Merge pull request #345 from afrisalyp/feature/Auth0-RS256-Token

Fix logout, cleanup auth.

Author: jmgasper

package.json

@@ -7,13 +7,13 @@
     "private": true,
     "main": "src/app.js",
     "engines": {
-        "node": "8",
-        "npm": "5"
+        "node": "14",
+        "npm": "6"
     },
     "scripts": {
         "start": "node -r esm src/app.js",
         "serve": "./node_modules/.bin/concurrently \"npm run start:be\" \"npm run start:fe\"",
-        "start:be": "nodemon src/app.js ",
+        "start:be": "nodemon -r esm src/app.js",
         "start:fe": "gulp build:watch",
         "build": "gulp build",
         "test": "node ./node_modules/mocha/bin/mocha --recursive --timeout 999999 --colors tests/*.test.js --bail",
@@ -53,7 +53,7 @@
         "cors": "^2.8.4",
         "debug": "~2.6.3",
         "dynamoose": "^1.1.0",
-	"esm": "^3.2.25",
+        "esm": "^3.2.25",
         "express": "^4.15.4",
         "express-jwt": "^5.3.0",
         "express-session": "^1.15.5",

src/config.js

@@ -61,7 +61,7 @@ module.exports = {
   },
   TOPCODER_VALUES: {
     dev: {
-      TC_LOGIN_URL: process.env.TC_LOGIN_URL || 'https://accounts-auth.topcoder-dev.com',
+      TC_LOGIN_URL: process.env.TC_LOGIN_URL || 'https://accounts-auth0.topcoder-dev.com',
       TC_USER_PROFILE_URL: process.env.TC_USER_PROFILE_URL || 'https://api.topcoder-dev.com/v2/user/profile',
     },
     prod: {

src/front/src/app/auth/auth.config.js

@@ -9,25 +9,6 @@
 
 angular.module('topcoderX')
   .config(['$httpProvider', 'jwtInterceptorProvider', function ($httpProvider, jwtInterceptorProvider) {
-    var refreshingToken = null;
-
-    function handleRefreshResponse(res, $authService) {
-      var ref;
-      var ref1;
-      var ref2;
-
-      const newToken = (ref = res.data) != null ? (ref1 = ref.result) != null ?
-        (ref2 = ref1.content) != null ? ref2.token : void 0 : void 0 : void 0;
-
-      $authService.setTokenV3(newToken);
-
-      return newToken;
-    };
-
-    function refreshingTokenComplete() {
-      refreshingToken = null;
-    };
-
     jwtInterceptorProvider.tokenGetter = [
       'AuthService', '$http', 'Helper', '$rootScope', 'config',
       function (AuthService, $http, Helper, $rootScope, config) {
@@ -43,18 +24,9 @@ angular.module('topcoderX')
           var currentToken = AuthService.getTokenV3();
 
           if (AuthService.getTokenV3() && AuthService.isTokenV3Expired()) {
-            if (refreshingToken === null) {
-              refreshingToken = $http({
-                method: 'GET',
-                url: $rootScope.appConfig.API_URL + "/v3/authorizations/1",
-                headers: {
-                  'Authorization': "Bearer " + currentToken
-                }
-              }).then(function (res) { handleRefreshResponse(res, AuthService) })["finally"](refreshingTokenComplete).catch(function () {
-                AuthService.login();
-              });
-            }
-            return refreshingToken;
+            var token = AuthService.getToken('v3jwt')
+            if (token) return token
+            else AuthService.login()
           } else {
             return currentToken;
           }

src/front/src/app/auth/auth.service.js

@@ -4,19 +4,9 @@ angular.module('topcoderX')
   .factory('AuthService', [
     '$q', '$log', 'jwtHelper', '$cookies', '$window', '$state', '$rootScope', '$http', 'Helper',
     function ($q, $log, jwtHelper, $cookies, $window, $state, $rootScope, $http, Helper) {
-      // these constants are for AuthService internal usage only
-      // they don't depend on the environment thus don't have to be placed in global config
-
-      var GET_FRESH_TOKEN_REQUEST = 'GET_FRESH_TOKEN_REQUEST';
-      var GET_FRESH_TOKEN_SUCCESS = 'GET_FRESH_TOKEN_SUCCESS';
-      var GET_FRESH_TOKEN_FAILURE = 'GET_FRESH_TOKEN_FAILURE';
-
-      //var LOGOUT_REQUEST = 'LOGOUT_REQUEST';
-      //var LOGOUT_SUCCESS = 'LOGOUT_SUCCESS';
-      //var LOGOUT_FAILURE = 'LOGOUT_FAILURE';
 
       // local variables
-      var connectorIFrame, url, loading;
+      var connectorIFrame, loading; 
 
       /**
        * Create invisible iframe and append it to the body
@@ -49,35 +39,17 @@ angular.module('topcoderX')
       /**
        * Proxies calls to the iframe from main window
        *
-       * @param  {String} REQUEST request id
-       * @param  {String} SUCCESS success respond id
-       * @param  {String} FAILURE failure respond id
-       * @param  {Object} params  params of the request
        * @return {Promise}        promise of the request
        */
-      function proxyCall(REQUEST, SUCCESS, FAILURE, params) {
+      function proxyCall() {
         if (!connectorIFrame) {
           throw new Error('connector has not yet been configured.')
         }
 
-        params = arguments.length > 3 && angular.isDefined(arguments[3]) ? arguments[3] : {};
-
         function request() {
           return $q(function (resolve, reject) {
-            function receiveMessage(e) {
-              var safeFormat = e.data.type === SUCCESS || e.data.type === FAILURE
-              if (safeFormat) {
-                window.removeEventListener('message', receiveMessage)
-                if (e.data.type === SUCCESS) resolve(e.data)
-                if (e.data.type === FAILURE) reject(e.error)
-              }
-            }
-
-            window.addEventListener('message', receiveMessage)
-
-            var payload = $.extend({}, { type: REQUEST }, params)
-
-            connectorIFrame.contentWindow.postMessage(payload, url)
+            var token = AuthService.getToken('v3jwt')
+            token ? resolve({ token: token }) : reject("v3jwt cookie not found") // eslint-disable-line no-unused-expressions
           })
         }
 
@@ -95,7 +67,6 @@ angular.module('topcoderX')
           $log.warn('iframe connector can only be configured once, this request has been ignored.')
         } else {
           connectorIFrame = createFrame(options.frameId, options.connectorUrl)
-          url = options.connectorUrl
 
           loading = $q(function (resolve) {
             connectorIFrame.onload = function () {
@@ -105,13 +76,46 @@ angular.module('topcoderX')
         }
       }
 
+      function fromPairs(arr) {
+        return arr.reduce(function(accumulator, value) {
+          accumulator[value[0]] = value[1];
+          return accumulator;
+        }, {})
+      }
+
+      /**
+       * parse cookie to find a key data.
+       *
+       * @param  {String} cookie    cookie data
+       * @return {Object}  parsed cookie
+       */
+      function parseCookie(cookie) {
+        return fromPairs(
+          cookie
+            .split(';')
+            .map(
+              function (pair) { return pair.split('=').map(function(part) { return part.trim() }) }
+            )
+        )
+      }
+
       var AuthService = {
         ERROR: {
           NO_PERMISSIONS: 'Current user doesn\'t have permissions.',
         },
         PermissionDenied: false,
       };
 
+      /**
+       * Get token in cookie based on key.
+       *
+       * @param  {String} key    the key
+       * @return {Object}  token data object
+       */
+      AuthService.getToken = function(key) {
+        return parseCookie(document.cookie)[key]
+      }
+
       /**
        * Returns promise which is resolved when connector iframe is loaded
        *
@@ -132,7 +136,7 @@ angular.module('topcoderX')
        * @return {Promise} promise to get token v3
        */
       AuthService.retriveFreshToken = function () {
-        return proxyCall(GET_FRESH_TOKEN_REQUEST, GET_FRESH_TOKEN_SUCCESS, GET_FRESH_TOKEN_FAILURE)
+        return proxyCall()
           .then(function (data) {
             AuthService.setTokenV3(data.token);
             return AuthService.isAuthorized();
@@ -146,16 +150,9 @@ angular.module('topcoderX')
        * @return {Promise} promise which is resolved when user is logged out on the server
        */
       AuthService.logout = function () {
-        // send request to the server that we want to log out
-        // save loggingOut promise to be accessed any time
-        //AuthService.logginOut = proxyCall(LOGOUT_REQUEST, LOGOUT_SUCCESS, LOGOUT_FAILURE).then(function () {
-        //AuthService.logginOut = null;
-        // remove only token V3, which we set from the script manually
-        // token V2 will be removed automatically during logout server request
-        //$cookies.remove($rootScope.appConfig.JWT_V3_NAME, { path: '/' });
-        //});
+        $cookies.remove($rootScope.appConfig.JWT_V3_NAME, { path: '/' });
         $window.location.href = $rootScope.appConfig.TC_LOGIN_URL + '?logout=true&retUrl=' + encodeURIComponent($window.location.href);
-        return AuthService.logginOut;
+        // return AuthService.logginOut;
       }
 
       AuthService.login = function () {
@@ -312,7 +309,6 @@ angular.module('topcoderX')
             $rootScope.appConfig = res.data;
             if (connectorIFrame && !connectorIFrame.src) {
               connectorIFrame.src = $rootScope.appConfig.ACCOUNTS_CONNECTOR_URL;
-              url = $rootScope.appConfig.ACCOUNTS_CONNECTOR_URL;
             }
             return $q.resolve(res.data);
           }).catch(function (err) {

src/front/src/app/main/main.controller.js

@@ -56,7 +56,6 @@ angular.module('topcoderX')
 
       $scope.logout = function () {
         AuthService.logout();
-        $state.go('auth');
       };
 
       // auth

src/front/src/components/common/topnavbar.html

@@ -16,7 +16,7 @@
                 </a>
               </li>
               <li>
-                <a href="javasript:;" ng-click="logout()">
+                <a ng-click="logout()">
                   <i class="fa fa-sign-out"></i>
                   <small>Sign Out</small>
                 </a>