#6274 workerTimeControl #1858
|
@ -1,14 +1,5 @@
|
||||||
const UserError = require('vn-loopback/util/user-error');
|
|
||||||
const {models} = require('vn-loopback/server/server');
|
const {models} = require('vn-loopback/server/server');
|
||||||
|
|
||||||
const handlePromiseLogout = (Self, {id}, courtesyTime) => {
|
|
||||||
new Promise(res => {
|
|
||||||
setTimeout(() => {
|
|
||||||
res(Self.logout(id));
|
|
||||||
}
|
|
||||||
, courtesyTime * 1000);
|
|
||||||
});
|
|
||||||
};
|
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethodCtx('renewToken', {
|
Self.remoteMethodCtx('renewToken', {
|
||||||
description: 'Checks if the token has more than renewPeriod seconds to live and if so, renews it',
|
description: 'Checks if the token has more than renewPeriod seconds to live and if so, renews it',
|
||||||
|
@ -28,14 +19,26 @@ module.exports = Self => {
|
||||||
const {accessToken: token} = ctx.req;
|
const {accessToken: token} = ctx.req;
|
||||||
|
|
||||||
// Check if current token is valid
|
// Check if current token is valid
|
||||||
const isValid = await validateToken(token);
|
|
||||||
if (isValid)
|
const {renewPeriod, courtesyTime} = await models.AccessTokenConfig.findOne({
|
||||||
|
fields: ['renewPeriod', 'courtesyTime']
|
||||||
|
});
|
||||||
|
const now = Date.now();
|
||||||
|
const differenceMilliseconds = now - token.created;
|
||||||
|
const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
|
||||||
|
const isNotExceeded = differenceSeconds < renewPeriod - courtesyTime;
|
||||||
|
if (isNotExceeded)
|
||||||
return token;
|
return token;
|
||||||
|
|
||||||
const {courtesyTime} = await models.AccessTokenConfig.findOne({fields: ['courtesyTime']});
|
|
||||||
|
|
||||||
// Schedule to remove current token
|
// Schedule to remove current token
|
||||||
handlePromiseLogout(Self, token, courtesyTime);
|
setTimeout(async() => {
|
||||||
|
try {
|
||||||
|
await Self.logout(token.id);
|
||||||
|
} catch (err) {
|
||||||
|
// eslint-disable-next-line no-console
|
||||||
|
console.error(err);
|
||||||
|
}
|
||||||
|
}, courtesyTime * 1000);
|
||||||
|
|
||||||
// Create new accessToken
|
// Create new accessToken
|
||||||
const user = await Self.findById(token.userId);
|
const user = await Self.findById(token.userId);
|
||||||
|
@ -43,14 +46,4 @@ module.exports = Self => {
|
||||||
|
|
||||||
return {id: accessToken.id, ttl: accessToken.ttl};
|
return {id: accessToken.id, ttl: accessToken.ttl};
|
||||||
};
|
};
|
||||||
|
|
||||||
async function validateToken(token) {
|
|
||||||
const accessTokenConfig = await models.AccessTokenConfig.findOne({fields: ['renewPeriod', 'courtesyTime']});
|
|
||||||
const now = Date.now();
|
|
||||||
const differenceMilliseconds = now - token.created;
|
|
||||||
const differenceSeconds = Math.floor(differenceMilliseconds / 1000);
|
|
||||||
const isValid = differenceSeconds < accessTokenConfig.renewPeriod - accessTokenConfig.courtesyTime;
|
|
||||||
|
|
||||||
return isValid;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -30,7 +30,6 @@ describe('Renew Token', () => {
|
||||||
it('should renew token', async() => {
|
it('should renew token', async() => {
|
||||||
const mockDate = new Date(startingTime + 26600000);
|
const mockDate = new Date(startingTime + 26600000);
|
||||||
jasmine.clock().mockDate(mockDate);
|
jasmine.clock().mockDate(mockDate);
|
||||||
console.log(startingTime, mockDate)
|
|
||||||
const {id} = await models.VnUser.renewToken(ctx);
|
const {id} = await models.VnUser.renewToken(ctx);
|
||||||
|
|
||||||
expect(id).not.toEqual(ctx.req.accessToken.id);
|
expect(id).not.toEqual(ctx.req.accessToken.id);
|
||||||
|
|
|
@ -95,27 +95,30 @@
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$everyone",
|
"principalId": "$everyone",
|
||||||
"permission": "ALLOW"
|
"permission": "ALLOW"
|
||||||
},
|
}, {
|
||||||
{
|
|
||||||
"property": "recoverPassword",
|
"property": "recoverPassword",
|
||||||
"accessType": "EXECUTE",
|
"accessType": "EXECUTE",
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$everyone",
|
"principalId": "$everyone",
|
||||||
"permission": "ALLOW"
|
"permission": "ALLOW"
|
||||||
},
|
}, {
|
||||||
{
|
|
||||||
"property": "validateAuth",
|
"property": "validateAuth",
|
||||||
"accessType": "EXECUTE",
|
"accessType": "EXECUTE",
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$everyone",
|
"principalId": "$everyone",
|
||||||
"permission": "ALLOW"
|
"permission": "ALLOW"
|
||||||
},
|
}, {
|
||||||
{
|
|
||||||
"property": "privileges",
|
"property": "privileges",
|
||||||
"accessType": "*",
|
"accessType": "*",
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$authenticated",
|
"principalId": "$authenticated",
|
||||||
"permission": "ALLOW"
|
"permission": "ALLOW"
|
||||||
|
}, {
|
||||||
|
"property": "renewToken",
|
||||||
|
"accessType": "WRITE",
|
||||||
|
"principalType": "ROLE",
|
||||||
|
"principalId": "$authenticated",
|
||||||
|
"permission": "ALLOW"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"scopes": {
|
"scopes": {
|
||||||
|
|
|
@ -1,3 +1,7 @@
|
||||||
|
DELETE FROM `salix`.`ACL`
|
||||||
|
WHERE model = 'VnUser'
|
||||||
|
AND property = 'renewToken';
|
||||||
|
|
||||||
INSERT INTO `account`.`role` (name, description)
|
INSERT INTO `account`.`role` (name, description)
|
||||||
VALUES ('timeControl','Tablet para fichar');
|
VALUES ('timeControl','Tablet para fichar');
|
||||||
|
|
||||||
|
@ -8,7 +12,6 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp
|
||||||
VALUES
|
VALUES
|
||||||
('WorkerTimeControl', 'login', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
|
('WorkerTimeControl', 'login', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
|
||||||
('WorkerTimeControl', 'getClockIn', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
|
('WorkerTimeControl', 'getClockIn', 'READ', 'ALLOW', 'ROLE', 'timeControl'),
|
||||||
('WorkerTimeControl', 'clockIn', 'WRITE', 'ALLOW', 'ROLE', 'timeControl'),
|
('WorkerTimeControl', 'clockIn', 'WRITE', 'ALLOW', 'ROLE', 'timeControl');
|
||||||
('VnUser', 'renewToken', 'WRITE', 'ALLOW', 'ROLE', 'timeControl');
|
|
||||||
|
|
||||||
CALL `account`.`role_sync`();
|
CALL `account`.`role_sync`();
|
||||||
|
|
Loading…
Reference in New Issue