Commit 5826bda2 authored by Sébastien DA ROCHA's avatar Sébastien DA ROCHA
Browse files

OIDC versions of user add/del/renew resources

parent eb718584
Pipeline #8782 passed with stage
in 6 seconds
......@@ -265,7 +265,7 @@ export class LegacyController {
const token: JWTToken = req.headers.token;
try {
let userServices;
if (token.authzKey == null) {
if (token.authzKey == null) { // is OIDC token
userServices = await this.legacyServiceOidc.getUserResources(token.email);
} else {
userServices = await this.legacyService.getUserResources(token.username, token.authzKey);
......@@ -307,6 +307,14 @@ export class LegacyController {
@Post('user/resources/renew')
@ApiOperation({ title: 'Renew access to a restricted access dataset for an existing user.' })
@ApiImplicitHeader({
name: 'Cookie',
description: 'The JWT token containing user information',
})
@ApiImplicitHeader({
name: 'X-Xsrf-Token',
description: 'Cross Site reference token contained in the JWT token',
})
@ApiImplicitHeader({
name: 'Cookie',
description: 'The JWT token is sent by the browser as a cookie (refer to the config of the Authentication project to know which key is used)',
......@@ -320,7 +328,11 @@ export class LegacyController {
async renewUserResource(@Req() req, @Body() body: AccessRequest[]) {
const token: JWTToken = req.headers.token;
try {
return await this.legacyService.renewUserResource(token, body);
if (token.authzKey == null) { // is OIDC token
return await this.legacyServiceOidc.renewUserResource(token, body);
} else {
return await this.legacyService.renewUserResource(token, body);
}
} catch (error) {
if (error instanceof HttpException) {
throw error;
......@@ -343,7 +355,12 @@ export class LegacyController {
async deleteUserResource(@Req() req, @Body() body) {
const token: JWTToken = req.headers.token;
try {
return await this.legacyService.deleteUserResource(token, body);
if (token.authzKey == null) { // is OIDC token
return await this.legacyServiceOidc.deleteUserResource(token, body);
} else {
return await this.legacyService.deleteUserResource(token, body);
}
} catch (error) {
if (error instanceof HttpException) {
throw error;
......
......@@ -149,12 +149,6 @@ export class LegacyServiceOIDC extends LegacyService {
async addUserResource(token: JWTToken, accessRequests: AccessRequest[]): Promise<AccessRequestResponse> {
this.logger.log('Entering function', `${LegacyServiceOIDC.name} - ${this.addUserResource.name}`);
try {
// Decrypt the password
const password = decrypt(token.authzKey, await this.configService.getPrivateKey());
if (!password) {
throw new UnauthorizedException('Invalid user credentials.');
}
// Get the list of datasets
const datasets = await this.getRestrictedAccessDatasets();
......@@ -169,8 +163,7 @@ export class LegacyServiceOIDC extends LegacyService {
// Request access the the specified service and the specified modes
let res = await request.post(`${this.conf.legacyAuthServiceUrl}/add_user_service/`).form(
{
password,
username: token.username,
username: token.email,
service_id: accessRequest.id,
modes: accessRequest.servicesId.toString(),
},
......@@ -251,16 +244,8 @@ export class LegacyServiceOIDC extends LegacyService {
async renewUserResource(token: JWTToken, accessRequests: AccessRequest[]): Promise<AccessRenewalResponse> {
this.logger.log('Entering function', `${LegacyServiceOIDC.name} - ${this.renewUserResource.name}`);
try {
// Decrypt the password
const password = decrypt(token.authzKey, await this.configService.getPrivateKey());
if (!password) {
this.logger.warn('Invalid user credentials.', `${LegacyServiceOIDC.name} - ${this.renewUserResource.name}`);
throw new UnauthorizedException('Invalid user credentials.');
}
// Get the list of user access
const userAccess = await this.getUserResources(token.username);
const userAccess = await this.getUserResources(token.email);
// Get the list of datasets
const datasets = await this.getRestrictedAccessDatasets();
// Get the list of services
......@@ -354,13 +339,6 @@ export class LegacyServiceOIDC extends LegacyService {
async deleteUserResource(token: JWTToken, accessRequests: AccessRequest[]): Promise<AccessDeletionResponse> {
this.logger.log('Entering function', `${LegacyServiceOIDC.name} - ${this.deleteUserResource.name}`);
try {
// Decrypt the password
const password = decrypt(token.authzKey, await this.configService.getPrivateKey());
if (!password) {
this.logger.warn('Invalid user credentials.', `${LegacyServiceOIDC.name} - ${this.deleteUserResource.name}`);
throw new UnauthorizedException('Invalid user credentials.');
}
// Get the list of datasets
const datasets = await this.getRestrictedAccessDatasets();
......@@ -373,10 +351,9 @@ export class LegacyServiceOIDC extends LegacyService {
for (const accessRequest of accessRequests) {
// Delete access to the specified service and the specified modes
let res = await request.post(`${this.conf.legacyAuthServiceUrl}/del_user_service/`).form(
let res = await request.post(`${this.conf.legacyAuthServiceUrl}/del_user_service_oidc/`).form(
{
password,
username: token.username,
username: token.email,
service_id: accessRequest.id,
modes: accessRequest.servicesId.toString(),
},
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment