getToken endpoint to allow users to create durable JWT tokens.

hotosm · Jul 10, 2018 · 2df439d · 2df439d
1 parent e79ac58
commit 2df439d
Show file tree

Hide file tree

Showing 4 changed files with 116 additions and 15 deletions.
diff --git a/models/createToken.js b/models/createToken.js
@@ -0,0 +1,22 @@
+'use strict';
+
+const jwt = require('jsonwebtoken');
+const config = require('../config');
+
+function createToken (id, name, email, scope, expiration) {
+  // Sign the JWT
+  return jwt.sign(
+    {
+      _id: id,
+      name,
+      contact_email: email,
+      scope: scope
+    },
+    config.jwtSecret,
+    {
+      algorithm: 'HS256',
+      expiresIn: expiration
+    });
+}
+
+module.exports = createToken;
diff --git a/models/user.js b/models/user.js
@@ -3,8 +3,7 @@
 var uuidV4 = require('uuid/v4');
 var mongoose = require('mongoose');
 var FB = require('fb');
-const jwt = require('jsonwebtoken');
-const config = require('../config');
+const createToken = require('./createToken');
 
 var userSchema = mongoose.Schema({
   name: {type: String, required: true},
@@ -48,17 +47,8 @@ userSchema.statics = {
       }
     })
     .then((user) => {
-      const userJWT = jwt.sign(
-        {
-          _id: user._id,
-          name: user.name,
-          contact_email: user.contact_email
-        },
-        config.jwtSecret,
-        { algorithm: 'HS256',
-          expiresIn: '1d'
-        }
-      );
+      const userJWT = createToken(
+        user._id, user.name, user.contact_email, 'user', '1d');
       return userJWT;
     })
     .catch((error) => {

diff --git a/routes/auth.js b/routes/auth.js
@@ -1,7 +1,8 @@
 'use strict';
 
-var Boom = require('boom');
-var User = require('../models/user');
+const Boom = require('boom');
+const User = require('../models/user');
+const createToken = require('../models/createToken');
 
 function oauthHandler (request, reply) {
   if (!request.auth.isAuthenticated) {
@@ -76,5 +77,26 @@ module.exports = [
         message: 'Goodbye!'
       });
     }
+  },
+  {
+    method: 'GET',
+    path: '/getToken',
+    config: {
+      auth: 'session',
+      tags: ['disablePlugins']
+    },
+    handler: function (request, reply) {
+      User.findOne({
+        session_id: request.auth.credentials.session_id
+      }).then(function (user) {
+        return createToken(
+          user._id, user.name, user.contact_email, 'user', '365d'
+        );
+      }).then(function (token) {
+        reply({ token });
+      }).catch(function (err) {
+        reply(Boom.badImplementation(err));
+      });
+    }
   }
 ];
diff --git a/test/specs/test_auth_getToken.js b/test/specs/test_auth_getToken.js
@@ -0,0 +1,67 @@
+const Hapi = require('hapi');
+const proxyquire = require('proxyquire').noCallThru();
+const chai = require('chai');
+const sinon = require('sinon');
+const sinonChai = require('sinon-chai');
+const authentication = require('../../plugins/authentication.js');
+
+const expect = chai.expect;
+chai.should();
+chai.use(sinonChai);
+const sandbox = sinon.sandbox.create();
+
+const buildStubs = () => {
+  const user = {
+    _id: 'id',
+    name: 'name',
+    contact_email: 'email'
+  };
+  const findOne = sandbox.stub().resolves(user);
+  const token = 'token';
+  const createToken = sandbox.stub().resolves(token);
+  const stubs = {
+    '../models/user': { findOne },
+    '../models/createToken': createToken
+  };
+  return { stubs, findOne, createToken, user, token };
+};
+
+const getServer = (stubs) => {
+  const uploads = proxyquire('../../routes/auth.js', stubs);
+  const server = new Hapi.Server();
+  server.connection({ port: 4000 });
+  return server.register(authentication).then(() => {
+    server.route(uploads);
+    return server;
+  });
+};
+
+describe('auth getToken', () => {
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  it('Should create and return a new JWT token', () => {
+    const { stubs, findOne, createToken, user, token } = buildStubs();
+    const credentials = {
+      session_id: 'id'
+    };
+    const options = {
+      method: 'GET',
+      url: '/getToken',
+      credentials
+    };
+    return getServer(stubs)
+      .then((server) => {
+        return server.inject(options).then((res) => {
+          expect(findOne).to.have.been.calledWith(credentials);
+          expect(createToken.firstCall.args[0]).to.equal(user._id);
+          expect(createToken.firstCall.args[1]).to.equal(user.name);
+          expect(createToken.firstCall.args[2]).to.equal(user.contact_email);
+          expect(createToken.firstCall.args[3]).to.equal('user');
+          expect(createToken.firstCall.args[4]).to.equal('365d');
+          expect(res.result.token).to.equal(token);
+        });
+      });
+  });
+});