app/ayanova/src/utils/auth.js

@@ -5,6 +5,7 @@ import decode from "jwt-decode";
 //import Auth0Lock from 'auth0-lock';
 const ID_TOKEN_KEY = "id_token";
 const ACCESS_TOKEN_KEY = "access_token";
+const USER_ROLES = AuthorizationRoles.NoRole;
 
 // const CLIENT_ID = '{AUTH0_CLIENT_ID}';
 // const CLIENT_DOMAIN = '{AUTH0_DOMAIN}';
@@ -17,46 +18,41 @@ const ACCESS_TOKEN_KEY = "access_token";
 //   domain: CLIENT_DOMAIN
 // });
 
-
 //https://stackoverflow.com/questions/15551652/javascript-enum-flag-check
-const AuthorizationRoles =
-    {
-
-        ///<summary>No role set</summary>
-        NoRole = 0,
-        ///<summary>BizAdminLimited</summary>
-        BizAdminLimited = 1,
-        ///<summary>BizAdminFull</summary>
-        BizAdminFull = 2,
-        ///<summary>DispatchLimited</summary>
-        DispatchLimited = 4,
-        ///<summary>DispatchFull</summary>
-        DispatchFull = 8,
-        ///<summary>InventoryLimited</summary>
-        InventoryLimited = 16,
-        ///<summary>InventoryFull</summary>
-        InventoryFull = 32,
-        ///<summary>AccountingFull</summary>
-        AccountingFull = 64,//No limited role, not sure if there is a need
-        ///<summary>TechLimited</summary>
-        TechLimited = 128,
-        ///<summary>TechFull</summary>
-        TechFull = 256,
-        ///<summary>SubContractorLimited</summary>
-        SubContractorLimited = 512,
-        ///<summary>SubContractorFull</summary>
-        SubContractorFull = 1024,
-        ///<summary>ClientLimited</summary>
-        ClientLimited = 2048,
-        ///<summary>ClientFull</summary>
-        ClientFull = 4096,
-        ///<summary>OpsAdminLimited</summary>
-        OpsAdminLimited = 8192,
-        ///<summary>OpsAdminFull</summary>
-        OpsAdminFull = 16384
-
-    }//end AuthorizationRoles
-
+const AuthorizationRoles = {
+  ///<summary>No role set</summary>
+  NoRole: 0,
+  ///<summary>BizAdminLimited</summary>
+  BizAdminLimited: 1,
+  ///<summary>BizAdminFull</summary>
+  BizAdminFull: 2,
+  ///<summary>DispatchLimited</summary>
+  DispatchLimited: 4,
+  ///<summary>DispatchFull</summary>
+  DispatchFull: 8,
+  ///<summary>InventoryLimited</summary>
+  InventoryLimited: 16,
+  ///<summary>InventoryFull</summary>
+  InventoryFull: 32,
+  ///<summary>AccountingFull</summary>
+  AccountingFull: 64, //No limited role, not sure if there is a need
+  ///<summary>TechLimited</summary>
+  TechLimited: 128,
+  ///<summary>TechFull</summary>
+  TechFull: 256,
+  ///<summary>SubContractorLimited</summary>
+  SubContractorLimited: 512,
+  ///<summary>SubContractorFull</summary>
+  SubContractorFull: 1024,
+  ///<summary>ClientLimited</summary>
+  ClientLimited: 2048,
+  ///<summary>ClientFull</summary>
+  ClientFull: 4096,
+  ///<summary>OpsAdminLimited</summary>
+  OpsAdminLimited: 8192,
+  ///<summary>OpsAdminFull</summary>
+  OpsAdminFull: 16384
+}; //end AuthorizationRoles
 
 export function login() {
   //   auth.authorize({
@@ -145,13 +141,12 @@ function isTokenExpired(token) {
 }
 
 //================ ROLES =================
+//https://stackoverflow.com/questions/39359740/what-are-enum-flags-in-typescript
 export function hasRole(role) {
+  return role === (USER_ROLES & role);
+  //   if ((role & flags.ERROR) == flags.ERROR) {
+  //     alert("ERROR IS SET");
+  //   }
+}
 
-    if ((role & flags.ERROR) == flags.ERROR){
-        alert("ERROR IS SET");
-     }
-
-    const idToken = getIdToken();
-    return !!idToken && !isTokenExpired(idToken);
-  }
-
+//TODO: Auth JWT needs to return roles as an int enum 

server/AyaNova/Controllers/AuthController.cs

@@ -121,8 +121,9 @@ namespace AyaNova.Api.Controllers
                         {
                             { "iat", iat.ToUnixTimeSeconds().ToString() },
                             { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
-                            { "iss", "AyaNova" },
-                            { "id", u.Id.ToString() }
+                            { "iss", "ayanova.com" },
+                            { "id", u.Id.ToString() },
+                            { "ayanova/roles", ((int)u.Roles).ToString() }
                         };
 
 
@@ -137,6 +138,9 @@ namespace AyaNova.Api.Controllers
 
                     log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok");
                     metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter);
+
+                    //TODO: This needs to return the authorization roles of the user in the payload and it should all be in the token
+                    //and remove the issued, expires id etc so that all that is returned is an encoded token with that info in it
                     return Ok(new ApiOkResponse(new
                     {
                         ok = 1,

server/AyaNova/Startup.cs

@@ -234,7 +234,7 @@ namespace AyaNova
                         RequireSignedTokens = true,
                         IssuerSigningKey = signingKey,
                         ValidateIssuer = true,
-                        ValidIssuer = "AyaNova",
+                        ValidIssuer = "ayanova.com",
                         ValidateAudience = false,
                         //ValidAudience = "http://localhost:7575/"