From c735ad098eac1b02f0aabc20e89b152cbc48f34f Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Thu, 5 Aug 2021 00:00:23 -0400 Subject: [PATCH 01/10] first step in refactoring authMiddleware --- api/src/middleware/authMiddleware.js | 114 ++++++++++++++------------- 1 file changed, 61 insertions(+), 53 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 461eb9aab..addb4221e 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -2,77 +2,85 @@ const jwt = require('jsonwebtoken') const jwkToPem = require('jwk-to-pem') const db = require('../models') +const responses = [ + { + error: 'Invalid token provided.', + name: 'InvalidToken' + }, + { + error: 'The token has been expired.', + name: 'TokenExpired' + }, + { + error: 'Not authorized, token failed', + name: 'Unauthorized' + }, + { + error: 'Unauthorized', + name: 'Unauthorized' + } +] + +function checkAuthorization(err) { + if (err.message === 'jwt expired') { + throw Error('TokenExpired') + } else { + throw Error('InvalidToken') + } +} + +const throwError = message => responses.filter(response => response.name.match(message)) + +function maintainState() { + if (process.env.AUTH_METHOD !== 'cognito') { + req.user = await db.User.findOne({ where: { userID: decoded.id } }) + } else if (recoded) { + req.user = await db.User.findOne({ where: { userID: recoded.sub } }) + } else { + throw Error('User not found') + } + +} + +const recode = (err, decodedToken) => { + if (err) { + checkAuthorization(err) + } + recoded = decodedToken +} + +const decode = (err, decodedToken) => { + if (err) { + checkAuthorization(err) + } + decoded = decodedToken +} + module.exports = async (req, res, next) => { let decoded let recoded + const headers = req.headers.authorization && req.headers.authorization.startsWith('Bear') if ( - req.headers.authorization && - req.headers.authorization.startsWith('Bearer') + headers ) { try { const token = req.headers.authorization.split(' ')[1] if (process.env.AUTH_METHOD !== 'cognito') { - jwt.verify(token, process.env.JWT_SECRET, function (err, decodedToken) { - if (err) { - if (err.message === 'jwt expired') { - throw Error('TokenExpired') - } else { - throw Error('InvalidToken') - } - } - decoded = decodedToken - }) + jwt.verify(token, process.env.JWT_SECRET, decode(err, decodedToken)) } else { const jwk = require('./jwks.json') const pem = jwkToPem(jwk.keys[0]) - jwt.verify(token, pem, { algorithms: ['RS256'] }, function (err, decodedToken) { - if (err) { - if (err.message === 'jwt expired') { - throw Error('TokenExpired') - } else { - throw Error('InvalidToken') - } - } - recoded = decodedToken - }) + jwt.verify(token, pem, { algorithms: ['RS256'] }, recode(err, decodedToken)) } /* * TODO: Maintain session and check again local session */ - if (process.env.AUTH_METHOD !== 'cognito') { - req.user = await db.User.findOne({ where: { userID: decoded.id } }) - } else if (recoded) { - req.user = await db.User.findOne({ where: { userID: recoded.sub } }) - } else { - throw Error('User not found') - } + maintainState() next() } catch (error) { - switch (error.message) { - case 'InvalidToken': - res.status(401).json({ - error: 'Invalid token provided.', - name: error.message - }) - break - case 'TokenExpired': - res.status(401).json({ - error: 'The token has been expired.', - name: error.message - }) - break - default: - res.status(401).json({ - error: 'Not authorized, token failed', - name: 'Unauthorized' - }) - break - } + res.status(401).json(throwError(error.message)) } } else { - res.status(401).json({ - error: 'Unauthorized', - name: 'Unauthorized' - }) + res.status(401).json(throwError('Unauthorized')) } } From 366d9f399e70ef5bd48961648a8fa160d5ed4961 Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Thu, 5 Aug 2021 20:46:05 -0400 Subject: [PATCH 02/10] new changes --- api/src/middleware/authMiddleware.js | 29 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index addb4221e..532e83ba2 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -21,7 +21,7 @@ const responses = [ } ] -function checkAuthorization(err) { +function checkAuthorization (err) { if (err.message === 'jwt expired') { throw Error('TokenExpired') } else { @@ -31,35 +31,34 @@ function checkAuthorization(err) { const throwError = message => responses.filter(response => response.name.match(message)) -function maintainState() { - if (process.env.AUTH_METHOD !== 'cognito') { - req.user = await db.User.findOne({ where: { userID: decoded.id } }) - } else if (recoded) { - req.user = await db.User.findOne({ where: { userID: recoded.sub } }) - } else { - throw Error('User not found') - } - -} - const recode = (err, decodedToken) => { if (err) { - checkAuthorization(err) + checkAuthorization(err) } recoded = decodedToken } const decode = (err, decodedToken) => { if (err) { - checkAuthorization(err) + checkAuthorization(err) } decoded = decodedToken } +const maintainState = async (req) => { + if (process.env.AUTH_METHOD !== 'cognito') { + req.user = await db.User.findOne({ where: { userID: decoded.id } }) + } else if (recoded) { + req.user = await db.User.findOne({ where: { userID: recoded.sub } }) + } else { + throw Error('User not found') + } +} module.exports = async (req, res, next) => { let decoded let recoded const headers = req.headers.authorization && req.headers.authorization.startsWith('Bear') + if ( headers ) { @@ -78,7 +77,7 @@ module.exports = async (req, res, next) => { maintainState() next() } catch (error) { - res.status(401).json(throwError(error.message)) + res.status(401).json(throwError(error.message)) } } else { res.status(401).json(throwError('Unauthorized')) From d47e639878c0bb27159b4be0f725b37424c1e82c Mon Sep 17 00:00:00 2001 From: Puskar Adhikari Date: Fri, 6 Aug 2021 12:55:36 +0545 Subject: [PATCH 03/10] fixed unable to login issue and code refactored --- api/src/middleware/authMiddleware.js | 59 +++++++++++++--------------- 1 file changed, 27 insertions(+), 32 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 532e83ba2..fe8425804 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -29,52 +29,47 @@ function checkAuthorization (err) { } } -const throwError = message => responses.filter(response => response.name.match(message)) +const throwError = (message) => + responses.filter((response) => response.name.match(message)) -const recode = (err, decodedToken) => { - if (err) { - checkAuthorization(err) - } - recoded = decodedToken +const verifyToken = (token) => { + const jwk = require('./jwks.json') + const pem = jwkToPem(jwk.keys[0]) + + process.env.AUTH_METHOD !== 'cognito' + ? jwt.verify(token, process.env.JWT_SECRET, (err, decodedToken) => { + decodeTokenFnc(err, decodedToken) + }) + : jwt.verify(token, pem, { algorithms: ['RS256'] }, (err, decodedToken) => { + decodeTokenFnc(err, decodedToken) + }) } -const decode = (err, decodedToken) => { +const decodeTokenFnc = (err, decodedToken) => { if (err) { checkAuthorization(err) } - decoded = decodedToken + coded = decodedToken } -const maintainState = async (req) => { - if (process.env.AUTH_METHOD !== 'cognito') { - req.user = await db.User.findOne({ where: { userID: decoded.id } }) - } else if (recoded) { - req.user = await db.User.findOne({ where: { userID: recoded.sub } }) - } else { + +async function maintainState (req) { + try { + req.user = await db.User.findOne({ + where: { userID: coded.id ? coded.id : coded.sub } + }) + } catch (error) { throw Error('User not found') } } module.exports = async (req, res, next) => { - let decoded - let recoded - const headers = req.headers.authorization && req.headers.authorization.startsWith('Bear') - - if ( - headers - ) { + const headers = + req.headers.authorization && req.headers.authorization.startsWith('Bearer') + if (headers) { try { const token = req.headers.authorization.split(' ')[1] - if (process.env.AUTH_METHOD !== 'cognito') { - jwt.verify(token, process.env.JWT_SECRET, decode(err, decodedToken)) - } else { - const jwk = require('./jwks.json') - const pem = jwkToPem(jwk.keys[0]) - jwt.verify(token, pem, { algorithms: ['RS256'] }, recode(err, decodedToken)) - } - /* - * TODO: Maintain session and check again local session - */ - maintainState() + verifyToken(token) + await maintainState(req) next() } catch (error) { res.status(401).json(throwError(error.message)) From ddabd1b04d6b2cded5f7415d161125f6f2673e30 Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 11:22:45 -0400 Subject: [PATCH 04/10] enclosed keys in quotes --- api/src/middleware/authMiddleware.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index fe8425804..62bd327e7 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -4,20 +4,20 @@ const db = require('../models') const responses = [ { - error: 'Invalid token provided.', - name: 'InvalidToken' + "error": 'Invalid token provided.', + "name": 'InvalidToken' }, { - error: 'The token has been expired.', - name: 'TokenExpired' + "error": 'The token has been expired.', + "name": 'TokenExpired' }, { - error: 'Not authorized, token failed', - name: 'Unauthorized' + "error": 'Not authorized, token failed', + "name": 'Unauthorized' }, { - error: 'Unauthorized', - name: 'Unauthorized' + "error": 'Unauthorized', + "name": 'Unauthorized' } ] From 70991988375615a0e604b541733b92ef59707410 Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 11:32:13 -0400 Subject: [PATCH 05/10] switched keys to single quotes --- api/src/middleware/authMiddleware.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 62bd327e7..be8d1e905 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -4,20 +4,20 @@ const db = require('../models') const responses = [ { - "error": 'Invalid token provided.', - "name": 'InvalidToken' + 'error': 'Invalid token provided.', + 'name': 'InvalidToken' }, { - "error": 'The token has been expired.', - "name": 'TokenExpired' + 'error': 'The token has been expired.', + 'name': 'TokenExpired' }, { - "error": 'Not authorized, token failed', - "name": 'Unauthorized' + 'error': 'Not authorized, token failed', + 'name': 'Unauthorized' }, { - "error": 'Unauthorized', - "name": 'Unauthorized' + 'error': 'Unauthorized', + 'name': 'Unauthorized' } ] From 0ffe76a1bc67d5b6b493ecdb395805fb3b4e20cd Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 11:40:38 -0400 Subject: [PATCH 06/10] linted keys and coded variable --- api/src/middleware/authMiddleware.js | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index be8d1e905..6debb48a3 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -2,22 +2,24 @@ const jwt = require('jsonwebtoken') const jwkToPem = require('jwk-to-pem') const db = require('../models') +let coded + const responses = [ { - 'error': 'Invalid token provided.', - 'name': 'InvalidToken' + error: 'Invalid token provided.', + name: 'InvalidToken' }, { - 'error': 'The token has been expired.', - 'name': 'TokenExpired' + error: 'The token has been expired.', + name: 'TokenExpired' }, { - 'error': 'Not authorized, token failed', - 'name': 'Unauthorized' + error: 'Not authorized, token failed', + name: 'Unauthorized' }, { - 'error': 'Unauthorized', - 'name': 'Unauthorized' + error: 'Unauthorized', + name: 'Unauthorized' } ] From e9c9febea1e7e174d4b898d8d57c1188f3b56035 Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 11:44:34 -0400 Subject: [PATCH 07/10] adding back quotes?? --- api/src/middleware/authMiddleware.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 6debb48a3..8393d0157 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -6,20 +6,20 @@ let coded const responses = [ { - error: 'Invalid token provided.', - name: 'InvalidToken' + 'error': 'Invalid token provided.', + 'name': 'InvalidToken' }, { - error: 'The token has been expired.', - name: 'TokenExpired' + 'error': 'The token has been expired.', + 'name': 'TokenExpired' }, { - error: 'Not authorized, token failed', - name: 'Unauthorized' + 'error': 'Not authorized, token failed', + 'name': 'Unauthorized' }, { - error: 'Unauthorized', - name: 'Unauthorized' + 'error': 'Unauthorized', + 'name': 'Unauthorized' } ] From d54f3b396fe6e04723c0a790b09dce2829cc5d16 Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 11:50:52 -0400 Subject: [PATCH 08/10] flipped keys around --- api/src/middleware/authMiddleware.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 8393d0157..2ca7f2458 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -6,20 +6,20 @@ let coded const responses = [ { - 'error': 'Invalid token provided.', - 'name': 'InvalidToken' + name: 'InvalidToken', + error: 'Invalid token provided.' }, { - 'error': 'The token has been expired.', - 'name': 'TokenExpired' + name: 'TokenExpired', + error: 'The token has been expired.' }, { - 'error': 'Not authorized, token failed', - 'name': 'Unauthorized' + name: 'Unauthorized', + error: 'Not authorized, token failed' }, { - 'error': 'Unauthorized', - 'name': 'Unauthorized' + name: 'Unauthorized', + error: 'Unauthorized' } ] From 9998bb184a44f4f91fbfad5878348058577af8cc Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 12:05:35 -0400 Subject: [PATCH 09/10] removed redundant key --- api/src/middleware/authMiddleware.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 2ca7f2458..0981e9926 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -16,10 +16,6 @@ const responses = [ { name: 'Unauthorized', error: 'Not authorized, token failed' - }, - { - name: 'Unauthorized', - error: 'Unauthorized' } ] From b9c2ac09dd8c04a8f1f12774481fb7d793a6ae73 Mon Sep 17 00:00:00 2001 From: rjpadilla <23529006+rjpadilla@users.noreply.github.com> Date: Mon, 9 Aug 2021 13:32:19 -0400 Subject: [PATCH 10/10] switched filter to find and conditional for cognito --- api/src/middleware/authMiddleware.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/api/src/middleware/authMiddleware.js b/api/src/middleware/authMiddleware.js index 0981e9926..463ab3322 100644 --- a/api/src/middleware/authMiddleware.js +++ b/api/src/middleware/authMiddleware.js @@ -28,7 +28,7 @@ function checkAuthorization (err) { } const throwError = (message) => - responses.filter((response) => response.name.match(message)) + responses.find((response) => response.name.match(message)) const verifyToken = (token) => { const jwk = require('./jwks.json') @@ -52,9 +52,13 @@ const decodeTokenFnc = (err, decodedToken) => { async function maintainState (req) { try { - req.user = await db.User.findOne({ - where: { userID: coded.id ? coded.id : coded.sub } - }) + process.env.AUTH_METHOD !== 'cognito' + ? req.user = await db.User.findOne({ + where: { userID: coded.id } + }) + : req.user = await db.User.findOne({ + where: { userID: coded.sub } + }) } catch (error) { throw Error('User not found') }