s464900/gonito
1
0
Fork 0
forked from filipg/gonito
Code Issues Pull Requests Projects Releases Wiki Activity

Add user via a JWS token

Browse Source
This commit is contained in:
Filip Gralinski 2020-12-10 23:24:10 +01:00
parent 2009ad4504
commit 476b45bef4
4 changed files with 53 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Foundation.hs
View File

@ -170,6 +170,8 @@ instance Yesod App where
isAuthorized (ChallengeAllSubmissionsR _) _ = regularAuthorization isAuthorized (ChallengeAllSubmissionsR _) _ = regularAuthorization
isAuthorized (ChallengeMySubmissionsJsonR _) _ = regularAuthorization isAuthorized (ChallengeMySubmissionsJsonR _) _ = regularAuthorization
isAuthorized AddUserR _ = regularAuthorization
isAuthorized UserInfoR _ = regularAuthorization
isAuthorized (ChallengeGraphDataR _) _ = regularAuthorization isAuthorized (ChallengeGraphDataR _) _ = regularAuthorization
isAuthorized (ChallengeDiscussionR _) _ = regularAuthorization isAuthorized (ChallengeDiscussionR _) _ = regularAuthorization

41
Handler/ShowChallenge.hs
View File

@ -688,6 +688,47 @@ authorizationTokenAuth = do
| otherwise -> return Nothing | otherwise -> return Nothing
Nothing -> return Nothing Nothing -> return Nothing
requireAuthPossiblyByToken :: Handler (Entity User)
requireAuthPossiblyByToken = do
mInfo <- authorizationTokenAuth
case mInfo of
Just info -> do
x <- runDB $ getBy $ UniqueUser $ jwtAuthInfoIdent info
case x of
Just entUser -> return entUser
Nothing -> requireAuth
Nothing -> requireAuth
getUserInfoR :: Handler Value
getUserInfoR = do
(Entity _ user) <- requireAuthPossiblyByToken
return $ String $ userIdent user
getAddUserR :: Handler Value
getAddUserR = do
mInfo <- authorizationTokenAuth
case mInfo of
Just info -> do
let ident = jwtAuthInfoIdent info
x <- runDB $ getBy $ UniqueUser ident
case x of
Just _ -> return $ Bool False
Nothing -> do
_ <- runDB $ insert User
{ userIdent = ident
, userPassword = Nothing
, userName = Nothing
, userIsAdmin = False
, userLocalId = Nothing
, userIsAnonymous = False
, userAvatar = Nothing
, userVerificationKey = Nothing
, userKeyExpirationDate = Nothing
, userTriggerToken = Nothing
, userAltRepoScheme = Nothing
}
return $ Bool True
Nothing -> return $ Bool False
getChallengeMySubmissionsJsonR :: Text -> Handler Value getChallengeMySubmissionsJsonR :: Text -> Handler Value
getChallengeMySubmissionsJsonR name = do getChallengeMySubmissionsJsonR name = do

2
config/routes
View File

@ -13,6 +13,8 @@
/api/list-challenges ListChallengesJsonR GET /api/list-challenges ListChallengesJsonR GET
/api/leaderboard/#Text LeaderboardJsonR GET /api/leaderboard/#Text LeaderboardJsonR GET
/api/challenge-my-submissions/#Text ChallengeMySubmissionsJsonR GET /api/challenge-my-submissions/#Text ChallengeMySubmissionsJsonR GET
/api/user-info UserInfoR GET
/api/add-user AddUserR GET
/list-archived-challenges ListArchivedChallengesR GET /list-archived-challenges ListArchivedChallengesR GET
/challenge-image/#ChallengeId ChallengeImageR GET /challenge-image/#ChallengeId ChallengeImageR GET

11
static/test-gonito-as-backend.html
View File

@ -21,9 +21,9 @@
} }
var loadData = function () { var loadData = function (target) {
var url = 'http://127.0.0.1:3000/api/challenge-my-submissions/retroc2'; var url = 'http://127.0.0.1:3000/api/' + target;
var req = new XMLHttpRequest(); var req = new XMLHttpRequest();
req.open('GET', url, true); req.open('GET', url, true);
@ -49,6 +49,11 @@
<body onload="initKeycloak()"> <body onload="initKeycloak()">
<h1>This is a simple web page to test Gonito as a backend with authorization by JWT tokens.</h1> <h1>This is a simple web page to test Gonito as a backend with authorization by JWT tokens.</h1>
<p><button onclick="loadData()">Test</button></p> <p><button onclick="loadData('add-user')">Add user</button></p>
<p><button onclick="loadData('user-info')">Check user</button></p>
<p><button onclick="loadData('challenge-my-submissions/retroc2')">Other test</button></p>
</body> </body>
</html> </html>