diff --git a/package-lock.json b/package-lock.json
index 3dda8d22f2e36f1624e30e54a6bf46ef01f1c3a4..f23c7cd5124cfdcb25a64bb92c4cc4552d081ce5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5739,11 +5739,6 @@
"safe-buffer": "^5.0.1"
}
},
- "jwt-simple": {
- "version": "0.5.1",
- "resolved": "https://registry.npmjs.org/jwt-simple/-/jwt-simple-0.5.1.tgz",
- "integrity": "sha1-eeoBiRth3mto4T5nwLS1vak3spQ="
- },
"keyv": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz",
diff --git a/package.json b/package.json
index fa72cb89c864f3b6d076829cba1fd744166fdae8..28d347c51406a197fb8b33d2ad76ffe554e4f47d 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,6 @@
"graphql-tools": "^2.24.0",
"graphql-voyager": "^1.0.0-rc.15",
"jsonwebtoken": "^8.2.1",
- "jwt-simple": "^0.5.1",
"knex": "^0.14.6",
"ldap-escape": "^1.1.5",
"ldapjs": "^1.0.2",
diff --git a/src/auth/apilogin.js b/src/auth/apilogin.js
deleted file mode 100644
index 4d56d80d09569337dbfdb6a05314f9795c263bfd..0000000000000000000000000000000000000000
--- a/src/auth/apilogin.js
+++ /dev/null
@@ -1,10 +0,0 @@
-import express from 'express';
-import passport from 'passport';
-import jwt from 'jwt-simple';
-
-const SECRET = 'blizgdajajezefjz,d';
-
-function tokenForUser(user) {
- const timestamp = new Date().getTime();
- return jwt.encode({ sub: user.id, iat: timestamp, username: user.username }, process.env.SECRET);
-}
diff --git a/src/auth/auth.js b/src/auth/auth.js
deleted file mode 100644
index 424bca85345d293199848abd1a157545fc5e0ed6..0000000000000000000000000000000000000000
--- a/src/auth/auth.js
+++ /dev/null
@@ -1,75 +0,0 @@
-import passport from 'passport';
-import LdapStrategy from 'passport-ldapauth';
-import fs from 'fs';
-import path from 'path';
-
-/**
- * @description Configuration de l'authentification
- * @author kadabra
- *
- * on a besoin d'authentification pour 2 trucs :
- * - l'acces a l'interface admin (admin_view) du back, definie dans admin_router.js
- * - le contexte graphQL
- *
- * serializeUser permet d'obtenir une cle identifiant chaque user
- * deserializeUser fait une requete vers une BDD de users en utilisant cette cle, et met dans l'objet JS req.user toutes les infos issues de la BDD
- * Cette repartition permet de ne stocker dans la session (i.e. en memoire sur le serveur) que la cle des utilisateurs connectes et de ne "charger en memoire" toutes les infos de la BDD que lorsque necessaire
- * cf https://stackoverflow.com/questions/27637609/understanding-passport-serialize-deserialize#27637668
- * et http://toon.io/understanding-passportjs-authentication-flow/
- *
- * Mais en fait dans notre cas c'est graphql qui communique avec la BDD, donc on s'en fiche! On peut se contenter de dire a serializeUser et deserializeUser de ne s'occuper que du champ uid)
- * (on pourrait penser que passer par deserializeUser permettrait de reduire le nombre d'interactions avec la BDD, mais en fait non car deserializeUser est appele *a chaque requete*)
- */
-const configPath = path.resolve('./', 'ldap_config.json');
-const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
-
-passport.use(new LdapStrategy({
- server: {
- url: config.ldap.server,
- //bindDn: '.............',
- //bindCredentials: '..........',
- searchBase: config.ldap.searchBase,
- searchFilter: config.ldap.searchFilter,
- //searchAttributes: ['givenName', 'sn'],
- //tlsOptions: '..........',
- },
-
- //usernameField: 'username', // Field name where the username is found, defaults to username
- //passwordField: 'password', // Field name where the password is found, defaults to password
-
- // given how LdapStrategy is coded, it is not necessary to do a verify callback
- // https://github.com/vesse/passport-ldapauth/blob/master/lib/passport-ldapauth/strategy.js#L230
- // (note that LdapStrategy has no default verify callback, the "verify" function (L105) is actually the "done" function that is called by the verify callback if we choose to make one)
- // we leave this commented out as a template for future use
- /*
- function (user, done) {
- // "verify callback", called after each passport.authenticate(...),
- // unless missing credentials (in which case a 400 Error is returned)
-
- // "The purpose of a verify callback is to find the user that possesses a set of credentials" (from passport doc)
- // i.e. we query the database (in our case the LDAP) to get user's data
- console.log("Entering passport's verify callback");
-
- if (user){
- //if user exists
- console.log("Successfully authenticated " + user.uid);
- }
- }
- */
-})
-);
-
-
-//toujours bon a savoir pour faire des tests:
-//The result of the serializeUser method is attached to the session as req.session.passport.user
-passport.serializeUser(function (user, done) {
- console.log(`passport.serializeUser(): serializing user ${user.uid}`); // DEBUG
- done(null, user.uid);
-});
-
-//The first argument of deserializeUser corresponds to the key of the user object that was given to the done function in serializeUser
-//The fetched object is attached to the request object as req.user (available in all subsequent middleware)
-passport.deserializeUser(function (userUid, done) {
- console.log(`passport.deserializeUser(): deserializing user ${userUid}`); // DEBUG
- done(null, { uid: userUid });
-});
\ No newline at end of file
diff --git a/src/graphql/resolvers.js b/src/graphql/resolvers.js
index 3b28ea610dcb7faeb57446ccd69ae8f6e324c171..2570e500bc2102bf25ed16255b9faf08c1c88e7d 100644
--- a/src/graphql/resolvers.js
+++ b/src/graphql/resolvers.js
@@ -7,7 +7,7 @@ import { assertBinaryExpression } from 'babel-types';
import knex from '../../db/knex_router';
import passport from 'passport';
-import './../auth/auth';
+import './../config_passport';
import * as connectors from './connectors/connectors';
import * as list_selectors from './connectors/list_selectors';
@@ -24,26 +24,26 @@ export const resolvers = {
// group queries
allGroups: async function(obj, args, context){
- let user = await authentifiers.anonymous(context.user);
+ let user = await authentifiers.anonymous(context.bindUser);
return user && connectors.getAllVisibleGroups(user);
},
allSimpleGroups: async function (obj, args, context){
- let user = await authentifiers.anonymous(context.user);
+ let user = await authentifiers.anonymous(context.bindUser);
return user && connectors.getAllVisibleSimpleGroups(user);
},
group: async function(obj, args, context){
- let user = await authentifiers.anonymous(context.user);
+ let user = await authentifiers.anonymous(context.bindUser);
return user && connectors.getGroupIfVisible(user, args.uid);
},
simpleGroup: async function(obj, args, context){
- let user = await authentifiers.anonymous(context.user);
+ let user = await authentifiers.anonymous(context.bindUser);
return user && connectors.getSimpleGroupIfVisible(user, args.uid);
},
metaGroup: async function(obj, args, context){
- let user = await authentifiers.anonymous(context.user);
+ let user = await authentifiers.anonymous(context.bindUser);
return user && connectors.getMetaGroupIfVisible(user, args.uid);
},
@@ -70,7 +70,7 @@ export const resolvers = {
// user queries
user: async function(obj, args, context){
- let user = await authentifiers.anonymous(context.user);
+ let user = await authentifiers.anonymous(context.bindUser);
return user && connectors.getUser(user,args.uid);
},
@@ -98,15 +98,15 @@ export const resolvers = {
// member queries
allMembers : async function(obj, args, context){
- let user = await authentifiers.member(context.user, args.from);
- return user && connectors.getGroupMemberUsers(context.user, obj.groupUID);
+ let user = await authentifiers.member(context.bindUser, args.from);
+ return user && connectors.getGroupMemberUsers(context.bindUser, obj.groupUID);
},
// speaker queries
allRequests: async function(obj, args, context){
let res = [];
- let user = authentifiers.admin(context.user, args.from);
+ let user = authentifiers.admin(context.bindUser, args.from);
if(user){
res = res.concat(await connectors.getUserJoinGroupRequests(user, args.from));
}
@@ -130,11 +130,11 @@ export const resolvers = {
// @rights admin(obj.groupUID)
UserJoinGroup: {
user : (obj, args, context) => {
- return connectors.getUser(context.user, obj.useruid);
- /*return connectors.getUser(context.user, "quentin.gendre");
+ return connectors.getUser(context.bindUser, obj.useruid);
+ /*return connectors.getUser(context.bindUser, "quentin.gendre");
if(obj.useruid === "anatole.romon"){
- return connectors.getUser(context.user, "anatole.romon").then(res => {
- return connectors.getUser(context.user, "quentin.gendre");
+ return connectors.getUser(context.bindUser, "anatole.romon").then(res => {
+ return connectors.getUser(context.bindUser, "quentin.gendre");
});
}else{
return new Promise( (resolve, reject) => {
@@ -147,20 +147,20 @@ export const resolvers = {
// @rights speaker(obj.groupUID)
GroupJoinEvent : {
event: (obj, args, context) => {
- return connectors.getEvent(context.user, obj.eventuid);
+ return connectors.getEvent(context.bindUser, obj.eventuid);
},
groupWantingToJoin: (obj, args, context) => {
- return connectors.getGroup(context.user, obj.senderuid);
+ return connectors.getGroup(context.bindUser, obj.senderuid);
}
},
// @rights speaker(obj.groupUID)
YourGroupHostEvent : {
event: (obj, args, context) => {
- return connectors.getEvent(context.user, obj.eventuid);
+ return connectors.getEvent(context.bindUser, obj.eventuid);
},
sender: (obj, args, context) => {
- return connectors.getGroup(context.user, obj.senderuid);
+ return connectors.getGroup(context.bindUser, obj.senderuid);
}
},
@@ -168,7 +168,7 @@ export const resolvers = {
User : {
groups : (obj, args, context) => {
let result = Promise.all(obj.groups.map((grid) => {
- return connectors.getSimpleGroup(context.user,grid);
+ return connectors.getSimpleGroup(context.bindUser,grid);
}));
return result.then(groups => {
@@ -196,13 +196,20 @@ export const resolvers = {
// Admin mutations
createSubgroup: async function (obj, args, context){
- let user = authentifiers.admin(context.user, args.from);
+ let user = authentifiers.admin(context.bindUser, args.from);
return user && connectors.createSubgroup(user, args);
},
- async login(obj, args, context) {
+ login: async function(obj, args, context) {
+ passport.authenticate('ldapauth', (err, user, info) => {
+ context.request.login(user, (err) => {
+ console.log(err);
+ });
+
+ });
+
return "Toubi";
}
@@ -270,7 +277,7 @@ export const resolvers = {
SimpleGroup: {
members: (obj, args, context) => {
- return connectors.utilisateur.listMembers(context.user,obj.uid);
+ return connectors.utilisateur.listMembers(context.bindUser,obj.uid);
}
},
diff --git a/src/index.js b/src/index.js
index ce145b2c2560740ae3823ea35be9a6d33128f95d..d7929d9739ea580e9c23d5eb61d7231ce4b1e46b 100644
--- a/src/index.js
+++ b/src/index.js
@@ -6,8 +6,8 @@ import app from './server';
import colors from 'colors';
import passport from 'passport';
-let port = process.env.PORT || 3000;
+const port = process.env.PORT || 3000;
app.listen(port, () => {
- console.log(colors.blue(`Express server listening on port ${port}`));
+ console.log(colors.blue(`Express server listening on port ${port}.`));
});
diff --git a/src/server.js b/src/server.js
index 49b4477e974e859c7601697153112f9cce0f5476..e25fb1a2c997fa8785edf7acf72a92f381f856f1 100644
--- a/src/server.js
+++ b/src/server.js
@@ -32,7 +32,7 @@ import morgan from 'morgan';
import path from 'path';
import fs from 'fs';
-import './auth/auth';
+import './config_passport';
const app = express(); // "The app object conventionally denotes the Express application" (https://expressjs.com/en/4x/api.html#app)
@@ -119,12 +119,13 @@ app.use(cors(corsOptions));
// Config de passport pour l'authentification ldap. Ne fait que *configurer* passport (aucun passport.authenticate() n'est appele, par exemple)
import './config_passport.js';
-
//with custom callback:
//http://www.passportjs.org/docs/authenticate/#custom-callback
// http://toon.io/understanding-passportjs-authentication-flow/
app.post('/login', (req, res, next) => {
passport.authenticate('ldapauth', (err, user, info) => {
+ console.log(`User ${JSON.stringify(user)}`);
+
// If an exception occurred
if (err) {
console.log(err);
@@ -183,17 +184,15 @@ app.post('/login',
*/
-
-
-
/**
* @desc API GRAPHQL
*/
-import { dn, passwd } from "../ldap_connexion_config.json"; // default user
+import { dn, passwd } from "../ldap_connexion_config.json"; // default bind user
+const environment = process.env.NODE_ENV || 'development';
app.use('/graphql',
- graphqlHTTP(async (req, res, params) => {
+ graphqlHTTP((req, res, params) => {
// vary the options *on a per-request basis*
let uid;
let password;
@@ -220,8 +219,11 @@ app.use('/graphql',
return {
schema,
- graphiql: true, // gives access to graphiql if request is detected to be from browser (je crois)
- context: { user: { uid: uid, password: password } } // accessible in every single resolver as the third argument
+ graphiql: environment == 'development', // gives access to GraphiQL if req comes from browser (je crois)
+ context: {
+ request: req,
+ bindUser: { uid: uid, password: password }
+ } // accessible in every single resolver as the third argument
};
})
);