From 8d57886bae45dc2f893ce4ae1e410fa87377dc85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?gr=C3=A9goire=20parant?= Date: Sun, 15 Aug 2021 22:51:06 +0200 Subject: [PATCH] Update token generation (#1372) - Permit only decode token to get map details, - If user have token expired, set the token to null and reload the page. This feature will be updated when authentication stategy will be finished. Signed-off-by: Gregoire Parant --- front/src/Connexion/ConnectionManager.ts | 19 ++++++++++++++++--- pusher/src/Controller/IoSocketController.ts | 2 +- pusher/src/Controller/MapController.ts | 15 ++++++++++++--- pusher/src/Services/JWTTokenManager.ts | 4 ++-- 4 files changed, 31 insertions(+), 9 deletions(-) diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts index 38272737..9e245d3a 100644 --- a/front/src/Connexion/ConnectionManager.ts +++ b/front/src/Connexion/ConnectionManager.ts @@ -29,11 +29,24 @@ class ConnectionManager { }); } - public loadOpenIDScreen() { - localUserStore.setAuthToken(null); + /** + * @return Promise + */ + public loadOpenIDScreen(): Promise { const state = localUserStore.generateState(); const nonce = localUserStore.generateNonce(); - window.location.assign(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`); + localUserStore.setAuthToken(null); + + //TODO refactor this and don't realise previous call + return Axios.get(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`) + .then(() => { + window.location.assign(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`); + }) + .catch((err) => { + console.error(err, "We don't have URL to regenerate authentication user"); + //TODO show modal login + window.location.reload(); + }); } public logout() { diff --git a/pusher/src/Controller/IoSocketController.ts b/pusher/src/Controller/IoSocketController.ts index daf45ce4..0466100c 100644 --- a/pusher/src/Controller/IoSocketController.ts +++ b/pusher/src/Controller/IoSocketController.ts @@ -174,7 +174,7 @@ export class IoSocketController { } const tokenData = - token && typeof token === "string" ? jwtTokenManager.decodeJWTToken(token) : null; + token && typeof token === "string" ? jwtTokenManager.verifyJWTToken(token) : null; const userIdentifier = tokenData ? tokenData.identifier : ""; let memberTags: string[] = []; diff --git a/pusher/src/Controller/MapController.ts b/pusher/src/Controller/MapController.ts index 8becb0fe..ccaa231f 100644 --- a/pusher/src/Controller/MapController.ts +++ b/pusher/src/Controller/MapController.ts @@ -6,7 +6,8 @@ import { ADMIN_API_URL } from "../Enum/EnvironmentVariable"; import { GameRoomPolicyTypes } from "../Model/PusherRoom"; import { MapDetailsData } from "../Services/AdminApi/MapDetailsData"; import { socketManager } from "../Services/SocketManager"; -import { jwtTokenManager } from "../Services/JWTTokenManager"; +import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager"; +import { v4 } from "uuid"; export class MapController extends BaseController { constructor(private App: TemplatedApp) { @@ -71,8 +72,16 @@ export class MapController extends BaseController { try { let userId: string | undefined = undefined; if (query.authToken != undefined) { - const authTokenData = jwtTokenManager.decodeJWTToken(query.authToken as string); - userId = authTokenData.identifier; + let authTokenData: AuthTokenData; + try { + authTokenData = jwtTokenManager.verifyJWTToken(query.authToken as string); + userId = authTokenData.identifier; + } catch (e) { + // Decode token, in this case we don't need to create new token. + authTokenData = jwtTokenManager.verifyJWTToken(query.authToken as string, true); + userId = authTokenData.identifier; + console.info("JWT expire, but decoded", userId); + } } const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId); diff --git a/pusher/src/Services/JWTTokenManager.ts b/pusher/src/Services/JWTTokenManager.ts index bb21531c..4711ccfd 100644 --- a/pusher/src/Services/JWTTokenManager.ts +++ b/pusher/src/Services/JWTTokenManager.ts @@ -15,9 +15,9 @@ class JWTTokenManager { return Jwt.sign({ identifier }, SECRET_KEY, { expiresIn: "200d" }); } - public decodeJWTToken(token: string): AuthTokenData { + public verifyJWTToken(token: string, ignoreExpiration: boolean = false): AuthTokenData { try { - return Jwt.verify(token, SECRET_KEY, { ignoreExpiration: false }) as AuthTokenData; + return Jwt.verify(token, SECRET_KEY, { ignoreExpiration }) as AuthTokenData; } catch (e) { throw { reason: tokenInvalidException, message: e.message }; }