Add user via a JWS token

2020-12-10 23:24:10 +01:00 · 2020-12-10 23:24:10 +01:00 · 476b45bef4
commit 476b45bef4
parent 2009ad4504
4 changed files with 53 additions and 3 deletions
--- a/Foundation.hs
+++ b/Foundation.hs
@ -170,6 +170,8 @@ instance Yesod App where
    isAuthorized (ChallengeAllSubmissionsR _) _ = regularAuthorization

    isAuthorized (ChallengeMySubmissionsJsonR _) _ = regularAuthorization
+    isAuthorized AddUserR _ = regularAuthorization
+    isAuthorized UserInfoR _ = regularAuthorization

    isAuthorized (ChallengeGraphDataR _) _ = regularAuthorization
    isAuthorized (ChallengeDiscussionR _) _ = regularAuthorization
--- a/Handler/ShowChallenge.hs
+++ b/Handler/ShowChallenge.hs
@ -688,6 +688,47 @@ authorizationTokenAuth = do
             | otherwise -> return Nothing
    Nothing -> return Nothing

+requireAuthPossiblyByToken :: Handler (Entity User)
+requireAuthPossiblyByToken = do
+  mInfo <- authorizationTokenAuth
+  case mInfo of
+    Just info -> do
+      x <- runDB $ getBy $ UniqueUser $ jwtAuthInfoIdent info
+      case x of
+        Just entUser -> return entUser
+        Nothing -> requireAuth
+    Nothing -> requireAuth
+
+getUserInfoR :: Handler Value
+getUserInfoR = do
+  (Entity _ user) <- requireAuthPossiblyByToken
+  return $ String $ userIdent user
+
+getAddUserR :: Handler Value
+getAddUserR = do
+  mInfo <- authorizationTokenAuth
+  case mInfo of
+    Just info -> do
+      let ident = jwtAuthInfoIdent info
+      x <- runDB $ getBy $ UniqueUser ident
+      case x of
+        Just _ -> return $ Bool False
+        Nothing -> do
+          _ <- runDB $ insert User
+            { userIdent = ident
+            , userPassword = Nothing
+            , userName = Nothing
+            , userIsAdmin = False
+            , userLocalId = Nothing
+            , userIsAnonymous = False
+            , userAvatar = Nothing
+            , userVerificationKey = Nothing
+            , userKeyExpirationDate = Nothing
+            , userTriggerToken = Nothing
+            , userAltRepoScheme = Nothing
+            }
+          return $ Bool True
+    Nothing -> return $ Bool False

 getChallengeMySubmissionsJsonR :: Text -> Handler Value
 getChallengeMySubmissionsJsonR name = do
--- a/config/routes
+++ b/config/routes
@ -13,6 +13,8 @@
 /api/list-challenges ListChallengesJsonR GET
 /api/leaderboard/#Text LeaderboardJsonR GET
 /api/challenge-my-submissions/#Text ChallengeMySubmissionsJsonR GET
+/api/user-info UserInfoR GET
+/api/add-user AddUserR GET
 /list-archived-challenges ListArchivedChallengesR GET
 /challenge-image/#ChallengeId ChallengeImageR GET

--- a/static/test-gonito-as-backend.html
+++ b/static/test-gonito-as-backend.html
@ -21,9 +21,9 @@

        }

-            var loadData = function () {
+            var loadData = function (target) {

-                var url = 'http://127.0.0.1:3000/api/challenge-my-submissions/retroc2';
+                var url = 'http://127.0.0.1:3000/api/' + target;

                var req = new XMLHttpRequest();
                req.open('GET', url, true);
@ -49,6 +49,11 @@
 <body onload="initKeycloak()">
  <h1>This is a simple web page to test Gonito as a backend with authorization by JWT tokens.</h1>

-  <p><button onclick="loadData()">Test</button></p>
+  <p><button onclick="loadData('add-user')">Add user</button></p>
+
+  <p><button onclick="loadData('user-info')">Check user</button></p>
+
+  <p><button onclick="loadData('challenge-my-submissions/retroc2')">Other test</button></p>
+
 </body>
 </html>