:bug: Fixed bug with access token expiration

backend/lib/auth/strategies/jwt.js

@@ -13,7 +13,7 @@ module.exports = options => {
                 const validatedJwt = JWT.verify(token, process.env.APP_SECRET)
                 return {
                     isValid: true,
-                    credentials: validatedJwt.payload.email,
+                    credentials: validatedJwt.email,
                 }
             } catch (err) {
                 console.error('ERROR :=>', err)

backend/lib/routes/profile/get.js

@@ -29,7 +29,8 @@ module.exports = {
         ...pluginConfig.docs,
         tags: ['api'],
         /** Protect this route with authentication? */
-        auth: false,
+        // auth: false,
+        auth: 'default_jwt',
         cors: true,
         handler: async function (request, h) {
             const { profile_id } = request.params

backend/lib/routes/user/getaccess.js

@@ -29,7 +29,9 @@ module.exports = {
             const token = await userService.createToken({
                 ...res,
                 // NOTE: Set Expiration Time for Access Token Here
-                expires: Math.floor(Date.now() / 1000) + 60 * 2,
+                // expires: 60 * 2,
+                // TESTING:
+                expires: 30,
             })
             try {
                 const response = h.response({

backend/lib/routes/user/getsession.js

@@ -29,7 +29,7 @@ module.exports = {
             const token = await userService.createToken({
                 ...res,
                 // NOTE: Set Expiration Time for Session Token Here
-                expires: Math.floor(Date.now() / 1000) + 60 * 10,
+                expires: 60 * 10,
             })
             try {
                 const response = h.response({

backend/lib/routes/user/list-profiles.js

@@ -38,7 +38,8 @@ module.exports = {
         ...pluginConfig.docs,
         tags: ['api'],
         /** Protect this route with authentication? */
-        auth: false,
+        // auth: false,
+        auth: 'default_jwt',
         cors: true,
         handler: async function (request, h) {
             const { userService, profileService } = request.server.services()

backend/lib/routes/user/user-by-email.js

@@ -18,7 +18,8 @@ module.exports = {
     options: {
         ...pluginConfig.docs.get,
         tags: ['api'],
-        auth: false,
+        // auth: false,
+        auth: 'default_jwt',
         cors: true,
         handler: async function (request, h) {
             const email = request.params.email

frontend/src/utils/db.js

@@ -45,7 +45,7 @@ class Connector {
             if (!res.ok) {
                 // NOTE: Somewhat hacky workaround here to get auth working
                 if (res.status === 401) {
-                    return { ...jsonRes.data, status: res.status }
+                    return { status: jsonRes.statusCode }
                 } else {
                     throw Error(res.statusText)
                 }
@@ -75,6 +75,7 @@ class Connector {
             })
         }
     }
+    // TODO: probably needs authHeader param for insertSurveyResponses
     async post(endpoint, payload = {}, returnHeaders = false) {
         return await this._tryFetch({
             endpoint,

frontend/src/views/OnboardingView.vue

@@ -71,10 +71,7 @@ export default {
         accessToken = this.grabStoredCookie('siimee_access')
         // TODO: More graceful way of throwing exceptions if sessionData is not defined??
         try {
-            const sessionData = await this.verifyBothTokens(
-                sessionToken,
-                accessToken,
-            )
+            const sessionData = await this.verifyBothTokens()
             await this.isEmailInRegistry(sessionData.payload.email)
             // TODO: Validate All routes hit by these methods using tokens in headers
             const userId = await this.grabUserIdByEmail(
@@ -110,7 +107,7 @@ export default {
                 cookieKey in cookies ? cookies[`${cookieKey}`] : undefined
             return cookieVal
         },
-        async verifyBothTokens(sessionToken, accessToken) {
+        async verifyBothTokens() {
             const sessionTokenIsValid = await this.verifySessionToken(
                 sessionToken,
             )
@@ -122,22 +119,23 @@ export default {
                 console.warn(
                     'WARNING :=> Access Token Expired, but Session Token Is Still Valid, reissuing Access Token...',
                 )
-                // NOTE: Whether to implement newSessionToken is unclear in notes,
-                // but without this, user session will expire in 10 minutes no matter what...
-                const newSessionToken =
-                    await this.authenticator.getSessionToken(
-                        sessionTokenIsValid.payload,
-                    )
+                // TODO: break out reissuing new tokens into separate _function
                 const newAccessToken = await this.authenticator.getAccessToken(
                     sessionTokenIsValid.payload,
                 )
-                sessionToken = newSessionToken
-                accessToken = newAccessToken
-                document.cookie = `siimee_access=${newSessionToken}; max-age=600; path=/; secure`
-                document.cookie = `siimee_access=${newAccessToken}; max-age=600; path=/; secure`
                 const newAccessTokenIsValid = await this.verifyAccessToken(
                     newAccessToken,
                 )
+                accessToken = newAccessToken
+                document.cookie = `siimee_access=${newAccessToken}; max-age=600; path=/; secure`
+                // NOTE: Resetting Session Token otherwise session
+                // token will always expire after 10 minutes...???
+                const newSessionToken =
+                    await this.authenticator.getSessionToken(
+                        sessionTokenIsValid.payload,
+                    )
+                sessionToken = newSessionToken
+                document.cookie = `siimee_session=${newSessionToken}; max-age=600; path=/; secure`
                 return newAccessTokenIsValid
             } else if (
                 accessTokenIsValid.status === 401 &&
@@ -184,20 +182,21 @@ export default {
         },
         async grabProfileIdByUserId(userId) {
             const profilesFromUserId = await fetchProfilesByUserId(userId)
-            if (profilesFromUserId.length === 1) {
+            if (
+                profilesFromUserId.length === 1 &&
+                profilesFromUserId.status !== 401
+            ) {
                 return profilesFromUserId[0].profile_id
-            } else {
+            } else if (profilesFromUserId.length > 1) {
                 // TODO: Refactor once more is known on users with multiple profiles
-                console.error(
-                    'ERROR :=> Multiple Profiles for this User ID',
-                    profilesFromUserId,
-                )
                 throw new Error('Multiple Profiles for this User ID')
+            } else {
+                throw new Error('No Profile for User ID found')
             }
         },
         async grabProfileByProfileId(profileId) {
             const profile = await fetchProfileByProfileId(profileId)
-            if (!profile) {
+            if (!profile || profile.status === 401) {
                 throw new Error(`No Profile Found for profileId ${profileId}`)
             } else {
                 return profile
@@ -206,7 +205,7 @@ export default {
         async grabResponsesByProfileId(profileId) {
             const responses = []
             const profile = await this.grabProfileByProfileId(profileId)
-            if (!profile.responses.length) {
+            if (!profile.responses.length || profile.responses.status === 401) {
                 throw new Error(`No Responses Found for profileId ${profileId}`)
             } else {
                 profile.responses.forEach(response => {
@@ -234,25 +233,23 @@ export default {
                 response.response_key_id = payload.question.response_key_id
                 response.val = payload.input
                 this.responses.push(response)
-
-                // TODO: Validate this route using tokens in headers
-                // TODO: Set check via methods to see if tokens are still valid,
-                // if BOTH tokens are NOT valid,
-                // currentProfileId = null and this.currentStep = 0
-                if (currentProfileId) {
-                    await surveyFactory.addNewSurveyAnswer(
-                        this.responses[this.responses.length - 1],
-                        currentProfileId,
-                    )
-                    try {
-                        this.verifyBothTokens(sessionToken, accessToken)
-                    } catch (err) {
-                        console.error('ERROR :=>', err)
-                        this.goToStep(0)
-                    }
-                }
                 if (k === 'aspects') return
             }
+            if (currentProfileId) {
+                // TODO: Still have to authenticate this route
+                await surveyFactory.addNewSurveyAnswer(
+                    this.responses[this.responses.length - 1],
+                    currentProfileId,
+                    accessToken,
+                )
+                try {
+                    await this.verifyBothTokens(sessionToken, accessToken)
+                } catch (err) {
+                    this.currentStep = 0
+                    this.goToStep(this.currentStep)
+                    throw new Error(err)
+                }
+            }
             if (this.currentStep > this.survey.steps.length) {
                 this.onSubmit(this.answered)
             } else {