Update token generation (#1372)
- Permit only decode token to get map details, - If user have token expired, set the token to null and reload the page. This feature will be updated when authentication stategy will be finished. Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
This commit is contained in:
parent
02a21209ec
commit
8d57886bae
@ -29,11 +29,24 @@ class ConnectionManager {
|
||||
});
|
||||
}
|
||||
|
||||
public loadOpenIDScreen() {
|
||||
localUserStore.setAuthToken(null);
|
||||
/**
|
||||
* @return Promise<void>
|
||||
*/
|
||||
public loadOpenIDScreen(): Promise<void> {
|
||||
const state = localUserStore.generateState();
|
||||
const nonce = localUserStore.generateNonce();
|
||||
localUserStore.setAuthToken(null);
|
||||
|
||||
//TODO refactor this and don't realise previous call
|
||||
return Axios.get(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`)
|
||||
.then(() => {
|
||||
window.location.assign(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`);
|
||||
})
|
||||
.catch((err) => {
|
||||
console.error(err, "We don't have URL to regenerate authentication user");
|
||||
//TODO show modal login
|
||||
window.location.reload();
|
||||
});
|
||||
}
|
||||
|
||||
public logout() {
|
||||
|
@ -174,7 +174,7 @@ export class IoSocketController {
|
||||
}
|
||||
|
||||
const tokenData =
|
||||
token && typeof token === "string" ? jwtTokenManager.decodeJWTToken(token) : null;
|
||||
token && typeof token === "string" ? jwtTokenManager.verifyJWTToken(token) : null;
|
||||
const userIdentifier = tokenData ? tokenData.identifier : "";
|
||||
|
||||
let memberTags: string[] = [];
|
||||
|
@ -6,7 +6,8 @@ import { ADMIN_API_URL } from "../Enum/EnvironmentVariable";
|
||||
import { GameRoomPolicyTypes } from "../Model/PusherRoom";
|
||||
import { MapDetailsData } from "../Services/AdminApi/MapDetailsData";
|
||||
import { socketManager } from "../Services/SocketManager";
|
||||
import { jwtTokenManager } from "../Services/JWTTokenManager";
|
||||
import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
|
||||
import { v4 } from "uuid";
|
||||
|
||||
export class MapController extends BaseController {
|
||||
constructor(private App: TemplatedApp) {
|
||||
@ -71,8 +72,16 @@ export class MapController extends BaseController {
|
||||
try {
|
||||
let userId: string | undefined = undefined;
|
||||
if (query.authToken != undefined) {
|
||||
const authTokenData = jwtTokenManager.decodeJWTToken(query.authToken as string);
|
||||
let authTokenData: AuthTokenData;
|
||||
try {
|
||||
authTokenData = jwtTokenManager.verifyJWTToken(query.authToken as string);
|
||||
userId = authTokenData.identifier;
|
||||
} catch (e) {
|
||||
// Decode token, in this case we don't need to create new token.
|
||||
authTokenData = jwtTokenManager.verifyJWTToken(query.authToken as string, true);
|
||||
userId = authTokenData.identifier;
|
||||
console.info("JWT expire, but decoded", userId);
|
||||
}
|
||||
}
|
||||
const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId);
|
||||
|
||||
|
@ -15,9 +15,9 @@ class JWTTokenManager {
|
||||
return Jwt.sign({ identifier }, SECRET_KEY, { expiresIn: "200d" });
|
||||
}
|
||||
|
||||
public decodeJWTToken(token: string): AuthTokenData {
|
||||
public verifyJWTToken(token: string, ignoreExpiration: boolean = false): AuthTokenData {
|
||||
try {
|
||||
return Jwt.verify(token, SECRET_KEY, { ignoreExpiration: false }) as AuthTokenData;
|
||||
return Jwt.verify(token, SECRET_KEY, { ignoreExpiration }) as AuthTokenData;
|
||||
} catch (e) {
|
||||
throw { reason: tokenInvalidException, message: e.message };
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user