diff --git a/app/ayanova/src/utils/auth.js b/app/ayanova/src/utils/auth.js
index 9e67b04b..c308e2cc 100644
--- a/app/ayanova/src/utils/auth.js
+++ b/app/ayanova/src/utils/auth.js
@@ -5,6 +5,7 @@ import decode from "jwt-decode";
//import Auth0Lock from 'auth0-lock';
const ID_TOKEN_KEY = "id_token";
const ACCESS_TOKEN_KEY = "access_token";
+const USER_ROLES = AuthorizationRoles.NoRole;
// const CLIENT_ID = '{AUTH0_CLIENT_ID}';
// const CLIENT_DOMAIN = '{AUTH0_DOMAIN}';
@@ -17,46 +18,41 @@ const ACCESS_TOKEN_KEY = "access_token";
// domain: CLIENT_DOMAIN
// });
-
//https://stackoverflow.com/questions/15551652/javascript-enum-flag-check
-const AuthorizationRoles =
- {
-
- ///No role set
- NoRole = 0,
- ///BizAdminLimited
- BizAdminLimited = 1,
- ///BizAdminFull
- BizAdminFull = 2,
- ///DispatchLimited
- DispatchLimited = 4,
- ///DispatchFull
- DispatchFull = 8,
- ///InventoryLimited
- InventoryLimited = 16,
- ///InventoryFull
- InventoryFull = 32,
- ///AccountingFull
- AccountingFull = 64,//No limited role, not sure if there is a need
- ///TechLimited
- TechLimited = 128,
- ///TechFull
- TechFull = 256,
- ///SubContractorLimited
- SubContractorLimited = 512,
- ///SubContractorFull
- SubContractorFull = 1024,
- ///ClientLimited
- ClientLimited = 2048,
- ///ClientFull
- ClientFull = 4096,
- ///OpsAdminLimited
- OpsAdminLimited = 8192,
- ///OpsAdminFull
- OpsAdminFull = 16384
-
- }//end AuthorizationRoles
-
+const AuthorizationRoles = {
+ ///No role set
+ NoRole: 0,
+ ///BizAdminLimited
+ BizAdminLimited: 1,
+ ///BizAdminFull
+ BizAdminFull: 2,
+ ///DispatchLimited
+ DispatchLimited: 4,
+ ///DispatchFull
+ DispatchFull: 8,
+ ///InventoryLimited
+ InventoryLimited: 16,
+ ///InventoryFull
+ InventoryFull: 32,
+ ///AccountingFull
+ AccountingFull: 64, //No limited role, not sure if there is a need
+ ///TechLimited
+ TechLimited: 128,
+ ///TechFull
+ TechFull: 256,
+ ///SubContractorLimited
+ SubContractorLimited: 512,
+ ///SubContractorFull
+ SubContractorFull: 1024,
+ ///ClientLimited
+ ClientLimited: 2048,
+ ///ClientFull
+ ClientFull: 4096,
+ ///OpsAdminLimited
+ OpsAdminLimited: 8192,
+ ///OpsAdminFull
+ OpsAdminFull: 16384
+}; //end AuthorizationRoles
export function login() {
// auth.authorize({
@@ -145,13 +141,12 @@ function isTokenExpired(token) {
}
//================ ROLES =================
+//https://stackoverflow.com/questions/39359740/what-are-enum-flags-in-typescript
export function hasRole(role) {
+ return role === (USER_ROLES & role);
+ // if ((role & flags.ERROR) == flags.ERROR) {
+ // alert("ERROR IS SET");
+ // }
+}
- if ((role & flags.ERROR) == flags.ERROR){
- alert("ERROR IS SET");
- }
-
- const idToken = getIdToken();
- return !!idToken && !isTokenExpired(idToken);
- }
-
+//TODO: Auth JWT needs to return roles as an int enum
diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index 2672c2c0..c32ebb62 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -121,8 +121,9 @@ namespace AyaNova.Api.Controllers
{
{ "iat", iat.ToUnixTimeSeconds().ToString() },
{ "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
- { "iss", "AyaNova" },
- { "id", u.Id.ToString() }
+ { "iss", "ayanova.com" },
+ { "id", u.Id.ToString() },
+ { "ayanova/roles", ((int)u.Roles).ToString() }
};
@@ -137,6 +138,9 @@ namespace AyaNova.Api.Controllers
log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok");
metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter);
+
+ //TODO: This needs to return the authorization roles of the user in the payload and it should all be in the token
+ //and remove the issued, expires id etc so that all that is returned is an encoded token with that info in it
return Ok(new ApiOkResponse(new
{
ok = 1,
diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs
index cea0ad68..78df6513 100644
--- a/server/AyaNova/Startup.cs
+++ b/server/AyaNova/Startup.cs
@@ -234,13 +234,13 @@ namespace AyaNova
RequireSignedTokens = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
- ValidIssuer = "AyaNova",
+ ValidIssuer = "ayanova.com",
ValidateAudience = false,
//ValidAudience = "http://localhost:7575/"
// Token will only be valid if not expired yet, with 5 minutes clock skew.
ValidateLifetime = true,
- RequireExpirationTime = true,
+ RequireExpirationTime = true,
ClockSkew = new TimeSpan(0, 5, 0),
};
});