From deca03e8aeb7cac9c19b0d43b4642b27299695b5 Mon Sep 17 00:00:00 2001 From: Benjamin Auder Date: Tue, 26 Mar 2019 16:46:02 +0100 Subject: [PATCH] Fix authentication --- client/src/components/UpsertUser.vue | 23 +++++++++++++++++++---- client/src/router.js | 23 ++--------------------- client/src/utils/ajax.js | 5 ++--- server/routes/all.js | 6 ++++++ server/routes/users.js | 5 +---- 5 files changed, 30 insertions(+), 32 deletions(-) diff --git a/client/src/components/UpsertUser.vue b/client/src/components/UpsertUser.vue index 46f3bfe8..8d0b7369 100644 --- a/client/src/components/UpsertUser.vue +++ b/client/src/components/UpsertUser.vue @@ -26,7 +26,7 @@ div i.material-icons send button(v-if="stage!='Update'" @click="toggleStage()") span {{ stage=="Login" ? "Register" : "Login" }} - button(v-else onClick="location.replace('/logout')") + button(v-else @click="doLogout()") span Logout #dialog(:style="{display: displayInfo}") {{ infoMsg }} @@ -39,9 +39,9 @@ export default { name: 'my-upsert-user', data: function() { return { - user: Object.assign({}, store.state.user), + user: store.state.user, nameOrEmail: "", //for login - stage: (store.state.user.id > 0 ? "Update" : "Login"), //TODO? + logStage: "Login", //or Register infoMsg: "", enterTime: Number.MAX_SAFE_INTEGER, //for a basic anti-bot strategy }; @@ -61,6 +61,9 @@ export default { displayInfo: function() { return (this.infoMsg.length > 0 ? "block" : "none"); }, + stage: function() { + return this.user.id > 0 ? "Update" : this.logStage; + }, }, methods: { trySetEnterTime: function(event) { @@ -69,7 +72,7 @@ export default { }, toggleStage: function() { // Loop login <--> register (update is for logged-in users) - this.stage = (this.stage == "Login" ? "Register" : "Login"); + this.logStage = (this.logStage == "Login" ? "Register" : "Login"); }, ajaxUrl: function() { switch (this.stage) @@ -137,6 +140,18 @@ export default { } ); }, + doLogout: function() { + ajax( + "/logout", + "GET", + () => { + this.user.id = 0; + this.user.name = ""; + this.user.email = ""; + this.user.notify = false; + } + ); + }, }, }; diff --git a/client/src/router.js b/client/src/router.js index 89bdf738..0f038497 100644 --- a/client/src/router.js +++ b/client/src/router.js @@ -32,13 +32,11 @@ export default new Router({ path: "/authenticate/:token", name: "authenticate", beforeEnter: (to, from, next) => { - console.log("ajax call authenticate"); ajax( "/authenticate", "GET", {token: to.params["token"]}, (res) => { - console.log(res); store.state.user.id = res.id; store.state.user.name = res.name; store.state.user.email = res.email; @@ -48,25 +46,8 @@ export default new Router({ } ); }, - redirect: "/", - }, - { - path: "/logout", - name: "logout", - beforeEnter: (to, from, next) => { - ajax( - "/logout", - "GET", - () => { - store.state.user.id = 0; - store.state.user.name = ""; - store.state.user.email = ""; - store.state.user.notify = false; - next(); - } - ); - }, - redirect: "/", + component: Hall, + //redirect: "/", //problem: redirection before end of AJAX request }, // { // path: "/about", diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js index 0a50a104..1d181fa2 100644 --- a/client/src/utils/ajax.js +++ b/client/src/utils/ajax.js @@ -47,9 +47,8 @@ export function ajax(url, method, data, success, error) } xhr.open(method, params.serverUrl + url, true); xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest"); - // Next line because logout and authenticate set (cross-domain in dev mode) cookies - if (url.startsWith("/authenticate") || url.startsWith("/logout")) - xhr.withCredentials = true; + // Next line to allow cross-domain cookies in dev mode (TODO: if...) + xhr.withCredentials = true; if (["POST","PUT"].includes(method)) { xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); diff --git a/server/routes/all.js b/server/routes/all.js index 982f2a46..45eb21ba 100644 --- a/server/routes/all.js +++ b/server/routes/all.js @@ -1,4 +1,10 @@ var router = require("express").Router(); +var access = require("../utils/access"); + +// To avoid a weird preflight AJAX request error in dev mode... +router.get("/", access.ajax, (req,res) => { + res.json({}); +}); router.use("/", require("./challenges")); //router.use("/", require("./games")); diff --git a/server/routes/users.js b/server/routes/users.js index 4b142d71..d633d811 100644 --- a/server/routes/users.js +++ b/server/routes/users.js @@ -17,7 +17,6 @@ router.get("/whoami", access.ajax, (req,res) => { }); }; const anonymous = {name:"", email:"", id:0, notify:false}; - console.log(req.cookies); //TODO: cookie not found after authenticate ? if (!req.cookies.token) return callback(anonymous); UserModel.getOne("sessionToken", req.cookies.token, function(err, user) { @@ -42,9 +41,7 @@ function setAndSendLoginToken(subject, to, res) params.siteURL + "/#/authenticate/" + token + "\\n" + "Token will expire in " + params.token.expire/(1000*60) + " minutes." sendEmail(params.mail.noreply, to.email, subject, body, err => { - // "id" is generally the only info missing on client side, - // but the name is also unknown if log-in with the email. - res.json(err || {id: to.id, name: to.name}); + res.json(err || {}); }); }); } -- 2.48.1