Skip to content

Commit

Permalink
Merge pull request #24 from energywebfoundation/feature/MYEN-545-add-…
Browse files Browse the repository at this point in the history 
…accepted-roles-to-config

[MYEN-545] add accepted roles check
  • Loading branch information
@jrhender
jrhender authored Jan 21, 2021
2 parents 183eb17 + 9789968 commit c6970ca
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 29 deletions.
21 changes: 18 additions & 3 deletions lib/LoginStrategy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ interface LoginStrategyOptions extends StrategyOptions {
ensResolverAddress?: string
didContractAddress?: string
ipfsUrl?: string
acceptedRoles?: string[]
}

export class LoginStrategy extends BaseStrategy {
Expand All @@ -44,6 +45,7 @@ export class LoginStrategy extends BaseStrategy {
private ensResolver: PublicResolver
private didResolver: Resolver
private ipfsStore: DidStore
private acceptedRoles: Set<string>
constructor(
{
claimField = 'claim',
Expand All @@ -54,6 +56,7 @@ export class LoginStrategy extends BaseStrategy {
ensResolverAddress = '0x0a97e07c4Df22e2e31872F20C5BE191D5EFc4680',
didContractAddress = VoltaAddress1056,
ipfsUrl = 'https://ipfs.infura.io:5001/api/v0/',
acceptedRoles,
...options
}: LoginStrategyOptions,
_nestJsCB?: VoidFunction // Added just for nestjs compatibility
Expand All @@ -79,6 +82,7 @@ export class LoginStrategy extends BaseStrategy {
this.ipfsStore = new DidStore(ipfsUrl)
this.numberOfBlocksBack = numberOfBlocksBack
this.jwtSecret = jwtSecret
this.acceptedRoles = acceptedRoles && new Set(acceptedRoles)
}
/**
* @description verifies issuer signature, then check that claim issued
Expand Down Expand Up @@ -130,11 +134,22 @@ export class LoginStrategy extends BaseStrategy {
})
})
)

const filteredRoles = roles.filter(Boolean)
const uniqueRoles = [...new Set(filteredRoles)]

if (
this.acceptedRoles &&
this.acceptedRoles.size > 0 &&
uniqueRoles.length > 0 &&
!uniqueRoles.some(({ namespace }) => {
return this.acceptedRoles.has(namespace)
})
) {
return done(null, null, 'User does not have an accepted role.')
}
const user = {
did: payload.iss,
verifiedRoles: filteredRoles,
verifiedRoles: uniqueRoles,
}

const jwtToken = this.encodeToken(user)
Expand Down Expand Up @@ -202,7 +217,7 @@ export class LoginStrategy extends BaseStrategy {

if (role.issuer?.issuerType === 'Role') {
const issuerClaims = await this.getUserClaims(issuer)
const issuerRoles = issuerClaims.map(c => c.claimType)
const issuerRoles = issuerClaims.map((c) => c.claimType)
if (issuerRoles.includes(role.issuer.roleName)) {
return {
name: role.roleName,
Expand Down
44 changes: 18 additions & 26 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit c6970ca

Please sign in to comment.