Skip to content
Snippets Groups Projects
Commit 0dd4cd43 authored by Léopold Chappuis's avatar Léopold Chappuis
Browse files

jwt: fix validation

Redirect users to the home page and remove JWT upon account deletion by admin.

Change-Id: I79dc7e42762ebfa5ced57868aba71a8c0d5aa92a
parent 5b8b0343
No related branches found
No related tags found
No related merge requests found
...@@ -17,9 +17,13 @@ ...@@ -17,9 +17,13 @@
*/ */
import { NextFunction, Request, Response } from 'express' import { NextFunction, Request, Response } from 'express'
import { HttpStatusCode } from 'jami-web-common' import { HttpStatusCode } from 'jami-web-common'
import { Container } from 'typedi'
import { Accounts } from '../storage/accounts.js'
import { verifyJwt } from '../utils/jwt.js' import { verifyJwt } from '../utils/jwt.js'
const accounts = Container.get(Accounts)
function createAuthenticationMiddleware(isAuthenticationRequired: boolean) { function createAuthenticationMiddleware(isAuthenticationRequired: boolean) {
return async (req: Request, res: Response, next: NextFunction) => { return async (req: Request, res: Response, next: NextFunction) => {
const authorizationHeader = req.headers.authorization const authorizationHeader = req.headers.authorization
...@@ -42,7 +46,14 @@ function createAuthenticationMiddleware(isAuthenticationRequired: boolean) { ...@@ -42,7 +46,14 @@ function createAuthenticationMiddleware(isAuthenticationRequired: boolean) {
try { try {
const { payload } = await verifyJwt(token) const { payload } = await verifyJwt(token)
res.locals.accountId = payload.accountId const accountId = String(payload.accountId)
const isValid = accounts.isValidAccountId(accountId)
if (!isValid) {
res.status(HttpStatusCode.Unauthorized).send('Invalid account ID')
return
}
res.locals.accountId = accountId
// si accId
next() next()
} catch (e) { } catch (e) {
res.status(HttpStatusCode.Unauthorized).send('Invalid access token') res.status(HttpStatusCode.Unauthorized).send('Invalid access token')
......
...@@ -46,6 +46,7 @@ const METHODS = ['local', 'jams', 'guest', 'openid'] ...@@ -46,6 +46,7 @@ const METHODS = ['local', 'jams', 'guest', 'openid']
export class Accounts { export class Accounts {
private readonly filename = paths.data + '/accounts.json' private readonly filename = paths.data + '/accounts.json'
private accounts: AccountsFormat private accounts: AccountsFormat
private accountsIds: Set<string>
constructor() { constructor() {
let buffer: Buffer let buffer: Buffer
...@@ -55,6 +56,21 @@ export class Accounts { ...@@ -55,6 +56,21 @@ export class Accounts {
buffer = Buffer.from('{"local":{},"jams":{}, "guest":{}, "openid":{}}') buffer = Buffer.from('{"local":{},"jams":{}, "guest":{}, "openid":{}}')
} }
this.accounts = JSON.parse(buffer.toString()) this.accounts = JSON.parse(buffer.toString())
this.accountsIds = new Set<string>()
// add the accountIds to the set
for (const accId of Object.keys(this.accounts.guest)) {
this.accountsIds.add(accId)
}
for (const key of Object.keys(this.accounts.jams)) {
this.accountsIds.add(this.accounts.jams[key].accountId)
}
for (const key of Object.keys(this.accounts.local)) {
this.accountsIds.add(this.accounts.local[key].accountId)
}
for (const key of Object.keys(this.accounts.openid)) {
this.accountsIds.add(this.accounts.openid[key].accountId)
}
} }
get(username: string, authMethod: string = 'local') { get(username: string, authMethod: string = 'local') {
...@@ -126,6 +142,7 @@ export class Accounts { ...@@ -126,6 +142,7 @@ export class Accounts {
default: default:
throw new Error('Invalid auth method') throw new Error('Invalid auth method')
} }
this.accountsIds.add(accountId)
} catch (e) { } catch (e) {
console.log(e) console.log(e)
} }
...@@ -145,6 +162,14 @@ export class Accounts { ...@@ -145,6 +162,14 @@ export class Accounts {
return return
} }
const account = this.accounts[authMethod as keyof AccountsFormat][username.toLowerCase()]
if (typeof account !== 'string') {
this.accountsIds.delete(account.accountId)
} else {
// guest removal
this.accountsIds.delete(username)
}
delete this.accounts[authMethod as keyof AccountsFormat][username.toLowerCase()] delete this.accounts[authMethod as keyof AccountsFormat][username.toLowerCase()]
} }
...@@ -164,6 +189,10 @@ export class Accounts { ...@@ -164,6 +189,10 @@ export class Accounts {
return this.accounts.guest return this.accounts.guest
} }
isValidAccountId(accountId: string) {
return this.accountsIds.has(accountId)
}
async save(): Promise<void> { async save(): Promise<void> {
await writeFile(this.filename, JSON.stringify(this.accounts, null, 2) + '\n') await writeFile(this.filename, JSON.stringify(this.accounts, null, 2) + '\n')
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment