feat(login): Added auth-guard to avoid unauthorized access

Squashed commit of the following: commit c8f20f6ff0dee2257a4191d8e6771ed2fc364326 Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Wed Jun 30 12:04:40 2021 +0200 Removed current from currentUser and currentToken/currentExpiration commit fef6b046861efe8cfacb5b5b1e9dbb86bff42336 Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Wed Jun 30 10:42:27 2021 +0200 Fixed some tests commit f357546d3a61ad66d804a7cb36807985c8435974 Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Wed Jun 30 09:41:47 2021 +0200 Fixed linting commit 85fdbaed8d922bec235e4987cc34464c1419a093 Merge: c93dd92 c06452d Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Wed Jun 30 09:29:55 2021 +0200 Merged develop and resolved conflicts commit c93dd925b06a0b8a0361a687165e9c3954e2050b Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Wed Jun 30 07:43:57 2021 +0200 Moved some components to shared folder commit aa1cc2b6240236149b0367363d4175fbdacf94dc Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Wed Jun 30 07:32:28 2021 +0200 Removed comments and some unused code commit 7b83eb9d9d368b7466189ab3588fa91697db49c0 Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Tue Jun 29 14:56:02 2021 +0200 Login-flow now works locally and against API commit dab5a76f2b6e24447d85e237233053a3f23b1b39 Author: Erik Tiekstra <erik.tiekstra@arbetsformedlingen.se> Date: Tue Jun 29 12:50:24 2021 +0200 Adjusted login-functionality to use a guard
2021-06-30 12:06:05 +02:00
parent c06452dbbd
commit e9159bcbc4
81 changed files with 570 additions and 575 deletions
--- a/mock-api/dafa-web/server.js
+++ b/mock-api/dafa-web/server.js
@@ -15,17 +15,18 @@ server.use(
    '/employee*': '/employees$1',
    '/participants': '/participants?_embed=employees',
    '/participant/:id': '/participants/:id?_embed=employees',
+    '/auth': '/currentUser',
    '*page=*': '$1_page=$2',
    '*limit=*': '$1_limit=$2',
    '*sort=*': '$1_sort=$2',
    '*order=*': '$1_order=$2',
-    '/get-token?code=auth_code_from_CIAM_with_all_permissions': '/getTokenFullAccess',
+    '/auth/token?accessCode=auth_code_from_CIAM_with_all_permissions': '/getTokenFullAccess',
  })
 );

 router.render = (req, res) => {
-  // all paths except getToken requires Authorization header.
-  if (!req._parsedUrl.pathname.includes('getToken') && !req.headers.authorization) {
+  // all paths except getTokenFullAccess requires Authorization header.
+  if (!req._parsedUrl.pathname.includes('getTokenFullAccess') && !req.headers.authorization) {
    return res.status(401).jsonp({ error: 'No valid access-token' });
  }

@@ -36,10 +37,14 @@ router.render = (req, res) => {
    req.body.createdAt = Date.now();
  }

-  res.jsonp({
-    data: res.locals.data,
-    ...appendMetaData(params, res),
-  });
+  if (req._parsedUrl.pathname.includes('getTokenFullAccess')) {
+    res.jsonp(res.locals.data);
+  } else {
+    res.jsonp({
+      data: res.locals.data,
+      ...appendMetaData(params, res),
+    });
+  }
 };

 server.use(router);