From 788ef3b65d6e43382028a7e50af492796de44ee7 Mon Sep 17 00:00:00 2001 From: Charlie Midtlyng Date: Mon, 20 Nov 2023 12:59:36 +0100 Subject: [PATCH] =?UTF-8?q?Bedre=20feilh=C3=A5ndtering=20av=20kall=20mot?= =?UTF-8?q?=20MS=20for=20brukerdata=20(#1255)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../familie-backend/src/auth/authenticate.ts | 16 +++-- packages/familie-backend/src/auth/bruker.ts | 58 +++++++++++-------- packages/familie-backend/src/router.ts | 9 ++- packages/familie-backend/src/utils.ts | 4 +- 4 files changed, 51 insertions(+), 36 deletions(-) diff --git a/packages/familie-backend/src/auth/authenticate.ts b/packages/familie-backend/src/auth/authenticate.ts index 2ddfdb3a7..0570dd329 100644 --- a/packages/familie-backend/src/auth/authenticate.ts +++ b/packages/familie-backend/src/auth/authenticate.ts @@ -4,7 +4,6 @@ import { appConfig } from '../config'; import { LOG_LEVEL } from '@navikt/familie-logging'; import { getTokenSetsFromSession, tokenSetSelfId, hasValidAccessToken } from './tokenUtils'; import { Client, TokenSet } from 'openid-client'; -import { setBrukerprofilPåSesjon } from './bruker'; import { logRequest } from '../utils'; export const authenticateAzure = (req: Request, res: Response, next: NextFunction) => { @@ -86,15 +85,14 @@ export const ensureAuthenticated = (authClient: Client, sendUnauthorized: boolea return; }); } - - return setBrukerprofilPåSesjon(authClient, req, next); - } - - const pathname = req.originalUrl; - if (sendUnauthorized) { - res.status(401).send('Unauthorized'); + return next(); } else { - res.redirect(`/login?redirectUrl=${pathname}`); + const pathname = req.originalUrl; + if (sendUnauthorized) { + res.status(401).send('Unauthorized'); + } else { + res.redirect(`/login?redirectUrl=${pathname}`); + } } }; }; diff --git a/packages/familie-backend/src/auth/bruker.ts b/packages/familie-backend/src/auth/bruker.ts index f28e9a26d..0fd5d9693 100644 --- a/packages/familie-backend/src/auth/bruker.ts +++ b/packages/familie-backend/src/auth/bruker.ts @@ -16,28 +16,48 @@ export const hentBrukerprofil = () => { }; }; -const håndterFeil = (req: Request, err: Error, next: NextFunction) => { - if (!req.session) { - throw new Error('Mangler sesjon på kall'); - } - - req.session.user = { - ...req.session.user, - enhet: '9999', - }; +const håndterGenerellFeil = (next: NextFunction, req: Request, err: Error) => { + logRequest(req, `Noe gikk galt: ${err?.message}.`, LOG_LEVEL.ERROR); + next(); +}; +const håndterBrukerdataFeil = (req: Request, err: Error) => { logRequest( req, - `Feilet mot ms graph: ${err.message}. Fortsetter uten data fra bruker.`, + `Feilet mot ms graph: ${err.message}. Kan ikke fortsette uten brukerdata.`, LOG_LEVEL.ERROR, ); - return next(); + throw new Error('Kunne ikke hente dine brukeropplysninger. Vennligst logg ut og inn på nytt'); +}; + +const fetchFraMs = (accessToken: string) => { + const query = 'onPremisesSamAccountName,displayName,mail,officeLocation,userPrincipalName,id'; + const graphUrl = `${envVar('GRAPH_API')}?$select=${query}`; + + return fetch(graphUrl, { + headers: { + Authorization: `Bearer ${accessToken}`, + 'Content-Type': 'application/json', + }, + }); +}; +const hentBrukerData = (accessToken: string, req: Request) => { + return fetchFraMs(accessToken).catch((e: Error) => { + logRequest(req, `Kunne ikke hente brukerdata - prøver på nytt: ${e}`, LOG_LEVEL.WARNING); + return fetchFraMs(accessToken).catch((err: Error) => håndterBrukerdataFeil(req, err)); + }); }; /** * Funksjon som henter brukerprofil fra graph. */ -export const setBrukerprofilPåSesjon = (authClient: Client, req: Request, next: NextFunction) => { +export const setBrukerprofilPåSesjonRute = (authClient: Client) => { + return async (req: Request, _: Response, next: NextFunction) => { + return setBrukerprofilPåSesjon(authClient, req, next); + }; +}; + +const setBrukerprofilPåSesjon = (authClient: Client, req: Request, next: NextFunction) => { return new Promise((_, _reject) => { const api = { clientId: 'https://graph.microsoft.com', @@ -48,18 +68,8 @@ export const setBrukerprofilPåSesjon = (authClient: Client, req: Request, next: return next(); } - const query = - 'onPremisesSamAccountName,displayName,mail,officeLocation,userPrincipalName,id'; - const graphUrl = `${envVar('GRAPH_API')}?$select=${query}`; getOnBehalfOfAccessToken(authClient, req, api) - .then(accessToken => - fetch(graphUrl, { - headers: { - Authorization: `Bearer ${accessToken}`, - 'Content-Type': 'application/json', - }, - }), - ) + .then(accessToken => hentBrukerData(accessToken, req)) .then(res => res.json()) .then((data: any) => { if (!req.session) { @@ -90,7 +100,7 @@ export const setBrukerprofilPåSesjon = (authClient: Client, req: Request, next: }); }) .catch((err: Error) => { - return håndterFeil(req, err, next); + return håndterGenerellFeil(next, req, err); }); }); }; diff --git a/packages/familie-backend/src/router.ts b/packages/familie-backend/src/router.ts index d39c1b4e3..b3847e799 100644 --- a/packages/familie-backend/src/router.ts +++ b/packages/familie-backend/src/router.ts @@ -7,7 +7,7 @@ import { ensureAuthenticated, logout, } from './auth/authenticate'; -import { hentBrukerprofil } from './auth/bruker'; +import { hentBrukerprofil, setBrukerprofilPåSesjonRute } from './auth/bruker'; const router = express.Router(); @@ -24,7 +24,12 @@ export default (authClient: Client, prometheusTellere?: { [key: string]: Counter router.get('/auth/logout', (req: Request, res: Response) => logout(req, res)); // Bruker - router.get('/user/profile', ensureAuthenticated(authClient, true), hentBrukerprofil()); + router.get( + '/user/profile', + ensureAuthenticated(authClient, true), + setBrukerprofilPåSesjonRute(authClient), + hentBrukerprofil(), + ); return router; }; diff --git a/packages/familie-backend/src/utils.ts b/packages/familie-backend/src/utils.ts index ab02fb683..82dc4482a 100644 --- a/packages/familie-backend/src/utils.ts +++ b/packages/familie-backend/src/utils.ts @@ -16,7 +16,9 @@ export const envVar = (navn: string, påkrevd = true, defaultValue?: string): st const prefix = (req: Request) => { return `${ - req.session && req.session.user ? `${req.session.user.displayName} -` : 'ugyldig sesjon -' + req.session && req.session.user + ? `${req.session.user.displayName} -` + : 'ugyldig sesjon eller mangler brukers data -' } ${req.method} - ${req.originalUrl}`; };