Skip to content

Commit 79ef71d

Browse files
authored
feat(token): added subtype in phone-island (#334)
1 parent 9bb5c09 commit 79ef71d

2 files changed

Lines changed: 47 additions & 14 deletions

File tree

root/usr/lib/node/nethcti-server/plugins/authentication/authentication.js

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1209,14 +1209,20 @@ function isAutoUpdateTokenExpires() {
12091209
return true;
12101210
}
12111211
}
1212-
// Check the api persistent token
1213-
if (persistentTokens.has(`${username}_phone-island`)) {
1214-
const pTokenApi = persistentTokens.get(`${username}_phone-island`).token;
1215-
// Compare the given encrypted token with the api persistent token
1216-
if (pTokenApi === hashToken) {
1217-
return true;
1212+
1213+
// Check the api persistent tokens (both web and nethlink)
1214+
const subtypes = ['web', 'nethlink'];
1215+
for (const subtype of subtypes) {
1216+
const tokenKey = `${username}_phone-island_${subtype}`;
1217+
if (persistentTokens.has(tokenKey)) {
1218+
const pTokenApi = persistentTokens.get(tokenKey).token;
1219+
// Compare the given encrypted token with the api persistent token
1220+
if (pTokenApi === hashToken) {
1221+
return true;
1222+
}
12181223
}
12191224
}
1225+
12201226
// Return false if there aren't matching tokens
12211227
return false
12221228
} catch (err) {
@@ -1268,7 +1274,11 @@ function verifyToken(username, token, isRemote) {
12681274
}
12691275

12701276
// check the grant presence
1271-
if (!grants[username] && !persistentTokens.has(username) && !persistentTokens.has(`${username}_phone-island`)) {
1277+
const phoneIslandTokenExists = ['web', 'nethlink'].some(subtype =>
1278+
persistentTokens.has(`${username}_phone-island_${subtype}`)
1279+
);
1280+
1281+
if (!grants[username] && !persistentTokens.has(username) && !phoneIslandTokenExists) {
12721282
logger.log.warn(IDLOG, 'authentication failed for ' + (isRemote ? 'remote site ' : 'local ') + 'username: "' + username + '": no grant is present');
12731283
return false;
12741284
}

root/usr/lib/node/nethcti-server/plugins/com_authentication_rest/plugins_rest/authentication.js

Lines changed: 30 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,7 @@ function setCompUser(comp) {
221221
api: {
222222
'root': 'authentication',
223223
'get': [
224-
'phone_island_token_check'
224+
'phone_island_token_check/:subtype'
225225
],
226226

227227
/**
@@ -361,15 +361,22 @@ function setCompUser(comp) {
361361
*/
362362
phone_island_token_login: async function(req, res) {
363363
try {
364+
// Check parameters
365+
if (req.params.subtype !== 'web' && req.params.subtype !== 'nethlink') {
366+
throw new Error('wrong parameters: ' + JSON.stringify(arguments));
367+
}
364368

365369
// Get the username from the headers
366370
const username = req.headers.authorization_user;
367371
// Get the valid token from the request
368372
// The token validity is checked inside the authorization proxy
369373
const authToken = req.headers.authorization_token;
370374

375+
// Get token login subtype. Default: web. Can be 'web' or 'nethlink'
376+
const subTypeToken = req.params.subtype || 'web';
377+
371378
// Add _phone-island to the end of api username tokens
372-
const apiUsername = `${username}_phone-island`;
379+
const apiUsername = `${username}_phone-island_${subTypeToken}`;
373380

374381
// Create the persistent token using username and a valid authentication token
375382
const apiToken = await compAuthe.getPersistentToken(apiUsername, authToken);
@@ -433,12 +440,19 @@ function setCompUser(comp) {
433440
*/
434441
phone_island_token_check: async function(req, res) {
435442
try {
443+
// Check parameters
444+
if (req.params.subtype !== 'web' && req.params.subtype !== 'nethlink') {
445+
throw new Error('wrong parameters: ' + JSON.stringify(arguments));
446+
}
436447

437448
// Get the username from the headers
438449
const username = req.headers.authorization_user;
439450

451+
// Get token login subtype. Default: web. Can be 'web' or 'nethlink'
452+
const subTypeToken = req.params.subtype || 'web';
453+
440454
// Add _phone-island to the end of api username tokens
441-
const islandUsername = `${username}_phone-island`;
455+
const islandUsername = `${username}_phone-island_${subTypeToken}`;
442456

443457
// Check if the persistent token exists
444458
const exists = await compAuthe.persistentTokenExists(islandUsername);
@@ -455,19 +469,24 @@ function setCompUser(comp) {
455469

456470
/**
457471
* Provides the api to revoke a persistent token
458-
*
472+
*
459473
* persistent_token_remove
460-
*
474+
*
461475
* @param {object} req The client request
462476
* @param {object} res The client response
463477
*/
464478
persistent_token_remove: async function(req, res) {
465479
try {
466-
// Check parameters
480+
// Check parameters type
467481
if (req.params.type !== 'phone-island' && req.params.type !== 'no-exp') {
468482
throw new Error('wrong parameters: ' + JSON.stringify(arguments));
469483
}
470484

485+
// Check parameters subtype
486+
if (req.params.subtype !== 'web' && req.params.subtype !== 'nethlink') {
487+
throw new Error('wrong parameters: ' + JSON.stringify(arguments));
488+
}
489+
471490
// Get the username from the headers
472491
const username = req.headers.authorization_user;
473492
// Get the token from the headers
@@ -478,7 +497,11 @@ function setCompUser(comp) {
478497

479498
// Set target username to be revoked
480499
if (req.params.type === 'phone-island') {
481-
userToRevoke = `${username}_phone-island`;
500+
// Get token login subtype. Default: web. Can be 'web' or 'nethlink'
501+
const subTypeToken = req.params.subtype || 'web';
502+
503+
// Compose token name to remove
504+
userToRevoke = `${username}_phone-island_${subTypeToken}`;
482505
} else if (req.params.type === 'no-exp') {
483506
userToRevoke = username;
484507
}

0 commit comments

Comments
 (0)