I believe to have spent many hours on decoding this box of pendora by strongloop REST framework for NodeJS. I have successfully managed to setup a two factor authentication module following the tutorial. That is working fine, with mongo setup as datasource for users.
I have 2 questions to ask:
1) Once the User.Create() is executed, the following model structure is stored in database and sent as a response to client.
{
"id": "RMQ1dC03Ws8swaxPNvqKLPXEbOw6PcKYPisjsQgOuPmqmqJ0hEJKNzsjROppQAHy",
"ttl": 86400,
"created": "2015-08-17T18:18:56.158Z",
"userId": "55d2259032786ce55eeed0fca",
"user": {
"email": "somemail@gmail.com",
"id": "55d2259032786ce55eeed0fca"
}
}
The id field is accessToken and userId is identifier against the user. ttl specifies the expiration time for the token, by default its 2 weeks, but if I User.login() anytime, a different accessToken is generated.
How should I validate any user request against any accessToken provided in the URL?
2) I want to create a superUser or admin user to access all the accessTokens against any user, the permission is denied by default. To do this I have created a user with role admin in the boot script:
module.exports = function(app) {
var role = app.models.Role;
var roleMapping = app.models.RoleMapping;
app.models.User.login({email: 'somemail@gmail.com', password: '124154'}, function(err, accessToken) {
if (err) return console.error(err);
console.log(accessToken);
role.create({
name:'admin'
}, function(err, rtnRole){
if (err) {
console.log('role error');
return console.error(err);
}
rtnRole.principals.create({
principalType: roleMapping.USER,
principalId: accessToken.userId
}, function(err, principal){
if (err) return console.error(err);
console.dir(principal);
});
});
});
};
Output:
{ principalType: 'USER',
principalId: '55d168c82de07a275c07921f',
roleId: 1,
id: 1 }
...Still this user is not authorized for accesstokens.. How should I get admin control? And authenticate any user request with tokens?
UPDATE
Having followed the steps provided by @Thibault, I am able to generate acl for admin. This is what my model.json looks like now:
{
"name": "BudUser",
"base": "User",
"idInjection": true,
"options": {
"validateUpsert": true
},
"properties": {
"email": {
"type": "string",
"required": true,
"index": {
"unique": true
}
},
"number": {
"type": "string"
}
},
"validations": [],
"relations": {},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "requestCode"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "loginWithCode"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
}
],
"methods": {}
}
How to query https://nodews-somedomain.c9.io:443/api/BudUsers/id/accessTokens to get all accessToken of the user? And how to authenticate a user request that looks like:
https://nodews-faizanjehangir.c9.io:443/api/BudUsers/getList?accessToken=214392174214jh21hgj12g4
Also, should I be worried about tokens generation and expiration? Should I store them in database?
