Adds token authentication mechanism

ab3eb3df · Christopher Mark Fullarton · 683c2d37 · ab3eb3df · ab3eb3df · ab3eb3df
Commit ab3eb3df authored Jul 08, 2019 by Christopher Mark Fullarton
7 changed files
--- a/src/db/UserDAO.ts
+++ b/src/db/UserDAO.ts
@@ -94,6 +94,14 @@ class UserDAO extends AbstractDAO<{ [key: string]: IUserEntity }> {
    return this.storage[name];
  }

+  public getUserByTokenHash(tokenHash: string): IUserEntity {
+    if (this.isEmptyVars(tokenHash)) {
+      return null;
+    }
+
+    return Object.values(this.storage).find(user => user.tokenHash === tokenHash);
+  }
+
  public getUserById(id: ObjectId): IUserEntity {
    return Object.values(this.storage).find(val => val.id.equals(id));
  }

--- a/src/entities/UserEntity.ts
+++ b/src/entities/UserEntity.ts
@@ -6,6 +6,16 @@ import { AuthService } from '../services/AuthService';
 import { AbstractEntity } from './AbstractEntity';

 export class UserEntity extends AbstractEntity implements IUserEntity {
+  private _tokenHash: string;
+
+  get tokenHash(): string {
+    return this._tokenHash;
+  }
+
+  set tokenHash(value: string) {
+    this._tokenHash = value;
+  }
+
  private _token: string;

  get token(): string {
@@ -73,6 +83,7 @@ export class UserEntity extends AbstractEntity implements IUserEntity {
    this._name = data.name;
    this._privateKey = data.privateKey;
    this._passwordHash = data.passwordHash;
+    this._tokenHash = data.tokenHash;
    this._gitlabToken = data.gitlabToken;
    this._token = data.token;
    this._userAuthorizations = data.userAuthorizations.map(val => UserRole[val]);
@@ -94,6 +105,7 @@ export class UserEntity extends AbstractEntity implements IUserEntity {
      token: this.token,
      name: this.name,
      passwordHash: this.passwordHash,
+      tokenHash: this.tokenHash,
      privateKey: this.privateKey,
      gitlabToken: this.gitlabToken,
      userAuthorizations: this.userAuthorizations,

--- a/src/interfaces/users/IUserBase.ts
+++ b/src/interfaces/users/IUserBase.ts
 export interface IUserBase {
  name: string;
  passwordHash: string;
+  tokenHash: string;
  privateKey: string;
  token?: string;
  gitlabToken?: string;

--- a/src/models/UserModelItem/UserModel.ts
+++ b/src/models/UserModelItem/UserModel.ts
@@ -8,7 +8,8 @@ import LoggerService from '../../services/LoggerService';
 @index({ name: 1 }, { unique: true })
 export class UserModelItem extends Typegoose implements IUserSerialized {
  @prop({ required: true }) public name: string;
-  @prop({ required: true }) public passwordHash: string;
+  @prop({ required: false }) public passwordHash: string;
+  @prop({ required: false }) public tokenHash: string;
  @prop({ required: true }) public userAuthorizations: Array<string>;
  @prop({ required: true }) public privateKey: string;
  @prop() public gitlabToken?: string;

--- a/src/routers/rest/AdminRouter.ts
+++ b/src/routers/rest/AdminRouter.ts
@@ -42,6 +42,7 @@ export class AdminRouter extends AbstractRouter {
    @BodyParam('name') name: string, //
    @BodyParam('privateKey') privateKey: string, //
    @BodyParam('passwordHash') passwordHash: string, //
+    @BodyParam('passwordHash') tokenHash: string, //
    @BodyParam('userAuthorizations') userAuthorizations: Array<string>, //
    @BodyParam('gitlabToken', { required: false }) gitlabToken: string, //
  ): void {
@@ -49,6 +50,7 @@ export class AdminRouter extends AbstractRouter {
    const userData: IUserSerialized = {
      name,
      passwordHash,
+      tokenHash,
      privateKey,
      userAuthorizations,
      gitlabToken,

--- a/src/routers/rest/LibRouter.ts
+++ b/src/routers/rest/LibRouter.ts
@@ -340,14 +340,36 @@ export class LibRouter extends AbstractRouter {

  @Post('/authorize/static')
  private async authorizeStatic(
-    @BodyParam('username') username: string,
-    @BodyParam('passwordHash') password: string,
+    @BodyParam('username', { required: false }) username: string,
+    @BodyParam('passwordHash', { required: false }) password: string,
+    @BodyParam('tokenHash', { required: false }) tokenHash: string,
    @BodyParam('token', { required: false }) token: string,
  ): Promise<object> {

-    const user = UserDAO.getUser(username);
+    let user;
+    if (username) {
+      user = UserDAO.getUser(username);

-    if (!username || !password || !user || !UserDAO.validateUser(username, password)) {
+      if (!password || !user || !UserDAO.validateUser(username, password)) {
+        throw new UnauthorizedError(JSON.stringify({
+          status: StatusProtocol.Failed,
+          step: MessageProtocol.AuthenticateStatic,
+          payload: { reason: 'UNKOWN_LOGIN' },
+        }));
+      }
+
+    } else if (tokenHash) {
+      user = UserDAO.getUserByTokenHash(tokenHash);
+
+      if (!user) {
+        throw new UnauthorizedError(JSON.stringify({
+          status: StatusProtocol.Failed,
+          step: MessageProtocol.AuthenticateStatic,
+          payload: { reason: 'UNKOWN_LOGIN' },
+        }));
+      }
+
+    } else {
      throw new UnauthorizedError(JSON.stringify({
        status: StatusProtocol.Failed,
        step: MessageProtocol.AuthenticateStatic,

--- a/src/tests/routes/expiry-quiz.test.ts
+++ b/src/tests/routes/expiry-quiz.test.ts
@@ -28,6 +28,7 @@ class ExpiryQuizTestSuite {
    LoginDAO.initUser({
      name: 'testuser',
      passwordHash: 'hash',
+      tokenHash: 'hash',
      privateKey: 'mysecret',
      gitlabToken: '',
      userAuthorizations: [UserRole.CreateExpiredQuiz],