admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-11-06 01:13:45 +00:00
parent a008547031
commit e0aef62f45
3 changed files with 50 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
app/ayanova/src/utils/auth.js
View File

@@ -5,6 +5,7 @@ import decode from "jwt-decode";
//import Auth0Lock from 'auth0-lock'; //import Auth0Lock from 'auth0-lock';
const ID_TOKEN_KEY = "id_token"; const ID_TOKEN_KEY = "id_token";
const ACCESS_TOKEN_KEY = "access_token"; const ACCESS_TOKEN_KEY = "access_token";
const USER_ROLES = AuthorizationRoles.NoRole;
// const CLIENT_ID = '{AUTH0_CLIENT_ID}'; // const CLIENT_ID = '{AUTH0_CLIENT_ID}';
// const CLIENT_DOMAIN = '{AUTH0_DOMAIN}'; // const CLIENT_DOMAIN = '{AUTH0_DOMAIN}';
@@ -17,46 +18,41 @@ const ACCESS_TOKEN_KEY = "access_token";
// domain: CLIENT_DOMAIN // domain: CLIENT_DOMAIN
// }); // });
//https://stackoverflow.com/questions/15551652/javascript-enum-flag-check //https://stackoverflow.com/questions/15551652/javascript-enum-flag-check
const AuthorizationRoles = const AuthorizationRoles = {
{ ///<summary>No role set</summary>
NoRole: 0,
///<summary>No role set</summary> ///<summary>BizAdminLimited</summary>
NoRole = 0, BizAdminLimited: 1,
///<summary>BizAdminLimited</summary> ///<summary>BizAdminFull</summary>
BizAdminLimited = 1, BizAdminFull: 2,
///<summary>BizAdminFull</summary> ///<summary>DispatchLimited</summary>
BizAdminFull = 2, DispatchLimited: 4,
///<summary>DispatchLimited</summary> ///<summary>DispatchFull</summary>
DispatchLimited = 4, DispatchFull: 8,
///<summary>DispatchFull</summary> ///<summary>InventoryLimited</summary>
DispatchFull = 8, InventoryLimited: 16,
///<summary>InventoryLimited</summary> ///<summary>InventoryFull</summary>
InventoryLimited = 16, InventoryFull: 32,
///<summary>InventoryFull</summary> ///<summary>AccountingFull</summary>
InventoryFull = 32, AccountingFull: 64, //No limited role, not sure if there is a need
///<summary>AccountingFull</summary> ///<summary>TechLimited</summary>
AccountingFull = 64,//No limited role, not sure if there is a need TechLimited: 128,
///<summary>TechLimited</summary> ///<summary>TechFull</summary>
TechLimited = 128, TechFull: 256,
///<summary>TechFull</summary> ///<summary>SubContractorLimited</summary>
TechFull = 256, SubContractorLimited: 512,
///<summary>SubContractorLimited</summary> ///<summary>SubContractorFull</summary>
SubContractorLimited = 512, SubContractorFull: 1024,
///<summary>SubContractorFull</summary> ///<summary>ClientLimited</summary>
SubContractorFull = 1024, ClientLimited: 2048,
///<summary>ClientLimited</summary> ///<summary>ClientFull</summary>
ClientLimited = 2048, ClientFull: 4096,
///<summary>ClientFull</summary> ///<summary>OpsAdminLimited</summary>
ClientFull = 4096, OpsAdminLimited: 8192,
///<summary>OpsAdminLimited</summary> ///<summary>OpsAdminFull</summary>
OpsAdminLimited = 8192, OpsAdminFull: 16384
///<summary>OpsAdminFull</summary> }; //end AuthorizationRoles
OpsAdminFull = 16384
}//end AuthorizationRoles
export function login() { export function login() {
// auth.authorize({ // auth.authorize({
@@ -145,13 +141,12 @@ function isTokenExpired(token) {
} }
//================ ROLES ================= //================ ROLES =================
//https://stackoverflow.com/questions/39359740/what-are-enum-flags-in-typescript
export function hasRole(role) { export function hasRole(role) {
return role === (USER_ROLES & role);
// if ((role & flags.ERROR) == flags.ERROR) {
// alert("ERROR IS SET");
// }
}
if ((role & flags.ERROR) == flags.ERROR){ //TODO: Auth JWT needs to return roles as an int enum
alert("ERROR IS SET");
}
const idToken = getIdToken();
return !!idToken && !isTokenExpired(idToken);
}

8
server/AyaNova/Controllers/AuthController.cs
View File

@@ -121,8 +121,9 @@ namespace AyaNova.Api.Controllers
{ {
{ "iat", iat.ToUnixTimeSeconds().ToString() }, { "iat", iat.ToUnixTimeSeconds().ToString() },
{ "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
{ "iss", "AyaNova" }, { "iss", "ayanova.com" },
{ "id", u.Id.ToString() } { "id", u.Id.ToString() },
{ "ayanova/roles", ((int)u.Roles).ToString() }
}; };
@@ -137,6 +138,9 @@ namespace AyaNova.Api.Controllers
log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok"); log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok");
metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter); metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter);
//TODO: This needs to return the authorization roles of the user in the payload and it should all be in the token
//and remove the issued, expires id etc so that all that is returned is an encoded token with that info in it
return Ok(new ApiOkResponse(new return Ok(new ApiOkResponse(new
{ {
ok = 1, ok = 1,

4
server/AyaNova/Startup.cs
View File

@@ -234,13 +234,13 @@ namespace AyaNova
RequireSignedTokens = true, RequireSignedTokens = true,
IssuerSigningKey = signingKey, IssuerSigningKey = signingKey,
ValidateIssuer = true, ValidateIssuer = true,
ValidIssuer = "AyaNova", ValidIssuer = "ayanova.com",
ValidateAudience = false, ValidateAudience = false,
//ValidAudience = "http://localhost:7575/" //ValidAudience = "http://localhost:7575/"
// Token will only be valid if not expired yet, with 5 minutes clock skew. // Token will only be valid if not expired yet, with 5 minutes clock skew.
ValidateLifetime = true, ValidateLifetime = true,
RequireExpirationTime = true, RequireExpirationTime = true,
ClockSkew = new TimeSpan(0, 5, 0), ClockSkew = new TimeSpan(0, 5, 0),
}; };
}); });