diff --git a/backend/src/controllers/LoginController.js b/backend/src/controllers/LoginController.js index f049b4ac..0b1edf40 100644 --- a/backend/src/controllers/LoginController.js +++ b/backend/src/controllers/LoginController.js @@ -40,7 +40,9 @@ export const login = async (req, res) => { try { const { shibbolethId, studentNumber, firstname, lastname, email } = parseShibbolethInformationFromHeaders(req.headers) - await register(shibbolethId, studentNumber, firstname, lastname, email) + if (!req.isMockUser) { + await register(shibbolethId, studentNumber, firstname, lastname, email) + } const token = await generateToken(shibbolethId) res.status(200).json({ token }) } catch (err) { diff --git a/backend/src/middleware/auth.js b/backend/src/middleware/auth.js index 07733ea6..0345430f 100644 --- a/backend/src/middleware/auth.js +++ b/backend/src/middleware/auth.js @@ -6,6 +6,9 @@ const config = require('../util/config') const isShibboUser = (userId, uidHeader) => userId === uidHeader +const hasAtLeastOneRole = (userRoles, allowedRoleNames) => + userRoles.filter(item => allowedRoleNames.includes(item.role.name)).length > 0 + /** * Authentication middleware that is called before any requests. * @@ -14,11 +17,26 @@ export const checkAuth = async (req, res, next) => { const token = req.headers['x-access-token'] const { uid } = req.headers if (token) { - jwt.verify(token, config.TOKEN_SECRET, (err, decoded) => { + jwt.verify(token, config.TOKEN_SECRET, async (err, decoded) => { if (err) { res.status(403).json(err) } else if (isShibboUser(decoded.userId, uid)) { req.decodedToken = decoded + + if (req.headers['x-mock-user-id']) { + // only allow admins to mock other users + const user = await personService.getLoggedPerson(req) + const userRoles = await roleService.getUsersRoles(user) + const isAdmin = hasAtLeastOneRole(userRoles, ['admin']) + + if (isAdmin || process.env.NODE === 'development') { + req.headers.uid = req.headers['x-mock-user-id'] + req.isMockUser = true + // if x-mock-user-id is set, we need to mock userId also in the token + req.decodedToken.userId = req.headers['x-mock-user-id'] + } + } + next() } else { res.status(403).json({ error: 'User shibboleth id and token id did not match' }) @@ -55,12 +73,12 @@ export const checkCanSubmitThesis = async (req, res, next) => { await checkRoles(staffRoles, req, res, next) } -const checkRoles = async (allowedRoles, req, res, next) => { +const checkRoles = async (allowedRoleNames, req, res, next) => { console.log("Checking roles") const user = await personService.getLoggedPerson(req) const userRoles = await roleService.getUsersRoles(user) try { - if (userRoles.filter(item => allowedRoles.includes(item.role.name)).length > 0) { + if (hasAtLeastOneRole(userRoles, allowedRoleNames)) { console.log("Roles were ok") next() } else {