From da1b42f17eba05c46b531d3238bc68e295f9ad36 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 9 May 2018 19:25:57 +0530 Subject: [PATCH 01/11] m2m support --- config/default.json | 3 +-- config/development.json | 1 - config/test.json | 3 +-- package.json | 2 +- src/util.js | 6 ++++++ 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/config/default.json b/config/default.json index 2358f4a0..2b704a2e 100644 --- a/config/default.json +++ b/config/default.json @@ -33,8 +33,7 @@ "idleTimeout": 1000 }, "analyticsKey": "", - "validIssuers": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]", - "jwksUri": "", + "VALID_ISSUERS": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]", "busApiUrl": "http://api.topcoder-dev.com", "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE", "HEALTH_CHECK_URL": "_health" diff --git a/config/development.json b/config/development.json index b7de350a..7e8ce29d 100644 --- a/config/development.json +++ b/config/development.json @@ -1,5 +1,4 @@ { - "authDomain": "topcoder-dev.com", "pubsubQueueName": "dev.project.service", "pubsubExchangeName": "dev.projects", "attachmentsS3Bucket": "topcoder-dev-media" diff --git a/config/test.json b/config/test.json index 2b045431..26d22a7a 100644 --- a/config/test.json +++ b/config/test.json @@ -1,6 +1,5 @@ { - "authSecret": "secret", - "authDomain": "topcoder-dev.com", + "AUTH_SECRET": "secret", "logLevel": "debug", "captureLogs": "false", "logentriesToken": "", diff --git a/package.json b/package.json index b6234466..39665962 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "pg": "^4.5.5", "pg-native": "^1.10.0", "sequelize": "^3.23.0", - "tc-core-library-js": "appirio-tech/tc-core-library-js.git#v2.2", + "tc-core-library-js": "appirio-tech/tc-core-library-js.git#v2.3", "traverse": "^0.6.6", "urlencode": "^1.1.0" }, diff --git a/src/util.js b/src/util.js index 86386add..2bc91526 100644 --- a/src/util.js +++ b/src/util.js @@ -70,6 +70,8 @@ _.assignIn(util, { * @return {boolean} true/false */ hasRole: (req, role) => { + const isMachineToken = _.get(req, 'authUser.isMachine', false); + if (isMachineToken) return true; let roles = _.get(req, 'authUser.roles', []); roles = roles.map(s => s.toLowerCase()); return _.indexOf(roles, role.toLowerCase()) >= 0; @@ -81,6 +83,8 @@ _.assignIn(util, { * @return {boolean} true/false */ hasRoles: (req, roles) => { + const isMachineToken = _.get(req, 'authUser.isMachine', false); + if (isMachineToken) return true; let authRoles = _.get(req, 'authUser.roles', []); authRoles = authRoles.map(s => s.toLowerCase()); return _.intersection(authRoles, roles.map(r => r.toLowerCase())).length > 0; @@ -101,6 +105,8 @@ _.assignIn(util, { * @return {boolean} true/false */ hasAdminRole: (req) => { + const isMachineToken = _.get(req, 'authUser.isMachine', false); + if (isMachineToken) return true; let roles = _.get(req, 'authUser.roles', []); roles = roles.map(s => s.toLowerCase()); return _.intersection(roles, ADMIN_ROLES.map(r => r.toLowerCase())).length > 0; From f37f55de2c612ba360f43be4b799e6555f09afd6 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 9 May 2018 19:33:50 +0530 Subject: [PATCH 02/11] deploying for testing. --- .circleci/config.yml | 2 +- deploy.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4fea1158..01317b88 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -76,7 +76,7 @@ workflows: - test filters: branches: - only: dev + only: 'feature/m2m-support' - deployProd: requires: - test diff --git a/deploy.sh b/deploy.sh index 628a634e..882e914c 100755 --- a/deploy.sh +++ b/deploy.sh @@ -239,5 +239,5 @@ check_service_status() { configure_aws_cli push_ecr_image -deploy_cluster -check_service_status \ No newline at end of file +#deploy_cluster +#check_service_status From b3af48e4219c8f9125a7398de1b7ba8c1a9dffb4 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Thu, 10 May 2018 14:11:39 +0530 Subject: [PATCH 03/11] deployiny... --- deploy.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy.sh b/deploy.sh index 882e914c..e776348d 100755 --- a/deploy.sh +++ b/deploy.sh @@ -239,5 +239,5 @@ check_service_status() { configure_aws_cli push_ecr_image -#deploy_cluster -#check_service_status +deploy_cluster +check_service_status From 35734dd23abe75f2cfe73464a171c811ec49c269 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Thu, 10 May 2018 15:38:17 +0530 Subject: [PATCH 04/11] changes in config var name. --- config/custom-environment-variables.json | 4 ++-- config/default.json | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json index 40b5c6b8..7ba088b5 100644 --- a/config/custom-environment-variables.json +++ b/config/custom-environment-variables.json @@ -1,6 +1,6 @@ { "apiVersion": "API_VERSION", - "authSecret": "AUTH_SECRET", + "AUTH_SECRET": "AUTH_SECRET", "logLevel": "LOG_LEVEL", "version": "APP_VERSION", "captureLogs": "CAPTURE_LOGS", @@ -28,7 +28,7 @@ "minPoolSize": "DB_MIN_POOL_SIZE" }, "analyticsKey": "SEGMENT_ANALYTICS_KEY", - "validIssuers": "VALID_ISSUERS", + "VALID_ISSUERS": "VALID_ISSUERS", "jwksUri": "JWKS_URI", "busApiUrl": "BUS_API_URL", "busApiToken": "BUS_API_TOKEN" diff --git a/config/default.json b/config/default.json index 2b704a2e..67549110 100644 --- a/config/default.json +++ b/config/default.json @@ -1,7 +1,6 @@ { "apiVersion": "v4", - "authSecret": "secret", - "authDomain": "topcoder-dev.com", + "AUTH_SECRET": "secret", "logLevel": "info", "version": "v4", "captureLogs": "false", From ea66a2fecb81395473c250d61231a536d44f8d0a Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Tue, 15 May 2018 22:42:34 +0530 Subject: [PATCH 05/11] cut-off bus token --- Dockerfile | 2 +- config/custom-environment-variables.json | 6 +- config/default.json | 8 +- deploy.sh | 34 +++++++-- src/services/busApi.js | 96 +++++++++++++----------- 5 files changed, 92 insertions(+), 54 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a7fe789..e2410dbf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:6.9.4 +FROM node:8.2.1 LABEL version="1.0" LABEL description="Projects microservice" diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json index 7ba088b5..07c7936f 100644 --- a/config/custom-environment-variables.json +++ b/config/custom-environment-variables.json @@ -31,5 +31,9 @@ "VALID_ISSUERS": "VALID_ISSUERS", "jwksUri": "JWKS_URI", "busApiUrl": "BUS_API_URL", - "busApiToken": "BUS_API_TOKEN" + "AUTH0_URL" : "AUTH0_URL", + "AUTH0_CLIENT_ID": "AUTH0_CLIENT_ID", + "AUTH0_CLIENT_SECRET": "AUTH0_CLIENT_SECRET", + "AUTH0_AUDIENCE": "AUTH0_AUDIENCE", + "TOKEN_CACHE_TIME" : "TOKEN_CACHE_TIME" } diff --git a/config/default.json b/config/default.json index 67549110..1db936d4 100644 --- a/config/default.json +++ b/config/default.json @@ -34,6 +34,10 @@ "analyticsKey": "", "VALID_ISSUERS": "[\"https:\/\/topcoder-newauth.auth0.com\/\",\"https:\/\/api.topcoder-dev.com\"]", "busApiUrl": "http://api.topcoder-dev.com", - "busApiToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoicHJvamVjdC1zZXJ2aWNlIiwiaWF0IjoxNTEyNzQ3MDgyLCJleHAiOjE1MjEzODcwODJ9.PHuNcFDaotGAL8RhQXQMdpL8yOKXxjB5DbBIodmt7RE", - "HEALTH_CHECK_URL": "_health" + "HEALTH_CHECK_URL": "_health", + "AUTH0_CLIENT_ID": "", + "AUTH0_CLIENT_SECRET": "", + "AUTH0_AUDIENCE": "", + "AUTH0_URL": "", + "TOKEN_CACHE_TIME": "" } diff --git a/deploy.sh b/deploy.sh index e776348d..9f95a6e2 100755 --- a/deploy.sh +++ b/deploy.sh @@ -117,10 +117,6 @@ make_task_def(){ "name": "BUS_API_URL", "value": "%s" }, - { - "name": "BUS_API_TOKEN", - "value": "%s" - }, { "name": "SYSTEM_USER_CLIENT_ID", "value": "%s" @@ -156,6 +152,26 @@ make_task_def(){ { "name": "SEGMENT_ANALYTICS_KEY", "value": "%s" + }, + { + "name": "AUTH0_URL", + "value": "%s" + }, + { + "name": "AUTH0_AUDIENCE", + "value": "%s" + }, + { + "name": "AUTH0_CLIENT_ID", + "value": "%s" + }, + { + "name": "AUTH0_CLIENT_SECRET", + "value": "%s" + }, + { + "name": "TOKEN_CACHE_TIME", + "value": "%s" } ], "portMappings": [ @@ -180,7 +196,6 @@ make_task_def(){ MEMBER_SERVICE_ENDPOINT=$(eval "echo \$${ENV}_MEMBER_SERVICE_ENDPOINT") IDENTITY_SERVICE_ENDPOINT=$(eval "echo \$${ENV}_IDENTITY_SERVICE_ENDPOINT") BUS_API_URL=$(eval "echo \$${ENV}_BUS_API_URL") - BUS_API_TOKEN=$(eval "echo \$${ENV}_BUS_API_TOKEN") SYSTEM_USER_CLIENT_ID=$(eval "echo \$${ENV}_SYSTEM_USER_CLIENT_ID") SYSTEM_USER_CLIENT_SECRET=$(eval "echo \$${ENV}_SYSTEM_USER_CLIENT_SECRET") CAPTURE_LOGS=$(eval "echo \$${ENV}_CAPTURE_LOGS") @@ -201,7 +216,14 @@ make_task_def(){ echo "NODE_ENV" echo $NODE_ENV - task_def=$(printf "$task_template" $family $ACCOUNT_ID $AWS_ECS_CONTAINER_NAME $ACCOUNT_ID $AWS_REGION $AWS_REPOSITORY $CIRCLE_SHA1 $NODE_ENV $LOG_LEVEL $CAPTURE_LOGS $LOGENTRIES_TOKEN $API_VERSION $AWS_REGION $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY $AUTH_DOMAIN $AUTH_SECRET $VALID_ISSUERS $DB_MASTER_URL $MEMBER_SERVICE_ENDPOINT $IDENTITY_SERVICE_ENDPOINT $BUS_API_URL $BUS_API_TOKEN $SYSTEM_USER_CLIENT_ID $SYSTEM_USER_CLIENT_SECRET $PROJECTS_ES_URL $PROJECTS_ES_INDEX_NAME $RABBITMQ_URL $DIRECT_PROJECT_SERVICE_ENDPOINT $FILE_SERVICE_ENDPOINT $CONNECT_PROJECTS_URL $SEGMENT_ANALYTICS_KEY $PORT $PORT $AWS_ECS_CLUSTER $AWS_REGION $NODE_ENV) + AUTH0_URL=$(eval "echo \$${ENV}_AUTH0_URL") + AUTH0_AUDIENCE=$(eval "echo \$${ENV}_AUTH0_AUDIENCE") + AUTH0_CLIENT_ID=$(eval "echo \$${ENV}_AUTH0_CLIENT_ID") + AUTH0_CLIENT_SECRET=$(eval "echo \$${ENV}_AUTH0_CLIENT_SECRET") + TOKEN_CACHE_TIME=$(eval "echo \$${ENV}_TOKEN_CACHE_TIME") + + + task_def=$(printf "$task_template" $family $ACCOUNT_ID $AWS_ECS_CONTAINER_NAME $ACCOUNT_ID $AWS_REGION $AWS_REPOSITORY $CIRCLE_SHA1 $NODE_ENV $LOG_LEVEL $CAPTURE_LOGS $LOGENTRIES_TOKEN $API_VERSION $AWS_REGION $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY $AUTH_DOMAIN $AUTH_SECRET $VALID_ISSUERS $DB_MASTER_URL $MEMBER_SERVICE_ENDPOINT $IDENTITY_SERVICE_ENDPOINT $BUS_API_URL $SYSTEM_USER_CLIENT_ID $SYSTEM_USER_CLIENT_SECRET $PROJECTS_ES_URL $PROJECTS_ES_INDEX_NAME $RABBITMQ_URL $DIRECT_PROJECT_SERVICE_ENDPOINT $FILE_SERVICE_ENDPOINT $CONNECT_PROJECTS_URL $SEGMENT_ANALYTICS_KEY "$AUTH0_URL" "$AUTH0_AUDIENCE" $AUTH0_CLIENT_ID "$AUTH0_CLIENT_SECRET" $TOKEN_CACHE_TIME $PORT $PORT $AWS_ECS_CLUSTER $AWS_REGION $NODE_ENV) } push_ecr_image(){ diff --git a/src/services/busApi.js b/src/services/busApi.js index da9a9949..5639d25a 100644 --- a/src/services/busApi.js +++ b/src/services/busApi.js @@ -2,7 +2,9 @@ import config from 'config'; const Promise = require('bluebird'); const axios = require('axios'); +const tcCoreLibAuth = require('tc-core-library-js').auth; +const m2m = tcCoreLibAuth.m2m(config); let client = null; @@ -10,25 +12,28 @@ let client = null; * Get Http client to bus api * @return {Object} Http Client to bus api */ -function getClient() { +async function getClient() { if (client) return client; const apiBusUrl = config.get('busApiUrl'); - const apiBusToken = config.get('busApiToken'); + try { + const token = await m2m.getMachineToken(config.AUTH0_CLIENT_ID, config.AUTH0_CLIENT_SECRET); + client = axios.create({ baseURL: apiBusUrl }); - client = axios.create({ baseURL: apiBusUrl }); + // Alter defaults after instance has been created + client.defaults.headers.common.Authorization = `Bearer ${token}`; - // Alter defaults after instance has been created - client.defaults.headers.common.Authorization = `Bearer ${apiBusToken}`; + // Add a response interceptor + client.interceptors.response.use(function (res) { // eslint-disable-line + return res; + }, function (error) { // eslint-disable-line + // Ingore response errors + return Promise.resolve(); + }); - // Add a response interceptor - client.interceptors.response.use(function (res) { // eslint-disable-line - return res; - }, function (error) { // eslint-disable-line - // Ingore response errors - return Promise.resolve(); - }); - - return client; + return client; + } catch (err) { + return Promise.reject(`Bus api calling - Error in genearting m2m token : ${err.message}`); + } } /** @@ -42,39 +47,42 @@ function getClient() { function createEvent(type, message, logger) { const body = JSON.stringify(message); logger.debug(`Sending message: ${JSON.stringify(message)}`); - return getClient().post('/bus/events', { - type, - message: body, - }) - .then((resp) => { - logger.debug('Sent event to bus-api'); - logger.debug(`Sent event to bus-api [data]: ${resp.data}`); - logger.debug(`Sent event to bus-api [status]: ${resp.status}`); - }) - .catch((error) => { - logger.debug('Error sending event to bus-api'); - if (error.response) { - // The request was made and the server responded with a status code - // that falls out of the range of 2xx - logger.debug(error.response.data); - logger.debug(error.response.status); - logger.debug(error.response.headers); - } else if (error.request) { - // The request was made but no response was received - // `error.request` is an instance of XMLHttpRequest in the browser and an instance of - // http.ClientRequest in node.js - logger.debug(error.request); - } else { - // Something happened in setting up the request that triggered an Error - logger.debug(error.message); - } - logger.debug(error.config); - - Promise.resolve(); // eslint-disable-line + return getClient().then((busClient) => { + logger.debug('calling bus-api'); + busClient.post('/bus/events', { + type, + message: body, + }) + .then((resp) => { + logger.debug('Sent event to bus-api'); + logger.debug(`Sent event to bus-api [data]: ${resp.data}`); + logger.debug(`Sent event to bus-api [status]: ${resp.status}`); + }) + .catch((error) => { + logger.debug('Error sending event to bus-api'); + if (error.response) { + // The request was made and the server responded with a status code + // that falls out of the range of 2xx + logger.debug(error.response.data); + logger.debug(error.response.status); + logger.debug(error.response.headers); + } else if (error.request) { + // The request was made but no response was received + // `error.request` is an instance of XMLHttpRequest in the browser and an instance of + // http.ClientRequest in node.js + logger.debug(error.request); + } else { + // Something happened in setting up the request that triggered an Error + logger.debug(error.message); + } + logger.debug(error.config); + Promise.resolve(); // eslint-disable-line + }); + }).catch((errMessage) => { + logger.debug(errMessage); }); } - module.exports = { createEvent, }; From 7539fa0c9daed989545e238aae8d4df04b2f1b59 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Thu, 17 May 2018 16:48:14 +0530 Subject: [PATCH 06/11] implementing scope checking. --- src/constants.js | 4 ++++ src/util.js | 20 ++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/constants.js b/src/constants.js index e642eb66..c0457916 100644 --- a/src/constants.js +++ b/src/constants.js @@ -77,3 +77,7 @@ export const BUS_API_EVENT = { export const REGEX = { URL: /^(http(s?):\/\/)?(www\.)?[a-zA-Z0-9\.\-\_]+(\.[a-zA-Z]{2,15})+(\:[0-9]{2,5})?(\/[a-zA-Z0-9\_\-\s\.\/\?\%\#\&\=;]*)?$/, // eslint-disable-line }; + +export const TOKEN_SCOPES = { + CONNECT_PROJECT_ADMIN: "all:connect_project" +}; diff --git a/src/util.js b/src/util.js index 2bc91526..0afbdfb0 100644 --- a/src/util.js +++ b/src/util.js @@ -17,7 +17,7 @@ import urlencode from 'urlencode'; import elasticsearch from 'elasticsearch'; import Promise from 'bluebird'; import AWS from 'aws-sdk'; -import { ADMIN_ROLES } from './constants'; +import { ADMIN_ROLES, TOKEN_SCOPES } from './constants'; const exec = require('child_process').exec; const models = require('./models').default; @@ -71,7 +71,11 @@ _.assignIn(util, { */ hasRole: (req, role) => { const isMachineToken = _.get(req, 'authUser.isMachine', false); - if (isMachineToken) return true; + const tokenScopes = _.get(req, 'authUser.scopes', []); + if (isMachineToken) { + if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; + return false; + } let roles = _.get(req, 'authUser.roles', []); roles = roles.map(s => s.toLowerCase()); return _.indexOf(roles, role.toLowerCase()) >= 0; @@ -84,7 +88,11 @@ _.assignIn(util, { */ hasRoles: (req, roles) => { const isMachineToken = _.get(req, 'authUser.isMachine', false); - if (isMachineToken) return true; + const tokenScopes = _.get(req, 'authUser.scopes', []); + if (isMachineToken) { + if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; + return false; + } let authRoles = _.get(req, 'authUser.roles', []); authRoles = authRoles.map(s => s.toLowerCase()); return _.intersection(authRoles, roles.map(r => r.toLowerCase())).length > 0; @@ -106,7 +114,11 @@ _.assignIn(util, { */ hasAdminRole: (req) => { const isMachineToken = _.get(req, 'authUser.isMachine', false); - if (isMachineToken) return true; + const tokenScopes = _.get(req, 'authUser.scopes', []); + if (isMachineToken) { + if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; + return false; + } let roles = _.get(req, 'authUser.roles', []); roles = roles.map(s => s.toLowerCase()); return _.intersection(roles, ADMIN_ROLES.map(r => r.toLowerCase())).length > 0; From 87b13c1e078ba6e6be2c06ac8aa3b40f343f8963 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Thu, 17 May 2018 16:53:31 +0530 Subject: [PATCH 07/11] fixing lint issue. --- src/constants.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/constants.js b/src/constants.js index c0457916..39b0b398 100644 --- a/src/constants.js +++ b/src/constants.js @@ -79,5 +79,5 @@ export const REGEX = { }; export const TOKEN_SCOPES = { - CONNECT_PROJECT_ADMIN: "all:connect_project" + CONNECT_PROJECT_ADMIN: 'all:connect_project', }; From 15779183b758ac97c8cea49773bf055c51eb48c5 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Tue, 22 May 2018 17:01:24 +0530 Subject: [PATCH 08/11] debugging scope issue. --- src/util.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util.js b/src/util.js index 0afbdfb0..4b0e0f58 100644 --- a/src/util.js +++ b/src/util.js @@ -116,8 +116,8 @@ _.assignIn(util, { const isMachineToken = _.get(req, 'authUser.isMachine', false); const tokenScopes = _.get(req, 'authUser.scopes', []); if (isMachineToken) { - if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; - return false; + // if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; + return true; } let roles = _.get(req, 'authUser.roles', []); roles = roles.map(s => s.toLowerCase()); From 2c7138301352d21c01be36a229cb981135dca8d8 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Tue, 22 May 2018 17:04:55 +0530 Subject: [PATCH 09/11] fixing lint issue. --- src/util.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util.js b/src/util.js index 4b0e0f58..eeb0e6f1 100644 --- a/src/util.js +++ b/src/util.js @@ -114,7 +114,7 @@ _.assignIn(util, { */ hasAdminRole: (req) => { const isMachineToken = _.get(req, 'authUser.isMachine', false); - const tokenScopes = _.get(req, 'authUser.scopes', []); + // const tokenScopes = _.get(req, 'authUser.scopes', []); if (isMachineToken) { // if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; return true; From 0a319e797b13cd61a9e3e4936da91b5e9dfed3ca Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 23 May 2018 13:55:56 +0530 Subject: [PATCH 10/11] debugging done. --- .circleci/config.yml | 2 +- src/.util.js.swp | Bin 0 -> 20480 bytes src/util.js | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 src/.util.js.swp diff --git a/.circleci/config.yml b/.circleci/config.yml index 01317b88..83db606d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -76,7 +76,7 @@ workflows: - test filters: branches: - only: 'feature/m2m-support' + only: 'dev' - deployProd: requires: - test diff --git a/src/.util.js.swp b/src/.util.js.swp new file mode 100644 index 0000000000000000000000000000000000000000..4c75e8ae09ee730226f8ea37d55ef5eec0944f8e GIT binary patch literal 20480 zcmeI3e~cu@RmU6R9|^G&z{Ch7l(KX2%&cc-cYQHA*6iW)-kxrW@AlYT9}!lv+dEUU z+j~9TbKO0=w>NCSQj$ON13@5&I6){tL?lPX${!Yg1Oig{1EL575ne!QxB_3G7ouWC1Et}b0tXPPq}&-Z)YZ9j19<6qqQ zckdIg_q^0^Z3mHLoc!2wjjKVD_5JXX_{K5C-(d?*@5RZr>8#c0CGn1KWsOuPyFp7& zr%7wNp9NuaCq0HjnOt(9wee0zh~loi~HSn?>sD!m;0ZW?DKY) z|5p?BU*Uewx%Z5#nAdm7<*VdC$$^psB?n3llpH8IP;#K;K*@oU10@Ga4wM}DKj46m zL;p(X{+&4Dod4(k|4Xm+ycfVfgHM2ugWm=32fLsHHh~W|z(sHmxCK1_8qa$c{5lwb zN5DDoI`G1sp7$@{x4}oj8u%%27Tgcs2<`%(yTkK71bpxY@Z78EBX}A-3EmAd5P~J} z0C*L6?)yCNZ@?ddKLDQuzXVpm-QY8?^1MF+zXAr}D!3QC8oUDh7tDA8d=WecJ_g# zTfup77Q7PtH35?+z|VtSPyt^dNb|?wL*Q4z4wwc1$lS^N{cRzbqSQg%Q#^^z`bnhL zn?aQ6B;~$E5J%N8-qT6TPj$Pl{3P-BA82;{UNuqkXI0Y7;zuQaf&6N%R%?bj+RC=o zSvB*Jq1lR~G*crQYTgo=HAGS&l1>njirap=ROrNZw$G{}NoT~nJn+tZrzd$A=fJ(!-F z;`78g^84BL3d2t8Dv{UMGeg6=GBr7!lV?Y%P&4wpFcsIETRN*I`g&beB>gci>NHJP zDs}bv+iF%A4uqdPZmP_**c_#Tj;e~}we^kVPBn|K>1eeT_hd+G%Wqk{yuP}yd}VR9 zxv+fs^5VkU`jwUCpO*Kz^Ou$`*VNg0HB-w8%cNVnLN!P)ncGQvO^DX4*eENQg?5e` zMQVCc9EPnrPWHIk!%`41<29^6yv=kW*M?_?Q{OU~Hq=zw)2*Nr=(ZIJ555<~Ki-u4 zR0nYEx>76pdS4^UHc@5Uex}mxxF5EKO_?7=X0l~cEt$jOy{nU;voEvQri#^DGF=g37z$( zMnj?guIc@>+6hA0ert7ArC7et8I_y2mn*m+g<#OWU}`W|u4-Ks8XJ*#nXS@{$bCoy zvX~t~HY06msyN%$$zH(Db=0nEc0;rE7J6W4+OAuALJBr`WE`QA)UZ|8nOraJ1y~lY zN4D-&8NHwB^vJ$a=BPQ1^o^|Q_kzVF$@it<)V4L+E==d#hNhE*4b3H@!Mo{J&Du%| z6T#2=6D4gL1s|N5aRt|#ewqebk!!I&w*A;%AV87cQ}icJs?x-yz|oC3nN!jm88=T? zr>VcC=cGru@pio###>EOwkmS9?MLlU8>)zg6f_h><=1KOMs}=Zq-t=X9~tw{nNgQ;-Ci0Zi^z>>{7f(kJKhrwk?m; zVm&ir+i!X`s$#xLJyIv@tQvdIRDw}Q)M@LE-w!jX8z(vYEtQLg&o+k?5xIQQm!hiN zQkF^g#AMRxLKx^MlNs-a;X~f^wBbX`rgr1D?AWPIi=$4kIO40_w>{4qCeorYM@;T{tufZ&RFLRug{#!9IMIzT*i8Inzp;~6YE7w7r7q3Y zkUd9+&ghWM)v(!AZcf`YsyKE$YR6W$>`Q&ZX@Za!PT@hj7sC#Yv_H${20y zE6a~Au8x~`>OggpxT`A7X)_o<%F@b1dBt--yXvz2y|j_GuZ^;8{V(Tt5 zjN5*?O}gh9X9iKmm`cTMnB}g$h_+bNNZs1P`NgY?k75R|Nb=ftfZj`$OkXN`Q8zuK z??lf}sfD<=p9EXmnW`?-)B`iKKd#o|-U8!F)Kb)H*44Q%R4Y;<#R8O@^|~z-_)}Y9 zyouAKa<)R!6aW7SeAsv4*NXq2pU;c${{iq0unxqxzZ={EUc!%m3VaOwGI%d|4|pf| zIj{ykj}QNs;Dg{IcnKf=-@wx#0b5`V+y`F7Z~qc_27CnE1mfFApbNIZJa{wsEI$07 zfOmtR0AI#u{{naxJOzFO?0~c2GA<*52hQcn{c{&)bT&*g(Gv2iV!`JQmTLJK)}Tppei`0< zt%+$JVKbY^QXV(LX|LdF`jAO+1e#cV8J0Z09^uVmyj6l5m;J65Q#yAfT=3TZJZG%A z;HEF3;W@SO2sSA;*{OjEMjmYBKAx1WEZAlmYx_N2nIpK`>xBW`rt0)g8b_5;>22*} z+u@Pgpn_B%Yu9?tG??~{XSH;G{?tICbxZAHqb5LJpyIf=on<}iyqHk$#;Jj|dz(QU zHU!!Js{Pl@#i-qjiE|&Az}rUd?<$ET5@H;Y!C%O*V1?SnA?@lw1?{=qvs>cG0iSkG zKDJ}DfN_6>h%RZ6T#w0tf%bD7j6 zMx-KL&ArhpxPfo`;m?Ay3F@~D?NvdrTuE^x-;kta_@Lr8pW%-wHV zT}I4x6eV#AZLHkFFf1Yz4q7CWrAJQMU~VmT1B- z_2aaa_4XUCmM49XXFExJ|A~+PS+EBZa2;F&XTVqS@jnHA5!?hz;77rKtam3w-!L10MxDU>W=f_zH22-v@G5|3UD6kb+roKe!9L z2HXj52mio1{WIWQ;H}^^Xn^NAr~gy%N${KCJs<);I1RqadHtus?|=+k1((4a!Hr!5Q#+AanCV;cVYc(bxI1)6b{fX2EsOdZrJc~xI&&iwV}-mB%F`;qA>Q`j3_@V8}C)C!P{jKUodRiuNE%BqYqd8(pGfZgSrv~<0 zf$GcG#B_8u`8KR6eXX{-Z6=QsJ<~6u`B|GX=1t1zAV$3nGeqTbi~Zj~E6Z-cvHIj* zuyOCHL7VfBgL{WAgCwPKKWXVgVg>!L($lKD>$VZQs%@88MC;ZbdYqY@WQV<-U@6uy zS5tdtBrC=(qN?~wGRd;_%hZj=a!BfXHb!rcW)xb&gzRayDC6h^Zr&W2#>kO25mR%E z=J0~B2OkFwqvmpcv_r<)gbYk*hb%7g90rFa*g&nzT!K;Woyd8g0|ib{~3*Z7Sb zV`U;t9Nk)-k&AXA17E3mipvzjbGbuxIIB($4p^$W{Z!CB;|23$H&C=ZCnv8?^TOroX>(GXU)pM@*;+HjzeJnX(Z&ZkFwZSgU+hfCk$ADp@HG99Y!=m|jA#521#4)#D`FnmN9yHbYdHz2Y&s#Lg?PBjWtPSj znQWuLi$#XobyCVW9mEeB7qHP(+uSA#OIG5#^+n_e58cfzJ?;re?aBP&EFVoF7m#_> z>5Lk?)!?`*bkSU{#R=Jv1O1~KHiA;T5{HR!R5>pFoz(xK-bb1e-DMFgKiaqFv5}7Z zvZRHqFr4S;HgcgowhJARolarxoXL#?6vD7!$AG4oK%L-*XIea|Nh=chBC%|AO$}FD zP87D985j1?Lt(uZ7yDS}C?<7XT4C^o%A+eT zL#-#%W_l0?a*M7rT<*EpO)0a^)3FSsw5_%XIQ7hde^<$k(M)1Uboaa)M#CV6QufU dyu6$XzcFT3#!MLm_*-&&)0aLEua1g1{x4WO;+p^f literal 0 HcmV?d00001 diff --git a/src/util.js b/src/util.js index eeb0e6f1..5ac8b269 100644 --- a/src/util.js +++ b/src/util.js @@ -114,9 +114,9 @@ _.assignIn(util, { */ hasAdminRole: (req) => { const isMachineToken = _.get(req, 'authUser.isMachine', false); - // const tokenScopes = _.get(req, 'authUser.scopes', []); + const tokenScopes = _.get(req, 'authUser.scopes', []); if (isMachineToken) { - // if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; + if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; return true; } let roles = _.get(req, 'authUser.roles', []); From 04ee4f292e2889506de1d1d4c4187961c6dde0ba Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 23 May 2018 14:08:05 +0530 Subject: [PATCH 11/11] fixing typo --- src/.util.js.swp | Bin 20480 -> 0 bytes src/util.js | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 src/.util.js.swp diff --git a/src/.util.js.swp b/src/.util.js.swp deleted file mode 100644 index 4c75e8ae09ee730226f8ea37d55ef5eec0944f8e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20480 zcmeI3e~cu@RmU6R9|^G&z{Ch7l(KX2%&cc-cYQHA*6iW)-kxrW@AlYT9}!lv+dEUU z+j~9TbKO0=w>NCSQj$ON13@5&I6){tL?lPX${!Yg1Oig{1EL575ne!QxB_3G7ouWC1Et}b0tXPPq}&-Z)YZ9j19<6qqQ zckdIg_q^0^Z3mHLoc!2wjjKVD_5JXX_{K5C-(d?*@5RZr>8#c0CGn1KWsOuPyFp7& zr%7wNp9NuaCq0HjnOt(9wee0zh~loi~HSn?>sD!m;0ZW?DKY) z|5p?BU*Uewx%Z5#nAdm7<*VdC$$^psB?n3llpH8IP;#K;K*@oU10@Ga4wM}DKj46m zL;p(X{+&4Dod4(k|4Xm+ycfVfgHM2ugWm=32fLsHHh~W|z(sHmxCK1_8qa$c{5lwb zN5DDoI`G1sp7$@{x4}oj8u%%27Tgcs2<`%(yTkK71bpxY@Z78EBX}A-3EmAd5P~J} z0C*L6?)yCNZ@?ddKLDQuzXVpm-QY8?^1MF+zXAr}D!3QC8oUDh7tDA8d=WecJ_g# zTfup77Q7PtH35?+z|VtSPyt^dNb|?wL*Q4z4wwc1$lS^N{cRzbqSQg%Q#^^z`bnhL zn?aQ6B;~$E5J%N8-qT6TPj$Pl{3P-BA82;{UNuqkXI0Y7;zuQaf&6N%R%?bj+RC=o zSvB*Jq1lR~G*crQYTgo=HAGS&l1>njirap=ROrNZw$G{}NoT~nJn+tZrzd$A=fJ(!-F z;`78g^84BL3d2t8Dv{UMGeg6=GBr7!lV?Y%P&4wpFcsIETRN*I`g&beB>gci>NHJP zDs}bv+iF%A4uqdPZmP_**c_#Tj;e~}we^kVPBn|K>1eeT_hd+G%Wqk{yuP}yd}VR9 zxv+fs^5VkU`jwUCpO*Kz^Ou$`*VNg0HB-w8%cNVnLN!P)ncGQvO^DX4*eENQg?5e` zMQVCc9EPnrPWHIk!%`41<29^6yv=kW*M?_?Q{OU~Hq=zw)2*Nr=(ZIJ555<~Ki-u4 zR0nYEx>76pdS4^UHc@5Uex}mxxF5EKO_?7=X0l~cEt$jOy{nU;voEvQri#^DGF=g37z$( zMnj?guIc@>+6hA0ert7ArC7et8I_y2mn*m+g<#OWU}`W|u4-Ks8XJ*#nXS@{$bCoy zvX~t~HY06msyN%$$zH(Db=0nEc0;rE7J6W4+OAuALJBr`WE`QA)UZ|8nOraJ1y~lY zN4D-&8NHwB^vJ$a=BPQ1^o^|Q_kzVF$@it<)V4L+E==d#hNhE*4b3H@!Mo{J&Du%| z6T#2=6D4gL1s|N5aRt|#ewqebk!!I&w*A;%AV87cQ}icJs?x-yz|oC3nN!jm88=T? zr>VcC=cGru@pio###>EOwkmS9?MLlU8>)zg6f_h><=1KOMs}=Zq-t=X9~tw{nNgQ;-Ci0Zi^z>>{7f(kJKhrwk?m; zVm&ir+i!X`s$#xLJyIv@tQvdIRDw}Q)M@LE-w!jX8z(vYEtQLg&o+k?5xIQQm!hiN zQkF^g#AMRxLKx^MlNs-a;X~f^wBbX`rgr1D?AWPIi=$4kIO40_w>{4qCeorYM@;T{tufZ&RFLRug{#!9IMIzT*i8Inzp;~6YE7w7r7q3Y zkUd9+&ghWM)v(!AZcf`YsyKE$YR6W$>`Q&ZX@Za!PT@hj7sC#Yv_H${20y zE6a~Au8x~`>OggpxT`A7X)_o<%F@b1dBt--yXvz2y|j_GuZ^;8{V(Tt5 zjN5*?O}gh9X9iKmm`cTMnB}g$h_+bNNZs1P`NgY?k75R|Nb=ftfZj`$OkXN`Q8zuK z??lf}sfD<=p9EXmnW`?-)B`iKKd#o|-U8!F)Kb)H*44Q%R4Y;<#R8O@^|~z-_)}Y9 zyouAKa<)R!6aW7SeAsv4*NXq2pU;c${{iq0unxqxzZ={EUc!%m3VaOwGI%d|4|pf| zIj{ykj}QNs;Dg{IcnKf=-@wx#0b5`V+y`F7Z~qc_27CnE1mfFApbNIZJa{wsEI$07 zfOmtR0AI#u{{naxJOzFO?0~c2GA<*52hQcn{c{&)bT&*g(Gv2iV!`JQmTLJK)}Tppei`0< zt%+$JVKbY^QXV(LX|LdF`jAO+1e#cV8J0Z09^uVmyj6l5m;J65Q#yAfT=3TZJZG%A z;HEF3;W@SO2sSA;*{OjEMjmYBKAx1WEZAlmYx_N2nIpK`>xBW`rt0)g8b_5;>22*} z+u@Pgpn_B%Yu9?tG??~{XSH;G{?tICbxZAHqb5LJpyIf=on<}iyqHk$#;Jj|dz(QU zHU!!Js{Pl@#i-qjiE|&Az}rUd?<$ET5@H;Y!C%O*V1?SnA?@lw1?{=qvs>cG0iSkG zKDJ}DfN_6>h%RZ6T#w0tf%bD7j6 zMx-KL&ArhpxPfo`;m?Ay3F@~D?NvdrTuE^x-;kta_@Lr8pW%-wHV zT}I4x6eV#AZLHkFFf1Yz4q7CWrAJQMU~VmT1B- z_2aaa_4XUCmM49XXFExJ|A~+PS+EBZa2;F&XTVqS@jnHA5!?hz;77rKtam3w-!L10MxDU>W=f_zH22-v@G5|3UD6kb+roKe!9L z2HXj52mio1{WIWQ;H}^^Xn^NAr~gy%N${KCJs<);I1RqadHtus?|=+k1((4a!Hr!5Q#+AanCV;cVYc(bxI1)6b{fX2EsOdZrJc~xI&&iwV}-mB%F`;qA>Q`j3_@V8}C)C!P{jKUodRiuNE%BqYqd8(pGfZgSrv~<0 zf$GcG#B_8u`8KR6eXX{-Z6=QsJ<~6u`B|GX=1t1zAV$3nGeqTbi~Zj~E6Z-cvHIj* zuyOCHL7VfBgL{WAgCwPKKWXVgVg>!L($lKD>$VZQs%@88MC;ZbdYqY@WQV<-U@6uy zS5tdtBrC=(qN?~wGRd;_%hZj=a!BfXHb!rcW)xb&gzRayDC6h^Zr&W2#>kO25mR%E z=J0~B2OkFwqvmpcv_r<)gbYk*hb%7g90rFa*g&nzT!K;Woyd8g0|ib{~3*Z7Sb zV`U;t9Nk)-k&AXA17E3mipvzjbGbuxIIB($4p^$W{Z!CB;|23$H&C=ZCnv8?^TOroX>(GXU)pM@*;+HjzeJnX(Z&ZkFwZSgU+hfCk$ADp@HG99Y!=m|jA#521#4)#D`FnmN9yHbYdHz2Y&s#Lg?PBjWtPSj znQWuLi$#XobyCVW9mEeB7qHP(+uSA#OIG5#^+n_e58cfzJ?;re?aBP&EFVoF7m#_> z>5Lk?)!?`*bkSU{#R=Jv1O1~KHiA;T5{HR!R5>pFoz(xK-bb1e-DMFgKiaqFv5}7Z zvZRHqFr4S;HgcgowhJARolarxoXL#?6vD7!$AG4oK%L-*XIea|Nh=chBC%|AO$}FD zP87D985j1?Lt(uZ7yDS}C?<7XT4C^o%A+eT zL#-#%W_l0?a*M7rT<*EpO)0a^)3FSsw5_%XIQ7hde^<$k(M)1Uboaa)M#CV6QufU dyu6$XzcFT3#!MLm_*-&&)0aLEua1g1{x4WO;+p^f diff --git a/src/util.js b/src/util.js index 5ac8b269..0afbdfb0 100644 --- a/src/util.js +++ b/src/util.js @@ -117,7 +117,7 @@ _.assignIn(util, { const tokenScopes = _.get(req, 'authUser.scopes', []); if (isMachineToken) { if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true; - return true; + return false; } let roles = _.get(req, 'authUser.roles', []); roles = roles.map(s => s.toLowerCase());