return (req: express.Request, res: express.Response) => { // Get bearer token let authHeaderMatch = /^Bearer (.*)/i.exec(req.header("authorization")); if (!authHeaderMatch) { console.error("No Authorization token provided"); res.sendStatus(401); return; } // Decode token and get signing key const encodedToken = authHeaderMatch[1]; const decodedToken = jwt.decode(encodedToken, { complete: true }); msaOpenIdMetadata.getKey(decodedToken["header"].kid, (key) => { if (!key) { console.error("Invalid signing key or OpenId metadata document"); res.sendStatus(500); } // Verify token const verifyOptions: jwt.VerifyOptions = { algorithms: ["RS256", "RS384", "RS512"], issuer: `https://sts.windows.net/${decodedToken["payload"].tid}/`, audience: config.get("app.appId"), clockTolerance: 300, }; try { let token = jwt.verify(encodedToken, key.key, verifyOptions); res.status(200).send(token); } catch (e) { console.error("Invalid bearer token", e); res.sendStatus(401); } }); };
router.post("/logout", auth, function(req: express.Request, res: express.Response) { var token = getToken(req); var dtoken = jwt.decode(token, { complete: true }) || {}; // Update user status online var params = { id: dtoken.payload.id, status: ManagerModel.MANAGER_STATUS_OFFLINE }; var managerModel = new ManagerModel(); managerModel.setStatus(params, function(error: any, result: any) { if (error) { return res.status(400).send({status: false, error: error}); } res.json({ status: true }); var msg = { author: { id: params.id }, type: MessageModel.MESSAGE_TYPE_CHANGE_STATUS, status: ManagerModel.MANAGER_STATUS_OFFLINE }; server.io.emit( params.id, msg); }); });
return (req: Request, res: Response) => { const { cookies: { token: requestToken } } = req; const decodedTokenPayload = jwt.decode(requestToken); if (decodedTokenPayload) { const { username } = decodedTokenPayload; log.debug("Logout request for " + username); } res.status(204).clearCookie('token').end(); };
export const validateJWT = async function(req: ValidateRequest, res: Response) { const decoded = jsonwebtoken.decode(req.query.jwt, { complete: true }) as JWTContent; try { const publicKey = await getPublicKey(decoded.header.kid); jsonwebtoken.verify(req.query.jwt, publicKey); // throws res.status(200).json({ is_valid: true }); } catch (e) { res.status(200).json({ is_valid: false, error: e }); } } as any as RequestHandler;
it('sets the subject authResult[entity][entityService.id]', async () => { const { accessToken } = await app.service('authentication').create({ strategy: 'first', username: '******' }); const decoded = jwt.decode(accessToken); assert.strictEqual(decoded.sub, Strategy1.result.user.id.toString()); });
function isAdmin(req): boolean { if (config.server.admin == "") { return true; } if (req.headers.authorization) { var visitor = visitorFactory.getByEmail(jwt.decode(req.headers.authorization.substr(7)).email); return visitor.isAdmin(); } else return false; }
setRavenUserContext() { if (this.cmd && this.cmd.env && this.cmd.env.cloudSessionKey) { const data = jwt.decode(this.cmd.env.cloudSessionKey) Raven.mergeContext({ user: { fid: getFid(), id: data.userId, isGlobal: getIsGlobal(), }, }) } }
/** * @summary decodes a signed JWT * @param {string} signedToken * @returns {{}|null} The JWT payload */ decode(signedToken) { try { return jwt.verify(signedToken, this.configuration.sharedSecret, { ignoreExpiration: true, issuer: 'urn:app:' + this.configuration.appId, }); } catch (error) { // tslint:disable-next-line console.error(error, jwt.decode(signedToken)); return null; } }
it('does not override the subject if already set', async () => { const subject = 'Davester'; const { accessToken } = await app.service('authentication').create({ strategy: 'first', username: '******' }, { jwt: { subject } }); const decoded = jwt.decode(accessToken); assert.strictEqual(decoded.sub, subject); });
export default function refreshToken(req: Request, res: Response, next: Function) { const { cookies: { token: requestToken } } = req; const decodedTokenPayload = jwt.decode(requestToken); const { username } = decodedTokenPayload; // TODO: verify the issuer and secret? (e.g. in multitenant setup) const updatedToken = jwt.sign({ username: username }, secret, { issuer: 'react-redux-starter-kit', expiresIn: expiry, }); res.cookie('token', updatedToken, { secure: false /* TODO: change this */, maxAge: 60 * 60 * 1000 }); next(); };