From e1c5503114deef954731904695cd40dccfcef555 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 23 Apr 2020 11:36:50 +0200 Subject: Support logout and add id and pass tests --- server/controllers/api/users/index.ts | 35 ++++---------------------------- server/controllers/api/users/token.ts | 38 +++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 31 deletions(-) create mode 100644 server/controllers/api/users/token.ts (limited to 'server/controllers/api/users') diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index b30f42b43..c488f720b 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -26,12 +26,12 @@ import { usersUpdateValidator } from '../../../middlewares' import { + ensureCanManageUser, usersAskResetPasswordValidator, usersAskSendVerifyEmailValidator, usersBlockingValidator, usersResetPasswordValidator, - usersVerifyEmailValidator, - ensureCanManageUser + usersVerifyEmailValidator } from '../../../middlewares/validators' import { UserModel } from '../../../models/account/user' import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger' @@ -49,15 +49,10 @@ import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model' import { UserRegister } from '../../../../shared/models/users/user-register.model' import { MUser, MUserAccountDefault } from '@server/typings/models' import { Hooks } from '@server/lib/plugins/hooks' -import { handleIdAndPassLogin } from '@server/lib/auth' +import { tokensRouter } from '@server/controllers/api/users/token' const auditLogger = auditLoggerFactory('users') -const loginRateLimiter = RateLimit({ - windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, - max: CONFIG.RATES_LIMIT.LOGIN.MAX -}) - // @ts-ignore const signupRateLimiter = RateLimit({ windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS, @@ -72,6 +67,7 @@ const askSendEmailLimiter = new RateLimit({ }) const usersRouter = express.Router() +usersRouter.use('/', tokensRouter) usersRouter.use('/', myNotificationsRouter) usersRouter.use('/', mySubscriptionsRouter) usersRouter.use('/', myBlocklistRouter) @@ -168,23 +164,6 @@ usersRouter.post('/:id/verify-email', asyncMiddleware(verifyUserEmail) ) -usersRouter.post('/token', - loginRateLimiter, - handleIdAndPassLogin, - tokenSuccess -) -usersRouter.post('/token', - loginRateLimiter, - handleIdAndPassLogin, - tokenSuccess -) -usersRouter.post('/revoke-token', - loginRateLimiter, - handleIdAndPassLogin, - tokenSuccess -) -// TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route - // --------------------------------------------------------------------------- export { @@ -391,12 +370,6 @@ async function verifyUserEmail (req: express.Request, res: express.Response) { return res.status(204).end() } -function tokenSuccess (req: express.Request) { - const username = req.body.username - - Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip }) -} - async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) { const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts new file mode 100644 index 000000000..9694f9e5e --- /dev/null +++ b/server/controllers/api/users/token.ts @@ -0,0 +1,38 @@ +import { handleIdAndPassLogin, handleTokenRevocation } from '@server/lib/auth' +import * as RateLimit from 'express-rate-limit' +import { CONFIG } from '@server/initializers/config' +import * as express from 'express' +import { Hooks } from '@server/lib/plugins/hooks' +import { asyncMiddleware, authenticate } from '@server/middlewares' + +const tokensRouter = express.Router() + +const loginRateLimiter = RateLimit({ + windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, + max: CONFIG.RATES_LIMIT.LOGIN.MAX +}) + +tokensRouter.post('/token', + loginRateLimiter, + handleIdAndPassLogin, + tokenSuccess +) + +tokensRouter.post('/revoke-token', + authenticate, + asyncMiddleware(handleTokenRevocation), + tokenSuccess +) + +// --------------------------------------------------------------------------- + +export { + tokensRouter +} +// --------------------------------------------------------------------------- + +function tokenSuccess (req: express.Request) { + const username = req.body.username + + Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip }) +} -- cgit v1.2.3