Add route for impersonating users from association id#1
Add route for impersonating users from association id#1galenguyer wants to merge 2 commits intoComputerScienceHouse:masterfrom
Conversation
Mstrodl
left a comment
Mstrodl
left a comment
There was a problem hiding this comment.
Looks very good, just a few considerations because I want to keep gatekeeper responses fast
| const fetch = (await fetchPromise).default; | ||
|
|
||
| const resp = await fetch( | ||
| "https://sso.csh.rit.edu/auth/realms/csh/protocol/openid-connect/auth?client_id=gatekeeper&response_type=token&response_mode=fragment&redirect_uri=https%3A%2F%2Fgatekeeper.csh.rit.edu%2Fcallback", |
There was a problem hiding this comment.
It would be cool if this didn't always use the same client ID (think: audiophiler)
| const response = {}; | ||
| for (const attribute of user.attributes) { | ||
| if (attribute.type == "jpegPhoto") { | ||
| response[attribute.type] = attribute._vals[0].toString("base64"); | ||
| } else { | ||
| const values = attribute._vals.map((value) => value.toString("utf8")); | ||
| if (ARRAYS.has(attribute.type)) { | ||
| response[attribute.type] = values; | ||
| } else { | ||
| if (values.length > 1) { | ||
| console.warn(`${attribute.type} has many values!!`); | ||
| } | ||
| response[attribute.type] = values.join(","); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| const uid = response["uid"]; |
There was a problem hiding this comment.
Having my jetbrains arc
💡 Loop can be simplified:
const uid = user.attributes.find(attribute => attribute.type == "uid")._vals[0].toString("utf8");We should really use a different client for drink vs normal... One should grant read/write drink credits scope to /drink but no others. req.associationType will give you a hint for this.
There was a problem hiding this comment.
Disappointed there's no way to search by ipaUniqueID on keycloak... 😢
| const userDocument = await req.ctx.db.collection("users").findOne({ | ||
| id: {$eq: key.userId}, | ||
| disabled: {$ne: true}, | ||
| }); | ||
| if (!userDocument) { | ||
| res.status(404).json({message: "User not found or disabled"}); | ||
| return; | ||
| } |
|
|
||
| const uid = response["uid"]; | ||
|
|
||
| res.json(await impersonate.getImpersonationToken(uid)); |
There was a problem hiding this comment.
It would be nice if we added ipaUniqueID to the response too, I really want to encourage people to use that attribute where possible
|
|
||
| let user; | ||
| try { | ||
| user = await findUser(key.userId); |
There was a problem hiding this comment.
This pulls every attribute, which will be MUCH slower than just fetching attributes we want. Look at findUser in routes/users.js, notice how it only enumerates a few attributes we care about. I would make another function that just fetches a uid from a ipaUniqueID... It should be much faster
There was a problem hiding this comment.
Perhaps add an optional attributes parameter to findUser? Would be nice if that got moved out into another file because I was being lazy and stuck the same function in routes/users.js and routes/memberProjects.js
| npm-error.log | ||
| /.vscode | ||
| /.idea | ||
| .env |
2 participants
hehe sso go brr