From 215dea81c6ad808a8f1af0b2b9cad614c538b1c0 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Tue, 30 May 2023 15:47:17 +0530 Subject: [PATCH] fix: set refresh-token on login and correction in refresh-token based api Signed-off-by: Pranav C --- .../src/controllers/users/users.controller.ts | 118 +++++++----------- 1 file changed, 43 insertions(+), 75 deletions(-) diff --git a/packages/nocodb/src/controllers/users/users.controller.ts b/packages/nocodb/src/controllers/users/users.controller.ts index 8ffb6dbf6a..c68c06a4cd 100644 --- a/packages/nocodb/src/controllers/users/users.controller.ts +++ b/packages/nocodb/src/controllers/users/users.controller.ts @@ -1,5 +1,3 @@ -import { promisify } from 'util'; -import { AuditOperationSubTypes, AuditOperationTypes } from 'nocodb-sdk'; import { Body, Controller, @@ -15,27 +13,18 @@ import * as ejs from 'ejs'; import { AuthGuard } from '@nestjs/passport'; import { GlobalGuard } from '../../guards/global/global.guard'; import { NcError } from '../../helpers/catchError'; +import { Acl } from '../../middlewares/extract-project-id/extract-project-id.middleware'; +import { User } from '../../models'; import { - Acl, - ExtractProjectIdMiddleware, -} from '../../middlewares/extract-project-id/extract-project-id.middleware'; -import Noco from '../../Noco'; -import { GoogleStrategy } from '../../strategies/google.strategy/google.strategy'; -import extractRolesObj from '../../utils/extractRolesObj'; -import { Audit, User } from '../../models'; -import { - genJwt, randomTokenString, setTokenCookie, } from '../../services/users/helpers'; import { UsersService } from '../../services/users/users.service'; +import extractRolesObj from '../../utils/extractRolesObj'; @Controller() export class UsersController { - constructor( - private readonly usersService: UsersService, - private googleStrategy: GoogleStrategy, - ) {} + constructor(private readonly usersService: UsersService) {} @Post([ '/auth/user/signup', @@ -59,56 +48,14 @@ export class UsersController { '/api/v1/auth/token/refresh', ]) @HttpCode(200) - async refreshToken(@Request() req: any, @Request() res: any): Promise { - return await this.usersService.refreshToken({ - body: req.body, - req, - res, - }); - } - - async successfulSignIn({ user, err, info, req, res, auditDescription }) { - try { - if (!user || !user.email) { - if (err) { - return res.status(400).send(err); - } - if (info) { - return res.status(400).send(info); - } - return res.status(400).send({ msg: 'Your signin has failed' }); - } - - await promisify((req as any).login.bind(req))(user); - - const refreshToken = randomTokenString(); - - if (!user.token_version) { - user.token_version = randomTokenString(); - } - - await User.update(user.id, { - refresh_token: refreshToken, - email: user.email, - token_version: user.token_version, - }); - setTokenCookie(res, refreshToken); - - await Audit.insert({ - op_type: AuditOperationTypes.AUTHENTICATION, - op_sub_type: AuditOperationSubTypes.SIGNIN, - user: user.email, - ip: req.clientIp, - description: auditDescription, - }); - - res.json({ - token: genJwt(user, Noco.getConfig()), - } as any); - } catch (e) { - console.log(e); - throw e; - } + async refreshToken(@Request() req: any, @Response() res: any): Promise { + res.json( + await this.usersService.refreshToken({ + body: req.body, + req, + res, + }), + ); } @Post([ @@ -118,8 +65,9 @@ export class UsersController { ]) @UseGuards(AuthGuard('local')) @HttpCode(200) - async signin(@Request() req) { - return this.usersService.login(req.user); + async signin(@Request() req, @Response() res) { + await this.setRefreshToken({ req, res }); + res.json(this.usersService.login(req.user)); } @Post('/api/v1/auth/user/signout') @@ -136,22 +84,19 @@ export class UsersController { @Post(`/auth/google/genTokenByCode`) @HttpCode(200) @UseGuards(AuthGuard('google')) - async googleSignin(@Request() req) { - return this.usersService.login(req.user); + async googleSignin(@Request() req, @Response() res) { + await this.setRefreshToken({ req, res }); + res.json(this.usersService.login(req.user)); } @Get('/auth/google') @UseGuards(AuthGuard('google')) googleAuthenticate(@Request() req) { - // this.googleStrategy.authenticate(req, { - // scope: ['profile', 'email'], - // state: req.query.state, - // callbackURL: req.ncSiteUrl + Noco.getConfig().dashboardPath, - // }); + // google strategy will take care the request } @Get(['/auth/user/me', '/api/v1/db/auth/user/me', '/api/v1/auth/user/me']) - @UseGuards(ExtractProjectIdMiddleware, GlobalGuard) + @UseGuards(GlobalGuard) async me(@Request() req) { const user = { ...req.user, @@ -269,4 +214,27 @@ export class UsersController { return res.status(400).json({ msg: e.message }); } } + + async setRefreshToken({ res, req }) { + const userId = req.user?.id; + + if (!userId) return; + + const user: any = await User.get(userId); + + if (!user) return; + + const refreshToken = randomTokenString(); + + if (!user.token_version) { + user.token_version = randomTokenString(); + } + + await User.update(user.id, { + refresh_token: refreshToken, + email: user.email, + token_version: user.token_version, + }); + setTokenCookie(res, refreshToken); + } }