From df45063a91ecd5d508ba1d6c4823aa22782278dd Mon Sep 17 00:00:00 2001 From: marcosfmmota Date: Wed, 19 Aug 2020 10:53:58 -0300 Subject: [PATCH 1/7] feat (session): removing redis references --- src/adonisjs/app/Controllers/Http/AuthController.js | 1 - src/adonisjs/config/session.js | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 61400c086..cf740c898 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -1,6 +1,5 @@ 'use strict' -const Redis = use('Redis') const Env = use('Env') const axios = require('axios'); const { validate } = use('Validator') diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index d43a1737d..726fd1d86 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -91,5 +91,5 @@ module.exports = { | the redis file. But you are free to define an object here too. | */ - redis: 'self::redis.local' + // redis: 'self::redis.local' } From e7859fbd4a8e8a646f2accb1f34dec848b044c89 Mon Sep 17 00:00:00 2001 From: Fagner Date: Thu, 20 Aug 2020 12:27:52 -0300 Subject: [PATCH 2/7] working on session authentication --- .../app/Controllers/Http/AuthController.js | 80 +++++++++++++++---- src/adonisjs/app/Models/User.js | 4 + src/adonisjs/config/auth.js | 6 +- src/adonisjs/config/cors.js | 2 +- src/adonisjs/config/session.js | 2 +- .../database/migrations/1503248427885_user.js | 4 +- 6 files changed, 76 insertions(+), 22 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index cf740c898..3aae5e5fc 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -1,5 +1,7 @@ 'use strict' +const Logger = use('Logger') + const Env = use('Env') const axios = require('axios'); const { validate } = use('Validator') @@ -10,8 +12,9 @@ class AuthController { return view.render('registration.login', { pageTitle: 'Log in' }) } + + async login({ view, request, session, response, auth }) { - console.log(1) try{ const params = request.all() @@ -34,7 +37,7 @@ class AuthController { return response.redirect('back') } - const endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v2/auth/login" + const endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/login" var config = { method: 'post', @@ -47,22 +50,19 @@ class AuthController { await axios(config) .then(async function (endpoint_response) { - +Logger.info('response is %s', endpoint_response) let user = endpoint_response.data console.log("-----------------------------------------------------------------------------------------------------------") - console.log(user.token) - - + // console.log(user.token) +console.log(user) await auth.login(user) - //console.log(token.token) - //request.cookie("token", token.token) - console.log('login feito') - //const data = { user : 'hello world' } - response.cookie('token', user.token) - //yield response.sendView('index', data) + // response.cookie('token', user.token) + + //yield response.sendView('index', data) //return view.render('index', { user: user.toJSON() }) - return response.route('index') + + return response.route('index') }) .catch(function (error) { console.log(error); @@ -72,9 +72,57 @@ class AuthController { } } - async logout({ auth, response }){ - await auth.logout() - return response.route('index') + + + async logout({ session, auth, response, request }){ + try{ + // console.log('aqui') + // console.log(request.cookies()) + + // console.log(request.cookie('adonis-session')) + // console.log(request.cookie('adonis-session-values')) + + const endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/logout" + + var config = { + method: 'post', + url: endpoint_url, + headers: { + // "Cookie": "Bearer " + request.cookie("token") + // "Cookie": "adonis-session=" + request.plainCookie("adonis-session") + + // ";XSRF-TOKEN="+ request.plainCookie('XSRF-TOKEN') + + + + // ";adonis-session-values=" + request.plainCookie('adonis-session-values') + } + }; +// console.log(config) + + +// const instance = await axios.create({ +// withCredentials: true +// }) + +// await instance.post(endpoint_url) + +// await axios.get(endpoint_url) + // axios.defaults.withCredentials = true + + + await axios(config) + .then(async function (endpoint_response) { + await auth.logout() + return response.route('index') + + }) + .catch(function (error) { + + console.log(error); + }); + }catch (e){ + console.log(e) + } + } } diff --git a/src/adonisjs/app/Models/User.js b/src/adonisjs/app/Models/User.js index 2804a449e..9b5d12279 100644 --- a/src/adonisjs/app/Models/User.js +++ b/src/adonisjs/app/Models/User.js @@ -7,6 +7,10 @@ const Hash = use('Hash') const Model = use('Model') class User extends Model { + static get incrementing () { + return false + } + static boot () { super.boot() diff --git a/src/adonisjs/config/auth.js b/src/adonisjs/config/auth.js index 38427fe39..efd992730 100644 --- a/src/adonisjs/config/auth.js +++ b/src/adonisjs/config/auth.js @@ -28,10 +28,10 @@ module.exports = { | */ session: { - serializer: 'lucid', - model: 'App/Models/User', + serializer: 'database', + table: 'users', scheme: 'session', - uid: 'login', + uid: 'email', password: 'password' }, diff --git a/src/adonisjs/config/cors.js b/src/adonisjs/config/cors.js index 4c3848eb2..7db17ba52 100644 --- a/src/adonisjs/config/cors.js +++ b/src/adonisjs/config/cors.js @@ -73,7 +73,7 @@ module.exports = { | boolean. | */ - credentials: false, + credentials: true, /* |-------------------------------------------------------------------------- diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index 726fd1d86..b42fbd159 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -65,7 +65,7 @@ module.exports = { */ cookie: { httpOnly: true, - sameSite: false, + sameSite: true, path: '/' }, diff --git a/src/adonisjs/database/migrations/1503248427885_user.js b/src/adonisjs/database/migrations/1503248427885_user.js index 1ade2f567..d54c97b12 100644 --- a/src/adonisjs/database/migrations/1503248427885_user.js +++ b/src/adonisjs/database/migrations/1503248427885_user.js @@ -6,7 +6,9 @@ const Schema = use('Schema') class UserSchema extends Schema { up () { this.create('users', (table) => { - table.increments() + table.uuid('id') + table.primary('id') + table.string('username', 80).notNullable().unique() table.string('email', 254).notNullable().unique() table.string('password', 60).notNullable() From 38ab6f6cd33f325b5e9c50bb325cb12665b3a078 Mon Sep 17 00:00:00 2001 From: Fagner Date: Thu, 20 Aug 2020 13:19:43 -0300 Subject: [PATCH 3/7] working on session auth --- src/adonisjs/app/Controllers/Http/AuthController.js | 7 ++++++- src/adonisjs/config/auth.js | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 3aae5e5fc..c9fd3c51e 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -6,6 +6,8 @@ const Env = use('Env') const axios = require('axios'); const { validate } = use('Validator') +const User = use('App/Models/User'); + class AuthController { create({ view }){ @@ -51,9 +53,12 @@ class AuthController { await axios(config) .then(async function (endpoint_response) { Logger.info('response is %s', endpoint_response) - let user = endpoint_response.data + let response_user = endpoint_response.data console.log("-----------------------------------------------------------------------------------------------------------") // console.log(user.token) + let user = new User() + user.id = response_user.id + user.email = response_user.email console.log(user) await auth.login(user) diff --git a/src/adonisjs/config/auth.js b/src/adonisjs/config/auth.js index efd992730..5fceb35aa 100644 --- a/src/adonisjs/config/auth.js +++ b/src/adonisjs/config/auth.js @@ -28,8 +28,8 @@ module.exports = { | */ session: { - serializer: 'database', - table: 'users', + serializer: 'lucid', + model: 'App/Models/User', scheme: 'session', uid: 'email', password: 'password' From 22b40848f88eec9845763d011dc17124c0efd2ea Mon Sep 17 00:00:00 2001 From: Fagner Date: Thu, 20 Aug 2020 21:04:59 -0300 Subject: [PATCH 4/7] debug --- .../app/Controllers/Http/AuthController.js | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index effd554d3..8167786ad 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -1,5 +1,3 @@ -/* global use */ - 'use strict' const Logger = use('Logger') @@ -54,7 +52,7 @@ class AuthController { await axios(config) .then(async function (endpoint_response) { -Logger.info('response is %s', endpoint_response) + let response_user = endpoint_response.data console.log("-----------------------------------------------------------------------------------------------------------") // console.log(user.token) @@ -62,6 +60,7 @@ Logger.info('response is %s', endpoint_response) user.id = response_user.id user.email = response_user.email console.log(user) + // await auth.attempt(params.email,params.password) await auth.login(user) // response.cookie('token', user.token) @@ -82,6 +81,7 @@ console.log(user) async logout({ session, auth, response, request }){ + console.log(session.all()) try{ // console.log('aqui') // console.log(request.cookies()) @@ -97,10 +97,8 @@ console.log(user) headers: { // "Cookie": "Bearer " + request.cookie("token") // "Cookie": "adonis-session=" + request.plainCookie("adonis-session") + - // ";XSRF-TOKEN="+ request.plainCookie('XSRF-TOKEN') + - - - // ";adonis-session-values=" + request.plainCookie('adonis-session-values') + // ";XSRF-TOKEN="+ request.plainCookie('XSRF-TOKEN') + + // ";adonis-session-values=" + request.plainCookie('adonis-session-values') } }; // console.log(config) @@ -113,19 +111,22 @@ console.log(user) // await instance.post(endpoint_url) // await axios.get(endpoint_url) - // axios.defaults.withCredentials = true + axios.defaults.withCredentials = true - - await axios(config) - .then(async function (endpoint_response) { await auth.logout() return response.route('index') - }) - .catch(function (error) { + // await axios(config) + // .then(async function (endpoint_response) { + // await auth.logout() + + // return response.route('index') + + // }) + // .catch(function (error) { - console.log(error); - }); + // console.log(error); + // }); }catch (e){ console.log(e) } From 17275ba7333bd9adf164d16f27659db6e599be8b Mon Sep 17 00:00:00 2001 From: Fagner Date: Sat, 22 Aug 2020 13:00:26 -0300 Subject: [PATCH 5/7] working on authorization header of axios.post() requests --- .../app/Controllers/Http/AuthController.js | 85 +++++++++++++------ 1 file changed, 60 insertions(+), 25 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 8167786ad..e712d7325 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -3,7 +3,9 @@ const Logger = use('Logger') const Env = use('Env') -const axios = require('axios'); +const axios = use('axios'); +var FormData = use('form-data'); + const { validate } = use('Validator') const User = use('App/Models/User'); @@ -17,6 +19,7 @@ class AuthController { async login({ view, request, session, response, auth }) { + // console.log(session.all()) try{ const params = request.all() @@ -39,11 +42,20 @@ class AuthController { return response.redirect('back') } - const endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/login" + let endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/login" + + let bodyFormData = new FormData(); + bodyFormData.append('email', params.email); + bodyFormData.append('password', params.password); +// console.log(bodyFormData.getHeaders()) var config = { method: 'post', url: endpoint_url, + // headers: { + // data.getHeaders() + // }, + // data: bodyFormData data: { email: params.email, password: params.password, @@ -52,27 +64,49 @@ class AuthController { await axios(config) .then(async function (endpoint_response) { + console.log(session.all()) let response_user = endpoint_response.data console.log("-----------------------------------------------------------------------------------------------------------") - // console.log(user.token) - let user = new User() - user.id = response_user.id - user.email = response_user.email -console.log(user) + let user = new User() + user.id = response_user.id + user.email = response_user.email + console.log(response_user) + session.put('adonis-auth', response_user) + console.log(session.all()) // await auth.attempt(params.email,params.password) - await auth.login(user) + // await auth.loginViaId(user.id) + // console.log(session.all()) // response.cookie('token', user.token) //yield response.sendView('index', data) //return view.render('index', { user: user.toJSON() }) - + + return response.route('index') }) .catch(function (error) { - console.log(error); + // console.log(error); }); + + endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/logout" + + config = { + method: 'post', + url: endpoint_url, + data: new FormData() + }; + + await axios(config) + .then(async function (endpoint_response) { + // await auth.logout() + + return response.route('index') + }) + .catch(function (error) { + // console.log(error); + }); } catch (e){ console.log(e) } @@ -90,16 +124,17 @@ console.log(user) // console.log(request.cookie('adonis-session-values')) const endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/logout" +console.log(session) var config = { method: 'post', url: endpoint_url, - headers: { + // headers: { // "Cookie": "Bearer " + request.cookie("token") - // "Cookie": "adonis-session=" + request.plainCookie("adonis-session") + - // ";XSRF-TOKEN="+ request.plainCookie('XSRF-TOKEN') + - // ";adonis-session-values=" + request.plainCookie('adonis-session-values') - } + "Cookie": "adonis-session=" + request.plainCookie("adonis-session") + + "; XSRF-TOKEN="+ request.plainCookie('XSRF-TOKEN') + + "; adonis-session-values=" + request.plainCookie('adonis-session-values') + // } }; // console.log(config) @@ -114,21 +149,21 @@ console.log(user) axios.defaults.withCredentials = true await auth.logout() - return response.route('index') + // return response.route('index') - // await axios(config) - // .then(async function (endpoint_response) { - // await auth.logout() + await axios(config) + .then(async function (endpoint_response) { + // await auth.logout() - // return response.route('index') + return response.route('index') - // }) - // .catch(function (error) { + }) + .catch(function (error) { - // console.log(error); - // }); + // console.log(error); + }); }catch (e){ - console.log(e) + // console.log(e) } } From a47809e90b70d648427041ff7a7da2b8eed9c23c Mon Sep 17 00:00:00 2001 From: Fagner Date: Mon, 24 Aug 2020 12:23:16 -0300 Subject: [PATCH 6/7] working on csrf token --- .../app/Controllers/Http/AuthController.js | 69 +++++++++++-------- src/adonisjs/config/session.js | 5 +- .../resources/views/registration/login.edge | 2 +- 3 files changed, 43 insertions(+), 33 deletions(-) diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index e712d7325..2c6090bc3 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -12,14 +12,17 @@ const User = use('App/Models/User'); class AuthController { - create({ view }){ + create({ view, session }){ + console.log('ejijeiej') + console.log(session.all()) + return view.render('registration.login', { pageTitle: 'Log in' }) } async login({ view, request, session, response, auth }) { - // console.log(session.all()) + console.log('here') try{ const params = request.all() @@ -42,7 +45,7 @@ class AuthController { return response.redirect('back') } - let endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/login" + let endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v2/auth/login" let bodyFormData = new FormData(); bodyFormData.append('email', params.email); @@ -61,21 +64,27 @@ class AuthController { password: params.password, } }; - +// session.clear() + console.log('aqui') await axios(config) + // console.log('retorno') .then(async function (endpoint_response) { console.log(session.all()) - let response_user = endpoint_response.data - console.log("-----------------------------------------------------------------------------------------------------------") - let user = new User() - user.id = response_user.id - user.email = response_user.email - console.log(response_user) - session.put('adonis-auth', response_user) - console.log(session.all()) - // await auth.attempt(params.email,params.password) - // await auth.loginViaId(user.id) + let response_user = endpoint_response.data + console.log("-----------------------------------------------------------------------------------------------------------") + + let user = new User() + user.id = response_user.id + user.email = response_user.email + + console.log(response_user) + + session.put('adonis-auth', response_user) + + console.log(session.all()) + // await auth.attempt(params.email,params.password) + await auth.loginViaId(user.id) // console.log(session.all()) // response.cookie('token', user.token) @@ -87,26 +96,26 @@ class AuthController { return response.route('index') }) .catch(function (error) { - // console.log(error); + console.log(error); }); - endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/logout" + // endpoint_url = Env.get("HARENA_MANAGER_URL") + "/api/v1/auth/logout" - config = { - method: 'post', - url: endpoint_url, - data: new FormData() - }; + // config = { + // method: 'post', + // url: endpoint_url, + // data: new FormData() + // }; - await axios(config) - .then(async function (endpoint_response) { - // await auth.logout() + // await axios(config) + // .then(async function (endpoint_response) { + // // await auth.logout() - return response.route('index') - }) - .catch(function (error) { - // console.log(error); - }); + // return response.route('index') + // }) + // .catch(function (error) { + // // console.log(error); + // }); } catch (e){ console.log(e) } @@ -115,7 +124,7 @@ class AuthController { async logout({ session, auth, response, request }){ - console.log(session.all()) + // console.log(session.all()) try{ // console.log('aqui') // console.log(request.cookies()) diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index b42fbd159..da3fcd1fd 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -65,8 +65,9 @@ module.exports = { */ cookie: { httpOnly: true, - sameSite: true, - path: '/' + sameSite: false, + path: '/', + domain:'harena.com' }, /* diff --git a/src/adonisjs/resources/views/registration/login.edge b/src/adonisjs/resources/views/registration/login.edge index 1e4ef9cf6..309ef4c79 100644 --- a/src/adonisjs/resources/views/registration/login.edge +++ b/src/adonisjs/resources/views/registration/login.edge @@ -44,7 +44,7 @@ - Log in @endcomponent