Adds token authentication mechanism

parent 683c2d37
......@@ -94,6 +94,14 @@ class UserDAO extends AbstractDAO<{ [key: string]: IUserEntity }> {
return this.storage[name];
}
public getUserByTokenHash(tokenHash: string): IUserEntity {
if (this.isEmptyVars(tokenHash)) {
return null;
}
return Object.values(this.storage).find(user => user.tokenHash === tokenHash);
}
public getUserById(id: ObjectId): IUserEntity {
return Object.values(this.storage).find(val => val.id.equals(id));
}
......
......@@ -6,6 +6,16 @@ import { AuthService } from '../services/AuthService';
import { AbstractEntity } from './AbstractEntity';
export class UserEntity extends AbstractEntity implements IUserEntity {
private _tokenHash: string;
get tokenHash(): string {
return this._tokenHash;
}
set tokenHash(value: string) {
this._tokenHash = value;
}
private _token: string;
get token(): string {
......@@ -73,6 +83,7 @@ export class UserEntity extends AbstractEntity implements IUserEntity {
this._name = data.name;
this._privateKey = data.privateKey;
this._passwordHash = data.passwordHash;
this._tokenHash = data.tokenHash;
this._gitlabToken = data.gitlabToken;
this._token = data.token;
this._userAuthorizations = data.userAuthorizations.map(val => UserRole[val]);
......@@ -94,6 +105,7 @@ export class UserEntity extends AbstractEntity implements IUserEntity {
token: this.token,
name: this.name,
passwordHash: this.passwordHash,
tokenHash: this.tokenHash,
privateKey: this.privateKey,
gitlabToken: this.gitlabToken,
userAuthorizations: this.userAuthorizations,
......
export interface IUserBase {
name: string;
passwordHash: string;
tokenHash: string;
privateKey: string;
token?: string;
gitlabToken?: string;
......
......@@ -8,7 +8,8 @@ import LoggerService from '../../services/LoggerService';
@index({ name: 1 }, { unique: true })
export class UserModelItem extends Typegoose implements IUserSerialized {
@prop({ required: true }) public name: string;
@prop({ required: true }) public passwordHash: string;
@prop({ required: false }) public passwordHash: string;
@prop({ required: false }) public tokenHash: string;
@prop({ required: true }) public userAuthorizations: Array<string>;
@prop({ required: true }) public privateKey: string;
@prop() public gitlabToken?: string;
......
......@@ -42,6 +42,7 @@ export class AdminRouter extends AbstractRouter {
@BodyParam('name') name: string, //
@BodyParam('privateKey') privateKey: string, //
@BodyParam('passwordHash') passwordHash: string, //
@BodyParam('passwordHash') tokenHash: string, //
@BodyParam('userAuthorizations') userAuthorizations: Array<string>, //
@BodyParam('gitlabToken', { required: false }) gitlabToken: string, //
): void {
......@@ -49,6 +50,7 @@ export class AdminRouter extends AbstractRouter {
const userData: IUserSerialized = {
name,
passwordHash,
tokenHash,
privateKey,
userAuthorizations,
gitlabToken,
......
......@@ -340,14 +340,36 @@ export class LibRouter extends AbstractRouter {
@Post('/authorize/static')
private async authorizeStatic(
@BodyParam('username') username: string,
@BodyParam('passwordHash') password: string,
@BodyParam('username', { required: false }) username: string,
@BodyParam('passwordHash', { required: false }) password: string,
@BodyParam('tokenHash', { required: false }) tokenHash: string,
@BodyParam('token', { required: false }) token: string,
): Promise<object> {
const user = UserDAO.getUser(username);
let user;
if (username) {
user = UserDAO.getUser(username);
if (!username || !password || !user || !UserDAO.validateUser(username, password)) {
if (!password || !user || !UserDAO.validateUser(username, password)) {
throw new UnauthorizedError(JSON.stringify({
status: StatusProtocol.Failed,
step: MessageProtocol.AuthenticateStatic,
payload: { reason: 'UNKOWN_LOGIN' },
}));
}
} else if (tokenHash) {
user = UserDAO.getUserByTokenHash(tokenHash);
if (!user) {
throw new UnauthorizedError(JSON.stringify({
status: StatusProtocol.Failed,
step: MessageProtocol.AuthenticateStatic,
payload: { reason: 'UNKOWN_LOGIN' },
}));
}
} else {
throw new UnauthorizedError(JSON.stringify({
status: StatusProtocol.Failed,
step: MessageProtocol.AuthenticateStatic,
......
......@@ -28,6 +28,7 @@ class ExpiryQuizTestSuite {
LoginDAO.initUser({
name: 'testuser',
passwordHash: 'hash',
tokenHash: 'hash',
privateKey: 'mysecret',
gitlabToken: '',
userAuthorizations: [UserRole.CreateExpiredQuiz],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment