github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-29 11:07:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b9eb0f4b16e552ebcbced7a01eacd60da187bbe
directus/app/src/auth.ts
Aiden Foxx b7ee318e43 LDAP auth provider (#9074) 
* Added LDAP implementation

* Cleanup and added refresh checking

* Added provider check to ldap

* Added LDAP docs

* Always update LDAP user role on authentication

* Fetched package-json from github

* Fixed lint error

* Update api/src/auth/drivers/ldap.ts

* Update api/src/auth/drivers/ldap.ts

* Added missing locale key

* Update docs/guides/api-config.md

* Update docs/configuration/config-options.md

* Update api/src/auth/drivers/ldap.ts

* Added back LDAP example

* Update config-options.md

* getUserID function sjhouldn't care about password

* Added LOCKOUT to INVALID_ACCOUNT_FLAGS

* Update styling approach for v-select

Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>
2021-10-29 11:58:10 -04:00

176 lines
4.9 KiB
TypeScript
Raw Blame History

import api from '@/api';
import { dehydrate, hydrate } from '@/hydrate';
import { router } from '@/router';
import { useAppStore } from '@/stores';
import { RouteLocationRaw } from 'vue-router';
import { idleTracker } from './idle';
import { DEFAULT_AUTH_PROVIDER } from '@/constants';
export type LoginCredentials = {
identifier?: string;
email?: string;
password: string;
otp?: string;
};
export async function login(credentials: LoginCredentials, provider: string): Promise<void> {
const appStore = useAppStore();
const response = await api.post<any>(provider !== DEFAULT_AUTH_PROVIDER ? `/auth/login/${provider}` : '/auth/login', {
...credentials,
mode: 'cookie',
});
const accessToken = response.data.data.access_token;
// Add the header to the API handler for every request
api.defaults.headers.common['Authorization'] = `Bearer ${accessToken}`;
// Refresh the token 10 seconds before the access token expires. This means the user will stay
// logged in without any noticable hickups or delays
// setTimeout breaks with numbers bigger than 32bits. This ensures that we don't try refreshing
// for tokens that last > 24 days. Ref #4054
if (response.data.data.expires <= 2100000000) {
refreshTimeout = setTimeout(() => refresh(), response.data.data.expires - 10000);
}
appStore.accessTokenExpiry = Date.now() + response.data.data.expires;
appStore.authenticated = true;
await hydrate();
}
let refreshTimeout: any;
let idle = false;
let isRefreshing = false;
let firstRefresh = true;
// Prevent the auto-refresh when the app isn't in use
idleTracker.on('idle', () => {
clearTimeout(refreshTimeout);
idle = true;
});
idleTracker.on('hide', () => {
clearTimeout(refreshTimeout);
idle = true;
});
// Restart the autorefresh process when the app is used (again)
idleTracker.on('active', () => {
if (idle === true) {
refresh();
idle = false;
}
});
idleTracker.on('show', () => {
if (idle === true) {
refresh();
idle = false;
}
});
export async function refresh({ navigate }: LogoutOptions = { navigate: true }): Promise<string | undefined> {
// Allow refresh during initial page load
if (firstRefresh) firstRefresh = false;
// Skip if not logged in
else if (!api.defaults.headers.common['Authorization']) return;
// Prevent concurrent refreshes
if (isRefreshing) return;
const appStore = useAppStore();
// Skip refresh if access token is still fresh
if (appStore.accessTokenExpiry && Date.now() < appStore.accessTokenExpiry - 10000) {
// Set a fresh timeout as it is cleared by idleTracker's idle or hide event
clearTimeout(refreshTimeout);
refreshTimeout = setTimeout(() => refresh(), appStore.accessTokenExpiry - 10000 - Date.now());
return;
}
isRefreshing = true;
try {
const response = await api.post<any>('/auth/refresh', undefined, {
transformRequest(data, headers) {
// This seems wrongly typed in Axios itself..
delete (headers?.common as unknown as Record<string, string>)?.['Authorization'];
return data;
},
});
const accessToken = response.data.data.access_token;
// Add the header to the API handler for every request
api.defaults.headers.common['Authorization'] = `Bearer ${accessToken}`;
// Refresh the token 10 seconds before the access token expires. This means the user will stay
// logged in without any notable hiccups or delays
clearTimeout(refreshTimeout);
// setTimeout breaks with numbers bigger than 32bits. This ensures that we don't try refreshing
// for tokens that last > 24 days. Ref #4054
if (response.data.data.expires <= 2100000000) {
refreshTimeout = setTimeout(() => refresh(), response.data.data.expires - 10000);
}
appStore.accessTokenExpiry = Date.now() + response.data.data.expires;
appStore.authenticated = true;
return accessToken;
} catch (error: any) {
await logout({ navigate, reason: LogoutReason.SESSION_EXPIRED });
} finally {
isRefreshing = false;
}
}
export enum LogoutReason {
SIGN_OUT = 'SIGN_OUT',
SESSION_EXPIRED = 'SESSION_EXPIRED',
}
export type LogoutOptions = {
navigate?: boolean;
reason?: LogoutReason;
};
/**
* Everything that should happen when someone logs out, or is logged out through an external factor
*/
export async function logout(optionsRaw: LogoutOptions = {}): Promise<void> {
const appStore = useAppStore();
const defaultOptions: Required<LogoutOptions> = {
navigate: true,
reason: LogoutReason.SIGN_OUT,
};
delete api.defaults.headers.common['Authorization'];
clearTimeout(refreshTimeout);
const options = { ...defaultOptions, ...optionsRaw };
// Only if the user manually signed out should we kill the session by hitting the logout endpoint
if (options.reason === LogoutReason.SIGN_OUT) {
await api.post(`/auth/logout`);
}
appStore.authenticated = false;
await dehydrate();
if (options.navigate === true) {
const location: RouteLocationRaw = {
path: `/login`,
query: { reason: options.reason },
};
router.push(location);
}
}
Reference in New Issue View Git Blame Copy Permalink