Add and use new authorization endpoint
The guard for routes now uses this endpoint to validate an existing JWT when the app is refreshed - instead of automatically redirecting to the login page.
This commit is contained in:
Matthew Ross
parent
1ad9dfddaf
commit
c55f91811a
@ -124,13 +124,9 @@ class Auth extends BaseController {
|
|||||||
$user->last_login = time();
|
$user->last_login = time();
|
||||||
$user->save();
|
$user->save();
|
||||||
|
|
||||||
$user->security_level = $user->security_level->getValue();
|
|
||||||
unset($user->password_hash);
|
|
||||||
unset($user->active_token);
|
|
||||||
|
|
||||||
$this->apiJson->setSuccess();
|
$this->apiJson->setSuccess();
|
||||||
$this->apiJson->addData($jwt);
|
$this->apiJson->addData($jwt);
|
||||||
$this->apiJson->addData($user);
|
$this->apiJson->addData($this->sanitizeUser($user));
|
||||||
|
|
||||||
return $this->jsonResponse($response);
|
return $this->jsonResponse($response);
|
||||||
}
|
}
|
||||||
@ -164,8 +160,6 @@ class Auth extends BaseController {
|
|||||||
|
|
||||||
public function authenticate($request, $response, $args) {
|
public function authenticate($request, $response, $args) {
|
||||||
if (!$request->hasHeader('Authorization')) {
|
if (!$request->hasHeader('Authorization')) {
|
||||||
$this->apiJson->addData(false);
|
|
||||||
|
|
||||||
return $this->jsonResponse($response, 400);
|
return $this->jsonResponse($response, 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -174,17 +168,27 @@ class Auth extends BaseController {
|
|||||||
|
|
||||||
if ($payload === null) {
|
if ($payload === null) {
|
||||||
$this->apiJson->addAlert('error', 'Invalid access token.');
|
$this->apiJson->addAlert('error', 'Invalid access token.');
|
||||||
$this->apiJson->addData(false);
|
|
||||||
|
|
||||||
return $this->jsonResponse($response, 401);
|
return $this->jsonResponse($response, 401);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$user = new User($this->container, $payload->uid);
|
||||||
|
|
||||||
$this->apiJson->setSuccess();
|
$this->apiJson->setSuccess();
|
||||||
$this->apiJson->addData(true);
|
$this->apiJson->addData($jwt);
|
||||||
|
$this->apiJson->addData($this->sanitizeUser($user));
|
||||||
|
|
||||||
return $this->jsonResponse($response);
|
return $this->jsonResponse($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function sanitizeUser($user) {
|
||||||
|
$user->security_level = $user->security_level->getValue();
|
||||||
|
unset($user->password_hash);
|
||||||
|
unset($user->active_token);
|
||||||
|
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
|
||||||
private static function getJwtPayload($jwt) {
|
private static function getJwtPayload($jwt) {
|
||||||
try {
|
try {
|
||||||
$payload = JWT::decode($jwt, self::getJwtKey(), ['HS256']);
|
$payload = JWT::decode($jwt, self::getJwtKey(), ['HS256']);
|
||||||
|
|||||||
@ -1,7 +1,11 @@
|
|||||||
import { Injectable } from '@angular/core';
|
import { Injectable } from '@angular/core';
|
||||||
import { CanActivate, Router } from '@angular/router';
|
import { CanActivate, Router } from '@angular/router';
|
||||||
|
|
||||||
|
import { Observable } from 'rxjs/Observable';
|
||||||
|
import 'rxjs/add/observable/of';
|
||||||
|
|
||||||
import { AuthService } from './auth.service';
|
import { AuthService } from './auth.service';
|
||||||
|
import { ApiResponse } from '../index';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class AuthGuard implements CanActivate {
|
export class AuthGuard implements CanActivate {
|
||||||
@ -9,12 +13,7 @@ export class AuthGuard implements CanActivate {
|
|||||||
}
|
}
|
||||||
|
|
||||||
canActivate() {
|
canActivate() {
|
||||||
if (this.authService.isLoggedIn) {
|
return this.authService.authenticate();
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
this.router.navigate(['']);
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,6 @@
|
|||||||
import { Injectable } from '@angular/core';
|
import { Injectable } from '@angular/core';
|
||||||
import { Http, Response } from '@angular/http';
|
import { Http, Response, Headers } from '@angular/http';
|
||||||
|
import { Router } from '@angular/router';
|
||||||
|
|
||||||
import { Observable } from 'rxjs/Observable';
|
import { Observable } from 'rxjs/Observable';
|
||||||
import 'rxjs/add/observable/of';
|
import 'rxjs/add/observable/of';
|
||||||
@ -10,14 +11,38 @@ import { Constants } from '../constants';
|
|||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class AuthService {
|
export class AuthService {
|
||||||
activeUser: User;
|
activeUser: User = null;
|
||||||
isLoggedIn: boolean = false;
|
|
||||||
jwtKey: string;
|
jwtKey: string;
|
||||||
|
|
||||||
constructor(private http: Http, constants: Constants) {
|
constructor(constants: Constants, private http: Http, private router: Router) {
|
||||||
this.jwtKey = constants.TOKEN;
|
this.jwtKey = constants.TOKEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
authenticate(): Observable<boolean> {
|
||||||
|
let token = localStorage.getItem(this.jwtKey);
|
||||||
|
let header = new Headers({'Authorization': token});
|
||||||
|
|
||||||
|
return this.http.post('api/authenticate', token, { headers: header }).
|
||||||
|
map(res => {
|
||||||
|
let response: ApiResponse = res.json();
|
||||||
|
|
||||||
|
if (res.status === 200 && response.data.length) {
|
||||||
|
this.activeUser = response.data[1];
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}).
|
||||||
|
catch((res, caught) => {
|
||||||
|
let response: ApiResponse = res.json();
|
||||||
|
this.activeUser = null;
|
||||||
|
localStorage.removeItem(this.jwtKey);
|
||||||
|
|
||||||
|
this.router.navigate(['']);
|
||||||
|
|
||||||
|
return Observable.of(false);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
login(username: string, password: string,
|
login(username: string, password: string,
|
||||||
remember: boolean): Observable<ApiResponse> {
|
remember: boolean): Observable<ApiResponse> {
|
||||||
// TODO Add remember flag to API
|
// TODO Add remember flag to API
|
||||||
@ -29,32 +54,36 @@ export class AuthService {
|
|||||||
return this.http.post('api/login', json).
|
return this.http.post('api/login', json).
|
||||||
map(res => {
|
map(res => {
|
||||||
let response: ApiResponse = res.json();
|
let response: ApiResponse = res.json();
|
||||||
|
this.checkStatus(res);
|
||||||
if (res.status === 200) {
|
|
||||||
this.isLoggedIn = true;
|
|
||||||
this.activeUser = response.data[1];
|
|
||||||
|
|
||||||
localStorage.setItem(this.jwtKey, response.data[0])
|
|
||||||
}
|
|
||||||
|
|
||||||
return response;
|
return response;
|
||||||
}).
|
}).
|
||||||
catch((res, caught) => {
|
catch((res, caught) => {
|
||||||
let response: ApiResponse = res.json();
|
let response: ApiResponse = res.json();
|
||||||
|
this.checkStatus(res);
|
||||||
if (res.status === 401) {
|
|
||||||
this.activeUser = null;
|
|
||||||
this.isLoggedIn = false;
|
|
||||||
|
|
||||||
localStorage.removeItem(this.jwtKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
return Observable.of(response);
|
return Observable.of(response);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
logout(): void {
|
logout(): void {
|
||||||
this.isLoggedIn = false;
|
this.activeUser = null;
|
||||||
|
localStorage.removeItem(this.jwtKey);
|
||||||
|
|
||||||
|
this.router.navigate(['']);
|
||||||
|
}
|
||||||
|
|
||||||
|
private checkStatus(response: Response) {
|
||||||
|
if (response.status === 200) {
|
||||||
|
let apiResponse: ApiResponse = response.json();
|
||||||
|
|
||||||
|
this.activeUser = apiResponse.data[1];
|
||||||
|
localStorage.setItem(this.jwtKey, apiResponse.data[0])
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.status === 401) {
|
||||||
|
this.logout();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -147,14 +147,12 @@ class AuthTest extends PHPUnit_Framework_TestCase {
|
|||||||
|
|
||||||
$actual = $this->auth->authenticate($request, new ResponseMock(), null);
|
$actual = $this->auth->authenticate($request, new ResponseMock(), null);
|
||||||
$this->assertEquals('success', $actual->status);
|
$this->assertEquals('success', $actual->status);
|
||||||
$this->assertEquals(true, $actual->data[0]);
|
|
||||||
|
|
||||||
$this->auth = new Auth(new ContainerMock());
|
$this->auth = new Auth(new ContainerMock());
|
||||||
$request->hasHeader = false;
|
$request->hasHeader = false;
|
||||||
|
|
||||||
$actual = $this->auth->authenticate($request, new ResponseMock(), null);
|
$actual = $this->auth->authenticate($request, new ResponseMock(), null);
|
||||||
$this->assertEquals('failure', $actual->status);
|
$this->assertEquals('failure', $actual->status);
|
||||||
$this->assertEquals(false, $actual->data[0]);
|
|
||||||
|
|
||||||
$this->auth = new Auth(new ContainerMock());
|
$this->auth = new Auth(new ContainerMock());
|
||||||
$request = new RequestMock();
|
$request = new RequestMock();
|
||||||
@ -162,7 +160,6 @@ class AuthTest extends PHPUnit_Framework_TestCase {
|
|||||||
|
|
||||||
$actual = $this->auth->authenticate($request, new ResponseMock(), null);
|
$actual = $this->auth->authenticate($request, new ResponseMock(), null);
|
||||||
$this->assertEquals('failure', $actual->status);
|
$this->assertEquals('failure', $actual->status);
|
||||||
$this->assertEquals(false, $actual->data[0]);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user