fyindr
/
siimee
Segui 4
Vota 3
Forka 1
Codice Pull Requests 1 Rilasci 4 Wiki Attività
Sfoglia il codice sorgente

:poop: Failed attempt to authenticate using hashedSessionToken

tags/0.0.3^2
tomit4 2 anni fa
parent
013e718add
commit
80deb3b2df
3 ha cambiato i file con 18 aggiunte e 8 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 13
    4
      backend/lib/auth/strategies/jwt.js
  2. 2
    0
      backend/lib/routes/user/email.js
  3. 3
    4
      backend/lib/services/user.js

+ 13
- 4
backend/lib/auth/strategies/jwt.js Vedi File 

@@ -7,16 +7,25 @@ module.exports = options => {
7 7 
         verifyOptions: {
8 8 
             algorithms: ['HS256'],
9 9 
         },
10 
-        // TODO: check the h object to see if the activeSessions is accessible from it
11 
-        // check useronlinestatus branch request.server.app
10 
+        // NOTE: TASK 3 Not yet done, but this passes a hashedSessionToken
11 
+        // through headers in failed attempt to never have raw JWT's in front end
12 
+
12 13 
         // Always check rawAccessToken, if it fails, we check the session, if session
13 14 
         // is valid, then we reissue it
14 15 
         // if session is NOT valid, DELETE the session (and kick user back to login)
15 16 
         // TODO: set up cron job to occassionaly clean up activeSessions
16 17 
         validate: (decoded, request, h) => {
17 
-            const token = request.headers.authorization
18 
+            // NOTE: this won't work as it immediately invalidates anything that isn't a raw jwt
19 
+            const hashedSessionToken = request.headers.authorization
20 
+            const sessionToken =
21 
+                request.server.app.activeSessions[hashedSessionToken]
22 
+                    .sessionToken
23 
+            console.log('sessionToken :=>', sessionToken)
18 24 
             try {
19 
-                const validatedJwt = JWT.verify(token, process.env.APP_SECRET)
25 
+                const validatedJwt = JWT.verify(
26 
+                    sessionToken,
27 
+                    process.env.APP_SECRET,
28 
+                )
20 29 
                 return {
21 30 
                     isValid: true,
22 31 
                     credentials: validatedJwt.email,

+ 2
- 0
backend/lib/routes/user/email.js Vedi File 

@@ -33,6 +33,8 @@ module.exports = {
33 33 
                         userCredentials.email
34 34 
                     )
35 35 
                 })
36 
+                // Registers the activeSessions object for use by jwt auth strategy
37 
+                request.server.app.activeSessions = userService.activeSessions
36 38 
                 if (!hashedSessionToken.length) {
37 39 
                     throw Error('hashedSessionToken not Found!!')
38 40 
                 }

+ 3
- 4
backend/lib/services/user.js Vedi File 

@@ -293,9 +293,6 @@ module.exports = class UserService extends Schmervice.Service {
293 293 
      * @returns {PayloadFromActiveSessions}
294 294 
      */
295 295 
     validateSession(hashedSessionToken) {
296 
-        // TODO: Remove this console.log() prior to release to production,
297 
-        // (useful for testing application state)
298 
-        console.log('this.activeSessions :=>', this.activeSessions)
299 296 
         const userSession = this.activeSessions[hashedSessionToken]
300 297 
         if (!userSession) {
301 298 
             throw new Error(
 
@@ -307,7 +304,9 @@ module.exports = class UserService extends Schmervice.Service {
307 304 
         this._createAccessTokenIfExpired(userSession, validatedTokens)
308 305 
         return {
309 306 
             ...validatedTokens.sessionTokenIsValid.payload,
310 
-            sessionToken: this.activeSessions[hashedSessionToken].sessionToken,
307 
+            // sessionToken: this.activeSessions[hashedSessionToken].sessionToken,
308 
+            // NOTE: this won't work as the jwt auth strategy needs a raw JWT string
309 
+            sessionToken: hashedSessionToken,
311 310 
         }
312 311 
     }
313 312 
     /**

Write Preview
Loading…
Annulla
Salva