Verify user in admin

- If 404, user don't exist in admin, it will be anonym user - if 403, user is ban or not associate in the world
2020-10-19 20:49:30 +02:00 · 2020-10-19 20:49:30 +02:00 · dfa6d2cc66
parent bf9dfcc835
commit dfa6d2cc66
2 changed files with 24 additions and 2 deletions
--- a/back/src/Services/AdminApi.ts
+++ b/back/src/Services/AdminApi.ts
@ -61,6 +61,17 @@ class AdminApi {
        )
        return res.data;
    }
+
+    async fetchCheckUserByToken(organizationMemberToken: string): Promise<AdminApiData> {
+        if (!ADMIN_API_URL) {
+            return Promise.reject('No admin backoffice set!');
+        }
+        //todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case.
+        const res = await Axios.get(ADMIN_API_URL+'/api/check-user/'+organizationMemberToken,
+            { headers: {"Authorization" : `${ADMIN_API_TOKEN}`} }
+        )
+        return res.data;
+    }
    
    reportPlayer(reportedUserUuid: string, reportedUserComment: string, reporterUserUuid: string) {
       return Axios.post(`${ADMIN_API_URL}/api/report`, {
--- a/back/src/Services/JWTTokenManager.ts
+++ b/back/src/Services/JWTTokenManager.ts
@ -2,6 +2,7 @@ import {ALLOW_ARTILLERY, SECRET_KEY} from "../Enum/EnvironmentVariable";
 import {uuid} from "uuidv4";
 import Jwt from "jsonwebtoken";
 import {TokenInterface} from "../Controller/AuthenticateController";
+import {adminApi, AdminApiData} from "../Services/AdminApi";

 class JWTTokenManager {
    
@ -32,7 +33,7 @@ class JWTTokenManager {
                const tokenInterface = tokenDecoded as TokenInterface;
                if (err) {
                    console.error('An authentication error happened, invalid JsonWebToken.', err);
-                    reject(new Error('An authentication error happened, invalid JsonWebToken. '+err.message));
+                    reject(new Error('An authentication error happened, invalid JsonWebToken. ' + err.message));
                    return;
                }
                if (tokenDecoded === undefined) {
@ -41,12 +42,22 @@ class JWTTokenManager {
                    return;
                }

+                //verify token
                if (!this.isValidToken(tokenInterface)) {
                    reject(new Error('Authentication error, invalid token structure.'));
                    return;
                }

-                resolve(tokenInterface.userUuid);
+                //verify user in admin
+                return adminApi.fetchCheckUserByToken(tokenInterface.userUuid).then(() => {
+                    resolve(tokenInterface.userUuid);
+                }).catch((err) => {
+                    //anonymous user
+                    if(err.response && err.response.status && err.response.status === 404){
+                        return resolve(tokenInterface.userUuid);
+                    }
+                    reject(new Error('Authentication error, invalid token structure. ' + err));
+                });
            });
        });
    }