Merge pull request #1836 from thecodingmachine/changeRegisterAccess

Change access token with query privateAccessToken in the url
2022-03-29 14:40:14 +02:00 · 2022-03-29 14:40:14 +02:00 · 3f090c61e0
commit 3f090c61e0
parent 7ba3225ac4 c1222c1c57
5 changed files with 34 additions and 19 deletions
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@ -88,8 +88,7 @@ class ConnectionManager {
     * @return returns a promise to the Room we are going to load OR a pointer to the URL we must redirect to if authentication is needed.
     */
    public async initGameConnexion(): Promise<Room | URL> {
-        const connexionType = urlManager.getGameConnexionType();
-        this.connexionType = connexionType;
+        this.connexionType = urlManager.getGameConnexionType();
        this._currentRoom = null;

        const urlParams = new URLSearchParams(window.location.search);
@ -102,14 +101,15 @@ class ConnectionManager {
            urlParams.delete("token");
        }

-        if (connexionType === GameConnexionTypes.login) {
+        if (this.connexionType === GameConnexionTypes.login) {
            this._currentRoom = await Room.createRoom(new URL(localUserStore.getLastRoomUrl()));
            const redirect = this.loadOpenIDScreen();
            if (redirect !== null) {
                return redirect;
            }
            urlManager.pushRoomIdToUrl(this._currentRoom);
-        } else if (connexionType === GameConnexionTypes.jwt) {
+        } else if (this.connexionType === GameConnexionTypes.jwt) {
+            /** @deprecated */
            if (!token) {
                const code = urlParams.get("code");
                const state = urlParams.get("state");
@ -135,8 +135,9 @@ class ConnectionManager {
                return redirect;
            }
            urlManager.pushRoomIdToUrl(this._currentRoom);
-        } else if (connexionType === GameConnexionTypes.register) {
-            //@deprecated
+        }
+        //@deprecated
+        else if (this.connexionType === GameConnexionTypes.register) {
            const organizationMemberToken = urlManager.getOrganizationToken();
            const data = await Axios.post(`${PUSHER_URL}/register`, { organizationMemberToken }).then(
                (res) => res.data
@ -165,11 +166,11 @@ class ConnectionManager {
                )
            );
            urlManager.pushRoomIdToUrl(this._currentRoom);
-        } else if (connexionType === GameConnexionTypes.room || connexionType === GameConnexionTypes.empty) {
+        } else if (this.connexionType === GameConnexionTypes.room || this.connexionType === GameConnexionTypes.empty) {
            this.authToken = localUserStore.getAuthToken();

            let roomPath: string;
-            if (connexionType === GameConnexionTypes.empty) {
+            if (this.connexionType === GameConnexionTypes.empty) {
                roomPath = localUserStore.getLastRoomUrl();
                //get last room path from cache api
                try {
--- a/front/src/Url/UrlManager.ts
+++ b/front/src/Url/UrlManager.ts
@ -3,10 +3,10 @@ import { localUserStore } from "../Connexion/LocalUserStore";

 export enum GameConnexionTypes {
    room = 1,
-    register,
+    register /*@deprecated*/,
    empty,
    unknown,
-    jwt,
+    jwt /*@deprecated*/,
    login,
 }

@ -16,11 +16,15 @@ class UrlManager {
        const url = window.location.pathname.toString();
        if (url === "/login") {
            return GameConnexionTypes.login;
-        } else if (url === "/jwt") {
+        }
+        //@deprecated jwt url will be replace by "?token=<private access token>"
+        else if (url === "/jwt") {
            return GameConnexionTypes.jwt;
        } else if (url.includes("_/") || url.includes("*/") || url.includes("@/")) {
            return GameConnexionTypes.room;
-        } else if (url.includes("register/")) {
+        }
+        //@deprecated register url will be replace by "?token=<private access token>"
+        else if (url.includes("register/")) {
            return GameConnexionTypes.register;
        } else if (url === "/") {
            return GameConnexionTypes.empty;
@ -29,6 +33,9 @@ class UrlManager {
        }
    }

+    /**
+     * @deprecated
+     */
    public getOrganizationToken(): string | null {
        const match = /\/register\/(.+)/.exec(window.location.pathname.toString());
        return match ? match[1] : null;
--- a/pusher/src/Controller/AuthenticateController.ts
+++ b/pusher/src/Controller/AuthenticateController.ts
@ -320,10 +320,11 @@ export class AuthenticateController extends BaseHttpController {

                //todo: what to do if the organizationMemberToken is already used?
                const organizationMemberToken: string | null = param.organizationMemberToken;
+                const playUri: string | null = param.playUri;

                try {
                    if (typeof organizationMemberToken != "string") throw new Error("No organization token");
-                    const data = await adminApi.fetchMemberDataByToken(organizationMemberToken);
+                    const data = await adminApi.fetchMemberDataByToken(organizationMemberToken, playUri);
                    const userUuid = data.userUuid;
                    const email = data.email;
                    const roomUrl = data.roomUrl;
--- a/pusher/src/Controller/OpenIdProfileController.ts
+++ b/pusher/src/Controller/OpenIdProfileController.ts
@ -13,14 +13,14 @@ export class OpenIdProfileController extends BaseHttpController {
            }
            try {
                const resCheckTokenAuth = await openIDClient.checkTokenAuth(accessToken as string);
-                if (!resCheckTokenAuth.email) {
+                if (!resCheckTokenAuth.sub) {
                    throw new Error("Email was not found");
                }
                res.send(
                    this.buildHtml(
                        OPID_CLIENT_ISSUER,
-                        resCheckTokenAuth.email as string,
-                        resCheckTokenAuth.picture as string | undefined
+                        resCheckTokenAuth.sub
+                        /*resCheckTokenAuth.picture as string | undefined*/
                    )
                );
                return;
--- a/pusher/src/Services/AdminApi.ts
+++ b/pusher/src/Services/AdminApi.ts
@ -61,7 +61,7 @@ class AdminApi {

    async fetchMemberDataByUuid(
        userIdentifier: string | null,
-        roomId: string,
+        playUri: string,
        ipAddress: string,
        characterLayers: string[]
    ): Promise<FetchMemberDataByUuidResponse> {
@ -69,7 +69,12 @@ class AdminApi {
            return Promise.reject(new Error("No admin backoffice set!"));
        }
        const res = await Axios.get<unknown, AxiosResponse<unknown>>(ADMIN_API_URL + "/api/room/access", {
-            params: { userIdentifier, roomId, ipAddress, characterLayers },
+            params: {
+                userIdentifier,
+                playUri,
+                ipAddress,
+                characterLayers,
+            },
            headers: { Authorization: `${ADMIN_API_TOKEN}` },
            paramsSerializer: (p) => {
                return qs.stringify(p, { arrayFormat: "brackets" });
@ -84,12 +89,13 @@ class AdminApi {
        return res.data;
    }

-    async fetchMemberDataByToken(organizationMemberToken: string): Promise<AdminApiData> {
+    async fetchMemberDataByToken(organizationMemberToken: string, playUri: string | null): Promise<AdminApiData> {
        if (!ADMIN_API_URL) {
            return Promise.reject(new Error("No admin backoffice set!"));
        }
        //todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case.
        const res = await Axios.get(ADMIN_API_URL + "/api/login-url/" + organizationMemberToken, {
+            params: { playUri },
            headers: { Authorization: `${ADMIN_API_TOKEN}` },
        });
        if (!isAdminApiData(res.data)) {