feat: token refresh

pull/664/head
Nicolas Giard 6 years ago
parent 3abd2f917c
commit aa08459daf

@ -11,7 +11,7 @@
offset-xl4, xl4 offset-xl4, xl4
) )
transition(name='zoom') transition(name='zoom')
v-card.elevation-5.radius-7(v-show='isShown') v-card.elevation-5.md2(v-show='isShown')
v-toolbar(color='primary', flat, dense, dark) v-toolbar(color='primary', flat, dense, dark)
v-spacer v-spacer
.subheading(v-if='screen === "tfa"') {{ $t('auth:tfa.subtitle') }} .subheading(v-if='screen === "tfa"') {{ $t('auth:tfa.subtitle') }}
@ -59,7 +59,7 @@
) )
v-card-actions.pb-4 v-card-actions.pb-4
v-spacer v-spacer
v-btn( v-btn.md2(
v-if='screen === "login"' v-if='screen === "login"'
block block
large large
@ -68,7 +68,7 @@
round round
:loading='isLoading' :loading='isLoading'
) {{ $t('auth:actions.login') }} ) {{ $t('auth:actions.login') }}
v-btn( v-btn.md2(
v-if='screen === "tfa"' v-if='screen === "tfa"'
block block
large large

@ -1,7 +1,17 @@
.md2 { .md2 {
&.v-text-field .v-input__slot { &.v-text-field {
border-radius: 28px; .v-input__slot {
border-radius: 7px;
}
}
&.v-btn {
border-radius: 7px;
}
&.v-card {
border-radius: 7px;
} }
} }

@ -1,5 +1,6 @@
const { SchemaDirectiveVisitor } = require('graphql-tools') const { SchemaDirectiveVisitor } = require('graphql-tools')
const { defaultFieldResolver } = require('graphql') const { defaultFieldResolver } = require('graphql')
const _ = require('lodash')
class AuthDirective extends SchemaDirectiveVisitor { class AuthDirective extends SchemaDirectiveVisitor {
visitObject(type) { visitObject(type) {
@ -39,11 +40,13 @@ class AuthDirective extends SchemaDirectiveVisitor {
} }
const context = args[2] const context = args[2]
console.info(context.req.user) if (!context.req.user) {
// const user = await getUser(context.headers.authToken) throw new Error('Unauthorized')
// if (!user.hasRole(requiredScopes)) { }
// throw new Error('not authorized')
// } if (!_.some(context.req.user.permissions, pm => _.includes(requiredScopes, pm))) {
throw new Error('Forbidden')
}
return resolve.apply(this, args) return resolve.apply(this, args)
} }

@ -24,8 +24,7 @@ module.exports = {
}) })
}, },
async extractJWT (req) { extractJWT: passportJWT.ExtractJwt.fromExtractors([
return passportJWT.ExtractJwt.fromExtractors([
passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(), passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
(req) => { (req) => {
let token = null let token = null
@ -34,6 +33,5 @@ module.exports = {
} }
return token return token
} }
])(req) ])
}
} }

@ -13,12 +13,9 @@ module.exports = {
WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => { WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {
if (err) { return next() } if (err) { return next() }
console.info(err, user, info)
// Expired but still valid within 7 days, just renew // Expired but still valid within 7 days, just renew
if (info instanceof jwt.TokenExpiredError && moment().subtract(7, 'days').isBefore(info.expiredAt)) { if (info instanceof jwt.TokenExpiredError && moment().subtract(7, 'days').isBefore(info.expiredAt)) {
const jwtPayload = jwt.decode(securityHelper.extractJWT(req)) const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
console.info(jwtPayload)
try { try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id) const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
user = newToken.user user = newToken.user

@ -252,9 +252,9 @@ module.exports = class User extends Model {
timezone: user.timezone, timezone: user.timezone,
localeCode: user.localeCode, localeCode: user.localeCode,
defaultEditor: user.defaultEditor, defaultEditor: user.defaultEditor,
permissions: [] permissions: ['manage:system']
}, WIKI.config.sessionSecret, { }, WIKI.config.sessionSecret, {
expiresIn: '10s', expiresIn: '30m',
audience: 'urn:wiki.js', // TODO: use value from admin audience: 'urn:wiki.js', // TODO: use value from admin
issuer: 'urn:wiki.js' issuer: 'urn:wiki.js'
}), }),

Loading…
Cancel
Save