From 8d57886bae45dc2f893ce4ae1e410fa87377dc85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?gr=C3=A9goire=20parant?= <g.parant@thecodingmachine.com>
Date: Sun, 15 Aug 2021 22:51:06 +0200
Subject: [PATCH] Update token generation (#1372)

- Permit only decode token to get map details,
 - If user have token expired, set the token to null and reload the page. This feature will be updated when authentication stategy will be finished.

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 front/src/Connexion/ConnectionManager.ts    | 19 ++++++++++++++++---
 pusher/src/Controller/IoSocketController.ts |  2 +-
 pusher/src/Controller/MapController.ts      | 15 ++++++++++++---
 pusher/src/Services/JWTTokenManager.ts      |  4 ++--
 4 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index 38272737..9e245d3a 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -29,11 +29,24 @@ class ConnectionManager {
         });
     }
 
-    public loadOpenIDScreen() {
-        localUserStore.setAuthToken(null);
+    /**
+     * @return Promise<void>
+     */
+    public loadOpenIDScreen(): Promise<void> {
         const state = localUserStore.generateState();
         const nonce = localUserStore.generateNonce();
-        window.location.assign(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`);
+        localUserStore.setAuthToken(null);
+
+        //TODO refactor this and don't realise previous call
+        return Axios.get(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`)
+            .then(() => {
+                window.location.assign(`http://${PUSHER_URL}/login-screen?state=${state}&nonce=${nonce}`);
+            })
+            .catch((err) => {
+                console.error(err, "We don't have URL to regenerate authentication user");
+                //TODO show modal login
+                window.location.reload();
+            });
     }
 
     public logout() {
diff --git a/pusher/src/Controller/IoSocketController.ts b/pusher/src/Controller/IoSocketController.ts
index daf45ce4..0466100c 100644
--- a/pusher/src/Controller/IoSocketController.ts
+++ b/pusher/src/Controller/IoSocketController.ts
@@ -174,7 +174,7 @@ export class IoSocketController {
                         }
 
                         const tokenData =
-                            token && typeof token === "string" ? jwtTokenManager.decodeJWTToken(token) : null;
+                            token && typeof token === "string" ? jwtTokenManager.verifyJWTToken(token) : null;
                         const userIdentifier = tokenData ? tokenData.identifier : "";
 
                         let memberTags: string[] = [];
diff --git a/pusher/src/Controller/MapController.ts b/pusher/src/Controller/MapController.ts
index 8becb0fe..ccaa231f 100644
--- a/pusher/src/Controller/MapController.ts
+++ b/pusher/src/Controller/MapController.ts
@@ -6,7 +6,8 @@ import { ADMIN_API_URL } from "../Enum/EnvironmentVariable";
 import { GameRoomPolicyTypes } from "../Model/PusherRoom";
 import { MapDetailsData } from "../Services/AdminApi/MapDetailsData";
 import { socketManager } from "../Services/SocketManager";
-import { jwtTokenManager } from "../Services/JWTTokenManager";
+import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
+import { v4 } from "uuid";
 
 export class MapController extends BaseController {
     constructor(private App: TemplatedApp) {
@@ -71,8 +72,16 @@ export class MapController extends BaseController {
                 try {
                     let userId: string | undefined = undefined;
                     if (query.authToken != undefined) {
-                        const authTokenData = jwtTokenManager.decodeJWTToken(query.authToken as string);
-                        userId = authTokenData.identifier;
+                        let authTokenData: AuthTokenData;
+                        try {
+                            authTokenData = jwtTokenManager.verifyJWTToken(query.authToken as string);
+                            userId = authTokenData.identifier;
+                        } catch (e) {
+                            // Decode token, in this case we don't need to create new token.
+                            authTokenData = jwtTokenManager.verifyJWTToken(query.authToken as string, true);
+                            userId = authTokenData.identifier;
+                            console.info("JWT expire, but decoded", userId);
+                        }
                     }
                     const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId);
 
diff --git a/pusher/src/Services/JWTTokenManager.ts b/pusher/src/Services/JWTTokenManager.ts
index bb21531c..4711ccfd 100644
--- a/pusher/src/Services/JWTTokenManager.ts
+++ b/pusher/src/Services/JWTTokenManager.ts
@@ -15,9 +15,9 @@ class JWTTokenManager {
         return Jwt.sign({ identifier }, SECRET_KEY, { expiresIn: "200d" });
     }
 
-    public decodeJWTToken(token: string): AuthTokenData {
+    public verifyJWTToken(token: string, ignoreExpiration: boolean = false): AuthTokenData {
         try {
-            return Jwt.verify(token, SECRET_KEY, { ignoreExpiration: false }) as AuthTokenData;
+            return Jwt.verify(token, SECRET_KEY, { ignoreExpiration }) as AuthTokenData;
         } catch (e) {
             throw { reason: tokenInvalidException, message: e.message };
         }