Skip to content
Snippets Groups Projects
Commit e5114ef9 authored by Steve Reis's avatar Steve Reis
Browse files

fix(Datashield): issue with jwt

parent feb53c5e
No related branches found
No related tags found
No related merge requests found
...@@ -87,6 +87,16 @@ export class AuthService { ...@@ -87,6 +87,16 @@ export class AuthService {
refreshToken, refreshToken,
this.getRefreshTokenOptions(), this.getRefreshTokenOptions(),
); );
//check if user is connected
const isConnected = await this.engineService.isSessionValid(
payload.context,
);
if (!isConnected) {
throw new UnauthorizedException('User need to reconnect');
}
const user = await this.usersService.findOne(payload.context.id); const user = await this.usersService.findOne(payload.context.id);
const isMatchingTokens = const isMatchingTokens =
user.refreshToken === (await this.getHash(refreshToken)); user.refreshToken === (await this.getHash(refreshToken));
...@@ -97,7 +107,8 @@ export class AuthService { ...@@ -97,7 +107,8 @@ export class AuthService {
} }
return this.login(payload.context); return this.login(payload.context);
} catch (error) { } catch (error) {
throw new UnauthorizedException('Invalid refresh token'); const msg = error.message ?? 'Invalid refresh token';
throw new UnauthorizedException(msg);
} }
} }
......
...@@ -272,14 +272,10 @@ export default class DataShieldConnector implements Connector { ...@@ -272,14 +272,10 @@ export default class DataShieldConnector implements Connector {
) { ) {
const path = new URL('/runAlgorithm', this.options.baseurl); const path = new URL('/runAlgorithm', this.options.baseurl);
// Covariable and variable are inversed in Datashield API
const variable =
experiment.variables.length > 0 ? experiment.variables[0] : undefined;
const expToInput = { const expToInput = {
algorithm: { algorithm: {
id: experiment.algorithm.name, id: experiment.algorithm.name,
variable, variables: experiment.variables,
covariables: experiment.coVariables, covariables: experiment.coVariables,
}, },
datasets: experiment.datasets, datasets: experiment.datasets,
...@@ -344,6 +340,33 @@ export default class DataShieldConnector implements Connector { ...@@ -344,6 +340,33 @@ export default class DataShieldConnector implements Connector {
return [dsDomain]; return [dsDomain];
} }
async isSessionValid(user: User): Promise<boolean> {
const sid = user && user.extraFields && user.extraFields['sid'];
if (!sid) return false;
try {
const cookies = [`sid=${user.extraFields['sid']}`, `user=${user.id}`];
const path = this.options.baseurl + 'getvars';
await firstValueFrom(
this.httpService.get(path, {
headers: {
cookie: cookies.join(';'),
},
}),
);
return true;
} catch (err) {
DataShieldConnector.logger.verbose(
`User ${user.id} is not connected to Datashield`,
);
DataShieldConnector.logger.debug(err);
return false;
}
}
async getActiveUser(req: Request): Promise<User> { async getActiveUser(req: Request): Promise<User> {
const user = req.user as User; const user = req.user as User;
......
...@@ -5,6 +5,7 @@ import { ...@@ -5,6 +5,7 @@ import {
Injectable, Injectable,
InternalServerErrorException, InternalServerErrorException,
NotImplementedException, NotImplementedException,
UnauthorizedException,
} from '@nestjs/common'; } from '@nestjs/common';
import { ConfigType } from '@nestjs/config'; import { ConfigType } from '@nestjs/config';
import { Cache } from 'cache-manager'; import { Cache } from 'cache-manager';
...@@ -79,6 +80,11 @@ export default class EngineService implements Connector { ...@@ -79,6 +80,11 @@ export default class EngineService implements Connector {
return this.connector.getConfiguration?.() ?? {}; return this.connector.getConfiguration?.() ?? {};
} }
isSessionValid(user: User): Promise<boolean> {
if (!this.connector.isSessionValid) throw new NotImplementedException();
return this.connector.isSessionValid(user);
}
/** /**
* "If the cache is enabled, try to get the value from the cache, otherwise call the function and cache * "If the cache is enabled, try to get the value from the cache, otherwise call the function and cache
* the result." * the result."
...@@ -162,15 +168,22 @@ export default class EngineService implements Connector { ...@@ -162,15 +168,22 @@ export default class EngineService implements Connector {
req?: Request, req?: Request,
): Promise<RunResult> { ): Promise<RunResult> {
if (!this.connector.runExperiment) throw new NotImplementedException(); if (!this.connector.runExperiment) throw new NotImplementedException();
return this.connector.runExperiment(data, req).catch((err) => ({ return this.connector.runExperiment(data, req).catch((err) => {
results: [ if (err.status === 401 || err.response?.status === 401) {
{ throw new UnauthorizedException(
level: AlertLevel.ERROR, 'Experiment cannot be run because of a bad authentication',
message: `Error while running experiment, details '${err}'`, );
}, }
], return {
status: ExperimentStatus.ERROR, results: [
})); {
level: AlertLevel.ERROR,
message: `Error while running experiment, details '${err}'`,
},
],
status: ExperimentStatus.ERROR,
};
});
} }
async listExperiments?( async listExperiments?(
......
...@@ -22,6 +22,12 @@ export default interface Connector { ...@@ -22,6 +22,12 @@ export default interface Connector {
*/ */
getConfiguration?(): ConnectorConfiguration; getConfiguration?(): ConnectorConfiguration;
/**
* Tell if the session is still valid
* @param user User to check
*/
isSessionValid?(user: User): Promise<boolean>;
/** /**
* Get the list of domains along with a list of variables * Get the list of domains along with a list of variables
* @param req - Request - this is the request object from the HTTP request. * @param req - Request - this is the request object from the HTTP request.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment