Enrich jwt payload with name and role

betagouv · Mar 27, 2017 · 8c335d4 · 8c335d4
1 parent 843f23c
commit 8c335d4
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 6 deletions.
diff --git a/server/api/auth/auth.controller.js b/server/api/auth/auth.controller.js
@@ -14,7 +14,7 @@ class AuthController {
       if (error) return res.status(401).json(error)
       if (!user) return res.status(404).json({ message: 'Something went wrong, please try again.' })
 
-      var token = auth.signToken(user._id, user.role)
+      var token = auth.signToken(user._id, user.role, user.email)
       res.json({ token: token })
     })(req, res, next)
   }

diff --git a/server/api/auth/auth.service.js b/server/api/auth/auth.service.js
@@ -56,16 +56,16 @@ function hasRole(roleRequired) {
 /**
  * Returns a jwt token signed by the app secret
  */
-function signToken(id) {
-  return jwt.sign({ _id: id }, config.secrets.session, { expiresIn: 60 * 60 * 10 })
+function signToken(id, role, name) {
+  return jwt.sign({ _id: id, role, name }, config.secrets.session, { expiresIn: 60 * 60 * 10 })
 }
 
 /**
  * Set token cookie directly for oAuth strategies
  */
 function setTokenCookie(req, res) {
   if (!req.user) return res.json(404, { message: 'Something went wrong, please try again.'})
-  var token = signToken(req.user._id, req.user.role)
+  var token = signToken(req.user._id, req.user.role, req.user.email)
   res.cookie('token', JSON.stringify(token))
   res.redirect('/')
 }

diff --git a/server/api/auth/passport-strategy.js b/server/api/auth/passport-strategy.js
@@ -10,7 +10,7 @@ exports.setup = function (User) {
     function (email, password, done) {
       User
         .findOne({ email: email.toLowerCase() })
-        .select('salt hashedPassword')
+        .select('salt hashedPassword email role')
         .exec(function (err, user) {
           if (err) return done(err)
 

diff --git a/server/api/auth/test/auth.api.test.js b/server/api/auth/test/auth.api.test.js
@@ -1,5 +1,7 @@
 const supertest = require('supertest')
+const jwt = require('jsonwebtoken')
 const Server = require('../../server')
+const expect = require('expect')
 
 describe('api: auth', () => {
   let app
@@ -34,16 +36,29 @@ describe('api: auth', () => {
       })
     })
     describe('When email and password are valid', () => {
+      const validEmail = 'peel@univ-lorraine.fr'
       it('should return 200 and a token given', (done) => {
         supertest(app)
           .post('/api/auth/')
-          .send({ email: 'peel@univ-lorraine.fr', password: 'test' })
+          .send({ email: validEmail, password: 'test' })
           .expect(200)
           .expect((res) => {
             if (!('token' in res.body)) {
               throw new Error('Missing token key')
             }
             validToken = res.body.token
+            describe('Token payload', () => {
+              const tokenPayload = jwt.decode(validToken, {complete: true}).payload
+              it('should contain _id', () => {
+                expect(tokenPayload).toInclude({ '_id': 21 })
+              })
+              it('should contain name', () => {
+                expect(tokenPayload).toInclude({ 'name': validEmail })
+              })
+              it('should contain a role', () => {
+                expect(tokenPayload).toInclude({ 'role': 'pepite' })
+              })
+            })
           })
           .end(done)
       })