Skip to content
This repository has been archived by the owner on Jun 4, 2024. It is now read-only.

Commit

Permalink
Merge pull request #368
Browse files Browse the repository at this point in the history
  • Loading branch information
@n-riesco
n-riesco authored Feb 9, 2018
2 parents bc61037 + bc901da commit 399c591
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 26 deletions.
36 changes: 21 additions & 15 deletions backend/plugins/authorization.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,26 +57,32 @@ export function PlotlyOAuth(electron) {
fetch(`${getSetting('PLOTLY_API_URL')}/v2/users/current`, {
headers: {'Authorization': `Bearer ${plotlyAuthToken}`}
})
.then(userRes => userRes.json().then(userMeta => {
.then(userRes => {
if (userRes.status !== 200) {
res.json(401, {error: {message: 'Please login to access this page.'}});
return next(false);
return userRes.text().then(body => {
const errorMessage = `Error fetching user. Status: ${userRes.status}. Body: ${body}.`;
Logger.log(errorMessage, 0);
res.json(500, {error: {message: errorMessage}});
return next();
});
}

if (!contains(userMeta.username, getSetting('ALLOWED_USERS'))) {
// Remove any existing credentials and return error
res.clearCookie('db-connector-auth-token');
res.clearCookie('plotly-auth-token');
res.clearCookie('db-connector-user');
res.json(403, {error: {message: `User ${userMeta.username} is not allowed to view this app`}});
return next(false);
}
return userRes.json().then(userMeta => {
if (!userMeta.username || !contains(userMeta.username, getSetting('ALLOWED_USERS'))) {
// Remove any existing credentials and return error
res.clearCookie('db-connector-auth-token');
res.clearCookie('plotly-auth-token');
res.clearCookie('db-connector-user');
res.json(403, {error: {message: `User ${userMeta.username} is not allowed to view this app`}});
return next(false);
}

const dbConnectorAccessToken = generateAndSaveAccessToken();
res.setCookie('db-connector-auth-token', dbConnectorAccessToken, getAccessTokenCookieOptions());
const dbConnectorAccessToken = generateAndSaveAccessToken();
res.setCookie('db-connector-auth-token', dbConnectorAccessToken, getAccessTokenCookieOptions());

return next();
}))
return next();
});
})
.catch(err => {
Logger.log(err, 0);
res.json(500, {error: {message: err.message}});
Expand Down
28 changes: 17 additions & 11 deletions backend/routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,8 +263,17 @@ export default class Servers {
fetch(`${getSetting('PLOTLY_API_URL')}/v2/users/current`, {
headers: {'Authorization': `Bearer ${access_token}`}
})
.then(userRes => userRes.json().then(userMeta => {
if (userRes.status === 200) {
.then(userRes => {
if (userRes.status !== 200) {
return userRes.text().then(body => {
const errorMessage = `Error fetching user. Status: ${userRes.status}. Body: ${body}.`;
Logger.log(errorMessage, 0);
res.json(500, {error: {message: errorMessage}});
return next();
});
}

return userRes.json().then(userMeta => {
const {username} = userMeta;
if (!username) {
res.json(500, {error: {message: `User was not found at ${getSetting('PLOTLY_API_URL')}`}});
Expand Down Expand Up @@ -327,15 +336,12 @@ export default class Servers {
}
res.json(403, {error: {message: `User ${username} is not allowed to view this app`}});
return next();
}
Logger.log(userMeta, 0);
res.json(500, {error: {message: `Error ${userRes.status} fetching user`}});
return next();
}))
.catch(err => {
Logger.log(err, 0);
res.json(500, {error: {message: err.message}});
return next();
})
.catch(err => {
Logger.log(err, 0);
res.json(500, {error: {message: err.message}});
return next();
});
});
});

Expand Down

0 comments on commit 399c591

Please sign in to comment.