From e0aef62f45d54a04a26baed445dab78832b5220a Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 6 Nov 2018 01:13:45 +0000 Subject: [PATCH] --- app/ayanova/src/utils/auth.js | 89 +++++++++----------- server/AyaNova/Controllers/AuthController.cs | 8 +- server/AyaNova/Startup.cs | 4 +- 3 files changed, 50 insertions(+), 51 deletions(-) diff --git a/app/ayanova/src/utils/auth.js b/app/ayanova/src/utils/auth.js index 9e67b04b..c308e2cc 100644 --- a/app/ayanova/src/utils/auth.js +++ b/app/ayanova/src/utils/auth.js @@ -5,6 +5,7 @@ import decode from "jwt-decode"; //import Auth0Lock from 'auth0-lock'; const ID_TOKEN_KEY = "id_token"; const ACCESS_TOKEN_KEY = "access_token"; +const USER_ROLES = AuthorizationRoles.NoRole; // const CLIENT_ID = '{AUTH0_CLIENT_ID}'; // const CLIENT_DOMAIN = '{AUTH0_DOMAIN}'; @@ -17,46 +18,41 @@ const ACCESS_TOKEN_KEY = "access_token"; // domain: CLIENT_DOMAIN // }); - //https://stackoverflow.com/questions/15551652/javascript-enum-flag-check -const AuthorizationRoles = - { - - ///No role set - NoRole = 0, - ///BizAdminLimited - BizAdminLimited = 1, - ///BizAdminFull - BizAdminFull = 2, - ///DispatchLimited - DispatchLimited = 4, - ///DispatchFull - DispatchFull = 8, - ///InventoryLimited - InventoryLimited = 16, - ///InventoryFull - InventoryFull = 32, - ///AccountingFull - AccountingFull = 64,//No limited role, not sure if there is a need - ///TechLimited - TechLimited = 128, - ///TechFull - TechFull = 256, - ///SubContractorLimited - SubContractorLimited = 512, - ///SubContractorFull - SubContractorFull = 1024, - ///ClientLimited - ClientLimited = 2048, - ///ClientFull - ClientFull = 4096, - ///OpsAdminLimited - OpsAdminLimited = 8192, - ///OpsAdminFull - OpsAdminFull = 16384 - - }//end AuthorizationRoles - +const AuthorizationRoles = { + ///No role set + NoRole: 0, + ///BizAdminLimited + BizAdminLimited: 1, + ///BizAdminFull + BizAdminFull: 2, + ///DispatchLimited + DispatchLimited: 4, + ///DispatchFull + DispatchFull: 8, + ///InventoryLimited + InventoryLimited: 16, + ///InventoryFull + InventoryFull: 32, + ///AccountingFull + AccountingFull: 64, //No limited role, not sure if there is a need + ///TechLimited + TechLimited: 128, + ///TechFull + TechFull: 256, + ///SubContractorLimited + SubContractorLimited: 512, + ///SubContractorFull + SubContractorFull: 1024, + ///ClientLimited + ClientLimited: 2048, + ///ClientFull + ClientFull: 4096, + ///OpsAdminLimited + OpsAdminLimited: 8192, + ///OpsAdminFull + OpsAdminFull: 16384 +}; //end AuthorizationRoles export function login() { // auth.authorize({ @@ -145,13 +141,12 @@ function isTokenExpired(token) { } //================ ROLES ================= +//https://stackoverflow.com/questions/39359740/what-are-enum-flags-in-typescript export function hasRole(role) { + return role === (USER_ROLES & role); + // if ((role & flags.ERROR) == flags.ERROR) { + // alert("ERROR IS SET"); + // } +} - if ((role & flags.ERROR) == flags.ERROR){ - alert("ERROR IS SET"); - } - - const idToken = getIdToken(); - return !!idToken && !isTokenExpired(idToken); - } - +//TODO: Auth JWT needs to return roles as an int enum diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index 2672c2c0..c32ebb62 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -121,8 +121,9 @@ namespace AyaNova.Api.Controllers { { "iat", iat.ToUnixTimeSeconds().ToString() }, { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard - { "iss", "AyaNova" }, - { "id", u.Id.ToString() } + { "iss", "ayanova.com" }, + { "id", u.Id.ToString() }, + { "ayanova/roles", ((int)u.Roles).ToString() } }; @@ -137,6 +138,9 @@ namespace AyaNova.Api.Controllers log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok"); metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter); + + //TODO: This needs to return the authorization roles of the user in the payload and it should all be in the token + //and remove the issued, expires id etc so that all that is returned is an encoded token with that info in it return Ok(new ApiOkResponse(new { ok = 1, diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs index cea0ad68..78df6513 100644 --- a/server/AyaNova/Startup.cs +++ b/server/AyaNova/Startup.cs @@ -234,13 +234,13 @@ namespace AyaNova RequireSignedTokens = true, IssuerSigningKey = signingKey, ValidateIssuer = true, - ValidIssuer = "AyaNova", + ValidIssuer = "ayanova.com", ValidateAudience = false, //ValidAudience = "http://localhost:7575/" // Token will only be valid if not expired yet, with 5 minutes clock skew. ValidateLifetime = true, - RequireExpirationTime = true, + RequireExpirationTime = true, ClockSkew = new TimeSpan(0, 5, 0), }; });