Skip to content
This repository has been archived by the owner on Dec 9, 2024. It is now read-only.

Auth updates #1017

Merged
merged 2 commits into from
Dec 2, 2024
Merged

Auth updates #1017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b657288
Throw 401 when credentials are invalidated
solocommand Nov 18, 2024
1e4377d
Throw when an inactive user is found
solocommand Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions services/graphql-server/src/auth-context/create.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
const { AuthenticationError } = require('apollo-server-express');
const {
AuthenticationError,
ForbiddenError,
} = require('apollo-server-express');
const UserContext = require('./context');

const expression = /^Bearer (?<token>.+)/;
Expand All @@ -9,6 +12,10 @@ module.exports = async ({ req, userService }) => {

if (!expression.test(authorization)) throw new AuthenticationError('The provided credentials are invalid.');
const { token } = authorization.match(expression).groups;
const user = await userService.checkAuth(token);
return new UserContext({ user, token });
try {
const user = await userService.checkAuth(token);
return new UserContext({ user, token });
} catch (e) {
throw new ForbiddenError('The provided credentials are no longer valid.');
}
};
17 changes: 12 additions & 5 deletions services/graphql-server/src/user/user-service.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@ const { AuthenticationError } = require('apollo-server-express');
const bcrypt = require('bcryptjs');
const TokenService = require('./token-service');

const activeCriteria = {
accountNonExpired: true,
accountNonLocked: true,
credentialsNonExpired: true,
enabled: true,
};

const UserService = class UserService {
constructor({ basedb }) {
this.basedb = basedb;
Expand All @@ -11,10 +18,7 @@ const UserService = class UserService {
async login(username, plaintext) {
const criteria = {
username,
accountNonExpired: true,
accountNonLocked: true,
credentialsNonExpired: true,
enabled: true,
...activeCriteria,
};
const user = await this.basedb.findOne('platform.User', criteria);
if (!user || !user.password) throw new AuthenticationError('The provided user credentials are invalid.');
Expand All @@ -32,7 +36,10 @@ const UserService = class UserService {

async checkAuth(token) {
const { uid } = await this.tokenService.validate(token);
return this.basedb.findOne('platform.User', { _id: uid });
return this.basedb.strictFindOne('platform.User', {
_id: uid,
...activeCriteria,
});
}
};

Expand Down
Loading