2017-12-31 00:34:31 +05:30
|
|
|
// @flow
|
2019-01-28 00:42:58 +05:30
|
|
|
import type { Account, State as AccountsState } from './reducer';
|
2019-05-20 19:02:07 +05:30
|
|
|
import { getJwtPayloads } from 'functions';
|
2017-04-12 00:55:27 +05:30
|
|
|
import { sessionStorage } from 'services/localStorage';
|
2019-01-28 00:42:58 +05:30
|
|
|
import { validateToken, requestToken, logout } from 'services/api/authentication';
|
2018-02-18 01:29:35 +05:30
|
|
|
import { relogin as navigateToLogin } from 'components/auth/actions';
|
2017-01-04 11:22:46 +05:30
|
|
|
import { updateUser, setGuest } from 'components/user/actions';
|
2016-11-05 15:41:41 +05:30
|
|
|
import { setLocale } from 'components/i18n/actions';
|
2017-01-31 11:35:36 +05:30
|
|
|
import { setAccountSwitcher } from 'components/auth/actions';
|
2017-12-31 00:34:31 +05:30
|
|
|
import { getActiveAccount } from 'components/accounts/reducer';
|
2016-12-07 02:36:45 +05:30
|
|
|
import logger from 'services/logger';
|
2016-10-30 17:42:49 +05:30
|
|
|
|
2017-01-27 11:59:20 +05:30
|
|
|
import {
|
|
|
|
|
add,
|
|
|
|
|
remove,
|
|
|
|
|
activate,
|
|
|
|
|
reset,
|
|
|
|
|
updateToken
|
2017-12-31 00:34:31 +05:30
|
|
|
} from './actions/pure-actions';
|
2017-01-27 11:59:20 +05:30
|
|
|
|
2017-12-31 00:34:31 +05:30
|
|
|
type Dispatch = (action: Object) => Promise<*>;
|
2017-01-27 11:59:20 +05:30
|
|
|
|
2017-12-31 00:34:31 +05:30
|
|
|
type State = {
|
|
|
|
|
accounts: AccountsState,
|
|
|
|
|
auth: {
|
|
|
|
|
oauth?: {
|
|
|
|
|
clientId?: string
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
2018-03-14 02:21:37 +05:30
|
|
|
export { updateToken, activate, remove };
|
2016-10-30 17:42:49 +05:30
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param {Account|object} account
|
|
|
|
|
* @param {string} account.token
|
|
|
|
|
* @param {string} account.refreshToken
|
2016-11-08 12:00:53 +05:30
|
|
|
*
|
|
|
|
|
* @return {function}
|
2016-10-30 17:42:49 +05:30
|
|
|
*/
|
2017-12-31 00:34:31 +05:30
|
|
|
export function authenticate(account: Account | {
|
|
|
|
|
token: string,
|
|
|
|
|
refreshToken: ?string,
|
|
|
|
|
}) {
|
2019-01-28 00:42:58 +05:30
|
|
|
const { token, refreshToken } = account;
|
2017-12-31 00:34:31 +05:30
|
|
|
const email = account.email || null;
|
|
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
return async (dispatch: Dispatch, getState: () => State): Promise<Account> => {
|
|
|
|
|
let accountId: number;
|
|
|
|
|
if (typeof account.id === 'number') {
|
|
|
|
|
accountId = account.id;
|
|
|
|
|
} else {
|
|
|
|
|
accountId = findAccountIdFromToken(token);
|
|
|
|
|
}
|
2018-02-28 02:47:31 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
const knownAccount = getState().accounts.available.find((item) => item.id === accountId);
|
2018-02-28 02:47:31 +05:30
|
|
|
if (knownAccount) {
|
|
|
|
|
// this account is already available
|
|
|
|
|
// activate it before validation
|
|
|
|
|
dispatch(activate(knownAccount));
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
try {
|
|
|
|
|
const {
|
|
|
|
|
token: newToken,
|
|
|
|
|
refreshToken: newRefreshToken,
|
|
|
|
|
user,
|
|
|
|
|
// $FlowFixMe have no idea why it's causes error about missing properties
|
|
|
|
|
} = await validateToken(accountId, token, refreshToken);
|
|
|
|
|
const { auth } = getState();
|
|
|
|
|
const account: Account = {
|
|
|
|
|
id: user.id,
|
|
|
|
|
username: user.username,
|
|
|
|
|
email: user.email,
|
|
|
|
|
token: newToken,
|
|
|
|
|
refreshToken: newRefreshToken,
|
|
|
|
|
};
|
|
|
|
|
dispatch(add(account));
|
|
|
|
|
dispatch(activate(account));
|
|
|
|
|
dispatch(updateUser({
|
|
|
|
|
isGuest: false,
|
|
|
|
|
...user,
|
|
|
|
|
}));
|
|
|
|
|
|
|
|
|
|
// TODO: probably should be moved from here, because it is a side effect
|
|
|
|
|
logger.setUser(user);
|
|
|
|
|
|
|
|
|
|
if (!newRefreshToken) {
|
|
|
|
|
// mark user as stranger (user does not want us to remember his account)
|
|
|
|
|
sessionStorage.setItem(`stranger${account.id}`, 1);
|
|
|
|
|
}
|
2017-12-31 00:34:31 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
if (auth && auth.oauth && auth.oauth.clientId) {
|
|
|
|
|
// if we authenticating during oauth, we disable account chooser
|
|
|
|
|
// because user probably has made his choise now
|
|
|
|
|
// this may happen, when user registers, logs in or uses account
|
|
|
|
|
// chooser panel during oauth
|
|
|
|
|
dispatch(setAccountSwitcher(false));
|
|
|
|
|
}
|
2017-01-31 11:35:36 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
await dispatch(setLocale(user.lang));
|
2016-12-07 02:36:45 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
return account;
|
|
|
|
|
} catch (resp) {
|
|
|
|
|
// all the logic to get the valid token was failed,
|
|
|
|
|
// looks like we have some problems with token
|
|
|
|
|
// lets redirect to login page
|
|
|
|
|
if (typeof email === 'string') {
|
|
|
|
|
// TODO: we should somehow try to find email by token
|
|
|
|
|
dispatch(relogin(email));
|
|
|
|
|
}
|
2016-10-30 17:42:49 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
throw resp;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
}
|
2016-12-06 00:44:38 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
function findAccountIdFromToken(token: string): number {
|
2019-05-20 19:02:07 +05:30
|
|
|
const { sub, jti } = getJwtPayloads(token);
|
2019-01-28 00:42:58 +05:30
|
|
|
// sub has the format "ely|{accountId}", so we must trim "ely|" part
|
|
|
|
|
if (sub) {
|
|
|
|
|
return parseInt(sub.substr(4), 10);
|
|
|
|
|
}
|
2017-01-31 11:35:36 +05:30
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
// In older backend versions identity was stored in jti claim. Some users still have such tokens
|
|
|
|
|
if (jti) {
|
|
|
|
|
return jti;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
throw new Error('payloads is not contains any identity claim');
|
2016-10-30 17:42:49 +05:30
|
|
|
}
|
|
|
|
|
|
2018-02-13 02:24:31 +05:30
|
|
|
/**
|
|
|
|
|
* Checks the current user's token exp time. Supposed to be used before performing
|
|
|
|
|
* any api request
|
|
|
|
|
*
|
|
|
|
|
* @see components/user/middlewares/refreshTokenMiddleware
|
|
|
|
|
*
|
|
|
|
|
* @return {function}
|
|
|
|
|
*/
|
2017-12-31 00:34:31 +05:30
|
|
|
export function ensureToken() {
|
|
|
|
|
return (dispatch: Dispatch, getState: () => State): Promise<void> => {
|
|
|
|
|
const {token} = getActiveAccount(getState()) || {};
|
|
|
|
|
|
|
|
|
|
try {
|
2019-05-20 19:02:07 +05:30
|
|
|
const SAFETY_FACTOR = 300; // ask new token earlier to overcome time desynchronization problem
|
|
|
|
|
const { exp } = getJwtPayloads(token);
|
2017-12-31 00:34:31 +05:30
|
|
|
|
2019-05-20 19:02:07 +05:30
|
|
|
if (exp - SAFETY_FACTOR < Date.now() / 1000) {
|
2017-12-31 00:34:31 +05:30
|
|
|
return dispatch(requestNewToken());
|
|
|
|
|
}
|
|
|
|
|
} catch (err) {
|
|
|
|
|
logger.warn('Refresh token error: bad token', {
|
|
|
|
|
token
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
dispatch(relogin());
|
|
|
|
|
|
|
|
|
|
return Promise.reject(new Error('Invalid token'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Promise.resolve();
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-13 02:24:31 +05:30
|
|
|
/**
|
|
|
|
|
* Checks whether request `error` is an auth error and tries recover from it by
|
|
|
|
|
* requesting a new auth token
|
|
|
|
|
*
|
|
|
|
|
* @see components/user/middlewares/refreshTokenMiddleware
|
|
|
|
|
*
|
|
|
|
|
* @param {object} error
|
|
|
|
|
*
|
|
|
|
|
* @return {function}
|
|
|
|
|
*/
|
2017-12-31 00:34:31 +05:30
|
|
|
export function recoverFromTokenError(error: ?{
|
|
|
|
|
status: number,
|
|
|
|
|
message: string,
|
|
|
|
|
}) {
|
|
|
|
|
return (dispatch: Dispatch, getState: () => State): Promise<void> => {
|
|
|
|
|
if (error && error.status === 401) {
|
|
|
|
|
const activeAccount = getActiveAccount(getState());
|
|
|
|
|
|
|
|
|
|
if (activeAccount && activeAccount.refreshToken) {
|
|
|
|
|
if ([
|
|
|
|
|
'Token expired',
|
|
|
|
|
'Incorrect token',
|
|
|
|
|
'You are requesting with an invalid credential.'
|
|
|
|
|
].includes(error.message)) {
|
|
|
|
|
// request token and retry
|
|
|
|
|
return dispatch(requestNewToken());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logger.error('Unknown unauthorized response', {
|
|
|
|
|
error
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// user's access token is outdated and we have no refreshToken
|
|
|
|
|
// or something unexpected happend
|
|
|
|
|
// in both cases we resetting all the user's state
|
|
|
|
|
dispatch(relogin());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Promise.reject(error);
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-13 02:24:31 +05:30
|
|
|
/**
|
|
|
|
|
* Requests new token and updates state. In case, when token can not be updated,
|
|
|
|
|
* it will redirect user to login page
|
|
|
|
|
*
|
|
|
|
|
* @return {function}
|
|
|
|
|
*/
|
2017-12-31 00:34:31 +05:30
|
|
|
export function requestNewToken() {
|
|
|
|
|
return (dispatch: Dispatch, getState: () => State): Promise<void> => {
|
|
|
|
|
const {refreshToken} = getActiveAccount(getState()) || {};
|
|
|
|
|
|
|
|
|
|
if (!refreshToken) {
|
|
|
|
|
dispatch(relogin());
|
|
|
|
|
|
|
|
|
|
return Promise.resolve();
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-28 00:42:58 +05:30
|
|
|
return requestToken(refreshToken)
|
|
|
|
|
.then((token) => {
|
2017-12-31 00:34:31 +05:30
|
|
|
dispatch(updateToken(token));
|
|
|
|
|
})
|
|
|
|
|
.catch((resp) => {
|
|
|
|
|
// all the logic to get the valid token was failed,
|
|
|
|
|
// looks like we have some problems with token
|
|
|
|
|
// lets redirect to login page
|
|
|
|
|
dispatch(relogin());
|
|
|
|
|
|
|
|
|
|
return Promise.reject(resp);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-30 17:42:49 +05:30
|
|
|
/**
|
2017-01-27 11:59:20 +05:30
|
|
|
* Remove one account from current user's account list
|
|
|
|
|
*
|
2016-10-30 17:42:49 +05:30
|
|
|
* @param {Account} account
|
2016-11-08 12:00:53 +05:30
|
|
|
*
|
|
|
|
|
* @return {function}
|
2016-10-30 17:42:49 +05:30
|
|
|
*/
|
2017-12-31 00:34:31 +05:30
|
|
|
export function revoke(account: Account) {
|
|
|
|
|
return (dispatch: Dispatch, getState: () => State): Promise<void> => {
|
|
|
|
|
const accountToReplace: ?Account = getState().accounts.available.find(({id}) => id !== account.id);
|
2016-10-30 17:42:49 +05:30
|
|
|
|
2016-11-13 02:01:44 +05:30
|
|
|
if (accountToReplace) {
|
|
|
|
|
return dispatch(authenticate(accountToReplace))
|
2018-02-28 02:47:31 +05:30
|
|
|
.finally(() => {
|
|
|
|
|
// we need to logout user, even in case, when we can
|
|
|
|
|
// not authenticate him with new account
|
2019-01-28 00:42:58 +05:30
|
|
|
logout(account.token)
|
2018-02-28 02:47:31 +05:30
|
|
|
.catch(() => {
|
|
|
|
|
// we don't care
|
|
|
|
|
});
|
2016-11-15 11:25:15 +05:30
|
|
|
dispatch(remove(account));
|
2018-02-28 02:47:31 +05:30
|
|
|
})
|
|
|
|
|
.catch(() => {
|
|
|
|
|
// we don't care
|
2016-11-15 11:25:15 +05:30
|
|
|
});
|
2016-10-30 17:42:49 +05:30
|
|
|
}
|
2016-11-08 12:00:53 +05:30
|
|
|
|
2017-01-04 11:22:46 +05:30
|
|
|
return dispatch(logoutAll());
|
2016-10-30 17:42:49 +05:30
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-31 00:34:31 +05:30
|
|
|
export function relogin(email?: string) {
|
|
|
|
|
return (dispatch: Dispatch, getState: () => State) => {
|
|
|
|
|
const activeAccount = getActiveAccount(getState());
|
|
|
|
|
|
|
|
|
|
if (!email && activeAccount) {
|
|
|
|
|
email = activeAccount.email;
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-18 01:29:35 +05:30
|
|
|
dispatch(navigateToLogin(email || null));
|
2017-12-31 00:34:31 +05:30
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-06 00:44:38 +05:30
|
|
|
export function logoutAll() {
|
2017-12-31 00:34:31 +05:30
|
|
|
return (dispatch: Dispatch, getState: () => State): Promise<void> => {
|
2017-01-04 11:22:46 +05:30
|
|
|
dispatch(setGuest());
|
|
|
|
|
|
2016-12-06 00:44:38 +05:30
|
|
|
const {accounts: {available}} = getState();
|
|
|
|
|
|
2017-12-31 00:34:31 +05:30
|
|
|
available.forEach((account) =>
|
2019-01-28 00:42:58 +05:30
|
|
|
logout(account.token)
|
2017-12-31 00:34:31 +05:30
|
|
|
.catch(() => {
|
|
|
|
|
// we don't care
|
|
|
|
|
})
|
|
|
|
|
);
|
2016-12-06 00:44:38 +05:30
|
|
|
|
|
|
|
|
dispatch(reset());
|
2017-12-31 00:34:31 +05:30
|
|
|
dispatch(relogin());
|
2017-01-04 11:22:46 +05:30
|
|
|
|
|
|
|
|
return Promise.resolve();
|
2016-12-06 00:44:38 +05:30
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Logouts accounts, that was marked as "do not remember me"
|
|
|
|
|
*
|
|
|
|
|
* We detecting foreign accounts by the absence of refreshToken. The account
|
|
|
|
|
* won't be removed, until key `stranger${account.id}` is present in sessionStorage
|
|
|
|
|
*
|
|
|
|
|
* @return {function}
|
|
|
|
|
*/
|
|
|
|
|
export function logoutStrangers() {
|
2017-12-31 00:34:31 +05:30
|
|
|
return (dispatch: Dispatch, getState: () => State): Promise<void> => {
|
|
|
|
|
const {accounts: {available}} = getState();
|
|
|
|
|
const activeAccount = getActiveAccount(getState());
|
2016-12-06 00:44:38 +05:30
|
|
|
|
2017-12-31 00:34:31 +05:30
|
|
|
const isStranger = ({refreshToken, id}: Account) => !refreshToken && !sessionStorage.getItem(`stranger${id}`);
|
2016-12-06 00:44:38 +05:30
|
|
|
|
2017-01-12 10:59:39 +05:30
|
|
|
if (available.some(isStranger)) {
|
|
|
|
|
const accountToReplace = available.filter((account) => !isStranger(account))[0];
|
2016-12-06 00:44:38 +05:30
|
|
|
|
2017-01-12 10:59:39 +05:30
|
|
|
if (accountToReplace) {
|
|
|
|
|
available.filter(isStranger)
|
|
|
|
|
.forEach((account) => {
|
|
|
|
|
dispatch(remove(account));
|
2019-01-28 00:42:58 +05:30
|
|
|
logout(account.token);
|
2017-01-12 10:59:39 +05:30
|
|
|
});
|
2016-12-06 00:44:38 +05:30
|
|
|
|
2017-12-31 00:34:31 +05:30
|
|
|
if (activeAccount && isStranger(activeAccount)) {
|
2017-01-12 10:59:39 +05:30
|
|
|
return dispatch(authenticate(accountToReplace));
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return dispatch(logoutAll());
|
|
|
|
|
}
|
2016-12-06 00:44:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Promise.resolve();
|
|
|
|
|
};
|
|
|
|
|
}
|
