Commit eb8b7d07 authored by Sébastien DA ROCHA's avatar Sébastien DA ROCHA
Browse files

Create OIDC account on the legacy auth

parent b5e45d9b
Pipeline #8682 passed with stage
in 1 minute and 10 seconds
{
"name": "legacy-auth-middleware",
"version": "3.2.2",
"version": "3.2.6",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
......@@ -98,14 +98,19 @@
"optional": true
},
"@nestjs/swagger": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/@nestjs/swagger/-/swagger-3.0.2.tgz",
"integrity": "sha512-7cmOqa3MoK3ZXThECa3RCe5s5Bppm66DqDRz+nfTp5k2oGoFHX9t45jNU8P5aANCIEi1nA3TYwvEAGgZdV8WbA==",
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/@nestjs/swagger/-/swagger-3.1.0.tgz",
"integrity": "sha512-12J7cEcj1K2TtCrxVktRrdW6j5bT7BaruNXPlyzBjs3uJopLLOYSR7j5+2JvlPK+uQcnnZFIOiffYEXoozm/zg==",
"requires": {
"lodash": "4.17.11",
"lodash": "4.17.14",
"path-to-regexp": "3.0.0"
},
"dependencies": {
"lodash": {
"version": "4.17.14",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.14.tgz",
"integrity": "sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw=="
},
"path-to-regexp": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.0.0.tgz",
......@@ -165,7 +170,8 @@
"@protobufjs/aspromise": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
"integrity": "sha1-m4sMxmPWaafY9vXQiToU00jzD78="
"integrity": "sha1-m4sMxmPWaafY9vXQiToU00jzD78=",
"optional": true
},
"@protobufjs/base64": {
"version": "1.1.2",
......@@ -204,7 +210,8 @@
"@protobufjs/inquire": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.0.tgz",
"integrity": "sha1-/yAOPnzyQp4tyvwRQIKOjMY48Ik="
"integrity": "sha1-/yAOPnzyQp4tyvwRQIKOjMY48Ik=",
"optional": true
},
"@protobufjs/path": {
"version": "1.1.2",
......@@ -662,7 +669,8 @@
"any-promise": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
"integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
"integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8=",
"optional": true
},
"anymatch": {
"version": "2.0.0",
......@@ -1754,7 +1762,8 @@
"bson": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/bson/-/bson-1.1.1.tgz",
"integrity": "sha512-jCGVYLoYMHDkOsbwJZBCqwMHyH4c+wzgI9hG7Z6SZJRXWr+x58pdIbm2i9a/jFGCkRJqRUr8eoI7lDWa0hTkxg=="
"integrity": "sha512-jCGVYLoYMHDkOsbwJZBCqwMHyH4c+wzgI9hG7Z6SZJRXWr+x58pdIbm2i9a/jFGCkRJqRUr8eoI7lDWa0hTkxg==",
"optional": true
},
"buffer": {
"version": "4.9.1",
......@@ -1788,7 +1797,8 @@
"buffer-more-ints": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/buffer-more-ints/-/buffer-more-ints-1.0.0.tgz",
"integrity": "sha512-EMetuGFz5SLsT0QTnXzINh4Ksr+oo4i+UGTXEshiGCQWnsgSs7ZhJ8fzlwQ+OzEMs0MpDAMr1hxnblp5a4vcHg=="
"integrity": "sha512-EMetuGFz5SLsT0QTnXzINh4Ksr+oo4i+UGTXEshiGCQWnsgSs7ZhJ8fzlwQ+OzEMs0MpDAMr1hxnblp5a4vcHg==",
"optional": true
},
"buffer-xor": {
"version": "1.0.3",
......@@ -2173,7 +2183,8 @@
"ansi-regex": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
"integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="
"integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==",
"optional": true
},
"camelcase": {
"version": "5.3.1",
......@@ -2337,6 +2348,7 @@
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
"integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
"optional": true,
"requires": {
"emoji-regex": "^7.0.1",
"is-fullwidth-code-point": "^2.0.0",
......@@ -2347,6 +2359,7 @@
"version": "5.2.0",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
"integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
"optional": true,
"requires": {
"ansi-regex": "^4.1.0"
}
......@@ -3129,7 +3142,8 @@
"emoji-regex": {
"version": "7.0.3",
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
"integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA=="
"integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==",
"optional": true
},
"emojis-list": {
"version": "2.1.0",
......@@ -4719,7 +4733,8 @@
},
"ansi-regex": {
"version": "2.1.1",
"bundled": true
"bundled": true,
"optional": true
},
"aproba": {
"version": "1.2.0",
......@@ -4737,11 +4752,13 @@
},
"balanced-match": {
"version": "1.0.0",
"bundled": true
"bundled": true,
"optional": true
},
"brace-expansion": {
"version": "1.1.11",
"bundled": true,
"optional": true,
"requires": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
......@@ -4771,15 +4788,18 @@
},
"code-point-at": {
"version": "1.1.0",
"bundled": true
"bundled": true,
"optional": true
},
"concat-map": {
"version": "0.0.1",
"bundled": true
"bundled": true,
"optional": true
},
"console-control-strings": {
"version": "1.1.0",
"bundled": true
"bundled": true,
"optional": true
},
"core-util-is": {
"version": "1.0.2",
......@@ -4861,7 +4881,8 @@
},
"inherits": {
"version": "2.0.3",
"bundled": true
"bundled": true,
"optional": true
},
"ini": {
"version": "1.3.5",
......@@ -4871,6 +4892,7 @@
"is-fullwidth-code-point": {
"version": "1.0.0",
"bundled": true,
"optional": true,
"requires": {
"number-is-nan": "^1.0.0"
}
......@@ -4883,6 +4905,7 @@
"minimatch": {
"version": "3.0.4",
"bundled": true,
"optional": true,
"requires": {
"brace-expansion": "^1.1.7"
}
......@@ -4895,6 +4918,7 @@
"minipass": {
"version": "2.3.5",
"bundled": true,
"optional": true,
"requires": {
"safe-buffer": "^5.1.2",
"yallist": "^3.0.0"
......@@ -4911,13 +4935,15 @@
"mkdirp": {
"version": "0.5.1",
"bundled": true,
"optional": true,
"requires": {
"minimist": "0.0.8"
},
"dependencies": {
"minimist": {
"version": "0.0.8",
"bundled": true
"bundled": true,
"optional": true
}
}
},
......@@ -5005,7 +5031,8 @@
},
"number-is-nan": {
"version": "1.0.1",
"bundled": true
"bundled": true,
"optional": true
},
"object-assign": {
"version": "4.1.1",
......@@ -5015,6 +5042,7 @@
"once": {
"version": "1.4.0",
"bundled": true,
"optional": true,
"requires": {
"wrappy": "1"
}
......@@ -5119,7 +5147,8 @@
},
"safe-buffer": {
"version": "5.1.2",
"bundled": true
"bundled": true,
"optional": true
},
"safer-buffer": {
"version": "2.1.2",
......@@ -5149,6 +5178,7 @@
"string-width": {
"version": "1.0.2",
"bundled": true,
"optional": true,
"requires": {
"code-point-at": "^1.0.0",
"is-fullwidth-code-point": "^1.0.0",
......@@ -5166,6 +5196,7 @@
"strip-ansi": {
"version": "3.0.1",
"bundled": true,
"optional": true,
"requires": {
"ansi-regex": "^2.0.0"
}
......@@ -5204,11 +5235,13 @@
},
"wrappy": {
"version": "1.0.2",
"bundled": true
"bundled": true,
"optional": true
},
"yallist": {
"version": "3.0.3",
"bundled": true
"bundled": true,
"optional": true
},
"yargs": {
"version": "3.32.0",
......@@ -5744,7 +5777,8 @@
"is-negated-glob": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/is-negated-glob/-/is-negated-glob-1.0.0.tgz",
"integrity": "sha1-aRC8pdqMleeEtXUbl2z1oQ/uNtI="
"integrity": "sha1-aRC8pdqMleeEtXUbl2z1oQ/uNtI=",
"optional": true
},
"is-npm": {
"version": "1.0.0",
......@@ -7144,6 +7178,7 @@
"version": "3.2.5",
"resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-3.2.5.tgz",
"integrity": "sha512-czmFd/7Cy+PxItL5KewYgkKTJGb2JyC1PdIdLBVGHER4Vsgu/A+fXDDNO+PLuyHNdh7qbH2XyLP4HHAifgBBoQ==",
"optional": true,
"requires": {
"bson": "^1.1.1",
"require_optional": "^1.0.1",
......@@ -8846,7 +8881,8 @@
"regexp-clone": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/regexp-clone/-/regexp-clone-0.0.1.tgz",
"integrity": "sha1-p8LgmJH9vzj7sQ03b7cwA+aKxYk="
"integrity": "sha1-p8LgmJH9vzj7sQ03b7cwA+aKxYk=",
"optional": true
},
"registry-auth-token": {
"version": "3.3.2",
......@@ -8959,6 +8995,7 @@
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/require_optional/-/require_optional-1.0.1.tgz",
"integrity": "sha512-qhM/y57enGWHAe3v/NcwML6a3/vfESLe/sGM2dII+gEO0BpKRUkWZow/tyloNqJyN6kXSl3RyyM8Ll5D/sJP8g==",
"optional": true,
"requires": {
"resolve-from": "^2.0.0",
"semver": "^5.1.0"
......@@ -8967,7 +9004,8 @@
"resolve-from": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-2.0.0.tgz",
"integrity": "sha1-lICrIOlP+h2egKgEx+oUdhGWa1c="
"integrity": "sha1-lICrIOlP+h2egKgEx+oUdhGWa1c=",
"optional": true
}
}
},
......@@ -9587,7 +9625,8 @@
"sliced": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/sliced/-/sliced-1.0.1.tgz",
"integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E="
"integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E=",
"optional": true
},
"snapdragon": {
"version": "0.8.2",
......@@ -10128,14 +10167,14 @@
}
},
"swagger-ui-dist": {
"version": "3.22.2",
"resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-3.22.2.tgz",
"integrity": "sha512-37RuIYRKjFfoLPctzA2dWvBMJjWa1GLc0NgmubuRbr16b3pSuf9S0rY+82l6F86VV4xlgdPiLMcOZhqcIg/OOg=="
"version": "3.36.2",
"resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-3.36.2.tgz",
"integrity": "sha512-jbxorhRC/FKk8yMx5zEbg1A1sXc/vsW2vrDTJ3clmaMr9F12zsy161kwnxjVt/vVkMglDOz+BC8ZMY01toxHwA=="
},
"swagger-ui-express": {
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-4.0.4.tgz",
"integrity": "sha512-3wRDxbk2wvJi9c4jfBeLz4+JHMYlS4JaDDwZmGqDQmiVq4hgHLpEATgeuyFvX1L5+G9k0lwOLuMOJiC8Rg4Edw==",
"version": "4.1.4",
"resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-4.1.4.tgz",
"integrity": "sha512-Ea96ecpC+Iq9GUqkeD/LFR32xSs8gYqmTW1gXCuKg81c26WV6ZC2FsBSPVExQP6WkyUuz5HEiR0sEv/HCC343g==",
"requires": {
"swagger-ui-dist": "^3.18.1"
}
......@@ -10998,7 +11037,8 @@
"ansi-regex": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
"integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="
"integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==",
"optional": true
},
"buffer": {
"version": "5.2.1",
......@@ -11220,6 +11260,7 @@
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
"integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
"optional": true,
"requires": {
"emoji-regex": "^7.0.1",
"is-fullwidth-code-point": "^2.0.0",
......@@ -11230,6 +11271,7 @@
"version": "5.2.0",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
"integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
"optional": true,
"requires": {
"ansi-regex": "^4.1.0"
}
......
......@@ -23,7 +23,7 @@
"@godaddy/terminus": "^4.1.2",
"@nestjs/common": "^5.1.0",
"@nestjs/core": "^5.1.0",
"@nestjs/swagger": "^3.0.2",
"@nestjs/swagger": "^3.1.0",
"@nestjs/terminus": "^5.6.0",
"class-transformer": "^0.2.0",
"class-validator": "^0.9.1",
......@@ -39,7 +39,7 @@
"request-promise-native": "^1.0.5",
"rxjs": "^6.2.2",
"serve-favicon": "^2.5.0",
"swagger-ui-express": "^4.0.2",
"swagger-ui-express": "^4.1.4",
"typescript": "^3.0.1",
"uuid": "^3.3.2"
},
......@@ -77,4 +77,4 @@
"coverageDirectory": "../coverage",
"testEnvironment": "node"
}
}
\ No newline at end of file
}
......@@ -22,6 +22,7 @@ export class AppModule {
.apply(VerifyXsrfTokenAndDecodeJWTPayloadMiddleware).forRoutes(
{ path: 'user', method: RequestMethod.GET },
{ path: 'user', method: RequestMethod.DELETE },
{ path: 'user/createOidcAccount', method: RequestMethod.POST },
{ path: 'user/resources', method: RequestMethod.GET },
{ path: 'user/resources/add', method: RequestMethod.POST },
{ path: 'user/resources/renew', method: RequestMethod.POST },
......
......@@ -78,6 +78,32 @@ export class LegacyController {
}
}
@Post('user/createOidcAccount')
@ApiImplicitHeader({
name: 'Cookie',
description: 'The JWT token containing user information',
})
@ApiImplicitHeader({
name: 'X-Xsrf-Token',
description: 'Cross Site reference token contained in the JWT token',
})
@ApiOperation({ title: 'Create the user specified in the OIDC JWT token if he doesn\'t exists. Return silently if the user exsist' })
@ApiResponse({ status: 200, description: 'User created' })
@ApiResponse({ status: 400, description: 'Bad Request (Invalid token, Missing token )' })
@ApiResponse({ status: 500, description: 'Internal error' })
@HttpCode(201)
async createOidcAccount(@Req() req) {
try {
return await this.legacyService.createOidcAccount(req.headers.token);
} catch (error) {
if (error instanceof HttpException) {
throw error;
} else {
throw new InternalServerErrorException();
}
}
}
@Post('user/login')
@ApiOperation({ title: 'Check if the user exist and returns its information with the encrypted password.' })
@ApiResponse({ status: 200, description: 'Success, returns user info', type: UserInfoWithEcryptedPassword })
......
......@@ -2,6 +2,7 @@ import { ApiModelProperty, ApiModelPropertyOptional } from '@nestjs/swagger';
import { IsString, IsBoolean, IsNumber, IsInt, IsArray, MinLength, Matches } from 'class-validator';
import * as moment from 'moment';
export class LoginForm {
@ApiModelProperty()
@IsString()
......@@ -105,6 +106,16 @@ export class UserInfo {
}
}
export class OIDCCreateForm {
@ApiModelProperty()
@IsString()
username: string;
@ApiModelProperty()
@IsString()
email?: string;
}
export class UserInfoWithEcryptedPassword {
@ApiModelProperty()
@IsString()
......@@ -520,4 +531,5 @@ export class Email {
to: string[];
subject: string;
html: string; // As html
}
\ No newline at end of file
replyto?: string; //optional
}
......@@ -6,6 +6,7 @@ import {
LoginForm, UserInfoWithEcryptedPassword, UserCreationForm, Service, JWTToken, Resource, RestrictedAccessDataset,
AccessRequest, UpdatePasswordForm, UserUpdateForm, UserInfo, LegacyUserUpdateForm, LegacyUserCreationForm,
AccessDeletionResponse, AccessRequestResponse, AccessRenewalResponse, PasswordResetForm, PasswordForgottenForm, Email,
OIDCCreateForm,
} from './legacy.model';
import * as request from 'request-promise-native';
import { ConfigService } from '../configuration/config.service';
......@@ -19,6 +20,7 @@ import { buildAccountValidationEmail } from '../email-templates/account-creation
import { buildResetPasswordEmail } from '../email-templates/reset-password';
import moment = require('moment-timezone');
import { Redis } from '../helpers/redis.helper';
import * as jwt from 'jsonwebtoken';
moment.tz.setDefault('Europe/Paris');
@Injectable()
......@@ -236,6 +238,57 @@ export class LegacyService {
}
}
async createOidcAccount(token): Promise<void> {
this.logger.log('Entering function', `${LegacyService.name} - ${this.createOidcAccount.name}`);
try {
const userInfo = {username: token.id, email: token.email} as OIDCCreateForm;
if (userInfo) {
Logger.log(`User account validation for : ${userInfo.email}`, `${LegacyService.name} - ${this.createOidcAccount.name}`);
let res = await request.post(`${this.conf.legacyAuthServiceUrl}/add_user_oidc/`).form(userInfo).catch((error) => {
let res = JSON.parse(error.error);
if (res.message === 'Account already exists') {
// Normal use case
return
}
this.logger.error('Couldn\'t create user.', `${error}`, `${LegacyService.name} - ${this.createOidcAccount.name}`);
throw new InternalServerErrorException({ error, message: 'Couldn\'t create user.' });
});
res = JSON.parse(res);
if (res.server_response && res.server_response === 'Success') {
Logger.log(`User account created.`, `${LegacyService.name} - ${this.createOidcAccount.name}`);
return;
} else {
if (res.message === 'Account already exists') {
// Normal use case
return
}
this.logger.error('Couldn\'t create user.', `${res}`, `${LegacyService.name} - ${this.createOidcAccount.name}`);
if (res.message === 'Error during account creation') {
throw new InternalServerErrorException(res.message);
}
if (res.message === 'Uncomplete form') {
throw new BadRequestException('uncompleteForm');
} else {
throw new BadRequestException(res.message);
}
}
} else {
this.logger.warn('Token not found.', `${LegacyService.name} - ${this.createOidcAccount.name}`);
throw new BadRequestException('tokenNotFound');
}
} catch (err) {
handleError(err, new InternalServerErrorException('Something went wrong.'));
}
}
async updateUserInfo(token: JWTToken, form: UserUpdateForm): Promise<void> {
this.logger.log('Entering function', `${LegacyService.name} - ${this.updateUserInfo.name}`);
try {
......@@ -834,4 +887,4 @@ export class LegacyService {
handleError(error, new InternalServerErrorException('Couldn\'t send email.'));
}
}
}
\ No newline at end of file
}
......@@ -30,6 +30,6 @@ async function bootstrap() {
app.useGlobalPipes(new ValidationPipe());
await app.listen(3000);
await app.listen(3001);
}
bootstrap();
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment