feat: auth jwt, permissions, login ui (wip)

This commit is contained in:
Nicolas Giard
2018-10-08 00:17:31 -04:00
parent 563d1a4f98
commit 3abd2f917c
53 changed files with 550 additions and 438 deletions

View File

@@ -30,13 +30,13 @@ module.exports = class Authentication extends Model {
}
}
static async getStrategies() {
const strategies = await WIKI.models.authentication.query()
return strategies.map(str => ({
static async getStrategies(isEnabled) {
const strategies = await WIKI.models.authentication.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})
return _.sortBy(strategies.map(str => ({
...str,
domainWhitelist: _.get(str.domainWhitelist, 'v', []),
autoEnrollGroups: _.get(str.autoEnrollGroups, 'v', [])
}))
})), ['title'])
}
static async refreshStrategiesFromDisk() {

View File

@@ -4,6 +4,7 @@ const bcrypt = require('bcryptjs-then')
const _ = require('lodash')
const tfa = require('node-2fa')
const securityHelper = require('../helpers/security')
const jwt = require('jsonwebtoken')
const Model = require('objection').Model
const bcryptRegexp = /^\$2[ayb]\$[0-9]{2}\$[A-Za-z0-9./]{53}$/
@@ -199,7 +200,7 @@ module.exports = class User extends Model {
// Authenticate
return new Promise((resolve, reject) => {
WIKI.auth.passport.authenticate(opts.strategy, async (err, user, info) => {
WIKI.auth.passport.authenticate(opts.strategy, { session: false }, async (err, user, info) => {
if (err) { return reject(err) }
if (!user) { return reject(new WIKI.Error.AuthLoginFailed()) }
@@ -218,9 +219,11 @@ module.exports = class User extends Model {
}
} else {
// No 2FA, log in user
return context.req.logIn(user, err => {
return context.req.logIn(user, { session: false }, async err => {
if (err) { return reject(err) }
const jwtToken = await WIKI.models.users.refreshToken(user)
resolve({
jwt: jwtToken.token,
tfaRequired: false
})
})
@@ -232,6 +235,33 @@ module.exports = class User extends Model {
}
}
static async refreshToken(user) {
if (_.isSafeInteger(user)) {
user = await WIKI.models.users.query().findById(user)
if (!user) {
WIKI.logger.warn(`Failed to refresh token for user ${user}: Not found.`)
throw new WIKI.Error.AuthGenericError()
}
}
return {
token: jwt.sign({
id: user.id,
email: user.email,
name: user.name,
pictureUrl: user.pictureUrl,
timezone: user.timezone,
localeCode: user.localeCode,
defaultEditor: user.defaultEditor,
permissions: []
}, WIKI.config.sessionSecret, {
expiresIn: '10s',
audience: 'urn:wiki.js', // TODO: use value from admin
issuer: 'urn:wiki.js'
}),
user
}
}
static async loginTFA(opts, context) {
if (opts.securityCode.length === 6 && opts.loginToken.length === 64) {
let result = await WIKI.redis.get(`tfa:${opts.loginToken}`)