Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (app.get('remoting') && app.get('remoting').urlencoded) {
urlencoded = app.get('remoting').urlencoded;
}
app.middleware('parse', bodyParser.json(jsonremoting));
// to support URL-encoded bodies
app.middleware('parse', bodyParser.urlencoded(
urlencoded));
app.middleware('session:before', loopback.cookieParser(app.get('cookieSecret')));
passportConfigurator.init();
// We need flash messages to see passport errors
app.use(flash());
var BaseUser = loopback.getModelByType('BaseUser');
var userIdentity = loopback.getModelByType('userIdentity');
passportConfigurator.setupModels({
userModel: BaseUser,
userIdentityModel: userIdentity,
userCredentialModel: app.models.userCredential
});
for (var s in config) {
if (config.hasOwnProperty(s)) {
var c = config[s];
c.session = c.session !== false;
passportConfigurator.configureProvider(s, c);
}
}
};
}
if (app.get('remoting') && app.get('remoting').urlencoded) {
urlencoded = app.get('remoting').urlencoded;
}
app.middleware('parse', bodyParser.json(jsonremoting));
// to support URL-encoded bodies
app.middleware('parse', bodyParser.urlencoded(
urlencoded));
app.middleware('session:before', loopback.cookieParser(app.get('cookieSecret')));
passportConfigurator.init();
// We need flash messages to see passport errors
app.use(flash());
var BaseUser = loopback.getModelByType('BaseUser');
var userIdentity = loopback.getModelByType('userIdentity');
passportConfigurator.setupModels({
userModel: BaseUser,
userIdentityModel: userIdentity,
userCredentialModel: app.models.userCredential
});
for (var s in config) {
if (config.hasOwnProperty(s)) {
var c = config[s];
c.session = c.session !== false;
passportConfigurator.configureProvider(s, c);
}
}
};
options = null;
}
cb = cb || utils.createPromiseCallback();
if (typeof ttl === 'object' && !options) {
// createAccessToken(options, cb)
options = ttl;
ttl = options.ttl;
}
var userModel = this.constructor;
var accessToken = {};
var RoleMapping = loopback.getModelByType('BaseRoleMapping');
var Role = loopback.getModelByType('BaseRole');
var self = this;
async.parallel([function roleMappingFind(callback) {
RoleMapping.find({
where: {
principalId: self.id,
principalType: RoleMapping.USER
}
}, options, function roleMappingFindCb(err, rolemap) {
if (err) {
return err;
}
var roleIdArr = [];
rolemap.forEach(function roleIdExtractFn(role) {
BaseUser.switchTenant = function SwitchTenantFn(ctx, tenantId, options, cb) {
// The if clause may not be covered in test cases
// if we manually call BaseUser.switchTenant(ctx, switchTenantId, function(err, res) { });
// the test cases are getting crashed with
// Trace: options is not being passed
// at Function.findById loopback-datasource-juggler/lib/dao.js:1787:17
if (!cb && typeof options === 'function') {
cb = options;
options = {};
}
var data = { tenantId: '' };
var AuthSession = loopback.getModelByType('AuthSession');
var accessToken = ctx.req.accessToken;
if (accessToken) {
AuthSession.findById(accessToken.id, options, function authSessionFindById(err, token) {
if (err) {
return cb(err);
}
if (token) {
token.tenantId = tenantId;
AuthSession.upsert(token, options, function authSessionUpsert(err, updatedToken) {
if (err) {
cb(err);
}
data.tenantId = updatedToken.tenantId;
cb(null, data);
});
}
cb = cb || utils.createPromiseCallback();
if (typeof ttl === 'object' && !options) {
// createAccessToken(options, cb)
options = ttl;
ttl = options.ttl;
}
var userModel = this.constructor;
var accessToken = {};
var RoleMapping = loopback.getModelByType('BaseRoleMapping');
var Role = loopback.getModelByType('BaseRole');
var self = this;
async.parallel([function roleMappingFind(callback) {
RoleMapping.find({
where: {
principalId: self.id,
principalType: RoleMapping.USER
}
}, options, function roleMappingFindCb(err, rolemap) {
if (err) {
return err;
}
var roleIdArr = [];
rolemap.forEach(function roleIdExtractFn(role) {
roleIdArr.push(role.roleId);
Passport.authenticate('jwt', (err, user, info) => {
if (err) {
return next(err);
}
if (!user) {
return next();
}
if (user) {
var trustedApp = user[jwtConfig.keyToVerify];
var userObj = loopback.getModelByType('BaseUser');
var username = '';
if (trustedApp) {
var rolesToAdd = [];
var appObj = loopback.getModelByType('TrustedApp');
var query = { appId: trustedApp };
appObj.findOne({
where: query
}, req.callContext, (err, trusted) => {
if (err) {
next();
}
if (trusted && req.headers.username && req.headers.email) {
username = req.headers.username;
var email = req.headers.email;
// verify supported Roles
if (req.headers.roles && trusted.supportedRoles) {
JSON.parse(req.headers.roles).forEach(function (element) {
if (trusted.supportedRoles.some(x => x === element)) {
rolesToAdd.push({ 'id': element, 'type': 'ROLE' });
}
var createACLsforTest = function(done) {
var acls = [{
"model": "dev",
"principalType": "USER",
"principalId": "admin",
"permission": "ALLOW",
"accessType": "*"
}];
var BaseACL = loopback.getModelByType('BaseACL');
BaseACL.create(acls, defaultContext, function(err, recs) {
//console.log(recs);
done();
});
};
function(cb) {
var RoleMapping = loopback.getModelByType('BaseRoleMapping');
RoleMapping.create({
id: 'admin',
principalType: 'USER',
principalId: 'admin',
roleId: 'admin'
}, adminUserContext, function(err, res) {
if (err) {
if (err.code === 11000) {
return cb();
}
cb(err);
} else {
cb();
}
});
}
accessTokenModel.observe('before save', function (ctx, next) {
if (!ctx.isNewInstance) {
return next();
}
var RoleMapping = loopback.getModelByType('RoleMapping');
var Role = loopback.getModelByType('Role');
RoleMapping.find({
where: {
principalId: ctx.instance.userId,
principalType: RoleMapping.USER
}
}, ctx.options, function (err, rolemap) {
if (err) {
return next(err);
}
if (!rolemap || rolemap.length === 0) {
ctx.instance.roles = [];
return next();
}
var roleIdArr = [];
rolemap.forEach(function (role) {
roleIdArr.push(role.roleId);
USER: function tenantUtilUserFn(tenantsource, tenantkey, ctx, req, cb) {
log.debug(ctx.options, 'USER', 'tenantsource=', tenantsource, ', tenantkey=', tenantkey, ', ctx=', ctx, ', req=', (req ? ' its there!' : 'it\'s not there!'));
var userId = req && req.accessToken && req.accessToken.userId;
log.debug(ctx.options, 'USER', 'userId = ', userId);
if (!userId) {
return cb(null, tenantsource, tenantkey);
}
var User = loopback.getModelByType('BaseUser');
log.debug(ctx.options, 'USER', 'BaseUser model = ', (User ? 'got the model!' : 'No BaseUser model!'));
if (!User) {
return cb(null, tenantsource, tenantkey);
}
User.findById(userId, function TenantUtilUserFindCb(err, data) {
if (err) {
log.debug(ctx.options, 'USER', 'Error while getting User of this userId', err);
return cb(null, tenantsource, tenantkey);
}
log.debug(ctx.options, 'USER', !data ? 'No' : 'Got', 'user with userId', userId);
log.debug(ctx.options, 'USER', 'user = ', data);
var tenantId = null;
if (data) {
tenantId = _.get(data, tenantkey);
}