Skip to content

[@dhealthdapps/backend] fix(routes): restore sub field for auth payload #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[@dhealthdapps/backend] fix(routes): restore sub field for auth payload #124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6767739
[@dhealthdapps/backend] fix(routes): restore sub field for auth payload
kravchenkodhealth Jan 20, 2023
73f0dc7
[@dhealthdapps/backend] fix(tests): add fix for get access token tests
kravchenkodhealth Jan 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions runtime/backend/src/common/routes/AuthController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import {
HttpException,
HttpStatus,
Post,
Req,
Request as NestRequest,
Res as NestResponse,
UseGuards,
Expand Down Expand Up @@ -245,11 +246,17 @@ export class AuthController {
protected async getAccessToken(
@Body() body: AccessTokenRequest,
@NestResponse({ passthrough: true }) response: Response,
@Req() req: any,
): Promise<AccessTokenDTO> {
try {
// generates cookie configuration (depends on dApp)
const authCookie = this.authService.getCookie();

const ua = req.get("User-Agent");
const ip = req.socket.remoteAddress;

body.sub = sha3_256(`${ua}${ip}`);

// validate the authentication challenge:
// - make sure it wasn't used before (no multiple usage)
// - make sure it is present in a recent transaction on-chain
Expand Down
56 changes: 40 additions & 16 deletions runtime/backend/tests/unit/common/routes/AuthController.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@ describe("common/AuthController", () => {

controller = module.get<AuthController>(AuthController);
authService = module.get<AuthService>(AuthService);
accountSessionsService = module.get<AccountSessionsService>(AccountSessionsService);
accountSessionsService = module.get<AccountSessionsService>(
AccountSessionsService,
);
});

it("should be defined", () => {
Expand Down Expand Up @@ -118,7 +120,7 @@ describe("common/AuthController", () => {
accessToken: "testAccessToken",
refreshToken: "testRefreshToken",
expiresAt: 1,
}
},
};
const authServiceGetAccessTokenCall = jest
.spyOn(authService, "getAccessToken")
Expand All @@ -129,6 +131,10 @@ describe("common/AuthController", () => {
const result = await (controller as any).getAccessToken(
{ challenge: "testChallenge" },
{ cookie: responseCookieCall },
{
get: jest.fn().mockReturnValue("test_user_agent"),
socket: { remoteAddress: "testAddress" },
},
);

// assert
Expand All @@ -152,9 +158,16 @@ describe("common/AuthController", () => {
.mockResolvedValue(null);

// act
const result = await (controller as any).getAccessToken({
challenge: "testChallenge",
});
const result = await (controller as any).getAccessToken(
{
challenge: "testChallenge",
},
{},
{
get: jest.fn().mockReturnValue("test_user_agent"),
socket: { remoteAddress: "testAddress" },
},
);

// assert
expect(authServiceGetCookieCall).toHaveBeenCalledTimes(1);
Expand All @@ -164,17 +177,20 @@ describe("common/AuthController", () => {

it("should throw Unauthorized exception if any error was caught", () => {
// prepare
const expectedError = new HttpException("Unauthorized", HttpStatus.UNAUTHORIZED);
const expectedError = new HttpException(
"Unauthorized",
HttpStatus.UNAUTHORIZED,
);
const authServiceGetCookieCall = jest
.spyOn(authService, "getCookie")
.mockImplementation(() => {
throw new Error();
});

// act
const result = (controller as any).getAccessToken(
{ challenge: "testChallenge" }
);
const result = (controller as any).getAccessToken({
challenge: "testChallenge",
});

// assert
expect(authServiceGetCookieCall).toHaveBeenCalledTimes(1);
Expand All @@ -183,7 +199,10 @@ describe("common/AuthController", () => {

it("should throw same error if any error was caught", () => {
// prepare
const expectedError = new HttpException("Bad Request", HttpStatus.BAD_REQUEST);
const expectedError = new HttpException(
"Bad Request",
HttpStatus.BAD_REQUEST,
);
const authServiceGetCookieCall = jest
.spyOn(authService, "getCookie")
.mockImplementation(() => {
Expand Down Expand Up @@ -242,7 +261,10 @@ describe("common/AuthController", () => {

it("should throw Unauthorized exception if any error was caught", () => {
// prepare
const expectedError = new HttpException("Bad Request", HttpStatus.BAD_REQUEST);
const expectedError = new HttpException(
"Bad Request",
HttpStatus.BAD_REQUEST,
);
const authServiceGetCookieCall = jest
.spyOn(authService, "getCookie")
.mockImplementation(() => {
Expand All @@ -263,7 +285,10 @@ describe("common/AuthController", () => {

it("should throw unauthorized http exception if any other error was caught", () => {
// prepare
const expectedError = new HttpException("Unauthorized", HttpStatus.UNAUTHORIZED);;
const expectedError = new HttpException(
"Unauthorized",
HttpStatus.UNAUTHORIZED,
);
const authServiceGetCookieCall = jest
.spyOn(authService, "getCookie")
.mockImplementation(() => {
Expand All @@ -272,10 +297,9 @@ describe("common/AuthController", () => {
const responseCookieCall = jest.fn();

// act
const result = (controller as any).refreshTokens(
jest.fn(),
{ cookie: responseCookieCall }
);
const result = (controller as any).refreshTokens(jest.fn(), {
cookie: responseCookieCall,
});

// assert
expect(authServiceGetCookieCall).toHaveBeenCalledTimes(1);
Expand Down