Fixing an issue with builder auth, adding a temporary endpoint which the server can set builder token on.
This commit is contained in:
parent
852ecd840c
commit
30b7678c78
|
@ -20,6 +20,9 @@ export const get = apiCall("GET")
|
|||
export const patch = apiCall("PATCH")
|
||||
export const del = apiCall("DELETE")
|
||||
export const put = apiCall("PUT")
|
||||
export const getBuilderCookie = async () => {
|
||||
await post("/api/builder/login", {})
|
||||
}
|
||||
|
||||
export default {
|
||||
post: apiCall("POST"),
|
||||
|
@ -27,4 +30,5 @@ export default {
|
|||
patch: apiCall("PATCH"),
|
||||
delete: apiCall("DELETE"),
|
||||
put: apiCall("PUT"),
|
||||
getBuilderCookie,
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import { derived, writable } from "svelte/store"
|
|||
import analytics from "analytics"
|
||||
import { FrontendTypes, LAYOUT_NAMES } from "../constants"
|
||||
import { findComponent } from "./storeUtils"
|
||||
import { getBuilderCookie } from "./api"
|
||||
|
||||
export const store = getFrontendStore()
|
||||
export const automationStore = getAutomationStore()
|
||||
|
@ -57,6 +58,8 @@ export const selectedAccessRole = writable("BASIC")
|
|||
|
||||
export const initialise = async () => {
|
||||
try {
|
||||
// TODO this needs to be replaced by a real login
|
||||
await getBuilderCookie()
|
||||
await analytics.activate()
|
||||
analytics.captureEvent("Builder Started")
|
||||
} catch (err) {
|
||||
|
|
|
@ -8,6 +8,7 @@ const { setCookie } = require("../../utilities")
|
|||
const { outputProcessing } = require("../../utilities/rowProcessor")
|
||||
const { ViewNames } = require("../../db/utils")
|
||||
const { UserStatus } = require("../../constants")
|
||||
const setBuilderToken = require("../../utilities/builder/setBuilderToken")
|
||||
|
||||
const INVALID_ERR = "Invalid Credentials"
|
||||
|
||||
|
@ -69,6 +70,11 @@ exports.authenticate = async ctx => {
|
|||
}
|
||||
}
|
||||
|
||||
exports.builderLogin = async ctx => {
|
||||
await setBuilderToken(ctx)
|
||||
ctx.status = 200
|
||||
}
|
||||
|
||||
exports.fetchSelf = async ctx => {
|
||||
const { userId, appId } = ctx.user
|
||||
/* istanbul ignore next */
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
const Router = require("@koa/router")
|
||||
const controller = require("../controllers/auth")
|
||||
const authorized = require("../../middleware/authorized")
|
||||
const { BUILDER } = require("../../utilities/security/permissions")
|
||||
|
||||
const router = Router()
|
||||
|
||||
router.post("/api/authenticate", controller.authenticate)
|
||||
// TODO: this is a hack simply to make sure builder has a cookie until auth reworked
|
||||
router.post("/api/builder/login", authorized(BUILDER), controller.builderLogin)
|
||||
// doesn't need authorization as can only fetch info about self
|
||||
router.get("/api/self", controller.fetchSelf)
|
||||
|
||||
|
|
|
@ -42,11 +42,6 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
|
|||
const isAdmin = ADMIN_ROLES.includes(role._id)
|
||||
const isAuthed = ctx.auth.authenticated
|
||||
|
||||
// TODO: this was added while we work towards a better auth method
|
||||
if (permType === PermissionTypes.BUILDER) {
|
||||
return next()
|
||||
}
|
||||
|
||||
const { basePermissions, permissions } = await getUserPermissions(
|
||||
ctx.appId,
|
||||
role._id
|
||||
|
|
|
@ -144,8 +144,7 @@ describe("Authorization middleware", () => {
|
|||
expect(config.next).toHaveBeenCalled()
|
||||
})
|
||||
|
||||
// TODO: this has been skipped while auth is still in flux
|
||||
xit("throws if the user has only builder permissions", async () => {
|
||||
it("throws if the user has only builder permissions", async () => {
|
||||
config.setEnvironment(false)
|
||||
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
|
||||
config.setUser({
|
||||
|
|
Loading…
Reference in New Issue