@smg-automotive/auth 8.3.0-lschuerch-FED-782-sync-tenant.6 → 8.3.0-lschuerch-FED-782-sync-tenant.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/server/middleware/crossApplicationStateSynchronization.js +2 -25
- package/dist/cjs/server/middleware/crossApplicationStateSynchronization.js.map +1 -1
- package/dist/cjs/server/middleware/index.js +0 -15
- package/dist/cjs/server/middleware/index.js.map +1 -1
- package/dist/esm/server/middleware/crossApplicationStateSynchronization.js +2 -25
- package/dist/esm/server/middleware/crossApplicationStateSynchronization.js.map +1 -1
- package/dist/esm/server/middleware/index.js +0 -15
- package/dist/esm/server/middleware/index.js.map +1 -1
- package/package.json +2 -2
|
@@ -10,62 +10,39 @@ const crossApplicationStateSynchronization = async ({ request, language, auth0In
|
|
|
10
10
|
return null;
|
|
11
11
|
}
|
|
12
12
|
const impersonatedSellerIdFromCookie = request.cookies.get(auth0Config.impersonatedSellerIdCookie.name)?.value;
|
|
13
|
-
console.log('impersonatedSellerIdFromCookie', impersonatedSellerIdFromCookie);
|
|
14
|
-
console.log('typeof impersonatedSellerIdFromCookie', typeof impersonatedSellerIdFromCookie);
|
|
15
|
-
console.log('user.sellerId', typeof session?.user.sellerId);
|
|
16
|
-
console.log('typeof user.sellerId', typeof session?.user.sellerId);
|
|
17
|
-
console.log('session?.user.isMultiTenantUser', session?.user.isMultiTenantUser);
|
|
18
|
-
console.log('user: ', session?.user);
|
|
19
13
|
if (!session?.user.isMultiTenantUser && !impersonatedSellerIdFromCookie) {
|
|
20
|
-
console.log('User is not multi-tenant and no impersonation, no action needed');
|
|
21
14
|
return null;
|
|
22
15
|
}
|
|
23
16
|
let impersonateSellerId;
|
|
24
17
|
if (impersonatedSellerIdFromCookie &&
|
|
25
18
|
session.user.sellerId !== impersonatedSellerIdFromCookie) {
|
|
26
|
-
console.log('Impersonated seller ID out of sync, redirecting to login to resync');
|
|
27
19
|
impersonateSellerId = impersonatedSellerIdFromCookie;
|
|
28
20
|
}
|
|
29
21
|
const sellerIdFromCookie = request.cookies.get(auth0Config.selectedSellerIdCookie.name)?.value;
|
|
30
|
-
console.log('sellerIdFromCookie', sellerIdFromCookie);
|
|
31
|
-
console.log('typeof sellerIdFromCookie', typeof sellerIdFromCookie);
|
|
32
22
|
const decodedToken = session?.tokenSet.accessToken
|
|
33
23
|
? jose.decodeJwt(session.tokenSet.accessToken)
|
|
34
24
|
: null;
|
|
35
|
-
// eslint-disable-next-line no-console
|
|
36
|
-
console.log('Decoded token info', {
|
|
37
|
-
decodedToken,
|
|
38
|
-
});
|
|
39
25
|
const sellerIdFromSession = session?.user.sellerId || null;
|
|
40
26
|
const sellerIdFromToken = Array.isArray(decodedToken?.sellerIds)
|
|
41
27
|
? decodedToken.sellerIds[0] || null
|
|
42
28
|
: null;
|
|
43
29
|
const sessionCookieMismatch = sellerIdFromCookie && sellerIdFromSession !== sellerIdFromCookie;
|
|
44
|
-
// There is a bug when refreshing tokens where the selected sellerId is not the first
|
|
30
|
+
// There is a bug when refreshing tokens where the selected sellerId is not the first available sellerId
|
|
45
31
|
// so auth0 will add the first sellerId to the token but the session will have the selected one
|
|
46
32
|
// leading to unauthorized API errors
|
|
47
|
-
// Note:
|
|
33
|
+
// Note: The sessionTokenMismatch can be removed in case we migrate to a session store and re-enable all sellerIds in the token
|
|
48
34
|
const sessionTokenMismatch = !sessionCookieMismatch &&
|
|
49
35
|
sellerIdFromToken &&
|
|
50
36
|
sellerIdFromToken !== sellerIdFromCookie;
|
|
51
|
-
console.log('sessionCookieMismatch', sessionCookieMismatch);
|
|
52
|
-
console.log('sessionTokenMismatch', sessionTokenMismatch);
|
|
53
37
|
let selectedSellerId;
|
|
54
38
|
if (sellerIdFromCookie &&
|
|
55
39
|
!impersonateSellerId &&
|
|
56
40
|
(sessionCookieMismatch || sessionTokenMismatch)) {
|
|
57
|
-
console.log('Selected seller ID out of sync, redirecting to login to resync');
|
|
58
41
|
selectedSellerId = sellerIdFromCookie;
|
|
59
42
|
}
|
|
60
43
|
if (!selectedSellerId && !impersonateSellerId) {
|
|
61
|
-
console.log('All in sync, no action needed');
|
|
62
44
|
return null;
|
|
63
45
|
}
|
|
64
|
-
console.log('Redirecting to login for resynchronization', {
|
|
65
|
-
impersonateSellerId,
|
|
66
|
-
selectedSellerId,
|
|
67
|
-
currentSellerId: session.user.sellerId,
|
|
68
|
-
});
|
|
69
46
|
const response = redirectToLogin.redirectToLogin({
|
|
70
47
|
auth0Config,
|
|
71
48
|
language,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":["decodeJwt","redirectToLogin"],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":["decodeJwt","redirectToLogin"],"mappings":";;;;;AASO,MAAM,oCAAoC,GAAG,OAAO,EACzD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;AAEpD,IAAA,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClB,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,8BAA8B,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CACxD,WAAW,CAAC,0BAA0B,CAAC,IAAI,CAC5C,EAAE,KAAK;IAER,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,CAAC,8BAA8B,EAAE;AACvE,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,IAAI,mBAAuC;AAC3C,IAAA,IACE,8BAA8B;AAC9B,QAAA,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,8BAA8B,EACxD;QACA,mBAAmB,GAAG,8BAA8B;IACtD;AAEA,IAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC5C,WAAW,CAAC,sBAAsB,CAAC,IAAI,CACxC,EAAE,KAAK;AAER,IAAA,MAAM,YAAY,GAAG,OAAO,EAAE,QAAQ,CAAC;UACnCA,cAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW;UACtC,IAAI;IACR,MAAM,mBAAmB,GAAG,OAAO,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;IAC1D,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS;UAC3D,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;UAC7B,IAAI;AAER,IAAA,MAAM,qBAAqB,GACzB,kBAAkB,IAAI,mBAAmB,KAAK,kBAAkB;;;;;IAKlE,MAAM,oBAAoB,GACxB,CAAC,qBAAqB;QACtB,iBAAiB;QACjB,iBAAiB,KAAK,kBAAkB;AAE1C,IAAA,IAAI,gBAAoC;AACxC,IAAA,IACE,kBAAkB;AAClB,QAAA,CAAC,mBAAmB;AACpB,SAAC,qBAAqB,IAAI,oBAAoB,CAAC,EAC/C;QACA,gBAAgB,GAAG,kBAAkB;IACvC;AAEA,IAAA,IAAI,CAAC,gBAAgB,IAAI,CAAC,mBAAmB,EAAE;AAC7C,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,QAAQ,GAAGC,+BAAe,CAAC;QAC/B,WAAW;QACX,QAAQ;AACR,QAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;QAChC,MAAM;QACN,mBAAmB;QACnB,gBAAgB;AACjB,KAAA,CAAC;;IAGF,OAAO,CAAC,QAAQ,GAAG;AACjB,QAAA,WAAW,EAAE,EAAE;AACf,QAAA,SAAS,EAAE,CAAC;KACb;AACD,IAAA,MAAM,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnD,QAAA,GAAG,OAAO;AACV,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;AACtB,KAAA,CAAC;AAEF,IAAA,OAAO,QAAQ;AACjB;;;;"}
|
|
@@ -72,9 +72,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
72
72
|
response: authResponse,
|
|
73
73
|
auth0Config,
|
|
74
74
|
});
|
|
75
|
-
// FIXME: if we are out of since while using force refresh / the token is expired,
|
|
76
|
-
// the token set will get rotated with the wrong sellerId reusulting in a bad session where
|
|
77
|
-
// we detect the missmatch on a page route the but the XHR chain rotates with the outdated seller
|
|
78
75
|
// Access token handling - /api/auth/access-token
|
|
79
76
|
const accessTokenRequestResult = await token.handleAccessTokenRequest({
|
|
80
77
|
request,
|
|
@@ -104,18 +101,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
104
101
|
log('Auth route, returning response', { requestId: requestId$1 });
|
|
105
102
|
return authResponse;
|
|
106
103
|
}
|
|
107
|
-
// // Like that???
|
|
108
|
-
// console.log(redirectToLogin);
|
|
109
|
-
// const response = redirectToLogin({
|
|
110
|
-
// auth0Config,
|
|
111
|
-
// language,
|
|
112
|
-
// returnTo: `${pathname}${search}`,
|
|
113
|
-
// origin,
|
|
114
|
-
// impersonateSellerId,
|
|
115
|
-
// selectedSellerId,
|
|
116
|
-
// });
|
|
117
|
-
// await auth0Instance.updateSession(request, response, session);
|
|
118
|
-
// return response;
|
|
119
104
|
// Check if selected and impersonated seller are in sync across applications
|
|
120
105
|
const syncResponse = await crossApplicationStateSynchronization.crossApplicationStateSynchronization({
|
|
121
106
|
request,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","requestIdHeader","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","crossApplicationStateSynchronization","protectRoute","combineHeaders","NextResponse"],"mappings":";;;;;;;;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAGA,sBAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAMC,WAAS,GAAGC,8BAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;mBACxBD,WAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAGE,iCAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,aAAEH,WAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAGI,8BAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAACC,yBAAe,EAAEL,WAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,aAAEA,WAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAAM,oBAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,aAAEN,WAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAACK,yBAAe,EAAEL,WAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,aAAEA,WAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAAO,kCAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":["debug","requestId","getOrCreateRequestId","getAuth0Instance","getAuth0Config","handleCrossDomainLogout","requestIdHeader","addLoginParams","deleteRelatedSessionCookies","handleAccessTokenRequest","handleUserProfile","crossApplicationStateSynchronization","protectRoute","combineHeaders","NextResponse"],"mappings":";;;;;;;;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAGA,sBAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAMC,WAAS,GAAGC,8BAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;mBACxBD,WAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAGE,iCAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAGC,oBAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,aAAEH,WAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAGI,8BAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAACC,yBAAe,EAAEL,WAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,aAAEA,WAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAAM,oBAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,aAAEN,WAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAACK,yBAAe,EAAEL,WAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,aAAEA,WAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAAO,kCAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;;AAGF,IAAA,MAAM,wBAAwB,GAAG,MAAMC,8BAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;AAC5B,QAAA,GAAG,CAAC,8BAA8B,EAAE,aAAER,WAAS,EAAE,CAAC;AAClD,QAAA,OAAO,wBAAwB;IACjC;;AAGA,IAAA,MAAM,uBAAuB,GAAG,MAAMS,yBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,GAAG,CAAC,8BAA8B,EAAE,aAAET,WAAS,EAAE,CAAC;AAClD,QAAA,OAAO,uBAAuB;IAChC;;IAGA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,GAAG,CAAC,gCAAgC,EAAE,aAAEA,WAAS,EAAE,CAAC;AACpD,QAAA,OAAO,YAAY;IACrB;;AAGA,IAAA,MAAM,YAAY,GAAG,MAAMU,yEAAoC,CAAC;QAC9D,OAAO;QACP,QAAQ;QACR,aAAa;QACb,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,YAAY,EAAE;AAChB,QAAA,OAAO,YAAY;IACrB;;IAGA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,GAAG,CAAC,wBAAwB,EAAE,aAAEV,WAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAMW,yBAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,GAAG,CAAC,0BAA0B,EAAE;uBAC9BX,WAAS;AACT,YAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,SAAA,CAAC;AACF,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,GAAG,CAAC,sCAAsC,EAAE,aAAEA,WAAS,EAAE,CAAC;IAC1D,MAAM,aAAa,GAAGY,6BAAc,CAAC;AACnC,QAAA,kBAAkB,EAAEC,mBAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;IACF,aAAa,CAAC,OAAO,CAAC,GAAG,CAACR,yBAAe,EAAEL,WAAS,CAAC;AACrD,IAAA,OAAO,aAAa;AACtB;;;;"}
|
|
@@ -8,62 +8,39 @@ const crossApplicationStateSynchronization = async ({ request, language, auth0In
|
|
|
8
8
|
return null;
|
|
9
9
|
}
|
|
10
10
|
const impersonatedSellerIdFromCookie = request.cookies.get(auth0Config.impersonatedSellerIdCookie.name)?.value;
|
|
11
|
-
console.log('impersonatedSellerIdFromCookie', impersonatedSellerIdFromCookie);
|
|
12
|
-
console.log('typeof impersonatedSellerIdFromCookie', typeof impersonatedSellerIdFromCookie);
|
|
13
|
-
console.log('user.sellerId', typeof session?.user.sellerId);
|
|
14
|
-
console.log('typeof user.sellerId', typeof session?.user.sellerId);
|
|
15
|
-
console.log('session?.user.isMultiTenantUser', session?.user.isMultiTenantUser);
|
|
16
|
-
console.log('user: ', session?.user);
|
|
17
11
|
if (!session?.user.isMultiTenantUser && !impersonatedSellerIdFromCookie) {
|
|
18
|
-
console.log('User is not multi-tenant and no impersonation, no action needed');
|
|
19
12
|
return null;
|
|
20
13
|
}
|
|
21
14
|
let impersonateSellerId;
|
|
22
15
|
if (impersonatedSellerIdFromCookie &&
|
|
23
16
|
session.user.sellerId !== impersonatedSellerIdFromCookie) {
|
|
24
|
-
console.log('Impersonated seller ID out of sync, redirecting to login to resync');
|
|
25
17
|
impersonateSellerId = impersonatedSellerIdFromCookie;
|
|
26
18
|
}
|
|
27
19
|
const sellerIdFromCookie = request.cookies.get(auth0Config.selectedSellerIdCookie.name)?.value;
|
|
28
|
-
console.log('sellerIdFromCookie', sellerIdFromCookie);
|
|
29
|
-
console.log('typeof sellerIdFromCookie', typeof sellerIdFromCookie);
|
|
30
20
|
const decodedToken = session?.tokenSet.accessToken
|
|
31
21
|
? decodeJwt(session.tokenSet.accessToken)
|
|
32
22
|
: null;
|
|
33
|
-
// eslint-disable-next-line no-console
|
|
34
|
-
console.log('Decoded token info', {
|
|
35
|
-
decodedToken,
|
|
36
|
-
});
|
|
37
23
|
const sellerIdFromSession = session?.user.sellerId || null;
|
|
38
24
|
const sellerIdFromToken = Array.isArray(decodedToken?.sellerIds)
|
|
39
25
|
? decodedToken.sellerIds[0] || null
|
|
40
26
|
: null;
|
|
41
27
|
const sessionCookieMismatch = sellerIdFromCookie && sellerIdFromSession !== sellerIdFromCookie;
|
|
42
|
-
// There is a bug when refreshing tokens where the selected sellerId is not the first
|
|
28
|
+
// There is a bug when refreshing tokens where the selected sellerId is not the first available sellerId
|
|
43
29
|
// so auth0 will add the first sellerId to the token but the session will have the selected one
|
|
44
30
|
// leading to unauthorized API errors
|
|
45
|
-
// Note:
|
|
31
|
+
// Note: The sessionTokenMismatch can be removed in case we migrate to a session store and re-enable all sellerIds in the token
|
|
46
32
|
const sessionTokenMismatch = !sessionCookieMismatch &&
|
|
47
33
|
sellerIdFromToken &&
|
|
48
34
|
sellerIdFromToken !== sellerIdFromCookie;
|
|
49
|
-
console.log('sessionCookieMismatch', sessionCookieMismatch);
|
|
50
|
-
console.log('sessionTokenMismatch', sessionTokenMismatch);
|
|
51
35
|
let selectedSellerId;
|
|
52
36
|
if (sellerIdFromCookie &&
|
|
53
37
|
!impersonateSellerId &&
|
|
54
38
|
(sessionCookieMismatch || sessionTokenMismatch)) {
|
|
55
|
-
console.log('Selected seller ID out of sync, redirecting to login to resync');
|
|
56
39
|
selectedSellerId = sellerIdFromCookie;
|
|
57
40
|
}
|
|
58
41
|
if (!selectedSellerId && !impersonateSellerId) {
|
|
59
|
-
console.log('All in sync, no action needed');
|
|
60
42
|
return null;
|
|
61
43
|
}
|
|
62
|
-
console.log('Redirecting to login for resynchronization', {
|
|
63
|
-
impersonateSellerId,
|
|
64
|
-
selectedSellerId,
|
|
65
|
-
currentSellerId: session.user.sellerId,
|
|
66
|
-
});
|
|
67
44
|
const response = redirectToLogin({
|
|
68
45
|
auth0Config,
|
|
69
46
|
language,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"crossApplicationStateSynchronization.js","sources":["../../../../../src/server/middleware/crossApplicationStateSynchronization.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AASO,MAAM,oCAAoC,GAAG,OAAO,EACzD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;AAEpD,IAAA,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClB,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,8BAA8B,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CACxD,WAAW,CAAC,0BAA0B,CAAC,IAAI,CAC5C,EAAE,KAAK;IAER,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,iBAAiB,IAAI,CAAC,8BAA8B,EAAE;AACvE,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,IAAI,mBAAuC;AAC3C,IAAA,IACE,8BAA8B;AAC9B,QAAA,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,8BAA8B,EACxD;QACA,mBAAmB,GAAG,8BAA8B;IACtD;AAEA,IAAA,MAAM,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC5C,WAAW,CAAC,sBAAsB,CAAC,IAAI,CACxC,EAAE,KAAK;AAER,IAAA,MAAM,YAAY,GAAG,OAAO,EAAE,QAAQ,CAAC;UACnC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW;UACtC,IAAI;IACR,MAAM,mBAAmB,GAAG,OAAO,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI;IAC1D,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS;UAC3D,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;UAC7B,IAAI;AAER,IAAA,MAAM,qBAAqB,GACzB,kBAAkB,IAAI,mBAAmB,KAAK,kBAAkB;;;;;IAKlE,MAAM,oBAAoB,GACxB,CAAC,qBAAqB;QACtB,iBAAiB;QACjB,iBAAiB,KAAK,kBAAkB;AAE1C,IAAA,IAAI,gBAAoC;AACxC,IAAA,IACE,kBAAkB;AAClB,QAAA,CAAC,mBAAmB;AACpB,SAAC,qBAAqB,IAAI,oBAAoB,CAAC,EAC/C;QACA,gBAAgB,GAAG,kBAAkB;IACvC;AAEA,IAAA,IAAI,CAAC,gBAAgB,IAAI,CAAC,mBAAmB,EAAE;AAC7C,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,QAAQ,GAAG,eAAe,CAAC;QAC/B,WAAW;QACX,QAAQ;AACR,QAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;QAChC,MAAM;QACN,mBAAmB;QACnB,gBAAgB;AACjB,KAAA,CAAC;;IAGF,OAAO,CAAC,QAAQ,GAAG;AACjB,QAAA,WAAW,EAAE,EAAE;AACf,QAAA,SAAS,EAAE,CAAC;KACb;AACD,IAAA,MAAM,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE;AACnD,QAAA,GAAG,OAAO;AACV,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;AACtB,KAAA,CAAC;AAEF,IAAA,OAAO,QAAQ;AACjB;;;;"}
|
|
@@ -66,9 +66,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
66
66
|
response: authResponse,
|
|
67
67
|
auth0Config,
|
|
68
68
|
});
|
|
69
|
-
// FIXME: if we are out of since while using force refresh / the token is expired,
|
|
70
|
-
// the token set will get rotated with the wrong sellerId reusulting in a bad session where
|
|
71
|
-
// we detect the missmatch on a page route the but the XHR chain rotates with the outdated seller
|
|
72
69
|
// Access token handling - /api/auth/access-token
|
|
73
70
|
const accessTokenRequestResult = await handleAccessTokenRequest({
|
|
74
71
|
request,
|
|
@@ -98,18 +95,6 @@ const authMiddleware = async ({ request, isProtectedRoute, language, host, proto
|
|
|
98
95
|
log('Auth route, returning response', { requestId });
|
|
99
96
|
return authResponse;
|
|
100
97
|
}
|
|
101
|
-
// // Like that???
|
|
102
|
-
// console.log(redirectToLogin);
|
|
103
|
-
// const response = redirectToLogin({
|
|
104
|
-
// auth0Config,
|
|
105
|
-
// language,
|
|
106
|
-
// returnTo: `${pathname}${search}`,
|
|
107
|
-
// origin,
|
|
108
|
-
// impersonateSellerId,
|
|
109
|
-
// selectedSellerId,
|
|
110
|
-
// });
|
|
111
|
-
// await auth0Instance.updateSession(request, response, session);
|
|
112
|
-
// return response;
|
|
113
98
|
// Check if selected and impersonated seller are in sync across applications
|
|
114
99
|
const syncResponse = await crossApplicationStateSynchronization({
|
|
115
100
|
request,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAG,KAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;QACxB,SAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,EAAE,SAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAA,cAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAA,2BAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../src/server/middleware/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;;;AAkBA,MAAM,GAAG,GAAG,KAAK,CAAC,iCAAiC,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,KAAK,GASN,KAA2B;AAC1B,IAAA,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC;AAE/C,IAAA,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO;IACpC,GAAG,CAAC,oBAAoB,EAAE;QACxB,SAAS;QACT,QAAQ;QACR,IAAI;QACJ,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM;AACvB,KAAA,CAAC;IAEF,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,IAAI;QACJ,QAAQ;AACT,KAAA,CAAC;AAEF,IAAA,MAAM,WAAW,GAAG,cAAc,EAAE;IACpC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC;IAC3E,GAAG,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAElE,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;QACtD,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;QAC3B,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AAC/D,QAAA,GAAG,CAAC,2CAA2C,EAAE,EAAE,SAAS,EAAE,CAAC;AAC/D,QAAA,OAAO,uBAAuB;IAChC;;AAGA,IAAA,cAAc,CAAC;QACb,OAAO;QACP,WAAW;AACZ,KAAA,CAAC;AAEF,IAAA,GAAG,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,CAAC;IAC9C,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAC5D,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACpD,IAAA,GAAG,CAAC,4BAA4B,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;;AAG7E,IAAA,2BAA2B,CAAC;QAC1B,IAAI;QACJ,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,WAAW;AACZ,KAAA,CAAC;;AAGF,IAAA,MAAM,wBAAwB,GAAG,MAAM,wBAAwB,CAAC;QAC9D,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,OAAO;AACR,KAAA,CAAC;IACF,IAAI,wBAAwB,EAAE;AAC5B,QAAA,GAAG,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,CAAC;AAClD,QAAA,OAAO,wBAAwB;IACjC;;AAGA,IAAA,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,CAAC;QACtD,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,aAAa;QACb,WAAW;QACX,KAAK;AACN,KAAA,CAAC;IACF,IAAI,uBAAuB,EAAE;AAC3B,QAAA,GAAG,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,CAAC;AAClD,QAAA,OAAO,uBAAuB;IAChC;;IAGA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,GAAG,CAAC,gCAAgC,EAAE,EAAE,SAAS,EAAE,CAAC;AACpD,QAAA,OAAO,YAAY;IACrB;;AAGA,IAAA,MAAM,YAAY,GAAG,MAAM,oCAAoC,CAAC;QAC9D,OAAO;QACP,QAAQ;QACR,aAAa;QACb,WAAW;AACZ,KAAA,CAAC;IACF,IAAI,YAAY,EAAE;AAChB,QAAA,OAAO,YAAY;IACrB;;IAGA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,GAAG,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnE,IAAA,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC;QAC5C,WAAW;QACX,aAAa;QACb,WAAW;QACX,QAAQ;QACR,OAAO;AACP,QAAA,QAAQ,EAAE,YAAY;QACtB,OAAO;AACR,KAAA,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,GAAG,CAAC,0BAA0B,EAAE;YAC9B,SAAS;AACT,YAAA,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,GAAG;AAC9C,SAAA,CAAC;AACF,QAAA,OAAO,kBAAkB;IAC3B;AAEA,IAAA,GAAG,CAAC,sCAAsC,EAAE,EAAE,SAAS,EAAE,CAAC;IAC1D,MAAM,aAAa,GAAG,cAAc,CAAC;AACnC,QAAA,kBAAkB,EAAE,YAAY,CAAC,IAAI,CAAC;AACpC,YAAA,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,aAAA;SACF,CAAC;QACF,YAAY;AACb,KAAA,CAAC;IACF,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC;AACrD,IAAA,OAAO,aAAa;AACtB;;;;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@smg-automotive/auth",
|
|
3
|
-
"version": "8.3.0-lschuerch-FED-782-sync-tenant.
|
|
3
|
+
"version": "8.3.0-lschuerch-FED-782-sync-tenant.8",
|
|
4
4
|
"description": "SMG Automotive auth package",
|
|
5
5
|
"exports": {
|
|
6
6
|
".": {
|
|
@@ -90,7 +90,7 @@
|
|
|
90
90
|
"whatwg-fetch": "3.6.20"
|
|
91
91
|
},
|
|
92
92
|
"dependencies": {
|
|
93
|
-
"@auth0/nextjs-auth0": "4.
|
|
93
|
+
"@auth0/nextjs-auth0": "4.13.0",
|
|
94
94
|
"@smg-automotive/api-client-pkg": "4.5.0",
|
|
95
95
|
"@smg-automotive/i18n-pkg": "2.0.0",
|
|
96
96
|
"debug": "4.4.3",
|