diff --git a/.openshift/v2/okd_branch_tmpl_v2.yaml b/.openshift/v2/okd_branch_tmpl_v2.yaml
index c5af1ef048c81a452243db70e731a1d90bffb026..3c95ec2f701e87531bb089d0c7e47c1bc020a08a 100644
--- a/.openshift/v2/okd_branch_tmpl_v2.yaml
+++ b/.openshift/v2/okd_branch_tmpl_v2.yaml
@@ -28,7 +28,7 @@ objects:
- name: SESSION_SECRET
value: ${SESSION_SECRET}
- name: HOSTNAME
- value: ${ROUTE_HOST}
+ value: https://${ROUTE_HOST}
- name: HOST_PATHNAME
value: ${ROUTE_PATH}
diff --git a/deploy/auth/util.js b/deploy/auth/util.js
index 4733f5070d9ef981d3ca4c9f6720834ae229f12b..91421d1624ad5d787a338cbdd7a497eba1a3be81 100644
--- a/deploy/auth/util.js
+++ b/deploy/auth/util.js
@@ -1,73 +1,5 @@
-const { configureAuth, jwtDecode } = require('./oidc')
const objStoreDb = new Map()
-const HOSTNAME = process.env.HOSTNAME || 'http://localhost:3000'
-const HOST_PATHNAME = process.env.HOST_PATHNAME || ''
-const clientId = process.env.HBP_CLIENTID || 'no hbp id'
-const clientSecret = process.env.HBP_CLIENTSECRET || 'no hbp client secret'
-const discoveryUrl = 'https://services.humanbrainproject.eu/oidc'
-const redirectUri = `${HOSTNAME}${HOST_PATHNAME}/hbp-oidc/cb`
-
-let REFRESH_TOKEN = process.env.REFRESH_TOKEN || null
-const CLIENT_NOT_INIT = `Client is not initialised.`
-const REFRESH_TOKEN_MISSING = `refresh token is missing`
-const REFRESH_ACCESS_TOKEN_MISSING = `access token not defined upon refresh`
-const REFRESH_REFRESH_TOKEN_MISSING = `refresh token not defined upon refresh`
-
-let __client
-let __publicAccessToken
-
-const refreshToken = async () => {
- if (!__client) throw new Error(CLIENT_NOT_INIT)
- if (!REFRESH_TOKEN) throw new Error(REFRESH_TOKEN_MISSING)
- const tokenset = await __client.refresh(REFRESH_TOKEN)
- const {access_token: accessToken, refresh_token: refreshToken, id_token: idToken} = tokenset
- if (!accessToken) throw new Error(REFRESH_ACCESS_TOKEN_MISSING)
- if (!refreshToken) throw new Error(REFRESH_REFRESH_TOKEN_MISSING)
- if (refreshToken !== REFRESH_TOKEN) {
- REFRESH_TOKEN = refreshToken
- }
- __publicAccessToken = accessToken
- return true
-}
-
-const getClient = async () => {
- const { client } = await configureAuth({
- clientId,
- clientSecret,
- discoveryUrl,
- redirectUri,
- clientConfig: {
- redirect_uris: [ redirectUri ],
- response_types: [ 'code' ]
- }
- })
-
- __client = client
-}
-
-getClient()
-
-const getPublicAccessToken = async () => {
- if (!__client) {
- await getClient()
- }
-
- if (!__publicAccessToken) {
- await refreshToken()
- }
-
- const decoded = jwtDecode(__publicAccessToken)
- const { exp } = decoded
-
- // refresh token if it is less than 30 minute expiring
- if (!exp || isNaN(exp) || (exp * 1000 - Date.now() < 1e3 * 60 * 30 )) {
- await refreshToken()
- }
-
- return __publicAccessToken
-}
-
const initPassportJs = app => {
console.log('init passport js')
const passport = require('passport')
@@ -91,5 +23,4 @@ const initPassportJs = app => {
module.exports = {
initPassportJs,
objStoreDb,
- getPublicAccessToken: async () => await getPublicAccessToken(),
}
diff --git a/deploy/auth/util.spec.js b/deploy/auth/util.spec.js
index 1d8a33ae229aa4540d80edb1fba201e80cdd9d97..0dff0d61ee3806108844187e81691a2396374864 100644
--- a/deploy/auth/util.spec.js
+++ b/deploy/auth/util.spec.js
@@ -113,43 +113,6 @@ describe('util.js', async () => {
cleanup()
})
- it('> configureAuth and refresh called with correct param', async () => {
- const { getPublicAccessToken } = require('./util')
- const token = await getPublicAccessToken()
-
- const {
- access_token,
- refresh_token,
- id_token,
- configureAuthStub,
- refreshSpy,
- jwtDecodeReturn,
- jwtDecodeStub
- } = oidcStub
- const { HBP_CLIENTID, HBP_CLIENTSECRET, HOSTNAME, HOST_PATHNAME, REFRESH_TOKEN } = env
-
- // configuAuthStub
- assert(
- configureAuthStub.called,
- 'expect configureAuthStub to have been called once'
- )
- const { args } = configureAuthStub.firstCall
- const arg = args[0]
- expect(arg).to.include({
- clientId: HBP_CLIENTID,
- clientSecret: HBP_CLIENTSECRET,
- redirectUri: `${HOSTNAME}${HOST_PATHNAME}/hbp-oidc/cb`
- })
-
- // refresh spy
- assert(refreshSpy.calledWith(REFRESH_TOKEN))
-
- // jwtStub
- assert(jwtDecodeStub.calledWith(access_token))
-
- // return val
- expect(token).to.be.equal(access_token)
- })
})
describe('> if refresh token is missing', () => {
@@ -184,15 +147,5 @@ describe('util.js', async () => {
cleanup()
})
- it('> refresh getPublicAccessToken will reject', async () => {
- const { getPublicAccessToken } = require('./util')
-
- try {
- await getPublicAccessToken()
- assert(false, 'get public access token should be rejected')
- } catch (e) {
- assert(true)
- }
- })
})
})
diff --git a/src/util/constants.ts b/src/util/constants.ts
index f341ca2817f3a06a0717dd0c70c36b6d5711b150..84ee596993c519223fc8f28487af1a0cb8372f4d 100644
--- a/src/util/constants.ts
+++ b/src/util/constants.ts
@@ -18,7 +18,7 @@ export const KG_TOS_VERSION = '0.3.0'
export const DS_PREVIEW_URL = environment.DATASET_PREVIEW_URL
export const BACKENDURL = (() => {
const { BACKEND_URL } = environment
- if (!BACKEND_URL) return `http://localhost:3000/`
+ if (!BACKEND_URL) return ``
if (/^http/.test(BACKEND_URL)) return BACKEND_URL
const url = new URL(window.location.href)