fix(external): Ensure req.user on verified web token (#17225)
This commit is contained in:
Stuart Taylor
committed by
mrugesh mohapatra
mrugesh mohapatra
parent
dfda68fb58
commit
58a5d0d181
@ -683,8 +683,7 @@ module.exports = function(User) {
|
||||
will introduce a change in this user.
|
||||
`
|
||||
)
|
||||
.do(console.log)
|
||||
.map(() => dedent`Your settings have not been updated.`);
|
||||
.map(() => dedent`Your settings have not been updated.`);
|
||||
}
|
||||
return Observable.from(valuesToUpdate)
|
||||
.flatMap(flag => Observable.of({ flag, newValue: values[flag] }))
|
||||
|
||||
@ -29,7 +29,9 @@
|
||||
"./middlewares/sessions.js": {}
|
||||
},
|
||||
"auth:before": {
|
||||
"./middlewares/add-return-to": {}
|
||||
"./middlewares/add-return-to": {},
|
||||
"./middlewares/cookie-parser": {},
|
||||
"./middlewares/jwt-authorization": {}
|
||||
},
|
||||
"parse": {
|
||||
"body-parser#json": {},
|
||||
@ -38,8 +40,8 @@
|
||||
"extended": true
|
||||
}
|
||||
},
|
||||
"method-override": {},
|
||||
"./middlewares/cookie-parser": {}
|
||||
"method-override": {}
|
||||
|
||||
},
|
||||
"parse:after": {
|
||||
"./middlewares/validator": {}
|
||||
@ -55,8 +57,7 @@
|
||||
"./middlewares/csp": {},
|
||||
"./middlewares/jade-helpers": {},
|
||||
"./middlewares/flash-cheaters": {},
|
||||
"./middlewares/passport-login": {},
|
||||
"./middlewares/jwt-authorization": {}
|
||||
"./middlewares/passport-login": {}
|
||||
},
|
||||
"files": {},
|
||||
"final:after": {
|
||||
|
||||
@ -1,11 +1,14 @@
|
||||
import loopback from 'loopback';
|
||||
import jwt from 'jsonwebtoken';
|
||||
import { isBefore } from 'date-fns';
|
||||
|
||||
import { wrapHandledError } from '../utils/create-handled-error';
|
||||
|
||||
export default () => function authorizeByJWT(req, res, next) {
|
||||
const path = req.path.split('/')[1];
|
||||
if (/external/.test(path)) {
|
||||
const cookie = req.signedCookies && req.signedCookies['jwt_access_token'];
|
||||
const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] ||
|
||||
req.cookie && req.cookie['jwt_access_token'];
|
||||
if (!cookie) {
|
||||
throw wrapHandledError(
|
||||
new Error('Access token is required for this request'),
|
||||
@ -31,7 +34,7 @@ export default () => function authorizeByJWT(req, res, next) {
|
||||
}
|
||||
);
|
||||
}
|
||||
const { accessToken: {created, ttl }} = token;
|
||||
const { accessToken: {created, ttl, userId }} = token;
|
||||
const valid = isBefore(Date.now(), Date.parse(created) + ttl);
|
||||
if (!valid) {
|
||||
throw wrapHandledError(
|
||||
@ -44,7 +47,20 @@ export default () => function authorizeByJWT(req, res, next) {
|
||||
}
|
||||
);
|
||||
}
|
||||
return next();
|
||||
if (!req.user) {
|
||||
const User = loopback.getModelByType('User');
|
||||
return User.findById(userId)
|
||||
.then(user => {
|
||||
if (user) {
|
||||
req.user = user;
|
||||
}
|
||||
return;
|
||||
})
|
||||
.then(next)
|
||||
.catch(next);
|
||||
} else {
|
||||
return next();
|
||||
}
|
||||
}
|
||||
return next();
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user