refactor auth (2/2)

92de9aa7 · Zohten · f8092631 · 92de9aa7 · 92de9aa7 · 92de9aa7
Commit 92de9aa7 authored Nov 25, 2020 by Zohten
3 changed files
--- a/BackEnd/src/classes/Request.class.php
+++ b/BackEnd/src/classes/Request.class.php
@@ -101,8 +101,7 @@ class Request
    {
        return $this->data;
    }
-    // returns JWT token in Authorization header or throw an exception
+    // Return JWT token (string) in Authorization header or throw an exception
-    // Return JWT token (string)
    public function getJwtToken()
    {
        // Field names are case-insensitive : https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html
@@ -119,11 +118,11 @@ class Request
        return $jwt_token;
    }
+    // Return array with decodedJWT or error message if decoding fails
    public function verifyJwtToken()
    {
        try {
            $jwt_token = $this->getJwtToken();
-            //print_r($jwt_token);die();
            $decodedJWT = JWT::decode($jwt_token, JWT_BACKEND_KEY, array('HS256'));
            $arrayResult = [

--- a/BackEnd/src/controller/LoginController.class.php
+++ b/BackEnd/src/controller/LoginController.class.php
@@ -40,8 +40,7 @@ class LoginController extends Controller
         "iss" => JWT_ISSUER,
         "data" => array(
            "id" => $user->id(),
-            "firstname" => $user->firstname(),
+            "role" => $user->role(),
-            "lastname" => $user->lastname(),
            "email" => $user->email()
         )
      );

--- a/BackEnd/src/controller/UserController.class.php
+++ b/BackEnd/src/controller/UserController.class.php
@@ -38,6 +38,20 @@ class UserController extends Controller
        return Response::errorResponse($message);
    }
+    public function authUser($id, $allowAdmin=True){
+        // Token phase
+        $verifyArray = $this->request->verifyJwtToken();
+        if ($verifyArray['message']!=="Valid token.") {
+            return Response::unauthorizedResponse($jsonResult);
+        }
+        // Auth phase
+        $data = $verifyArray['decodedJWT']->data;
+        if (($data->id != $id) && ($data->role != 2)) {
+            $message = json_encode(["message" => "You don't have access to this account."]);
+            return Response::unauthorizedResponse($message);
+        }
+    }
    /**
    * Get all users in USER table
    *
@@ -69,17 +83,11 @@ class UserController extends Controller
    */
    protected function updateUser($array)
    {
-        // Token phase
+        // Auth with token phase
-        $verifyArray = $this->request->verifyJwtToken();
+        $authError = $this->authUser($array['id']);
-        if ($verifyArray['message']!=="Valid token.") {
+        if($authError){
-            return Response::unauthorizedResponse($jsonResult);
+            return authError;
        }
-        // Auth phase
-        if ($verifyArray['decodedJWT']->data->id != $array['id']) {
-            $message = json_encode(["message" => "You don't have access to this account."]);
-            return Response::unauthorizedResponse($message);
-        }
        // Update phase
        User::updateUser($array);