From 81cc86c442bc6ac2f1dbfe697a9a2b58b8cdbc16 Mon Sep 17 00:00:00 2001 From: Flavio A Date: Sun, 20 Dec 2020 18:41:15 -0500 Subject: [PATCH 1/2] Adding secrets to user --- API/Functions/Users/index.js | 24 +++++++++++++- client/src/App.js | 22 +++++++++++-- client/src/components/SecretCodeScreen.js | 38 ++++++++++++---------- client/src/constants.js | 1 + devutils/generateDataCreditoCredentials.js | 2 +- serverless.yml | 13 ++++++++ shared/models/user.model.js | 4 +++ 7 files changed, 81 insertions(+), 23 deletions(-) diff --git a/API/Functions/Users/index.js b/API/Functions/Users/index.js index 92f3841..942935d 100644 --- a/API/Functions/Users/index.js +++ b/API/Functions/Users/index.js @@ -1,5 +1,5 @@ const UserRepo = require("./../../../shared/database/repos/user.repo"); - +const { encrypt, decrypt } = require('../../../shared/utils/crypto') module.exports.getUserInformation = async () => { try { const result = await UserRepo.getUser( @@ -60,3 +60,25 @@ module.exports.addNewCategory = async (event) => { }; } }; + +module.exports.checkSecretKey = async (event)=>{ + const body = event.body ? JSON.parse(event.body) : {}; + + if(!body.secretKey) return { + statusCode: 400 + } + + const user = await UserRepo.getUser({ + emails: process.env.EMAIL_USERNAME, + }) + + if(!user.secretKey) return {statusCode: 409} + + const userKey = decrypt(user.secretKey) + + if(userKey !== body.secretKey) return { statusCode: 401 } + + return { + statusCode: 200 + } +} \ No newline at end of file diff --git a/client/src/App.js b/client/src/App.js index 699a830..af7ac11 100644 --- a/client/src/App.js +++ b/client/src/App.js @@ -14,7 +14,7 @@ class App extends React.Component { constructor(props) { super(props); this.state = { - secret: "null", + secret: null, user: {}, banks: [], prepayments: [], @@ -37,12 +37,27 @@ class App extends React.Component { }; componentDidMount = () => { + if(!this.state.secretKey) return; + this.loadInitialData() + }; + + loadInitialData(){ this.getPrePayments(); this.getUserInformation() - }; + } + componentDidUpdate(prevProps, prevState){ + const { secret } = prevState + if(!secret && this.state.secret){ + this.loadInitialData() + } + } onLoginClick = (secret) => { - console.log(secret); + axios.post(constants.basepath + constants.routes.secret, { + secretKey: secret + }).then(result=>{ + this.setState({secret: true}) + }).catch(err=>console.error(err)) }; getUserInformation = () => { @@ -89,6 +104,7 @@ class App extends React.Component { } }) } + render() { const { prepayments, secret, user } = this.state; diff --git a/client/src/components/SecretCodeScreen.js b/client/src/components/SecretCodeScreen.js index 2bd88a8..e9c0565 100644 --- a/client/src/components/SecretCodeScreen.js +++ b/client/src/components/SecretCodeScreen.js @@ -2,29 +2,31 @@ import React from "react"; import { PasswordStrengthMeter, TextField, Icon, Button } from "emerald-ui/lib"; const SecretCodeScreen = (props) => { - const { - onLoginClick = ()=>null - } = props - const [secretPassword, setSecret] = React.useState('') + const { onLoginClick = () => null } = props; + const [secretPassword, setSecret] = React.useState(""); return (
- - console.log(evt.target)} - label="Ingrese su Llave de acceso: " - type="password" - style={{ width: "250px" }} - /> - -
diff --git a/client/src/constants.js b/client/src/constants.js index 4d4d60f..bba3dbd 100644 --- a/client/src/constants.js +++ b/client/src/constants.js @@ -7,5 +7,6 @@ export default { datacredit: '/datacredit', user: '/user', categories: '/user/categories', + secret: '/user/secret', } } \ No newline at end of file diff --git a/devutils/generateDataCreditoCredentials.js b/devutils/generateDataCreditoCredentials.js index 12a5713..c634d61 100644 --- a/devutils/generateDataCreditoCredentials.js +++ b/devutils/generateDataCreditoCredentials.js @@ -1,6 +1,6 @@ const { encrypt } = require('../shared/utils/crypto') -const username = "user"; +const username = "Ariadna2202"; const password = "passwprd"; const secondpass = "secondpass"; diff --git a/serverless.yml b/serverless.yml index d26b784..7d35483 100644 --- a/serverless.yml +++ b/serverless.yml @@ -100,6 +100,19 @@ functions: - enabled: true - origin: "*" - headers: "Access-Control-Allow-Origin" + CheckUserSecret: + handler: API/Functions/Users.checkSecretKey + name: UserRepo-post-secretKey-${opt:stage} + environment: + EMAIL_USERNAME: ${file(./config/${opt:stage}.json):EMAIL_USERNAME} + events: + - http: + path: /user/secret + method: POST + cors: + - enabled: true + - origin: "*" + - headers: "Access-Control-Allow-Origin" SaveCategory: handler: API/Functions/Users.addNewCategory name: UserRepo-Categories-POST-${opt:stage} diff --git a/shared/models/user.model.js b/shared/models/user.model.js index 9d5d0ad..502efa5 100644 --- a/shared/models/user.model.js +++ b/shared/models/user.model.js @@ -8,6 +8,10 @@ const userSchema = mongoose.Schema( index: true, required: false, }, + secretKey: { + iv: String, + content: String, + }, email: { type: String, required: true, From 456739f99ab36bc131b476bfaf09bd4b291d5197 Mon Sep 17 00:00:00 2001 From: Andres Date: Sun, 20 Dec 2020 20:06:22 -0500 Subject: [PATCH 2/2] Sending Access-Control-Allow-Origin headers on response. --- API/Functions/Users/index.js | 28 +++++++++++++++++----- devutils/generateDataCreditoCredentials.js | 2 +- serverless.yml | 1 + 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/API/Functions/Users/index.js b/API/Functions/Users/index.js index 942935d..0b3e7a7 100644 --- a/API/Functions/Users/index.js +++ b/API/Functions/Users/index.js @@ -61,24 +61,40 @@ module.exports.addNewCategory = async (event) => { } }; -module.exports.checkSecretKey = async (event)=>{ +module.exports.checkSecretKey = async (event) => { const body = event.body ? JSON.parse(event.body) : {}; - if(!body.secretKey) return { - statusCode: 400 + if (!body.secretKey) return { + statusCode: 400, + headers: { + "Access-Control-Allow-Origin": "*", + } } const user = await UserRepo.getUser({ emails: process.env.EMAIL_USERNAME, }) - if(!user.secretKey) return {statusCode: 409} + if (!user.secretKey) return { + statusCode: 409, + headers: { + "Access-Control-Allow-Origin": "*", + } + } const userKey = decrypt(user.secretKey) - if(userKey !== body.secretKey) return { statusCode: 401 } + if (userKey !== body.secretKey) return { + statusCode: 401, + headers: { + "Access-Control-Allow-Origin": "*", + } + } return { - statusCode: 200 + statusCode: 200, + headers: { + "Access-Control-Allow-Origin": "*", + } } } \ No newline at end of file diff --git a/devutils/generateDataCreditoCredentials.js b/devutils/generateDataCreditoCredentials.js index c634d61..24e52b8 100644 --- a/devutils/generateDataCreditoCredentials.js +++ b/devutils/generateDataCreditoCredentials.js @@ -1,6 +1,6 @@ const { encrypt } = require('../shared/utils/crypto') -const username = "Ariadna2202"; +const username = "XXXXXXX"; const password = "passwprd"; const secondpass = "secondpass"; diff --git a/serverless.yml b/serverless.yml index 46b2538..1275474 100644 --- a/serverless.yml +++ b/serverless.yml @@ -115,6 +115,7 @@ functions: - enabled: true - origin: "*" - headers: "Access-Control-Allow-Origin" + SaveCategory: handler: API/Functions/Users.addNewCategory name: UserRepo-Categories-POST-${opt:stage}