers.get('role') const role = headers.get('lamassu_role')
setRole(role) setRole(role)
} }

5
package-lock.json generated
View file

@ -5979,6 +5979,11 @@
} }
} }
}, },
"base-64": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/base-64/-/base-64-1.0.0.tgz",
"integrity": "sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg=="
},
"base-x": { "base-x": {
"version": "3.0.9", "version": "3.0.9",
"resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.9.tgz", "resolved": "https://registry.npmjs.org/base-x/-/base-x-3.0.9.tgz",

1
package.json
View file

@ -9,6 +9,7 @@
"apollo-server-express": "2.25.1", "apollo-server-express": "2.25.1",
"argon2": "0.28.2", "argon2": "0.28.2",
"axios": "0.21.1", "axios": "0.21.1",
"base-64": "^1.0.0",
"base-x": "3.0.9", "base-x": "3.0.9",
"bchaddrjs": "^0.3.0", "bchaddrjs": "^0.3.0",
"bignumber.js": "9.0.1", "bignumber.js": "9.0.1",