Pass session to auth methods

This commit is contained in:
Alice Gaudon 2020-04-25 09:35:49 +02:00
parent 9b7ec1e516
commit faeafbd68d
2 changed files with 6 additions and 5 deletions

View File

@ -2,9 +2,10 @@ import AuthProof from "./AuthProof";
import MysqlConnectionManager from "../db/MysqlConnectionManager"; import MysqlConnectionManager from "../db/MysqlConnectionManager";
import User from "./models/User"; import User from "./models/User";
import UserEmail from "./models/UserEmail"; import UserEmail from "./models/UserEmail";
import {Connection} from "mysql";
export default abstract class AuthGuard<P extends AuthProof> { export default abstract class AuthGuard<P extends AuthProof> {
public abstract async getProofForSession(sessionID: string): Promise<P | null>; public abstract async getProofForSession(session: Express.Session): Promise<P | null>;
public async getUserForSession(session: Express.Session): Promise<User | null> { public async getUserForSession(session: Express.Session): Promise<User | null> {
if (!await this.isAuthenticated(session)) return null; if (!await this.isAuthenticated(session)) return null;
@ -52,9 +53,9 @@ export default abstract class AuthGuard<P extends AuthProof> {
} }
public async logout(session: Express.Session): Promise<void> { public async logout(session: Express.Session): Promise<void> {
const proof = await this.getProofForSession(session.id); const proof = await this.getProofForSession(session);
if (proof) { if (proof) {
await proof.revoke(); await proof.revoke(session);
} }
session.auth_id = undefined; session.auth_id = undefined;
} }
@ -62,7 +63,7 @@ export default abstract class AuthGuard<P extends AuthProof> {
private async checkCurrentSessionProofValidity(session: Express.Session): Promise<boolean> { private async checkCurrentSessionProofValidity(session: Express.Session): Promise<boolean> {
if (typeof session.auth_id !== 'number') return false; if (typeof session.auth_id !== 'number') return false;
const proof = await this.getProofForSession(session.id); const proof = await this.getProofForSession(session);
if (!proof || !await proof.isValid() || !await proof.isAuthorized() || !await proof.isOwnedBy(session.auth_id)) { if (!proof || !await proof.isValid() || !await proof.isAuthorized() || !await proof.isOwnedBy(session.auth_id)) {
await this.logout(session); await this.logout(session);

View File

@ -11,5 +11,5 @@ export default interface AuthProof {
getEmail(): Promise<string>; getEmail(): Promise<string>;
revoke(): Promise<void>; revoke(session: Express.Session): Promise<void>;
} }