changed fiware service header to service authorization header

ging · Oct 13, 2020 · 9b8006d · 9b8006d
1 parent c2fa6f3
commit 9b8006d
Show file tree

Hide file tree

Showing 20 changed files with 543 additions and 673 deletions.
diff --git a/config.js b/config.js
@@ -11,26 +11,24 @@ config.https = {
   cert_file: 'certs/idm-2018-cert.pem',
   key_file: 'certs/idm-2018-key.pem',
   ca_certs: [],
-  port: 443,
+  port: 443
 };
 
 // Config email list type to use domain filtering
 config.email_list_type = null; // whitelist or blacklist
 
 // Enable 2fa authentication
-config.enable_2fa = (process.env.IDM_ENABLE_2FA || false );
+config.enable_2fa = process.env.IDM_ENABLE_2FA || false;
 
 // Secret for user sessions in web
 config.session = {
-  secret: require('crypto')
-    .randomBytes(20)
-    .toString('hex'), // Must be changed
-  expires: 60 * 60 * 1000, // 1 hour
+  secret: require('crypto').randomBytes(20).toString('hex'), // Must be changed
+  expires: 60 * 60 * 1000 // 1 hour
 };
 
 // Key to encrypt user passwords
 config.password_encryption = {
-  key: 'nodejs_idm', // Must be changed
+  key: 'nodejs_idm' // Must be changed
 };
 
 // Enable CORS
@@ -45,9 +43,9 @@ config.cors = {
     credentials: undefined,
     maxAge: undefined,
     preflightContinue: false,
-    optionsSuccessStatus: 204,
+    optionsSuccessStatus: 204
     /* eslint-enable snakecase/snakecase */
-  },
+  }
 };
 
 // Config oauth2 parameters
@@ -56,14 +54,14 @@ config.oauth2 = {
   access_token_lifetime: 60 * 60, // One hour
   ask_authorization: true, // Prompt a message to users to allow the application to read their details
   refresh_token_lifetime: 60 * 60 * 24 * 14, // Two weeks
-  unique_url: false, // This parameter allows to verify that an application with the same url
+  unique_url: false // This parameter allows to verify that an application with the same url
   // does not exist when creating or editing it. If there are already applications
   // with the same URL, they should be changed manually
 };
 
 // Config api parameters
 config.api = {
-  token_lifetime: 60 * 60, // One hour
+  token_lifetime: 60 * 60 // One hour
 };
 
 // Configure Policy Decision Point (PDP)
@@ -77,27 +75,27 @@ config.authorization = {
   authzforce: {
     enabled: false,
     host: 'localhost',
-    port: 8080,
-  },
+    port: 8080
+  }
 };
 
 // Enable usage control and configure where is the Policy Translation Point
 config.usage_control = {
   enabled: false,
   ptp: {
     host: 'localhost',
-    port: 8081,
-  },
+    port: 8081
+  }
 };
 
 // Database info
 config.database = {
   host: 'localhost',
-  password: 'idm',
+  password: 'test',
   username: 'root',
   database: 'idm',
   dialect: 'mysql',
-  port: undefined,
+  port: undefined
 };
 
 // External user authentication
@@ -113,29 +111,29 @@ config.external_auth = {
     username: 'db_user',
     password: 'db_pass',
     user_table: 'user_view',
-    dialect: 'mysql',
-  },
+    dialect: 'mysql'
+  }
 };
 
 // Email configuration
 config.mail = {
   host: 'localhost',
   port: 25,
-  from: 'noreply@localhost',
+  from: 'noreply@localhost'
 };
 
 // Config themes
 config.site = {
   title: 'Identity Manager',
-  theme: 'default',
+  theme: 'default'
 };
 
 // Config eIDAS Authentication
 config.eidas = {
   enabled: false,
   gateway_host: 'localhost',
   node_host: 'https://se-eidas.redsara.es/EidasNode/ServiceProvider',
-  metadata_expiration: 60 * 60 * 24 * 365, // One year
+  metadata_expiration: 60 * 60 * 24 * 365 // One year
 };
 
 // Enables the possibility of adding identity attributes in users' profile
@@ -148,45 +146,45 @@ config.identity_attributes = {
       key: 'vision',
       type: 'number',
       minVal: '0',
-      maxVal: '100',
+      maxVal: '100'
     },
     {
       name: 'Color Perception',
       key: 'color',
       type: 'number',
       minVal: '0',
-      maxVal: '100',
+      maxVal: '100'
     },
     {
       name: 'Hearing',
       key: 'hearing',
       type: 'number',
       minVal: '0',
-      maxVal: '100',
+      maxVal: '100'
     },
     {
       name: 'Vocal Capability',
       key: 'vocal',
       type: 'number',
       minVal: '0',
-      maxVal: '100',
+      maxVal: '100'
     },
     {
       name: 'Manipulation Strength',
       key: 'manipulation',
       type: 'number',
       minVal: '0',
-      maxVal: '100',
+      maxVal: '100'
     },
     { name: 'Reach', key: 'reach', type: 'number', minVal: '0', maxVal: '100' },
     {
       name: 'Cognition',
       key: 'cognition',
       type: 'number',
       minVal: '0',
-      maxVal: '100',
-    },
-  ],
+      maxVal: '100'
+    }
+  ]
   /* eslint-enable snakecase/snakecase */
 };
 

diff --git a/controllers/api/permissions.js b/controllers/api/permissions.js
@@ -70,11 +70,11 @@ exports.index = function (req, res) {
         'description',
         'action',
         'resource',
-        'fiware_service',
-        'use_fiware_service',
-        'xml',
+        'authorization_service_header',
+        'use_authorization_service_header',
+        'xml'
       ],
-      order: [['id', 'DESC']],
+      order: [['id', 'DESC']]
     })
     .then(function (permissions) {
       if (permissions.length > 0) {
@@ -112,8 +112,7 @@ exports.create = function (req, res) {
     .then(function () {
       // Build a row and validate if input values are correct (not empty) before saving values in permission table
       req.body.permission.is_regex = !!req.body.permission.is_regex;
-      req.body.permission.use_fiware_service = !!req.body.permission
-        .use_fiware_service;
+      req.body.permission.use_authorization_service_header = !!req.body.permission.use_authorization_service_header;
       const permission = models.permission.build(req.body.permission);
       permission.id = uuid.v4();
       permission.is_internal = false;
@@ -127,12 +126,12 @@ exports.create = function (req, res) {
           'description',
           'action',
           'resource',
-          'fiware_service',
-          'use_fiware_service',
+          'authorization_service_header',
+          'use_authorization_service_header',
           'xml',
           'is_regex',
-          'oauth_client_id',
-        ],
+          'oauth_client_id'
+        ]
       });
     })
     .then(function (permission) {
@@ -194,19 +193,19 @@ exports.update = function (req, res) {
           ? req.body.permission.is_regex
           : req.permission.is_regex;
 
-        req.permission.use_fiware_service = Object.prototype.hasOwnProperty.call(
+        req.permission.use_authorization_service_header = Object.prototype.hasOwnProperty.call(
           req.body.permission,
-          'use_fiware_service'
+          'use_authorization_service_header'
         )
-          ? req.body.permission.use_fiware_service
-          : req.permission.use_fiware_service;
+          ? req.body.permission.use_authorization_service_header
+          : req.permission.use_authorization_service_header;
 
-        req.permission.fiware_service = Object.prototype.hasOwnProperty.call(
+        req.permission.authorization_service_header = Object.prototype.hasOwnProperty.call(
           req.body.permission,
-          'fiware_service'
+          'authorization_service_header'
         )
-          ? req.body.permission.fiware_service
-          : req.permission.fiware_service;
+          ? req.body.permission.authorization_service_header
+          : req.permission.authorization_service_header;
 
         return req.permission.save();
       })
@@ -303,15 +302,13 @@ function check_create_body_request(body) {
 
     if (config_authzforce.level === 'advanced') {
       if (
-        (body.permission.resource ||
-          body.permission.action ||
-          body.permission.use_fiware_service) &&
+        (body.permission.resource || body.permission.action || body.permission.use_authorization_service_header) &&
         body.permission.xml
       ) {
         reject({
           error: {
             message:
-              'Cannot set action, resource, fiware_service and use_fiware_service at the same time as xacml rule',
+              'Cannot set action, resource, authorization_service_header and use_authorization_service_header at the same time as xacml rule',
             code: 400,
             title: 'Bad Request'
           }
@@ -351,35 +348,33 @@ function check_create_body_request(body) {
       }
     }
 
-    if (body.permission.use_fiware_service) {
-      if (typeof body.permission.use_fiware_service !== 'boolean') {
+    if (body.permission.use_authorization_service_header) {
+      if (typeof body.permission.use_authorization_service_header !== 'boolean') {
         reject({
           error: {
-            message: 'use_fiware_service attribute must be a boolean',
+            message: 'use_authorization_service_header attribute must be a boolean',
             code: 400,
-            title: 'Bad Request',
-          },
+            title: 'Bad Request'
+          }
         });
       }
     }
-    if (body.permission.use_fiware_service && !body.permission.fiware_service) {
+    if (body.permission.use_authorization_service_header && !body.permission.authorization_service_header) {
       reject({
         error: {
-          message:
-            'if use_fiware_service is set, fiware_service needs to be set',
+          message: 'if use_authorization_service_header is set, authorization_service_header needs to be set',
           code: 400,
-          title: 'Bad Request',
-        },
+          title: 'Bad Request'
+        }
       });
     }
-    if (!body.permission.use_fiware_service && body.permission.fiware_service) {
+    if (!body.permission.use_authorization_service_header && body.permission.authorization_service_header) {
       reject({
         error: {
-          message:
-            'if fiware_service is set, use_fiware_service needs to be set',
+          message: 'if authorization_service_header is set, use_authorization_service_header needs to be set',
           code: 400,
-          title: 'Bad Request',
-        },
+          title: 'Bad Request'
+        }
       });
     }
     resolve();
@@ -431,15 +426,13 @@ function check_update_body_request(body) {
 
     if (config_authzforce.level === 'advanced') {
       if (
-        (body.permission.resource ||
-          body.permission.action ||
-          body.permission.use_fiware_service) &&
+        (body.permission.resource || body.permission.action || body.permission.use_authorization_service_header) &&
         body.permission.xml
       ) {
         reject({
           error: {
             message:
-              'Cannot set action, resource, fiware_service and use_fiware_service at the same time as xacml rule',
+              'Cannot set action, resource, authorization_service_header and use_authorization_service_header at the same time as xacml rule',
             code: 400,
             title: 'Bad Request'
           }
@@ -459,35 +452,33 @@ function check_update_body_request(body) {
       }
     }
 
-    if (body.permission.use_fiware_service) {
-      if (typeof body.permission.use_fiware_service !== 'boolean') {
+    if (body.permission.use_authorization_service_header) {
+      if (typeof body.permission.use_authorization_service_header !== 'boolean') {
         reject({
           error: {
-            message: 'use_fiware_service attribute must be a boolean',
+            message: 'use_authorization_service_header attribute must be a boolean',
             code: 400,
-            title: 'Bad Request',
-          },
+            title: 'Bad Request'
+          }
         });
       }
     }
-    if (body.permission.use_fiware_service && !body.permission.fiware_service) {
+    if (body.permission.use_authorization_service_header && !body.permission.authorization_service_header) {
       reject({
         error: {
-          message:
-            'if use_fiware_service is set, fiware_service needs to be set',
+          message: 'if use_authorization_service_header is set, authorization_service_header needs to be set',
           code: 400,
-          title: 'Bad Request',
-        },
+          title: 'Bad Request'
+        }
       });
     }
-    if (!body.permission.use_fiware_service && body.permission.fiware_service) {
+    if (!body.permission.use_authorization_service_header && body.permission.authorization_service_header) {
       reject({
         error: {
-          message:
-            'if fiware_service is set, use_fiware_service needs to be set',
+          message: 'if authorization_service_header is set, use_authorization_service_header needs to be set',
           code: 400,
-          title: 'Bad Request',
-        },
+          title: 'Bad Request'
+        }
       });
     }
     resolve();