parent
a16c4c564a
commit
bf4250babd
|
@ -3,7 +3,7 @@ import * as jwt from "jsonwebtoken";
|
|||
import { Action } from "routing-controllers";
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { config } from './config';
|
||||
import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
|
||||
import { IllegalJWTError, NoPermissionError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
|
||||
import { JwtCreator, JwtUser } from './jwtcreator';
|
||||
import { User } from './models/entities/User';
|
||||
|
||||
|
@ -31,6 +31,7 @@ const authchecker = async (action: Action, permissions: string[] | string) => {
|
|||
|
||||
const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions'] })
|
||||
if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
|
||||
if (user.enabled == false) { throw new UserDisabledError(); }
|
||||
if (!jwtPayload["permissions"]) { throw new NoPermissionError(); }
|
||||
|
||||
action.response.local = {}
|
||||
|
@ -63,6 +64,7 @@ const refresh = async (action: Action) => {
|
|||
|
||||
const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions', 'groups', 'groups.permissions'] })
|
||||
if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
|
||||
if (user.enabled == false) { throw new UserDisabledError(); }
|
||||
|
||||
let newAccess = JwtCreator.createAccess(user);
|
||||
action.response.header("authorization", "Bearer " + newAccess);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import * as argon2 from "argon2";
|
||||
import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
|
||||
import { JwtCreator } from '../../jwtcreator';
|
||||
import { User } from '../entities/User';
|
||||
|
@ -55,6 +55,7 @@ export class CreateAuth {
|
|||
if (!found_user) {
|
||||
throw new UserNotFoundError();
|
||||
}
|
||||
if (found_user.enabled == false) { throw new UserDisabledError(); }
|
||||
if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
|
||||
throw new InvalidCredentialsError();
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ import { IsOptional, IsString } from 'class-validator';
|
|||
import * as jsonwebtoken from 'jsonwebtoken';
|
||||
import { getConnectionManager } from 'typeorm';
|
||||
import { config } from '../../config';
|
||||
import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
|
||||
import { JwtCreator } from "../../jwtcreator";
|
||||
import { User } from '../entities/User';
|
||||
import { Auth } from '../responses/ResponseAuth';
|
||||
|
@ -39,6 +39,7 @@ export class RefreshAuth {
|
|||
if (!found_user) {
|
||||
throw new UserNotFoundError()
|
||||
}
|
||||
if (found_user.enabled == false) { throw new UserDisabledError(); }
|
||||
if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
|
||||
throw new RefreshTokenCountInvalidError()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue