fyindr
/
siimee
Watch 4
Star 3
Fork 1
Code Pull Requests 1 Releases 4 Wiki Activity
Browse Source

:construction: Heavy refactor in onboarding auth logic

tags/0.0.3^2
tomit4 2 years ago
parent
c609c4789a
commit
7745929a65
16 changed files with 106 additions and 277 deletions
Split View Show Diff Stats
  1. 1
    0
      backend/lib/auth/strategies/jwt.js
  2. 2
    6
      backend/lib/plugins/user.js
  3. 3
    2
      backend/lib/routes/profile/get.js
  4. 0
    57
      backend/lib/routes/user/check-email-registry.js
  5. 0
    72
      backend/lib/routes/user/getaccess.js
  6. 1
    5
      backend/lib/routes/user/getsession.js
  7. 3
    2
      backend/lib/routes/user/list-profiles.js
  8. 3
    2
      backend/lib/routes/user/user-by-email.js
  9. 3
    2
      backend/lib/routes/user/validatesession.js
  10. 0
    0
      backend/lib/routes/user/verifyactivesession.js
  11. 64
    27
      backend/lib/services/user.js
  12. 2
    0
      frontend/src/components/onboarding/Auth.vue
  13. 2
    10
      frontend/src/services/auth.service.js
  14. 1
    1
      frontend/src/utils/db.js
  15. 11
    76
      frontend/src/views/OnboardingView.vue
  16. 10
    15
      frontend/src/views/VerifyView.vue

+ 1
- 0
backend/lib/auth/strategies/jwt.js View File 

@@ -8,6 +8,7 @@ module.exports = options => {
8 8 
             algorithms: ['HS256'],
9 9 
         },
10 10 
         validate: (decoded, request, h) => {
11 
+            // QUESTION: How can we authenticate both Session and Access Tokens here?
11 12 
             const token = request.headers.authorization
12 13 
             try {
13 14 
                 const validatedJwt = JWT.verify(token, process.env.APP_SECRET)

+ 2
- 6
backend/lib/plugins/user.js View File 

@@ -13,11 +13,9 @@ const UserProfilesListRoute = require('../routes/user/list-profiles')
13 13 
 const UserLoginRoute = require('../routes/user/login')
14 14 
 const UserSignupRoute = require('../routes/user/signup')
15 15 
 const UserEmailRoute = require('../routes/user/email.js')
16 
-const UserVerifyEmailRoute = require('../routes/user/verifyemail.js')
16 
+const UserVerifyActiveRoute = require('../routes/user/verifyactivesession.js')
17 17 
 const UserGetSessionRoute = require('../routes/user/getsession.js')
18 
-const UserGetAccessRoute = require('../routes/user/getaccess.js')
19 18 
 const UserValidateSessionRoute = require('../routes/user/validatesession.js')
20 
-const UserCheckEmailRegistry = require('../routes/user/check-email-registry.js')
21 19 
 const UserByEmail = require('../routes/user/user-by-email.js')
22 20 
 const UserPassword = require('../routes/user/authentication')
23 21 
 
@@ -57,11 +55,9 @@ module.exports = {
57 55 
         await server.route(UserProfileCreateRoute)
58 56 
         await server.route(UserProfilesListRoute)
59 57 
         await server.route(UserEmailRoute)
60 
-        await server.route(UserVerifyEmailRoute)
58 
+        await server.route(UserVerifyActiveRoute)
61 59 
         await server.route(UserGetSessionRoute)
62 
-        await server.route(UserGetAccessRoute)
63 60 
         await server.route(UserValidateSessionRoute)
64 
-        await server.route(UserCheckEmailRegistry)
65 61 
         await server.route(UserByEmail)
66 62 
         await server.route(UserPassword)
67 63 
     },

+ 3
- 2
backend/lib/routes/profile/get.js View File 

@@ -29,8 +29,9 @@ module.exports = {
29 29 
         ...pluginConfig.docs,
30 30 
         tags: ['api'],
31 31 
         /** Protect this route with authentication? */
32 
-        // auth: false,
33 
-        auth: 'default_jwt',
32 
+        // TODO: change this once sessionToken is passed in headers
33 
+        auth: false,
34 
+        // auth: 'default_jwt',
34 35 
         cors: true,
35 36 
         handler: async function (request, h) {
36 37 
             const { profile_id } = request.params

+ 0
- 57
backend/lib/routes/user/check-email-registry.js View File 

@@ -1,57 +0,0 @@
1 
-'use strict'
2 
-
3 
-const Joi = require('joi')
4 
-
5 
-const pluginConfig = {
6 
-    handlerType: 'email',
7 
-    docs: {
8 
-        get: {
9 
-            description: 'checks if user email is registered in memory',
10 
-            notes: 'Checks if user email is in application state and returns boolean',
11 
-        },
12 
-    },
13 
-}
14 
-
15 
-module.exports = {
16 
-    method: 'POST',
17 
-    path: '/checkemailregistry/',
18 
-    options: {
19 
-        ...pluginConfig.docs.get,
20 
-        tags: ['api'],
21 
-        auth: false,
22 
-        cors: true,
23 
-        handler: async function (request, h) {
24 
-            const { userService } = request.server.services()
25 
-            const userEmail = request.payload
26 
-            try {
27 
-                const emailIsRegistered = await userService.checkEmailRegistry(
28 
-                    userEmail,
29 
-                )
30 
-                return {
31 
-                    ok: true,
32 
-                    handler: pluginConfig.handlerType,
33 
-                    data: emailIsRegistered,
34 
-                }
35 
-            } catch (err) {
36 
-                return {
37 
-                    ok: false,
38 
-                    handler: pluginConfig.handlerType,
39 
-                    data: {
40 
-                        error: err,
41 
-                    },
42 
-                }
43 
-            }
44 
-        },
45 
-        validate: {
46 
-            failAction: 'log',
47 
-        },
48 
-        response: {
49 
-            schema: Joi.object({
50 
-                ok: Joi.bool(),
51 
-                handler: Joi.string(),
52 
-                data: Joi.bool(),
53 
-            }).label('email_registry_res'),
54 
-            failAction: 'log',
55 
-        },
56 
-    },
57 
-}

+ 0
- 72
backend/lib/routes/user/getaccess.js View File 

@@ -1,72 +0,0 @@
1 
-'use strict'
2 
-
3 
-const Joi = require('joi')
4 
-
5 
-const pluginConfig = {
6 
-    handlerType: 'authentication',
7 
-    docs: {
8 
-        get: {
9 
-            description: 'gets access token for authentication',
10 
-            notes: 'Gets access token for authentication',
11 
-        },
12 
-    },
13 
-}
14 
-
15 
-module.exports = {
16 
-    method: 'POST',
17 
-    path: '/getaccess',
18 
-    options: {
19 
-        ...pluginConfig.docs.get,
20 
-        tags: ['api'],
21 
-        auth: false,
22 
-        cors: {
23 
-            headers: ['Authorization'],
24 
-            exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
25 
-        },
26 
-        handler: async function (request, h) {
27 
-            const { userService } = request.server.services()
28 
-            const hash = request.payload.hash
29 
-            const accessToken = await userService.createToken({
30 
-                ...hash,
31 
-                // NOTE: Set Expiration Time for Access Token Here
32 
-                // expires: 60 * 2,
33 
-                // TESTING:
34 
-                expires: 30,
35 
-            })
36 
-            userService.activeSessions[`${hash}`].accessToken = accessToken
37 
-            const accessTokenInHashedSessions =
38 
-                userService.activeSessions[`${hash}`].accessToken ===
39 
-                accessToken
40 
-                    ? true
41 
-                    : false
42 
-
43 
-            // TODO: instead of putting the token in the return headers,
44 
-            // simply put it in the activeSessions Object
45 
-            try {
46 
-                const response = h.response({
47 
-                    ok: true,
48 
-                    handler: pluginConfig.handlerType,
49 
-                    data: accessTokenInHashedSessions,
50 
-                })
51 
-                // response.header('Authorization', token)
52 
-                return response
53 
-            } catch (err) {
54 
-                return {
55 
-                    ok: false,
56 
-                    handler: pluginConfig.handlerType,
57 
-                    data: {
58 
-                        error: err,
59 
-                    },
60 
-                }
61 
-            }
62 
-        },
63 
-        validate: {
64 
-            failAction: 'log',
65 
-        },
66 
-        response: {
67 
-            // TODO: change back to accommodate new h.response return values
68 
-            schema: Joi.any().label('get_access_res'),
69 
-            failAction: 'log',
70 
-        },
71 
-    },
72 
-}

+ 1
- 5
backend/lib/routes/user/getsession.js View File 

@@ -26,11 +26,7 @@ module.exports = {
26 26 
         handler: async function (request, h) {
27 27 
             const { userService } = request.server.services()
28 28 
             const res = request.payload
29 
-            const token = await userService.createToken({
30 
-                ...res,
31 
-                // NOTE: Set Expiration Time for Session Token Here
32 
-                expires: 60 * 10,
33 
-            })
29 
+            const token = await userService.createToken(res)
34 30 
             try {
35 31 
                 const response = h.response({
36 32 
                     ok: true,

+ 3
- 2
backend/lib/routes/user/list-profiles.js View File 

@@ -38,8 +38,9 @@ module.exports = {
38 38 
         ...pluginConfig.docs,
39 39 
         tags: ['api'],
40 40 
         /** Protect this route with authentication? */
41 
-        // auth: false,
42 
-        auth: 'default_jwt',
41 
+        // TODO: change this once sessionToken is passed in headers
42 
+        auth: false,
43 
+        // auth: 'default_jwt',
43 44 
         cors: true,
44 45 
         handler: async function (request, h) {
45 46 
             const { userService, profileService } = request.server.services()

+ 3
- 2
backend/lib/routes/user/user-by-email.js View File 

@@ -18,8 +18,9 @@ module.exports = {
18 18 
     options: {
19 19 
         ...pluginConfig.docs.get,
20 20 
         tags: ['api'],
21 
-        // auth: false,
22 
-        auth: 'default_jwt',
21 
+        auth: false,
22 
+        // TODO: change this once sessionToken is passed in headers
23 
+        // auth: 'default_jwt',
23 24 
         cors: true,
24 25 
         handler: async function (request, h) {
25 26 
             const email = request.params.email

+ 3
- 2
backend/lib/routes/user/validatesession.js View File 

@@ -25,11 +25,12 @@ module.exports = {
25 25 
             exposedHeaders: ['Authorization', 'Access-Control-Expose-Headers'],
26 26 
         },
27 27 
         handler: async function (request, h) {
28 
-            const sessionToken = request.payload
28 
+            const hashedSessionToken = request.payload
29 29 
             const { userService } = request.server.services()
30 30 
             try {
31 
+                // const validatedSessionToken = userService.validateToken(sessionToken)
31 32 
                 const validatedSessionToken =
32 
-                    userService.validateToken(sessionToken)
33 
+                    userService.validateSession(hashedSessionToken)
33 34 
                 return {
34 35 
                     ok: true,
35 36 
                     handler: pluginConfig.handlerType,

backend/lib/routes/user/verifyemail.js → backend/lib/routes/user/verifyactivesession.js View File


+ 64
- 27
backend/lib/services/user.js View File 

@@ -8,6 +8,7 @@ const SecurePassword = require('secure-password')
8 8
9 9 
 // Configuration for Brevo
10 10 
 const SibApiV3Sdk = require('sib-api-v3-sdk')
11 
+const { access, accessSync } = require('fs')
11 12 
 const defaultClient = SibApiV3Sdk.ApiClient.instance
12 13 
 const apiKey = defaultClient.authentications['api-key']
13 14 
 apiKey.apiKey = process.env.BREVO_KEY
 
@@ -217,15 +218,14 @@ module.exports = class UserService extends Schmervice.Service {
217 218
218 219 
     /**
219 220 
      * Create a token to be sent in request headers
220 
-     * @param {User} user
221 
+     * @param {data, expiration}
221 222 
      * @returns {Token}
222 223 
      */
223 
-    createToken(data) {
224 
+    createToken(data, expiration = 600) {
224 225 
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
225 226 
         const obj = {}
226 
-
227 227 
         Object.assign(obj, { ...data })
228 
-        return JWT.sign(obj, key, { expiresIn: data.expires })
228 
+        return JWT.sign(obj, key, { expiresIn: expiration })
229 229 
     }
230 230
231 231 
     /**
 
@@ -233,16 +233,73 @@ module.exports = class UserService extends Schmervice.Service {
233 233 
      * @param {User} user
234 234 
      * @returns {Token}
235 235 
      */
236 
-    // TODO: Move this ino the auth strategies
237 236 
     validateToken(token) {
238 237 
         const key = this.server.registrations['main-app-plugin'].options.jwtKey
239 238 
         try {
240 239 
             return JWT.verify(token, key)
241 240 
         } catch (err) {
242 
-            throw new Error(err.message)
241 
+            return { payload: null, message: err.message }
243 242 
         }
244 243 
     }
245 244
245 
+    /**
246 
+     * Uses this.validateToken() to verify hashedSessionToken's
247 
+     * existence, expiry, and also valdiates accessToken
248 
+     * @param {User} user
249 
+     * @returns {Token}
250 
+     */
251 
+    // TODO: remove testing console.log() messages once onboarding auth is working
252 
+    validateSession(hashedSessionToken) {
253 
+        console.log('this.activeSessions :=>', this.activeSessions)
254 
+        if (!this.activeSessions[hashedSessionToken]) {
255 
+            throw new Error(
256 
+                'hashedSessionToken not in activeSessions registry!',
257 
+            )
258 
+        }
259 
+
260 
+        const rawSessionToken =
261 
+            this.activeSessions[hashedSessionToken].sessionToken
262 
+        const accessToken = this.activeSessions[hashedSessionToken].accessToken
263 
+
264 
+        // Weird Edge case...
265 
+        if (!rawSessionToken) {
266 
+            throw new Error(
267 
+                'hashedSessionToken is in activeSessions registry, but rawSessionToken does not exist',
268 
+            )
269 
+        }
270 
+        const sessionTokenIsValid = this.validateToken(rawSessionToken)
271 
+        console.log('sessionTokenIsValid :=>', sessionTokenIsValid)
272 
+        const accessTokenIsValid = this.validateToken(accessToken)
273 
+        console.log('accessTokenIsValid :=>', accessTokenIsValid)
274 
+
275 
+        // Both sessionToken and accessToken are expired
276 
+        if (!sessionTokenIsValid.payload && !accessTokenIsValid.payload) {
277 
+            console.log('session is expired! kicking you off!')
278 
+            return sessionTokenIsValid
279 
+        }
280 
+        if (sessionTokenIsValid.payload && !accessTokenIsValid.payload) {
281 
+            console.log(
282 
+                'sessionToken is valid, but accessToken is null or is expired :=>',
283 
+            )
284 
+            const accessToken = this.createToken({
285 
+                payload: sessionTokenIsValid.payload,
286 
+            })
287 
+            this.activeSessions[hashedSessionToken].accessToken = accessToken
288 
+        } else if (!sessionTokenIsValid.payload && accessTokenIsValid.payload) {
289 
+            console.log(
290 
+                'accessToken is valid, but sessionToken has expired :=>',
291 
+            )
292 
+            const newSessionToken = this.createToken({
293 
+                payload: accessTokenIsValid.payload,
294 
+            })
295 
+            this.activeSessions[hashedSessionToken].sessionToken =
296 
+                newSessionToken
297 
+        }
298 
+        return {
299 
+            ...sessionTokenIsValid.payload,
300 
+            sessionToken: this.activeSessions[hashedSessionToken].sessionToken,
301 
+        }
302 
+    }
246 303 
     /**
247 304 
      * Use knex to try to change password entry
248 305 
      * @param {number} id
 
@@ -277,26 +334,6 @@ module.exports = class UserService extends Schmervice.Service {
277 334 
         return passwordRow ? passwordRow.token : null
278 335 
     }
279 336
280 
-    // TODO: rewrite for new activeSessions object
281 
-    async checkEmailRegistry(userEmail) {
282 
-        const hashedEmail = await hashEmail(userEmail)
283 
-        const now = Date.now()
284 
-        // hashedEmail needs to be derived by email, salt
285 
-        const expiration = this.hashedEmails[hashedEmail]
286 
-        console.log('this.hashedEmails :=>', this.hashedEmails)
287 
-        const emailIsRegistered = Object.keys(this.hashedEmails).includes(
288 
-            hashedEmail,
289 
-        )
290 
-        const emailIsExpired = now > expiration ? true : false
291 
-        console.log('emailIsRegistered :=>', emailIsRegistered)
292 
-        console.log('emailIsExpired :=>', emailIsExpired)
293 
-        if (emailIsRegistered && !emailIsExpired) {
294 
-            return true
295 
-        } else {
296 
-            return false
297 
-        }
298 
-    }
299 
-
300 337 
     /**
301 338 
      * Sends a Transactional Email via Brevo
302 339 
      * @ returns {Object}
 
@@ -307,7 +344,6 @@ module.exports = class UserService extends Schmervice.Service {
307 344 
             return new Error('session already in cache!!')
308 345 
         }
309 346 
         // Set expiration time for ten minutes from now
310 
-        // QUESTION: should we use the sessionToken's expiration time instead?
311 347 
         const duration = 600000
312 348
313 349 
         this.activeSessions[hashedSessionToken] = {
 
@@ -316,6 +352,7 @@ module.exports = class UserService extends Schmervice.Service {
316 352 
             seeking: userCredentials.seeking,
317 353 
             sessionToken: userCredentials.sessionToken,
318 354 
             expiration: Date.now() + duration,
355 
+            accessToken: null,
319 356 
         }
320 357
321 358 
         const sendSmtpEmail = {

+ 2
- 0
frontend/src/components/onboarding/Auth.vue View File 

@@ -51,10 +51,12 @@ export default {
51 51 
             const sessionToken = await this.getSessionToken({
52 52 
                 ...this.answered,
53 53 
             })
54 
+            console.log('sessionToken :=>', sessionToken)
54 55 
             const sessionInfo = await this.authenticator.sendAuthEmail({
55 56 
                 ...this.answered,
56 57 
                 sessionToken: sessionToken,
57 58 
             })
59 
+            console.log('sessionInfo :=>', sessionInfo)
58 60 
             document.cookie = `siimee_session=${sessionInfo.hashedSessionToken}; max-age=600; path=/; secure`
59 61 
         } catch (err) {
60 62 
             // TODO: render an error page in this component displaying which

+ 2
- 10
frontend/src/services/auth.service.js View File 

@@ -7,22 +7,14 @@ class Authenticator {
7 7 
     async sendAuthEmail(answered) {
8 8 
         return await db.post('/user/sendemail/', answered)
9 9 
     }
10 
-    // NOTE: doesn't have to be a POST request, could be a GET with token instead of email
11 
-    async checkIfEmailIsRegistered(email) {
12 
-        return await db.post('/user/checkemailregistry/', email)
13 
-    }
14 10 
     async verifyAuthSession(hashedSessionToken) {
15 11 
         return await db.get(`/user/verify/${hashedSessionToken}`)
16 12 
     }
17 13 
     async getSessionToken(req) {
18 14 
         return await db.post('/user/getsession', req, true)
19 15 
     }
20 
-    //async getAccessToken(req) {
21 
-    async assignAccessTokenToSession(req) {
22 
-        return await db.post('/user/getaccess', req)
23 
-    }
24 
-    async validateSession(token) {
25 
-        return await db.post('/user/validatesession', token, true)
16 
+    async validateSession(hashedSessionToken) {
17 
+        return await db.post('/user/validatesession', hashedSessionToken, true)
26 18 
     }
27 19 
 }
28 20

+ 1
- 1
frontend/src/utils/db.js View File 

@@ -45,7 +45,7 @@ class Connector {
45 45 
             if (!res.ok) {
46 46 
                 // NOTE: Somewhat hacky workaround here to get auth working
47 47 
                 if (res.status === 401) {
48 
-                    return { status: jsonRes.statusCode }
48 
+                    return { status: res.status }
49 49 
                 } else {
50 50 
                     throw Error(res.statusText)
51 51 
                 }

+ 11
- 76
frontend/src/views/OnboardingView.vue View File 

@@ -43,8 +43,7 @@ import {
43 43 
 import { surveyFactory } from '@/utils'
44 44 
 import stepViews from '@/components/onboarding'
45 45 
 import SurveyCompleteView from './SurveyCompleteView.vue'
46 
-let sessionToken = null
47 
-let accessToken = null
46 
+let hashedSessionToken = null
48 47 
 let currentProfileId = null
49 48
50 49 
 export default {
 
@@ -70,18 +69,14 @@ export default {
70 69 
     async created() {
71 70 
         this.survey = await surveyFactory.createSurvey()
72 71 
         this.authenticator = new Authenticator()
73 
-        // TODO: Note that all this try/catch can be in a function instead,
74 
-        // since it has to be done on created() and every step after 6...
75 
-        sessionToken = this.grabStoredCookie('siimee_session')
76 
-        accessToken = this.grabStoredCookie('siimee_access')
77 
-        // TODO: More graceful way of throwing exceptions if sessionData is not defined??
72 
+        hashedSessionToken = this.grabStoredCookie('siimee_session')
78 73 
         try {
79 
-            const sessionData = await this.verifyBothTokens()
80 
-            await this.isEmailInRegistry(sessionData.payload.email)
74 
+            const sessionData = await this.verifySession(hashedSessionToken)
75 
+            console.log('sessionData :=>', sessionData)
81 76 
             // TODO: Validate All routes hit by these methods using tokens in headers
82 
-            const userId = await this.grabUserIdByEmail(
83 
-                sessionData.payload.email,
84 
-            )
77 
+            // NOTE: This can be accomplished using sessionData.sessionToken,
78 
+            // as it currently has the raw session token in it
79 
+            const userId = await this.grabUserIdByEmail(sessionData.email)
85 80 
             currentProfileId = await this.grabProfileIdByUserId(userId)
86 81 
             this.responses = await this.grabResponsesByProfileId(
87 82 
                 currentProfileId,
 
@@ -112,62 +107,11 @@ export default {
112 107 
                 cookieKey in cookies ? cookies[`${cookieKey}`] : undefined
113 108 
             return cookieVal
114 109 
         },
115 
-        // TODO: Possible Security issue, returned .payload has user email in plain text...
116 
-        async verifyBothTokens() {
117 
-            // Validate both tokens on the backend at the same time
118 
-            const sessionTokenIsValid = await this.verifySessionToken(
119 
-                sessionToken,
120 
-                accessToken,
121 
-            )
122 
-            const accessTokenIsValid = await this.verifyAccessToken(accessToken)
123 
-            if (
124 
-                accessTokenIsValid.status === 401 &&
125 
-                sessionTokenIsValid.status !== 401
126 
-            ) {
127 
-                console.warn(
128 
-                    'WARNING :=> Access Token Expired, but Session Token Is Still Valid, reissuing Access Token...',
129 
-                )
130 
-                // TODO: break out reissuing new tokens into separate _function
131 
-                const newAccessToken = await this.authenticator.getAccessToken(
132 
-                    sessionTokenIsValid.payload,
133 
-                )
134 
-                const newAccessTokenIsValid = await this.verifyAccessToken(
135 
-                    newAccessToken,
136 
-                )
137 
-                accessToken = newAccessToken
138 
-                document.cookie = `siimee_access=${newAccessToken}; max-age=600; path=/; secure`
139 
-                // NOTE: Resetting Session Token otherwise session
140 
-                // token will always expire after 10 minutes...???
141 
-                const newSessionToken =
142 
-                    await this.authenticator.getSessionToken(
143 
-                        sessionTokenIsValid.payload,
144 
-                    )
145 
-                sessionToken = newSessionToken
146 
-                document.cookie = `siimee_session=${newSessionToken}; max-age=600; path=/; secure`
147 
-                return newAccessTokenIsValid
148 
-            } else if (
149 
-                accessTokenIsValid.status === 401 &&
150 
-                sessionTokenIsValid.status === 401
151 
-            ) {
152 
-                sessionToken = null
153 
-                accessToken = null
154 
-                currentProfileId = null
155 
-                throw new Error('Both Session and Access Token Are Expired!!')
156 
-            } else return accessTokenIsValid
157 
-        },
158 
-        async verifySessionToken(sessionToken) {
159 
-            if (!sessionToken) {
110 
+        async verifySession(hashedSessionToken) {
111 
+            if (!hashedSessionToken)
160 112 
                 return console.warn('WARNING :=> sessionToken is not defined')
161 
-            } else return await this.validateToken(sessionToken)
162 
-        },
163 
-        async verifyAccessToken(accessToken) {
164 
-            if (!accessToken) {
165 
-                return console.warn('WARNING :=> accessToken is not defined')
166 
-            } else return await this.validateToken(accessToken)
167 
-        },
168 
-        async validateToken(token) {
169 113 
             const validatedToken = await this.authenticator.validateSession(
170 
-                token,
114 
+                hashedSessionToken,
171 115 
             )
172 116 
             if (validatedToken.error) {
173 117 
                 throw new Error(validatedToken.error)
 
@@ -175,13 +119,6 @@ export default {
175 119 
                 return validatedToken
176 120 
             }
177 121 
         },
178 
-        async isEmailInRegistry(email) {
179 
-            const emailIsInRegistry =
180 
-                await this.authenticator.checkIfEmailIsRegistered(email)
181 
-            if (!emailIsInRegistry) {
182 
-                throw new Error('Email Is NOT in Registry!')
183 
-            } else return emailIsInRegistry
184 
-        },
185 122 
         async grabUserIdByEmail(email) {
186 123 
             const user = await fetchUserByEmail(email)
187 124 
             if (!user) {
 
@@ -246,14 +183,12 @@ export default {
246 183 
             // if user as finished minimum profile creation,
247 184 
             // Adds survey answers to responses table and verifies tokens on each step
248 185 
             if (currentProfileId) {
249 
-                // TODO: Still have to authenticate this route
250 186 
                 await surveyFactory.addNewSurveyAnswer(
251 187 
                     this.responses[this.responses.length - 1],
252 188 
                     currentProfileId,
253 
-                    accessToken,
254 189 
                 )
255 190 
                 try {
256 
-                    await this.verifyBothTokens(sessionToken, accessToken)
191 
+                    await this.verifySession(hashedSessionToken)
257 192 
                 } catch (err) {
258 193 
                     this.currentStep = 0
259 194 
                     this.goToStep(this.currentStep)

+ 10
- 15
frontend/src/views/VerifyView.vue View File 

@@ -7,7 +7,7 @@
7 7 
 <script>
8 8 
 import { Authenticator } from '../services/auth.service.js'
9 9 
 let hash = null
10 
-let sessionToken = null
10 
+let hashedSessionToken = null
11 11 
 export default {
12 12 
     name: 'VerifyView',
13 13 
     data: () => ({
 
@@ -16,12 +16,12 @@ export default {
16 16 
     async created() {
17 17 
         this.authenticator = new Authenticator()
18 18 
         hash = this.$route.params.hashedToken
19 
-        sessionToken = this.grabCookie('siimee_session')
19 
+        hashedSessionToken = this.grabCookie('siimee_session')
20 20 
         try {
21 21 
             this.isHashInUrl(hash)
22 
-            await this.doesSessionTokenExist(sessionToken)
23 
-            const rawSessionToken = await this.grabTokenFromHash(hash)
24 
-            await this.isSessionTokenValid(hash, rawSessionToken)
22 
+            await this.doesSessionTokenExist(hashedSessionToken)
23 
+            await this.verifyActiveSession(hash)
24 
+            await this.isSessionTokenValid(hash)
25 25 
         } catch (err) {
26 26 
             console.error(err)
27 27 
         }
 
@@ -43,13 +43,13 @@ export default {
43 43 
         isHashInUrl(hash) {
44 44 
             if (!hash) throw new Error('URL contains no hash!')
45 45 
         },
46 
-        async doesSessionTokenExist(sessionToken) {
47 
-            if (!sessionToken)
46 
+        async doesSessionTokenExist(hashedSessionToken) {
47 
+            if (!hashedSessionToken)
48 48 
                 throw new Error('sessionToken not in cookie store!')
49 49 
         },
50 50 
         // TODO: Next is to put this into OnboardingView
51 51 
         // TODO: validate routes using sole SessionToken Grabbed from hash in cookie
52 
-        async grabTokenFromHash(hashedToken) {
52 
+        async verifyActiveSession(hashedToken) {
53 53 
             const sessionData = await this.authenticator.verifyAuthSession(
54 54 
                 hashedToken,
55 55 
             )
 
@@ -57,16 +57,11 @@ export default {
57 57 
                 throw new Error('Hash is not in registry!')
58 58 
             else return sessionData.sessionToken
59 59 
         },
60 
-        async isSessionTokenValid(hash, sessionToken) {
60 
+        async isSessionTokenValid(hash) {
61 61 
             const sessionTokenIsValid =
62 
-                await this.authenticator.validateSession(sessionToken)
63 
-            console.log('sessionTokenIsValid :=>', sessionTokenIsValid)
62 
+                await this.authenticator.validateSession(hash)
64 63 
             if (sessionTokenIsValid.error) {
65 64 
                 throw new Error(sessionTokenIsValid.error)
66 
-            } else {
67 
-                await this.authenticator.assignAccessTokenToSession({
68 
-                    hash,
69 
-                })
70 65 
             }
71 66 
         },
72 67 
     },

Write Preview
Loading…
Cancel
Save