Fixing an issue with builder auth, adding a temporary endpoint which the server can set builder token on.

This commit is contained in:
mike12345567 2021-04-07 16:08:29 +01:00
parent 852ecd840c
commit 30b7678c78
6 changed files with 19 additions and 8 deletions

View File

@ -20,6 +20,9 @@ export const get = apiCall("GET")
export const patch = apiCall("PATCH") export const patch = apiCall("PATCH")
export const del = apiCall("DELETE") export const del = apiCall("DELETE")
export const put = apiCall("PUT") export const put = apiCall("PUT")
export const getBuilderCookie = async () => {
await post("/api/builder/login", {})
}
export default { export default {
post: apiCall("POST"), post: apiCall("POST"),
@ -27,4 +30,5 @@ export default {
patch: apiCall("PATCH"), patch: apiCall("PATCH"),
delete: apiCall("DELETE"), delete: apiCall("DELETE"),
put: apiCall("PUT"), put: apiCall("PUT"),
getBuilderCookie,
} }

View File

@ -6,6 +6,7 @@ import { derived, writable } from "svelte/store"
import analytics from "analytics" import analytics from "analytics"
import { FrontendTypes, LAYOUT_NAMES } from "../constants" import { FrontendTypes, LAYOUT_NAMES } from "../constants"
import { findComponent } from "./storeUtils" import { findComponent } from "./storeUtils"
import { getBuilderCookie } from "./api"
export const store = getFrontendStore() export const store = getFrontendStore()
export const automationStore = getAutomationStore() export const automationStore = getAutomationStore()
@ -57,6 +58,8 @@ export const selectedAccessRole = writable("BASIC")
export const initialise = async () => { export const initialise = async () => {
try { try {
// TODO this needs to be replaced by a real login
await getBuilderCookie()
await analytics.activate() await analytics.activate()
analytics.captureEvent("Builder Started") analytics.captureEvent("Builder Started")
} catch (err) { } catch (err) {

View File

@ -8,6 +8,7 @@ const { setCookie } = require("../../utilities")
const { outputProcessing } = require("../../utilities/rowProcessor") const { outputProcessing } = require("../../utilities/rowProcessor")
const { ViewNames } = require("../../db/utils") const { ViewNames } = require("../../db/utils")
const { UserStatus } = require("../../constants") const { UserStatus } = require("../../constants")
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
const INVALID_ERR = "Invalid Credentials" const INVALID_ERR = "Invalid Credentials"
@ -69,6 +70,11 @@ exports.authenticate = async ctx => {
} }
} }
exports.builderLogin = async ctx => {
await setBuilderToken(ctx)
ctx.status = 200
}
exports.fetchSelf = async ctx => { exports.fetchSelf = async ctx => {
const { userId, appId } = ctx.user const { userId, appId } = ctx.user
/* istanbul ignore next */ /* istanbul ignore next */

View File

@ -1,9 +1,13 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const controller = require("../controllers/auth") const controller = require("../controllers/auth")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router() const router = Router()
router.post("/api/authenticate", controller.authenticate) router.post("/api/authenticate", controller.authenticate)
// TODO: this is a hack simply to make sure builder has a cookie until auth reworked
router.post("/api/builder/login", authorized(BUILDER), controller.builderLogin)
// doesn't need authorization as can only fetch info about self // doesn't need authorization as can only fetch info about self
router.get("/api/self", controller.fetchSelf) router.get("/api/self", controller.fetchSelf)

View File

@ -42,11 +42,6 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
const isAdmin = ADMIN_ROLES.includes(role._id) const isAdmin = ADMIN_ROLES.includes(role._id)
const isAuthed = ctx.auth.authenticated const isAuthed = ctx.auth.authenticated
// TODO: this was added while we work towards a better auth method
if (permType === PermissionTypes.BUILDER) {
return next()
}
const { basePermissions, permissions } = await getUserPermissions( const { basePermissions, permissions } = await getUserPermissions(
ctx.appId, ctx.appId,
role._id role._id

View File

@ -144,8 +144,7 @@ describe("Authorization middleware", () => {
expect(config.next).toHaveBeenCalled() expect(config.next).toHaveBeenCalled()
}) })
// TODO: this has been skipped while auth is still in flux it("throws if the user has only builder permissions", async () => {
xit("throws if the user has only builder permissions", async () => {
config.setEnvironment(false) config.setEnvironment(false)
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER) config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
config.setUser({ config.setUser({