From 8171cb53e1301027dfd5d959e4ad13dd486ad3a9 Mon Sep 17 00:00:00 2001 From: Belen Curcio Date: Thu, 25 May 2017 20:04:32 -0300 Subject: [PATCH] =?UTF-8?q?=C3=81dding=20another=20extractor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- client/coral-framework/helpers/response.js | 4 +- client/coral-framework/services/transport.js | 7 ++- routes/api/auth/index.js | 34 +-------------- services/passport.js | 46 +++++++------------- 4 files changed, 25 insertions(+), 66 deletions(-) diff --git a/client/coral-framework/helpers/response.js b/client/coral-framework/helpers/response.js index ce9de6942..b3e167d16 100644 --- a/client/coral-framework/helpers/response.js +++ b/client/coral-framework/helpers/response.js @@ -1,4 +1,4 @@ -import browser from 'detect-browser'; +import browser from 'bowser'; const buildOptions = (inputOptions = {}) => { const defaultOptions = { @@ -15,7 +15,7 @@ const buildOptions = (inputOptions = {}) => { ...inputOptions }; - if (!browser || browser.name !== 'safari') { + if (!browser || browser.name !== 'Safari') { let authorization = localStorage.getItem('token'); if (authorization) { diff --git a/client/coral-framework/services/transport.js b/client/coral-framework/services/transport.js index e421ca3da..8aa33e2f4 100644 --- a/client/coral-framework/services/transport.js +++ b/client/coral-framework/services/transport.js @@ -1,5 +1,6 @@ import {createNetworkInterface} from 'apollo-client'; import * as Storage from '../helpers/storage'; +import browser from 'bowser'; //============================================================================== // NETWORK INTERFACE @@ -21,7 +22,11 @@ networkInterface.use([{ if (!req.options.headers) { req.options.headers = {}; // Create the header object if needed. } - req.options.headers['authorization'] = `Bearer ${Storage.getItem('token')}`; + + if (!browser || browser.name !== 'Safari') { + req.options.headers['authorization'] = `Bearer ${Storage.getItem('token')}`; + } + next(); } }]); diff --git a/routes/api/auth/index.js b/routes/api/auth/index.js index c5c2e3dfb..05fb8b5e4 100644 --- a/routes/api/auth/index.js +++ b/routes/api/auth/index.js @@ -8,7 +8,8 @@ const router = express.Router(); * This returns the user if they are logged in. */ router.get('/', (req, res, next) => { - console.log('is there req user>', req.user); + console.log('REQ.USER', req.user); + if (req.user) { return next(); } @@ -16,37 +17,6 @@ router.get('/', (req, res, next) => { res.status(204).end(); }, (req, res) => { - // If the user is Safari, let's send a cookie - const browser = bowser._detect(req.headers['user-agent']); - - if (browser.name === 'Safari') { - - const lookup = (i) => { - switch (i) { - case 0: return 'header'; - case 1: return 'cookie'; - case 2: return 'query'; - } - }; - - const authorizations = [ - req.headers.authorization, - req.cookies ? req.cookies.authorization : [], - req.query.authorization - ]; - - res.set('Cache-Control', 'no-cache, no-store, must-revalidate'); - - let i = authorizations.findIndex((source) => source !== null && typeof source != 'undefined' && source.length > 0); - if (i >= 0) { - let authorization = authorizations[i]; - let source = lookup(i); - - // Send back the user object. - res.json({authorization, source, user: req.user}); - } - } - // Send back the user object. res.json({user: req.user}); }); diff --git a/services/passport.js b/services/passport.js index 07a98f789..d67407b3c 100644 --- a/services/passport.js +++ b/services/passport.js @@ -170,41 +170,24 @@ const CheckBlacklisted = (jwt) => new Promise((resolve, reject) => { const JwtStrategy = require('passport-jwt').Strategy; const ExtractJwt = require('passport-jwt').ExtractJwt; +let cookieExtractor = function(req) { + let token = null; + + if (req && req.cookies) { + token = req.cookies['authorization']; + } + + return token; +}; + // Extract the JWT from the 'Authorization' header with the 'Bearer' scheme. passport.use(new JwtStrategy({ // Prepare the extractor from the header. - jwtFromRequest: (req, res) => { - - const browser = bowser._detect(req.headers['user-agent']); - - if (browser.name === 'Safari') { - const lookup = (i) => { - switch (i) { - case 0: return 'header'; - case 1: return 'cookie'; - case 2: return 'query'; - } - } - - // Adding custom extractor - const authorizations = [ - req.headers.authorization, - req.cookies.authorization, - req.query.authorization - ]; - - let i = authorizations.findIndex((source) => source !== null && typeof source != 'undefined' && source.length > 0); - - if (i >= 0) { - let authorization = authorizations[i]; - let source = lookup(i); - return authorization; - } - } else { - return ExtractJwt.fromAuthHeaderWithScheme('Bearer')(req) - } -}, + jwtFromRequest: ExtractJwt.fromExtractors([ + cookieExtractor, + ExtractJwt.fromAuthHeaderWithScheme('Bearer') + ]), // Use the secret passed in which is loaded from the environment. This can be // a certificate (loaded) or a HMAC key. @@ -227,6 +210,7 @@ passport.use(new JwtStrategy({ // Load the user from the environment, because we just got a user from the // header. try { + console.log(req.cookies, req.headers) // Check to see if the token has been revoked await CheckBlacklisted(jwt);