minor changes (mostly logs)

fe5ef0dc · Guillaume WANG · ba7af693 · fe5ef0dc · fe5ef0dc
Commit fe5ef0dc authored 6 years ago by Guillaume WANG
--- a/src/admin_view/admin_router.js
+++ b/src/admin_view/admin_router.js
@@ -23,14 +23,14 @@ let port = process.env.PORT || 3000;
 */

 router.get('/', function (req, res) {
-    console.log("GET handler for /adminview route");
-    console.log('Connecting to ' + req.url);
-    console.log('Trying to go to admin page...');
+    console.log("adminview: GET handler for /adminview route");
+    console.log('adminview: Connecting to ' + req.url);
+    console.log('adminview: Trying to go to admin page...');
    res.redirect('/adminview/admin');
 });

 router.get('/avlogin', function (req, res) {
-    console.log('Connecting to ' + req.url);
+    console.log('adminview: Connecting to ' + req.url);
    res.render('login', {
        title: 'Login', port: port,
        errorMessage: req.flash('error')
@@ -40,7 +40,7 @@ router.get('/avlogin', function (req, res) {
 router.get('/admin',
    ensureLoggedIn('/adminview/avlogin'),
    function (req, res) {
-        console.log('Connecting to ' + req.url);
+        console.log('adminview: Connecting to ' + req.url);
        let userName;
        // Une erreur a ce stade peut etre triggered si req.user n'existe pas
        // mais pour autant on est assures que la personne est bien authentifiee
@@ -48,7 +48,7 @@ router.get('/admin',
        try {
            let user = req.user;
            //let user = req.user;
-            console.log('Welcome,', user.uid);
+            console.log('adminview: Welcome,', user.uid);
            userName = user.uid;
        } catch (err) {
            console.log("Warning: in admin_router router.get('/admin')");
@@ -152,7 +152,7 @@ router.use((req, res, next) => {
 * @summary Gère les erreurs 404
 */
 router.use((err, req, res, next) => {
-    console.log("Entering error handler");
+    console.log("adminview: Entering error handler");
    res.locals.message = err.message;
    console.log(err.message);


--- a/src/server.js
+++ b/src/server.js
@@ -41,6 +41,12 @@ app.use(bodyParser.json()); //parses bodies of media type "application/json"
 app.use(bodyParser.urlencoded({ //parses bodies of media type "application/x-www-form-urlencoded"
    extended: true //use qs library (quoi que ca veuille dire o.O)
 }));
+app.use(cookieParser()); //parses Cookie header and populate req.cookies with an object keyed by the cookie names. was necessary for express-session before its v1.5.0. on peut probablement l'enlever desormais.
+
+//GHETTO
+// Config de passport pour l'authentification ldap. 
+// Ne fait que *configurer* passport pour la strategie 'ldap' (pas d'incidence sur la strategie 'session' normalement)
+import './config_passport.js';



@@ -74,8 +80,6 @@ const configPath = path.resolve('./', 'ldap_config.json');
 const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
 // WTF??? why is sessionSecret in ldap_config.json? it has nothing to do with ldap. TODO

-//app.use(cookieParser()); //parses Cookie header and populate req.cookies with an object keyed by the cookie names. was necessary for express-session before its v1.5.0. on peut probablement l'enlever desormais.
-
 // defines parameters for *session store*. (adds field req.session and do some magic stuff)
 // basically, searches for a session matching the received cookie and, if found, adds field req.blasomethingbla containing serialized object representing user (i.e. similar to what passport.serializeUser() could produce)
 // TODO: it is important to configure this right!!! please check out https://www.npmjs.com/package/express-session and make sure you understand the way session is stored. (en vrai c'est vraiment important...)
@@ -86,9 +90,23 @@ app.use(session({
    //store: // TODO: change this. express-session doc warns that default value is ok to use for development only
 }));
 app.use(passport.initialize()); //initialize Passport. (adds hidden field req._passport and do some magic stuff)
-app.use(passport.session()); //this is equivalent to app.use(passport.authenticate('session'))
+//GHETTO
+//app.use(passport.session()); //this is equivalent to app.use(passport.authenticate('session'))
+app.use(passport.session(), (req, res, next)=>{
+    console.log("Used passport.session()");
+    console.log(`passport.session() found user: ${req.user ? req.user.uid : "none"}`);
+    console.log("passport.session() user is authenticated:", req.isAuthenticated());
+    next();
+}); //this is equivalent to app.use(passport.authenticate('session'))
 // *aucun* effet sur les requetes n'ayant pas ete reconnues par app.use(session(...)) (e.g. les requetes sans cookie ou les requetes avec cookie expired). source: lecture directe du code passport/lib/strategies/session.js sur github... :/

+/*
+app.use((req, res, next) => {
+    console.log("Finished trying to authentify request as an existing session");
+    console.log("req.user: "+req.user);
+});
+*/
+
 /**
 * FIN AUTHENTIFICATION POUR LES REQUETES POSSEDANT UN COOKIE ET PROVENANT D'UN UTILISATEUR DEJA AUTHENTIFIE
 */
@@ -114,7 +132,8 @@ const corsOptions = {
    credentials: true // Configures the Access-Control-Allow-Credentials CORS header. i.e. allows cookies to be included on cross-origin requests
 };
 app.use(cors(corsOptions));
-
+ 
+//GHETTO
 // Config de passport pour l'authentification ldap. Ne fait que *configurer* passport (aucun passport.authenticate() n'est appele, par exemple)
 import './config_passport.js';

@@ -123,9 +142,12 @@ import './config_passport.js';
 //http://www.passportjs.org/docs/authenticate/#custom-callback
 // http://toon.io/understanding-passportjs-authentication-flow/
 app.post('/login', (req, res, next) => {
+    console.log("Received an authentication request to /login");
    passport.authenticate('ldapauth', (err, user, info) => {
+        console.log("| Entering passport.authenticate('ldapauth', - ) callback");
        // If an exception occurred
        if (err) {
+            console.log("| Error when trying to passport.authenticate with ldapauth");
            console.log(err);
            return res.status(err.status).json({
                message: "Exception raised in backend process during authentication: " + err,
@@ -135,6 +157,7 @@ app.post('/login', (req, res, next) => {
        }
        // If authentication failed, user will be set to false
        if (!user) {
+            console.log("| Authentication failed, passport.authenticate did not return a user. ");
            return res.status(401).json({
                message: "Authentication failed: " + info.message,
                authSucceeded: false
@@ -144,6 +167,7 @@ app.post('/login', (req, res, next) => {
        req.login(user, (err) => {
            // If an exception occurred at login
            if (err) {
+                console.log("| Error when trying to req.login in callback in passport.authenticate('ldapauth', - )");
                console.log(err);
                return res.status(err.status).json({
                    message: "Exception raised in backend process during login: " + err,
@@ -152,7 +176,9 @@ app.post('/login', (req, res, next) => {
                // return next(err); // handle error? or drop request and answer with res.json()?
            }
            // If all went well
-            res.json({
+            console.log("| Authentication succeeded! :-)");
+            // passport.authenticate automatically includes a Set-Cookie HTTP header in the response. The JSON body is just to signal the frontend that all went well
+            return res.status(200).json({
                message: 'Authentication succeeded',
                authSucceeded: true
            });
@@ -192,17 +218,17 @@ app.post('/login',
 import { dn, passwd } from "../ldap_connexion_config.json"; // default user

 app.use('/graphql', 
-    bodyParser.json(), // parse incoming HTTP request (req) as a JSON
    graphqlHTTP(async (req, res, params) => {
        // vary the options *on a per-request basis*
        let uid;
        let password;

        console.log("Responding to graphql request...");
-        console.log(`User ${req.user ? req.user.uid : "none"}`);
-        console.log("User is authenticated:",req.isAuthenticated());
+        console.log(`| User: ${req.user ? req.user.uid : "none"}`);
+        console.log("| User is authenticated:",req.isAuthenticated());
        
        if(req.isAuthenticated()) {
+            console.log("graphql API is receiving a request from an authenticated user! \\o/");
            try {
                uid = req.user.uid;
                password = "mythe";
@@ -216,8 +242,6 @@ app.use('/graphql',
            password = passwd;
        }

-        console.log("Cookies:",req.cookies);
-
        return {
            schema,
            graphiql: true, // gives access to graphiql if request is detected to be from browser (je crois)