6 ani în urmă · aa08459daf
--- a/client/components/login.vue
+++ b/client/components/login.vue
@@ -11,7 +11,7 @@
 
															             offset-xl4, xl4
														
 
															             )
														
 
															             transition(name='zoom')
														
 
															-              v-card.elevation-5.radius-7(v-show='isShown')
														
 
															+              v-card.elevation-5.md2(v-show='isShown')
														
 
															                 v-toolbar(color='primary', flat, dense, dark)
														
 
															                   v-spacer
														
 
															                   .subheading(v-if='screen === "tfa"') {{ $t('auth:tfa.subtitle') }}
														
@@ -59,7 +59,7 @@
 
															                     )
														
 
															                 v-card-actions.pb-4
														
 
															                   v-spacer
														
 
															-                  v-btn(
														
 
															+                  v-btn.md2(
														
 
															                     v-if='screen === "login"'
														
 
															                     block
														
 
															                     large
														
@@ -68,7 +68,7 @@
 
															                     round
														
 
															                     :loading='isLoading'
														
 
															                     ) {{ $t('auth:actions.login') }}
														
 
															-                  v-btn(
														
 
															+                  v-btn.md2(
														
 
															                     v-if='screen === "tfa"'
														
 
															                     block
														
 
															                     large
														
--- a/client/scss/layout/_md2.scss
+++ b/client/scss/layout/_md2.scss
@@ -1,7 +1,17 @@
 
															 .md2 {
														
 
															-  &.v-text-field .v-input__slot {
														
 
															-    border-radius: 28px;
														
 
															+  &.v-text-field {
														
 
															+    .v-input__slot {
														
 
															+      border-radius: 7px;
														
 
															+    }
														
 
															+  }
														
 
															+
														
 
															+  &.v-btn {
														
 
															+    border-radius: 7px;
														
 
															+  }
														
 
															+
														
 
															+  &.v-card {
														
 
															+    border-radius: 7px;
														
 
															   }
														
 
															 }
														
--- a/server/graph/directives/auth.js
+++ b/server/graph/directives/auth.js
@@ -1,5 +1,6 @@
 
															 const { SchemaDirectiveVisitor } = require('graphql-tools')
														
 
															 const { defaultFieldResolver } = require('graphql')
														
 
															+const _ = require('lodash')
														
 
															 class AuthDirective extends SchemaDirectiveVisitor {
														
 
															   visitObject(type) {
														
@@ -39,11 +40,13 @@ class AuthDirective extends SchemaDirectiveVisitor {
 
															         }
														
 
															         const context = args[2]
														
 
															-        console.info(context.req.user)
														
 
															-        // const user = await getUser(context.headers.authToken)
														
 
															-        // if (!user.hasRole(requiredScopes)) {
														
 
															-        //   throw new Error('not authorized')
														
 
															-        // }
														
 
															+        if (!context.req.user) {
														
 
															+          throw new Error('Unauthorized')
														
 
															+        }
														
 
															+
														
 
															+        if (!_.some(context.req.user.permissions, pm => _.includes(requiredScopes, pm))) {
														
 
															+          throw new Error('Forbidden')
														
 
															+        }
														
 
															         return resolve.apply(this, args)
														
 
															       }
														
--- a/server/helpers/security.js
+++ b/server/helpers/security.js
@@ -24,16 +24,14 @@ module.exports = {
 
															     })
														
 
															   },
														
 
															-  async extractJWT (req) {
														
 
															-    return passportJWT.ExtractJwt.fromExtractors([
														
 
															-      passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
														
 
															-      (req) => {
														
 
															-        let token = null
														
 
															-        if (req && req.cookies) {
														
 
															-          token = req.cookies['jwt']
														
 
															-        }
														
 
															-        return token
														
 
															+  extractJWT: passportJWT.ExtractJwt.fromExtractors([
														
 
															+    passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
														
 
															+    (req) => {
														
 
															+      let token = null
														
 
															+      if (req && req.cookies) {
														
 
															+        token = req.cookies['jwt']
														
 
															       }
														
 
															-    ])(req)
														
 
															-  }
														
 
															+      return token
														
 
															+    }
														
 
															+  ])
														
 
															 }
														
--- a/server/middlewares/auth.js
+++ b/server/middlewares/auth.js
@@ -13,12 +13,9 @@ module.exports = {
 
															     WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {
														
 
															       if (err) { return next() }
														
 
															-      console.info(err, user, info)
														
 
															-
														
 
															       // Expired but still valid within 7 days, just renew
														
 
															       if (info instanceof jwt.TokenExpiredError && moment().subtract(7, 'days').isBefore(info.expiredAt)) {
														
 
															         const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
														
 
															-        console.info(jwtPayload)
														
 
															         try {
														
 
															           const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
														
 
															           user = newToken.user
														
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -252,9 +252,9 @@ module.exports = class User extends Model {
 
															         timezone: user.timezone,
														
 
															         localeCode: user.localeCode,
														
 
															         defaultEditor: user.defaultEditor,
														
 
															-        permissions: []
														
 
															+        permissions: ['manage:system']
														
 
															       }, WIKI.config.sessionSecret, {
														
 
															-        expiresIn: '10s',
														
 
															+        expiresIn: '30m',
														
 
															         audience: 'urn:wiki.js', // TODO: use value from admin
														
 
															         issuer: 'urn:wiki.js'
														
 
															       }),