From fbde3924f0fa304d5f89312bd81421e56d2b7820 Mon Sep 17 00:00:00 2001 From: Florian Nari Date: Fri, 12 Jul 2024 12:18:39 +0200 Subject: [PATCH] refactor: No longer use user_hash (require esup-otp-api => 1.6.0) --- package-lock.json | 52 ++++++++++++------------ package.json | 6 +-- properties/esup.json | 3 +- server/routes.js | 96 +++++++++++++++++++++++++++----------------- services/utils.js | 8 ---- 5 files changed, 89 insertions(+), 76 deletions(-) diff --git a/package-lock.json b/package-lock.json index 697ded4..458397b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "esup-otp-manager", - "version": "1.3.0", + "version": "1.4.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "esup-otp-manager", - "version": "1.3.0", + "version": "1.4.0", "license": "MIT", "dependencies": { "body-parser": "~1.20.2", @@ -25,18 +25,18 @@ "serve-favicon": "^2.5.0", "socket.io": "~4.7.4", "socket.io-client": "~4.7.4", - "sweetalert2": "^11.12.1", + "sweetalert2": "^11.12.2", "undici": "^6.19.2", "vue": "~2.7.16" }, "devDependencies": { - "@types/node": "^20.14.9" + "@types/node": "^20.14.10" } }, "node_modules/@babel/helper-string-parser": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.7.tgz", - "integrity": "sha512-7MbVt6xrwFQbunH2DNQsAP5sTGxfqQtErvBIvIMi6EQnbgUOuVYanvREcmFrOPhoXBrTtjhhP+lW+o5UfK+tDg==", + "version": "7.24.8", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.8.tgz", + "integrity": "sha512-pO9KhhRcuUyGnJWwyEgnRJTSIZHiT+vMD0kPeD+so0l7mxkMT19g3pjY9GTnHySck/hDzq+dtW/4VgnMkippsQ==", "engines": { "node": ">=6.9.0" } @@ -50,9 +50,9 @@ } }, "node_modules/@babel/parser": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.7.tgz", - "integrity": "sha512-9uUYRm6OqQrCqQdG1iCBwBPZgN8ciDBro2nIOFaiRz1/BCxaI7CNvQbDHvsArAC7Tw9Hda/B3U+6ui9u4HWXPw==", + "version": "7.24.8", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.8.tgz", + "integrity": "sha512-WzfbgXOkGzZiXXCqk43kKwZjzwx4oulxZi3nq2TYL9mOjQv6kYwul9mz6ID36njuL7Xkp6nJEfok848Zj10j/w==", "bin": { "parser": "bin/babel-parser.js" }, @@ -61,11 +61,11 @@ } }, "node_modules/@babel/types": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.24.7.tgz", - "integrity": "sha512-XEFXSlxiG5td2EJRe8vOmRbaXVgfcBlszKujvVmWIK/UpywWljQCfzAv3RQCGujWQ1RD4YYWEAqDXfuJiy8f5Q==", + "version": "7.24.9", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.24.9.tgz", + "integrity": "sha512-xm8XrMKz0IlUdocVbYJe0Z9xEgidU7msskG8BbhnTPK/HZ2z/7FP7ykqPgrUH+C+r414mNfNWam1f2vqOjqjYQ==", "dependencies": { - "@babel/helper-string-parser": "^7.24.7", + "@babel/helper-string-parser": "^7.24.8", "@babel/helper-validator-identifier": "^7.24.7", "to-fast-properties": "^2.0.0" }, @@ -92,9 +92,9 @@ } }, "node_modules/@types/node": { - "version": "20.14.9", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.9.tgz", - "integrity": "sha512-06OCtnTXtWOZBJlRApleWndH4JsRVs1pDCc8dLSQp+7PpUpX3ePdHyeNSFTeSe7FtKyQkrlPvHwJOW3SLd8Oyg==", + "version": "20.14.10", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.10.tgz", + "integrity": "sha512-MdiXf+nDuMvY0gJKxyfZ7/6UFsETO7mGKF54MVD/ekJS6HdFtpZFBgrh6Pseu64XTb2MLyFPlbW6hj8HYRQNOQ==", "dependencies": { "undici-types": "~5.26.4" } @@ -146,9 +146,9 @@ "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==" }, "node_modules/assert-never": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/assert-never/-/assert-never-1.2.1.tgz", - "integrity": "sha512-TaTivMB6pYI1kXwrFlEhLeGfOqoDNdTxjCdwRfFFkEA30Eu+k48W34nlok2EYWJfFFzqaEmichdNM7th6M5HNw==" + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/assert-never/-/assert-never-1.3.0.tgz", + "integrity": "sha512-9Z3vxQ+berkL/JJo0dK+EY3Lp0s3NtSnP3VCLsh5HDcZPrh0M+KQRK5sWhUeyPPH+/RCxZqOxLMR+YC6vlviEQ==" }, "node_modules/asynckit": { "version": "0.4.0", @@ -527,9 +527,9 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "node_modules/engine.io-parser": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.2.tgz", - "integrity": "sha512-RcyUFKA93/CXH20l4SoVvzZfrSDMOTUS3bWVpTt2FuFP+XYrL8i8oonHP7WInRyVHXh0n/ORtoeiE1os+8qkSw==", + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz", + "integrity": "sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==", "engines": { "node": ">=10.0.0" } @@ -1830,9 +1830,9 @@ } }, "node_modules/sweetalert2": { - "version": "11.12.1", - "resolved": "https://registry.npmjs.org/sweetalert2/-/sweetalert2-11.12.1.tgz", - "integrity": "sha512-xV3/YI7Ah6BeP+bXKcrHy1yn6duh8eqlX2TSI9I/rTIzGLYQvnnTa3mOIo5RHUobAjSmacC2IhPApxjvppZaEQ==", + "version": "11.12.2", + "resolved": "https://registry.npmjs.org/sweetalert2/-/sweetalert2-11.12.2.tgz", + "integrity": "sha512-Rwv5iRYlApkDSXeX22aLhhWMlWPzFxnNBVLZajkFKYhaVEfQkMOPQQRhBtSFxKBPCoko9U3SccWm9hI4o3Id0Q==", "funding": { "type": "individual", "url": "https://github.com/sponsors/limonte" diff --git a/package.json b/package.json index 571ce19..b9c0ee0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "esup-otp-manager", - "version": "1.3.0", + "version": "1.4.0", "private": true, "repository": { "type": "git", @@ -27,7 +27,7 @@ "serve-favicon": "^2.5.0", "socket.io": "~4.7.4", "socket.io-client": "~4.7.4", - "sweetalert2": "^11.12.1", + "sweetalert2": "^11.12.2", "undici": "^6.19.2", "vue": "~2.7.16" }, @@ -42,6 +42,6 @@ } }, "devDependencies": { - "@types/node": "^20.14.9" + "@types/node": "^20.14.10" } } diff --git a/properties/esup.json b/properties/esup.json index 2886c6c..052686f 100644 --- a/properties/esup.json +++ b/properties/esup.json @@ -5,9 +5,8 @@ "serviceBaseURL": "http://localhost:4000/" }, "port": "", - "api_url": "http://localhost:3000/", + "api_url": "http://localhost:3000", "api_password":"changeit", - "users_secret":"changeit", "session_secret_key": "changeit", "admins": ["john"], "admins_attributes": {"memberof": "cn=esup-otp.admin,ou=groups,dc=univ-ville,dc=fr"}, diff --git a/server/routes.js b/server/routes.js index b17b532..57d0b58 100644 --- a/server/routes.js +++ b/server/routes.js @@ -95,13 +95,6 @@ function isAdmin(req, res, next) { res.redirect('/login'); } -/** - * @returns hash for current user - */ -function getHash(req) { - return utils.get_hash(req.session.passport.user.uid); -} - function routing() { router.get('/', function(req, res) { res.render('index', { @@ -161,7 +154,8 @@ function routing() { //API router.get('/api/user', isUser, function(req, res) { request_otp_api(req, res, { - relUrl: 'users/' + req.session.passport.user.uid + '/' + getHash(req), + relUrl: '/protected/users/' + req.session.passport.user.uid, + bearerAuth: true, }); }); @@ -191,202 +185,230 @@ function routing() { router.get('/api/methods', isUser, function(req, res) { request_otp_api(req, res, { - relUrl: 'protected/methods/', bearerAuth: true, + relUrl: '/protected/methods/', + bearerAuth: true, }); }); router.put('/api/:method/activate', isUser, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'users/'+req.session.passport.user.uid+'/methods/'+req.params.method+'/activate/' + getHash(req), + relUrl: '/protected/users/'+req.session.passport.user.uid+'/methods/'+req.params.method+'/activate', + bearerAuth: true, }); }); router.post('/api/:method/activate/confirm/:activation_code', isUser, function(req, res) { request_otp_api(req, res, { method: 'POST', - relUrl: 'users/' + req.session.passport.user.uid + '/methods/' + req.params.method + '/activate/' + req.params.activation_code + '/' + getHash(req), + relUrl: '/protected/users/' + req.session.passport.user.uid + '/methods/' + req.params.method + '/activate/' + req.params.activation_code, + bearerAuth: true, }); }); router.post('/api/admin/:method/activate/confirm/:activation_code/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'POST', - relUrl: 'protected/users/' + req.params.uid + '/methods/' + req.params.method + '/activate/' + req.params.activation_code, bearerAuth: true + relUrl: '/protected/users/' + req.params.uid + '/methods/' + req.params.method + '/activate/' + req.params.activation_code, + bearerAuth: true, }); }); router.post('/api/:method/confirm_activate', isUser, function(req, res) { request_otp_api(req, res, { method: 'POST', - relUrl: 'users/' + req.session.passport.user.uid + '/methods/' + req.params.method + '/confirm_activate/' + getHash(req), + relUrl: '/protected/users/' + req.session.passport.user.uid + '/methods/' + req.params.method + '/confirm_activate/', + bearerAuth: true, }); }); router.post('/api/:method/auth/:authenticator_id', isUser, function(req, res) { request_otp_api(req, res, { method: 'POST', - relUrl: `users/${req.session.passport.user.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}/${getHash(req)}`, + relUrl: `/protected/users/${req.session.passport.user.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}`, + bearerAuth: true, }); }); router.delete('/api/:method/auth/:authenticator_id', isUser, function(req, res) { request_otp_api(req, res, { method: 'DELETE', - relUrl: `users/${req.session.passport.user.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}/${getHash(req)}`, + relUrl: `/protected/users/${req.session.passport.user.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}`, + bearerAuth: true, }); }); router.post('/api/admin/:method/confirm_activate/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'POST', - relUrl: 'protected/users/' + req.params.uid + '/methods/' + req.params.method + '/confirm_activate/', bearerAuth: true, + relUrl: '/protected/users/' + req.params.uid + '/methods/' + req.params.method + '/confirm_activate/', + bearerAuth: true, }); }); router.post('/api/admin/:method/auth/:authenticator_id/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'POST', - relUrl: `protected/users/${req.params.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}/`, bearerAuth: true, + relUrl: `/protected/users/${req.params.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}/`, + bearerAuth: true, }); }); router.delete('/api/admin/:method/auth/:authenticator_id/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'DELETE', - relUrl: `protected/users/${req.params.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}/`, bearerAuth: true, + relUrl: `/protected/users/${req.params.uid}/methods/${req.params.method}/auth/${req.params.authenticator_id}/`, + bearerAuth: true, }); }); router.put('/api/:method/deactivate', isUser, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'users/'+req.session.passport.user.uid+'/methods/'+req.params.method+'/deactivate/' + getHash(req), + relUrl: '/protected/users/'+req.session.passport.user.uid+'/methods/'+req.params.method+'/deactivate/', + bearerAuth: true, }); }); router.put('/api/transport/:transport/:new_transport', isUser, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'users/'+ req.session.passport.user.uid +'/transports/'+req.params.transport+'/'+req.params.new_transport+'/' + getHash(req), + relUrl: '/protected/users/'+ req.session.passport.user.uid +'/transports/'+req.params.transport+'/'+req.params.new_transport, + bearerAuth: true, }); }); router.put('/api/admin/transport/:transport/:new_transport/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'protected/users/'+ req.params.uid +'/transports/'+req.params.transport+'/'+req.params.new_transport+'/', bearerAuth: true, + relUrl: '/protected/users/'+ req.params.uid +'/transports/'+req.params.transport+'/'+req.params.new_transport+'/', + bearerAuth: true, }); }); router.get('/api/transport/:transport/:new_transport/test', isUser, function(req, res) { request_otp_api(req, res, { method: 'GET', - relUrl: 'users/' + req.session.passport.user.uid + '/transports/' + req.params.transport + '/' + req.params.new_transport + '/test/' + getHash(req), + relUrl: '/protected/users/' + req.session.passport.user.uid + '/transports/' + req.params.transport + '/' + req.params.new_transport + '/test/', + bearerAuth: true, }); }); router.get('/api/admin/transport/:transport/:new_transport/test/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'GET', - relUrl: 'protected/users/' + req.params.uid + '/transports/' + req.params.transport + '/' + req.params.new_transport + '/test', bearerAuth: true, + relUrl: '/protected/users/' + req.params.uid + '/transports/' + req.params.transport + '/' + req.params.new_transport + '/test', + bearerAuth: true, }); }); router.delete('/api/transport/:transport/', isUser, function(req, res) { request_otp_api(req, res, { method: 'DELETE', - relUrl: 'users/'+ req.session.passport.user.uid +'/transports/'+req.params.transport+'/' + getHash(req), + relUrl: '/protected/users/'+ req.session.passport.user.uid +'/transports/'+req.params.transport, + bearerAuth: true, }); }); router.delete('/api/admin/transport/:transport/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'DELETE', - relUrl: 'protected/users/'+ req.params.uid +'/transports/'+req.params.transport+'/', bearerAuth: true, + relUrl: '/protected/users/'+ req.params.uid +'/transports/'+req.params.transport+'/', + bearerAuth: true, }); }); router.post('/api/generate/:method', isUser, function(req, res) { - var uri = 'users/'+ req.session.passport.user.uid + '/methods/' + req.params.method + '/secret/' + getHash(req); + var uri = '/protected/users/'+ req.session.passport.user.uid + '/methods/' + req.params.method + '/secret'; if(req.query.require_method_validation === 'true') { uri += '?require_method_validation=true'; } request_otp_api(req, res, { method: 'POST', relUrl: uri, + bearerAuth: true, }); }); router.get('/api/admin/users', isManager, function(req, res) { request_otp_api(req, res, { - relUrl: 'admin/users/', bearerAuth: true, + relUrl: '/admin/users/', + bearerAuth: true, }); }); router.get('/api/admin/user/:uid', isManager, function(req, res) { request_otp_api(req, res, { - relUrl: 'protected/users/' + req.params.uid, bearerAuth: true, + relUrl: '/protected/users/' + req.params.uid, + bearerAuth: true, }); }); router.put('/api/admin/:uid/:method/activate', isManager, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'protected/users/'+ req.params.uid + '/methods/' + req.params.method + '/activate/', bearerAuth: true, + relUrl: '/protected/users/'+ req.params.uid + '/methods/' + req.params.method + '/activate/', + bearerAuth: true, }); }); router.put('/api/admin/:uid/:method/deactivate', isManager, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'protected/users/'+ req.params.uid + '/methods/' + req.params.method + '/deactivate/', bearerAuth: true, + relUrl: '/protected/users/'+ req.params.uid + '/methods/' + req.params.method + '/deactivate/', + bearerAuth: true, }); }); router.put('/api/admin/:method/activate', isAdmin, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'admin/methods/' + req.params.method + '/activate/', bearerAuth: true, + relUrl: '/admin/methods/' + req.params.method + '/activate/', + bearerAuth: true, }); }); router.put('/api/admin/:method/deactivate', isAdmin, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'admin/methods/' + req.params.method + '/deactivate/', bearerAuth: true, + relUrl: '/admin/methods/' + req.params.method + '/deactivate/', + bearerAuth: true, }); }); router.put('/api/admin/:method/transport/:transport/activate', isAdmin, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'admin/methods/' + req.params.method + '/transports/'+req.params.transport+'/activate/', bearerAuth: true, + relUrl: '/admin/methods/' + req.params.method + '/transports/'+req.params.transport+'/activate/', + bearerAuth: true, }); }); router.put('/api/admin/:method/transport/:transport/deactivate', isAdmin, function(req, res) { request_otp_api(req, res, { method: 'PUT', - relUrl: 'admin/methods/' + req.params.method + '/transports/'+req.params.transport+'/deactivate/', bearerAuth: true, + relUrl: '/admin/methods/' + req.params.method + '/transports/'+req.params.transport+'/deactivate/', + bearerAuth: true, }); }); router.post('/api/admin/generate/:method/:uid', isManager, function(req, res) { - var uri = 'protected/users/'+ req.params.uid + '/methods/' + req.params.method + '/secret/'; + var uri = '/protected/users/'+ req.params.uid + '/methods/' + req.params.method + '/secret/'; if(req.query.require_method_validation === 'true') { uri += '?require_method_validation=true'; } request_otp_api(req, res, { method: 'POST', - relUrl: uri, bearerAuth: true, + relUrl: uri, + bearerAuth: true, }); }); router.delete('/api/admin/delete_method_secret/:method/:uid', isManager, function(req, res) { request_otp_api(req, res, { method: 'DELETE', - relUrl: 'admin/users/'+req.params.uid +'/methods/' + req.params.method+ '/secret/', bearerAuth: true, + relUrl: '/admin/users/'+req.params.uid +'/methods/' + req.params.method+ '/secret/', + bearerAuth: true, }); }); } diff --git a/services/utils.js b/services/utils.js index 5a9cf2b..b7a9a7c 100644 --- a/services/utils.js +++ b/services/utils.js @@ -1,14 +1,6 @@ var properties = require(__dirname+'/../properties/properties'); var CryptoJS = require('crypto-js'); -exports.get_hash = function(uid) { - var d = new Date(); - var present_salt = d.getUTCDate()+d.getUTCHours().toString(); - console.log("present-salt for "+uid+": "+present_salt); - present_hash = CryptoJS.SHA256(CryptoJS.MD5(properties.esup.users_secret).toString()+uid+present_salt).toString(); - return present_hash; -} - exports.is_admin = function(user){ var result = false; if(properties.esup.admins.includes(user.uid)) {