Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-24 22:41:28 -05:00
Code Issues Activity

chore: revert "Merge pull request #1927 from logto-io/sijie-log-4160-… (#1939)

Browse source 
* chore: revert "Merge pull request #1927 from logto-io/sijie-log-4160-protected-access"

This reverts commit 0567fc6347, reversing
changes made to c01384141d.

* chore: revert "feat(core): add ts to interaction result (#1917)"

This reverts commit e01042cbcd.
This commit is contained in:
wangsijie 2022-09-16 17:01:34 +08:00 committed by GitHub
parent 49b430394d
commit 0ca0096d0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 14 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
packages/core/src/lib/session.ts
View file

@ -1,11 +1,7 @@
import { conditional } from '@silverhand/essentials';
import dayjs from 'dayjs';
import { Context } from 'koa';
import { InteractionResults, Provider } from 'oidc-provider';
import RequestError from '@/errors/RequestError';
import { findUserById, updateUserById } from '@/queries/user';
import { maskUserInfo } from '@/utils/format';
export const assignInteractionResults = async (
ctx: Context,
@ -18,59 +14,20 @@ export const assignInteractionResults = async (
// have to do it manually
// refer to: https://github.com/panva/node-oidc-provider/blob/c243bf6b6663c41ff3e75c09b95fb978eba87381/lib/actions/authorization/interactions.js#L106
const details = merge ? await provider.interactionDetails(ctx.req, ctx.res) : undefined;
const ts = dayjs().unix();
const mergedResult = {
// Merge with current result
...details?.result,
...result,
};
const redirectTo = await provider.interactionResult(
ctx.req,
ctx.res,
{
...mergedResult,
login: mergedResult.login
? {
...mergedResult.login,
// Update ts(timestamp) if the accountId is been set in result
ts: result.login?.accountId ? ts : mergedResult.login.ts,
}
: undefined,
// Merge with current result
...details?.result,
...result,
},
{
mergeWithLastSubmission: merge,
}
);
ctx.body = { redirectTo, ts };
};
export const checkProtectedAccess = async (
ctx: Context,
provider: Provider,
lifetime = 10 * 60
) => {
const { result } = await provider.interactionDetails(ctx.req, ctx.res);
if (!result?.login?.accountId) {
throw new RequestError('auth.unauthorized');
}
if (!result.login.ts || result.login.ts < dayjs().unix() - lifetime) {
const user = await findUserById(result.login.accountId);
throw new RequestError('auth.require_re_authentication', {
username: conditional(
user.username && maskUserInfo({ type: 'username', value: user.username })
),
phone: conditional(
user.primaryPhone && maskUserInfo({ type: 'phone', value: user.primaryPhone })
),
email: conditional(
user.primaryEmail && maskUserInfo({ type: 'email', value: user.primaryEmail })
),
});
}
ctx.body = { redirectTo };
};
export const saveUserFirstConsentedAppId = async (userId: string, applicationId: string) => {

12
packages/core/src/routes/session/passwordless.test.ts
View file

@ -97,8 +97,7 @@ describe('session -> passwordlessRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'id' }) }),
expect.objectContaining({ login: { accountId: 'id' } }),
expect.anything()
);
});
@ -147,8 +146,7 @@ describe('session -> passwordlessRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'id' }) }),
expect.objectContaining({ login: { accountId: 'id' } }),
expect.anything()
);
});
@ -216,8 +214,7 @@ describe('session -> passwordlessRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'user1' }) }),
expect.objectContaining({ login: { accountId: 'user1' } }),
expect.anything()
);
});
@ -294,8 +291,7 @@ describe('session -> passwordlessRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'user1' }) }),
expect.objectContaining({ login: { accountId: 'user1' } }),
expect.anything()
);
});

9
packages/core/src/routes/session/social.test.ts
View file

@ -223,8 +223,7 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'id' }) }),
expect.objectContaining({ login: { accountId: 'id' } }),
expect.anything()
);
});
@ -310,8 +309,7 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'user1' }) }),
expect.objectContaining({ login: { accountId: 'user1' } }),
expect.anything()
);
});
@ -348,8 +346,7 @@ describe('session -> socialRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'user1' }) }),
expect.objectContaining({ login: { accountId: 'user1' } }),
expect.anything()
);
});

6
packages/core/src/routes/session/username-password.test.ts
View file

@ -111,8 +111,7 @@ describe('sessionRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'user1' }) }),
expect.objectContaining({ login: { accountId: 'user1' } }),
expect.anything()
);
});
@ -181,8 +180,7 @@ describe('sessionRoutes', () => {
expect(interactionResult).toHaveBeenCalledWith(
expect.anything(),
expect.anything(),
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
expect.objectContaining({ login: expect.objectContaining({ accountId: 'user1' }) }),
expect.objectContaining({ login: { accountId: 'user1' } }),
expect.anything()
);
});

12
packages/core/src/utils/format.ts
View file

@ -1,10 +1,4 @@
export const maskUserInfo = ({
type,
value,
}: {
type: 'email' | 'phone' | 'username';
value: string;
}) => {
export const maskUserInfo = ({ type, value }: { type: 'email' | 'phone'; value: string }) => {
if (!value) {
return value;
}
@ -13,10 +7,6 @@ export const maskUserInfo = ({
return `****${value.slice(-4)}`;
}
if (type === 'username') {
return `****${value.slice(-2)}`;
}
const [name = '', domain = ''] = value.split('@');
const preview = name.length > 4 ? `${name.slice(0, 4)}` : '';

1
packages/phrases/src/locales/en/errors.ts
View file

@ -7,7 +7,6 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: 'Missing `sub` in JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.',
},
guard: {
invalid_input: 'The request {{type}} is invalid.',

1
packages/phrases/src/locales/fr/errors.ts
View file

@ -8,7 +8,6 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: '`sub` manquant dans JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: "La requête {{type}} n'est pas valide.",

1
packages/phrases/src/locales/ko-kr/errors.ts
View file

@ -7,7 +7,6 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: 'JWT에서 `sub`를 찾을 수 없어요.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: '{{type}} 요청 타입은 유효하지 않아요.',

1
packages/phrases/src/locales/pt-pt/errors.ts
View file

@ -6,7 +6,6 @@ const errors = {
forbidden: 'Proibido. Verifique os seus cargos e permissões.',
expected_role_not_found: 'Role esperado não encontrado. Verifique os seus cargos e permissões.',
jwt_sub_missing: 'Campo `sub` está ausente no JWT.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: 'O pedido {{type}} é inválido.',

1
packages/phrases/src/locales/tr-tr/errors.ts
View file

@ -7,7 +7,6 @@ const errors = {
expected_role_not_found:
'Expected role not found. Please check your user roles and permissions.',
jwt_sub_missing: 'JWTde `sub` eksik.',
require_re_authentication: 'Re-authentication is required to perform a protected action.', // UNTRANSLATED
},
guard: {
invalid_input: 'İstek {{type}} geçersiz.',

1
packages/phrases/src/locales/zh-cn/errors.ts
View file

@ -6,7 +6,6 @@ const errors = {
forbidden: '禁止访问。请检查用户 role 与权限。',
expected_role_not_found: '未找到期望的 role。请检查用户 role 与权限。',
jwt_sub_missing: 'JWT 缺失 `sub`',
require_re_authentication: '需要重新认证以进行受保护操作。',
},
guard: {
invalid_input: '请求中 {{type}} 无效',