Jwt roles fix (#273)

* Added check for jwt roles property, bumped version * Bumpbed version on db init sql file
uwrit · Aug 30, 2019 · d8eb1f4 · d8eb1f4
1 parent a98327a
commit d8eb1f4
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 10 deletions.
diff --git a/src/db/build/LeafDB.Init.sql b/src/db/build/LeafDB.Init.sql
@@ -32,4 +32,4 @@ SELECT
    ,[SecondaryColor] = 'rgb(183, 165, 122)'
 
 INSERT INTO [ref].[Version] (Lock, [Version])
-SELECT 'X', N'3.3.1';
+SELECT 'X', N'3.3.3';
diff --git a/src/db/migration/3.3.2__3.3.3.sql b/src/db/migration/3.3.2__3.3.3.sql
@@ -0,0 +1,10 @@
+/*
+ * Update version.
+ */
+IF EXISTS (SELECT 1 FROM [ref].[Version])
+    UPDATE ref.Version
+    SET [Version] = '3.3.3'
+ELSE 
+    INSERT INTO ref.[Version] (Lock, Version)
+    SELECT 'X', '3.3.3'
+
diff --git a/src/server/Directory.Build.props b/src/server/Directory.Build.props
@@ -1,5 +1,5 @@
 <Project>
   <PropertyGroup>
-    <VersionPrefix>3.3.2</VersionPrefix>
+    <VersionPrefix>3.3.3</VersionPrefix>
   </PropertyGroup>
 </Project>
diff --git a/src/ui-client/package.json b/src/ui-client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ui-client",
-  "version": "3.3.2",
+  "version": "3.3.3",
   "private": true,
   "dependencies": {
     "@types/d3-format": "^1.3.1",

diff --git a/src/ui-client/src/models/Auth.ts b/src/ui-client/src/models/Auth.ts
@@ -59,7 +59,7 @@ export interface DecodedIdToken {
     'aud': string;
     'auth-type': string;
     'exp': number;
-    'http://schemas.microsoft.com/ws/2008/06/identity/claims/role': string[];
+    'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'?: string[];
     'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': string;
     'iat': number;
     'id-nonce': string;

diff --git a/src/ui-client/src/services/authApi.ts b/src/ui-client/src/services/authApi.ts
@@ -23,23 +23,44 @@ const getIdTokenKey = (config: AppConfig) => {
  */
 const decodeToken = (token: string): UserContext => {
     const decoded = jwt_decode(token) as DecodedIdToken;
-    const roles = decoded['http://schemas.microsoft.com/ws/2008/06/identity/claims/role'];
     const fullname = decoded['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'];
     const nameSplit = fullname.split('@');
     let name = fullname;
     let scope = '';
+    let roles: string[] = [];
+    const roleMap = {
+        isAdmin: false,
+        isFederatedOkay: false,
+        isPhiOkay: false,
+        isSuperUser: false
+    };
 
-    if (nameSplit.length === 2) {
+    /*
+     * Check if [roles] property is present, and check for each role if so.
+     */
+    if (decoded["http://schemas.microsoft.com/ws/2008/06/identity/claims/role"]) {
+
+        roles = decoded["http://schemas.microsoft.com/ws/2008/06/identity/claims/role"];
+        roleMap.isAdmin         = roles.indexOf('admin') > -1;
+        roleMap.isFederatedOkay = roles.indexOf('fed') > -1;
+        roleMap.isPhiOkay       = roles.indexOf('phi') > -1;
+        roleMap.isSuperUser     = roles.indexOf('super') > -1;
+    }
+
+    /*
+     * Split name on '@'. Actual user name should be arg1, scope arg2.
+     */
+    if (nameSplit.length > 1) {
         name = nameSplit[0];
         scope = nameSplit[1];
     }
 
+    /*
+     * Derive UserContext object from decoded info.
+     */
     const ctx: UserContext = {
+        ...roleMap,
         expirationDate: new Date(decoded.exp * 1000),
-        isAdmin: roles.indexOf('admin') > -1,
-        isFederatedOkay: roles.indexOf('fed') > -1,
-        isPhiOkay: roles.indexOf('phi') > -1,
-        isSuperUser: roles.indexOf('super') > -1,
         issuer: decoded.iss,
         loginDate: new Date(decoded.iat * 1000),
         name,