gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(external): Ensure req.user on verified web token (#17225)

Browse Source
This commit is contained in:
Stuart Taylor
2018-05-24 12:19:51 +01:00
committed by mrugesh mohapatra
parent dfda68fb58
commit 58a5d0d181
3 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
common/models/user.js
View File

@ -683,8 +683,7 @@ module.exports = function(User) {
will introduce a change in this user. will introduce a change in this user.
` `
) )
.do(console.log) .map(() => dedent`Your settings have not been updated.`);
.map(() => dedent`Your settings have not been updated.`);
} }
return Observable.from(valuesToUpdate) return Observable.from(valuesToUpdate)
.flatMap(flag => Observable.of({ flag, newValue: values[flag] })) .flatMap(flag => Observable.of({ flag, newValue: values[flag] }))

11
server/middleware.json
View File

@ -29,7 +29,9 @@
"./middlewares/sessions.js": {} "./middlewares/sessions.js": {}
}, },
"auth:before": { "auth:before": {
"./middlewares/add-return-to": {} "./middlewares/add-return-to": {},
"./middlewares/cookie-parser": {},
"./middlewares/jwt-authorization": {}
}, },
"parse": { "parse": {
"body-parser#json": {}, "body-parser#json": {},
@ -38,8 +40,8 @@
"extended": true "extended": true
} }
}, },
"method-override": {}, "method-override": {}
"./middlewares/cookie-parser": {}
}, },
"parse:after": { "parse:after": {
"./middlewares/validator": {} "./middlewares/validator": {}
@ -55,8 +57,7 @@
"./middlewares/csp": {}, "./middlewares/csp": {},
"./middlewares/jade-helpers": {}, "./middlewares/jade-helpers": {},
"./middlewares/flash-cheaters": {}, "./middlewares/flash-cheaters": {},
"./middlewares/passport-login": {}, "./middlewares/passport-login": {}
"./middlewares/jwt-authorization": {}
}, },
"files": {}, "files": {},
"final:after": { "final:after": {

22
server/middlewares/jwt-authorization.js
View File

@ -1,11 +1,14 @@
import loopback from 'loopback';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';
import { isBefore } from 'date-fns'; import { isBefore } from 'date-fns';
import { wrapHandledError } from '../utils/create-handled-error'; import { wrapHandledError } from '../utils/create-handled-error';
export default () => function authorizeByJWT(req, res, next) { export default () => function authorizeByJWT(req, res, next) {
const path = req.path.split('/')[1]; const path = req.path.split('/')[1];
if (/external/.test(path)) { if (/external/.test(path)) {
const cookie = req.signedCookies && req.signedCookies['jwt_access_token']; const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] ||
req.cookie && req.cookie['jwt_access_token'];
if (!cookie) { if (!cookie) {
throw wrapHandledError( throw wrapHandledError(
new Error('Access token is required for this request'), new Error('Access token is required for this request'),
@ -31,7 +34,7 @@ export default () => function authorizeByJWT(req, res, next) {
} }
); );
} }
const { accessToken: {created, ttl }} = token; const { accessToken: {created, ttl, userId }} = token;
const valid = isBefore(Date.now(), Date.parse(created) + ttl); const valid = isBefore(Date.now(), Date.parse(created) + ttl);
if (!valid) { if (!valid) {
throw wrapHandledError( throw wrapHandledError(
@ -44,7 +47,20 @@ export default () => function authorizeByJWT(req, res, next) {
} }
); );
} }
return next(); if (!req.user) {
const User = loopback.getModelByType('User');
return User.findById(userId)
.then(user => {
if (user) {
req.user = user;
}
return;
})
.then(next)
.catch(next);
} else {
return next();
}
} }
return next(); return next();
}; };