Skip to content
Snippets Groups Projects
Commit f046cee7 authored by michael.minelli's avatar michael.minelli
Browse files

SessionRoutes => Adapt login route and create refreshTokens route

parent 601780a4
No related branches found
No related tags found
No related merge requests found
Pipeline #26747 failed
...@@ -2,21 +2,30 @@ import { Express } from 'express-serve-static-core'; ...@@ -2,21 +2,30 @@ import { Express } from 'express-serve-static-core';
import express from 'express'; import express from 'express';
import * as ExpressValidator from 'express-validator'; import * as ExpressValidator from 'express-validator';
import { StatusCodes } from 'http-status-codes'; import { StatusCodes } from 'http-status-codes';
import * as bcrypt from 'bcryptjs';
import RoutesManager from '../express/RoutesManager'; import RoutesManager from '../express/RoutesManager';
import ParamsValidatorMiddleware from '../middlewares/ParamsValidatorMiddleware'; import ParamsValidatorMiddleware from '../middlewares/ParamsValidatorMiddleware';
import UserManager from '../managers/UserManager';
import SecurityMiddleware from '../middlewares/SecurityMiddleware'; import SecurityMiddleware from '../middlewares/SecurityMiddleware';
import { User } from '../types/DatabaseTypes'; import GitlabManager from '../managers/GitlabManager';
import UserManager from '../managers/UserManager';
import DojoStatusCode from '../shared/types/Dojo/DojoStatusCode';
import SharedGitlabManager from '../shared/managers/SharedGitlabManager';
import Config from '../config/Config';
class SessionRoutes implements RoutesManager { class SessionRoutes implements RoutesManager {
private readonly loginValidator: ExpressValidator.Schema = { private readonly loginValidator: ExpressValidator.Schema = {
user : { accessToken : {
trim : true, trim : true,
notEmpty: true notEmpty: true
}, },
password: { refreshToken: {
trim : true,
notEmpty: true
}
};
private readonly refreshTokensValidator: ExpressValidator.Schema = {
refreshToken: {
trim : true, trim : true,
notEmpty: true notEmpty: true
} }
...@@ -24,26 +33,43 @@ class SessionRoutes implements RoutesManager { ...@@ -24,26 +33,43 @@ class SessionRoutes implements RoutesManager {
registerOnBackend(backend: Express) { registerOnBackend(backend: Express) {
backend.post('/login', ParamsValidatorMiddleware.validate(this.loginValidator), this.login); backend.post('/login', ParamsValidatorMiddleware.validate(this.loginValidator), this.login);
backend.post('/refresh_tokens', ParamsValidatorMiddleware.validate(this.refreshTokensValidator), this.refreshTokens);
backend.get('/test_session', SecurityMiddleware.check(true), (req: express.Request, res: express.Response) => req.session.sendResponse(res, StatusCodes.OK)); backend.get('/test_session', SecurityMiddleware.check(true), (req: express.Request, res: express.Response) => req.session.sendResponse(res, StatusCodes.OK));
} }
private async login(req: express.Request, res: express.Response) { private async login(req: express.Request, res: express.Response) {
try {
const params: { const params: {
user: string, password: string accessToken: string, refreshToken: string
} = req.body; } = req.body;
const user: User | undefined = await UserManager.getByMail(params.user); const gitlabUser = await GitlabManager.getUserProfile(params.accessToken);
if ( user ) { if ( gitlabUser ) {
if ( bcrypt.compareSync(params.password, user.password ?? '') ) { req.session.profile = await UserManager.getUpdateFromGitlabProfile(gitlabUser, params.refreshToken);
req.session.profile = user;
req.session.sendResponse(res, StatusCodes.OK); req.session.sendResponse(res, StatusCodes.OK);
return; return;
} else {
req.session.sendResponse(res, StatusCodes.NOT_FOUND);
}
} catch ( error ) {
req.session.sendResponse(res, StatusCodes.INTERNAL_SERVER_ERROR, {}, 'Unknown error while logging in', DojoStatusCode.LOGIN_FAILED);
} }
} }
req.session.sendResponse(res, StatusCodes.NOT_FOUND); private async refreshTokens(req: express.Request, res: express.Response) {
try {
const params: {
refreshToken: string
} = req.body;
const gitlabTokens = await SharedGitlabManager.getTokens(params.refreshToken, true, Config.login.gitlab.client.secret);
req.session.sendResponse(res, StatusCodes.OK, gitlabTokens);
} catch ( error ) {
req.session.sendResponse(res, StatusCodes.INTERNAL_SERVER_ERROR, {}, 'Unknown error while refresh tokens', DojoStatusCode.REFRESH_TOKENS_FAILED);
}
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment