back/methods/vn-user/share-token.js

@@ -0,0 +1,27 @@
+
+module.exports = Self => {
+    Self.remoteMethodCtx('shareToken', {
+        description: 'Returns token to view files or images and share it',
+        accessType: 'WRITE',
+        accepts: [],
+        returns: {
+            type: 'Object',
+            root: true
+        },
+        http: {
+            path: `/shareToken`,
+            verb: 'GET'
+        }
+    });
+
+    Self.shareToken = async function(ctx) {
+        const {accessToken: token} = ctx.req;
+
+        const user = await Self.findById(token.userId);
+        const multimediaToken = await user.accessTokens.create({
+            scopes: ['read:multimedia']
+        });
+
+        return {multimediaToken};
+    };
+};

back/methods/vn-user/specs/share-token.spec.js

@@ -0,0 +1,27 @@
+const {models} = require('vn-loopback/server/server');
+fdescribe('Share Token', () => {
+    let ctx = null;
+    beforeAll(async() => {
+        const unAuthCtx = {
+            req: {
+                headers: {},
+                connection: {
+                    remoteAddress: '127.0.0.1'
+                },
+                getLocale: () => 'en'
+            },
+            args: {}
+        };
+        let login = await models.VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare');
+        let accessToken = await models.AccessToken.findById(login.token);
+        ctx = {req: {accessToken: accessToken}};
+    });
+
+    it('should renew token', async() => {
+        const multimediaToken = await models.VnUser.shareToken(ctx);
+
+        expect(Object.keys(multimediaToken).length).toEqual(1);
+        expect(multimediaToken.multimediaToken.userId).toEqual(ctx.req.accessToken.userId);
+        expect(multimediaToken.multimediaToken.scopes[0]).toEqual('read:multimedia');
+    });
+});

back/models/vn-user.js

@@ -13,6 +13,7 @@ module.exports = function(Self) {
     require('../methods/vn-user/privileges')(Self);
     require('../methods/vn-user/validate-auth')(Self);
     require('../methods/vn-user/renew-token')(Self);
+    require('../methods/vn-user/share-token')(Self);
     require('../methods/vn-user/update-user')(Self);
 
     Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');
@@ -167,11 +168,7 @@ module.exports = function(Self) {
             console.warn(err);
         }
 
-        const multimediaToken = await token.user().accessTokens.create({
-            scopes: ['read:multimedia']
-        });
-
-        return {token: token.id, ttl: token.ttl, multimediaToken};
+        return {token: token.id, ttl: token.ttl};
     };
 
     Self.userUses = function(user) {

back/models/vn-user.json

@@ -1,129 +1,140 @@
 {
-	"name": "VnUser",
-	"base": "User",
-	"validateUpsert": true,
-	"options": {
-		"mysql": {
-			"table": "account.user"
-		}
-	},
+    "name": "VnUser",
+    "base": "User",
+    "validateUpsert": true,
+    "options": {
+        "mysql": {
+            "table": "account.user"
+        }
+    },
     "mixins": {
         "Loggable": true
     },
     "resetPasswordTokenTTL": "604800",
-	"properties": {
-		"id": {
-			"type": "number",
-			"id": true
-		},
+    "properties": {
+        "id": {
+            "type": "number",
+            "id": true
+        },
         "name": {
-			"type": "string",
-			"required": true
-		},
-		"username": {
-			"type": "string"
-		},
-		"roleFk": {
-			"type": "number",
-			"mysql": {
-				"columnName": "role"
-			}
-		},
-		"nickname": {
-			"type": "string"
-		},
-		"lang": {
-			"type": "string"
-		},
-		"active": {
-			"type": "boolean"
-		},
-		"email": {
-			"type": "string"
-		},
-		"emailVerified": {
-			"type": "boolean"
-		},
-		"created": {
-			"type": "date"
-		},
-		"updated": {
-			"type": "date"
-		},
-		"image": {
-			"type": "string"
-		},
-		"hasGrant": {
-			"type": "boolean"
-		},
+            "type": "string",
+            "required": true
+        },
+        "username": {
+            "type": "string"
+        },
+        "roleFk": {
+            "type": "number",
+            "mysql": {
+                "columnName": "role"
+            }
+        },
+        "nickname": {
+            "type": "string"
+        },
+        "lang": {
+            "type": "string"
+        },
+        "active": {
+            "type": "boolean"
+        },
+        "email": {
+            "type": "string"
+        },
+        "emailVerified": {
+            "type": "boolean"
+        },
+        "created": {
+            "type": "date"
+        },
+        "updated": {
+            "type": "date"
+        },
+        "image": {
+            "type": "string"
+        },
+        "hasGrant": {
+            "type": "boolean"
+        },
         "passExpired": {
             "type": "date"
         },
-		"twoFactor": {
-			"type": "string"
-		}
-	},
-	"relations": {
-		"role": {
-			"type": "belongsTo",
-			"model": "VnRole",
-			"foreignKey": "roleFk"
-		},
-		"roles": {
-			"type": "hasMany",
-			"model": "RoleRole",
-			"foreignKey": "role",
-			"primaryKey": "roleFk"
-		},
-		"emailUser": {
-			"type": "hasOne",
-			"model": "EmailUser",
-			"foreignKey": "userFk"
-		},
-		"worker": {
-			"type": "hasOne",
-			"model": "Worker",
-			"foreignKey": "id"
-		},
-		"userConfig": {
-			"type": "hasOne",
-			"model": "UserConfig",
-			"foreignKey": "userFk"
-		}
-	},
-	"acls": [
-		{
-			"property": "signIn",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$everyone",
-			"permission": "ALLOW"
-		}, {
-			"property": "recoverPassword",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$everyone",
-			"permission": "ALLOW"
-		}, {
-			"property": "validateAuth",
-			"accessType": "EXECUTE",
-			"principalType": "ROLE",
-			"principalId": "$everyone",
-			"permission": "ALLOW"
-		}, {
-			"property": "privileges",
-			"accessType": "*",
-			"principalType": "ROLE",
-			"principalId": "$authenticated",
-			"permission": "ALLOW"
-		}, {
-			"property": "renewToken",
-			"accessType": "WRITE",
-			"principalType": "ROLE",
-			"principalId": "$authenticated",
-			"permission": "ALLOW"
-		}
-	],
+        "twoFactor": {
+            "type": "string"
+        }
+    },
+    "relations": {
+        "role": {
+            "type": "belongsTo",
+            "model": "VnRole",
+            "foreignKey": "roleFk"
+        },
+        "roles": {
+            "type": "hasMany",
+            "model": "RoleRole",
+            "foreignKey": "role",
+            "primaryKey": "roleFk"
+        },
+        "emailUser": {
+            "type": "hasOne",
+            "model": "EmailUser",
+            "foreignKey": "userFk"
+        },
+        "worker": {
+            "type": "hasOne",
+            "model": "Worker",
+            "foreignKey": "id"
+        },
+        "userConfig": {
+            "type": "hasOne",
+            "model": "UserConfig",
+            "foreignKey": "userFk"
+        }
+    },
+    "acls": [
+        {
+            "property": "signIn",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "recoverPassword",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "validateAuth",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "privileges",
+            "accessType": "*",
+            "principalType": "ROLE",
+            "principalId": "$authenticated",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "renewToken",
+            "accessType": "WRITE",
+            "principalType": "ROLE",
+            "principalId": "$authenticated",
+            "permission": "ALLOW"
+        },
+        {
+            "property": "shareToken",
+            "accessType": "WRITE",
+            "principalType": "ROLE",
+            "principalId": "$authenticated",
+            "permission": "ALLOW"
+        }
+    ],
     "scopes": {
         "preview": {
             "fields": [
@@ -140,7 +151,7 @@
                 "hasGrant",
                 "realm",
                 "email",
-				"emailVerified"
+                "emailVerified"
             ]
         }
     }

front/core/services/auth.js

@@ -83,15 +83,18 @@ export default class Auth {
     }
 
     onLoginOk(json, now, remember) {
-        this.vnToken.set(json.data.token, json.data.multimediaToken.id, now, json.data.ttl, remember);
-
-        return this.loadAcls().then(() => {
-            let continueHash = this.$state.params.continue;
-            if (continueHash)
-                this.$window.location = continueHash;
-            else
-                this.$state.go('home');
-        });
+        return this.$http.get('VnUsers/ShareToken', {
+            headers: {Authorization: json.data.token}
+        }).then(({data}) => {
+            this.vnToken.set(json.data.token, data.multimediaToken.id, now, json.data.ttl, remember);
+            this.loadAcls().then(() => {
+                let continueHash = this.$state.params.continue;
+                if (continueHash)
+                    this.$window.location = continueHash;
+                else
+                    this.$state.go('home');
+            });
+        }).catch(() => {});
     }
 
     logout() {