Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that Roles (List) is Available on conn.assigns.person.roles #91

Closed
3 tasks done
nelsonic opened this issue Aug 20, 2020 · 4 comments
Closed
3 tasks done

Ensure that Roles (List) is Available on conn.assigns.person.roles #91

nelsonic opened this issue Aug 20, 2020 · 4 comments
Assignees
@nelsonic
Labels
enhancement New feature or enhancement of existing functionality question A question needs to be answered before progress can be made on this issue T1h Time Estimate 1 Hour technical A technical issue that requires understanding of the code, infrastructure or dependencies

Comments

@nelsonic
Copy link
Member

nelsonic commented Aug 20, 2020
edited
Loading

At present conn.assigns.person does not contain any roles:

%{
  aud: "Joken",
  auth_provider: "google",
  email: "[email protected]",
  exp: 1629492074,
  givenName: "Nelson",
  iat: 1597955074,
  id: 1,
  iss: "Joken",
  jti: "2omh7b4k1ck801ketc",
  nbf: 1597955074,
  picture: "https://lh3.googleusercontent.com/a-/AOh14GhaNpCI3Px",
  status: nil
}
  • superuser (person.id==1) needs to have the superuser role assigned in seeds.exs.
  • JWT (and thus conn.assigns.person) should have roles key and
    • it should contain a string of space-separated comma-separated role_ids
      e.g: "superadmin admin home_external" "1,8,42"

    Note: This helper function will be in RBAC: Transform List of Maps into Comma Separated String of Ints rbac#4
@nelsonic nelsonic added enhancement New feature or enhancement of existing functionality T1h Time Estimate 1 Hour technical A technical issue that requires understanding of the code, infrastructure or dependencies labels Aug 20, 2020
@nelsonic nelsonic self-assigned this Aug 20, 2020
@th0mas
Copy link
Collaborator

th0mas commented Aug 21, 2020

Is there any reason to use a comma separated string over a list structure in the JWT/conn.assigns.person map?

@nelsonic
Copy link
Member Author

@th0mas good question.
As you know, the JWT is returned in the URL following successful auth:

auth/lib/auth_web/controllers/auth_controller.ex

Lines 435 to 449 in fafc5e0

def add_jwt_url_param(person, state, client_secret) do
data = %{
auth_provider: person.auth_provider,
givenName: person.givenName,
id: person.id,
picture: person.picture,
status: person.status,
email: person.email
}
jwt = AuthPlug.Token.generate_jwt!(data, client_secret)
List.first(String.split(URI.decode(state), "?")) <>
"?jwt=" <> jwt
end

Joken.generate_and_sign will stringify the data no matter what format it is in
so that it can be included in a URL.
All I'm doing is minimising the amount of data by transforming it to a String preemptively.

As for the conn.assigns.person map again, I'm just minimising the amount of data sent over the wire.

But as always open to suggestions. 💭

@nelsonic nelsonic added the question A question needs to be answered before progress can be made on this issue label Aug 21, 2020
@nelsonic
Copy link
Member Author

Sample:

conn.assigns.person: %{
  aud: "Joken",
  auth_provider: "google",
  email: "[email protected]",
  exp: 1629582005,
  givenName: "Nelson",
  iat: 1598045005,
  id: 1,
  iss: "Joken",
  jti: "2ommatp3m7qoguuoik000002",
  nbf: 1598045005,
  picture: "https://lh3.googleusercontent.com/a-/AOh14GhaNpCI3Px_VuIC8GkRuCY",
  roles: "1,8,42",
  status: 1
}

nelsonic added a commit that referenced this issue Aug 21, 2020
@nelsonic
use RBAC v0.2.0 to transform roles from List of Maps/Structs to Strin…
9dfc9de 
…g for #91
@nelsonic nelsonic mentioned this issue Aug 21, 2020
Merged
13 tasks
@nelsonic
Copy link
Member Author

Included in #85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nelsonic nelsonic

Labels
enhancement New feature or enhancement of existing functionality question A question needs to be answered before progress can be made on this issue T1h Time Estimate 1 Hour technical A technical issue that requires understanding of the code, infrastructure or dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nelsonic @th0mas