- Manage multiple login, in different browsers... Multi Token...

server/middleware/authenticate.js

@@ -1,3 +1,5 @@
+const server_constants = require('../tools/server_constants');
+
 var {User} = require('../models/user');
 
 const tools = require('../tools/general');
@@ -5,20 +7,25 @@ const tools = require('../tools/general');
 var authenticate = (req, res, next) => {
   var token = req.header('x-auth');
 
-  tools.mylogshow("TOKEN = " + token);
+  const useragent = req.get('User-Agent');
 
-  User.findByToken(token).then((user) => {
+  tools.mylog("TOKEN = ", token);
+  tools.mylog("USER-AGENT = ", useragent);
+
+  User.findByToken(token, 'auth ' + useragent).then((user) => {
     if (!user) {
-      return Promise.reject();
+      tools.mylogshow("TOKEN NOT FOUND! Maybe Connected to other Page");
+      return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);
+      // res.status().send();
     }
-    tools.mylogshow('userid', user._id)
+    tools.mylog('userid', user._id);
 
     req.user = user;
     req.token = token;
     next();
   }).catch((e) => {
-    tools.mylogshow("ERR = " + e);
-    res.status(401).send();
+    tools.mylogshow("ERR =", e);
+    res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send();
   });
 };
 

server/models/user.js

@@ -4,6 +4,8 @@ const validator = require('validator');
 const jwt = require('jsonwebtoken');
 const _ = require('lodash');
 
+const tools = require('../tools/general');
+
 mongoose.Promise = global.Promise;
 
 mongoose.level = "F";
@@ -80,19 +82,23 @@ UserSchema.methods.toJSON = function () {
   return _.pick(userObject, ['_id', 'email', 'verified_email', 'username', 'userId']);
 };
 
-UserSchema.methods.generateAuthToken = function () {
+UserSchema.methods.generateAuthToken = function (req) {
   // console.log("GENERA TOKEN : ");
   var user = this;
-  var access = 'auth';
+
+  const useragent = req.get('User-Agent');
+  tools.mylog("GENERATE USER-AGENT = ", useragent);
+
+  var access = 'auth ' + useragent;
   var token = jwt.sign({ _id: user._id.toHexString(), access }, process.env.SIGNCODE).toString();
 
-  // CANCELLA I PRECEDENTI !
-  user.tokens = [];
+  // CANCELLA IL PRECEDENTE !
+  user.tokens = user.tokens.filter(function(tok) { return tok.access !== access; });
   user.tokens.push({ access, token });
 
   return user.save()
     .then(() => {
-      //console.log("TOKEN USCITA : " + token)
+      console.log("TOKEN CREATO IN LOGIN : " + token)
       return token;
     })
     .catch(err => {
@@ -100,20 +106,20 @@ UserSchema.methods.generateAuthToken = function () {
     });
 };
 
-UserSchema.statics.findByToken = function (token) {
+UserSchema.statics.findByToken = function (token, typeaccess) {
   var User = this;
   var decoded;
 
   try {
     decoded = jwt.verify(token, process.env.SIGNCODE);
   } catch (e) {
-    return Promise.reject();
+    return Promise.resolve(null);
   }
 
   return User.findOne({
     '_id': decoded._id,
     'tokens.token': token,
-    'tokens.access': 'auth'
+    'tokens.access': typeaccess
   });
 };
 

server/router/index_router.js

@@ -87,7 +87,7 @@ router.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
       user.password = password;
 
       // Crea token
-      user.generateAuthToken().then(token => {
+      user.generateAuthToken(req).then(token => {
         user.tokenforgot = '';  // Svuota il tokenforgot perché non ti servirà più...
 
         // Salva lo User

server/router/todos_router.js

@@ -38,7 +38,7 @@ router.post('/', authenticate, (req, res) => {
     return res.status(404).send({ code: server_constants.RIS_CODE_TODO_CREATING_NOTMYUSER });
   }
 
-  tools.mylog('POST ', todo.descr);
+  tools.mylog('POST :', todo.descr, todo._id);
 
   todo.modified = false;
   if (!todo.descr) {
@@ -51,7 +51,7 @@ router.post('/', authenticate, (req, res) => {
     let idobj = writeresult._id;
     Todo.findById(idobj)
       .then(record => {
-        tools.mylog('REC SAVED :', record);
+        tools.mylog('REC SAVED :', record.descr);
         res.send({record});
       })
   }).catch((e) => {
@@ -154,6 +154,8 @@ router.patch('/:id', authenticate, (req, res) => {
 
     todo.modified = false;
 
+    tools.mylog('PATCH ', todo.descr, todo._id);
+
     res.send({todo});
   }).catch((e) => {
     res.status(400).send();
@@ -178,7 +180,7 @@ router.get('/:userId', authenticate, (req, res) => {
 
   // Extract all the todos of the userId only
   Todo.findAllByUserId(userId).then((todos) => {
-    tools.mylog('todos', todos)
+    // tools.mylog('todos', todos)
     res.send({ todos });
   }).catch((e) => {
     console.log(e);
@@ -187,7 +189,7 @@ router.get('/:userId', authenticate, (req, res) => {
 
 });
 
-router.delete('/:id', (req, res) => {
+router.delete('/:id', authenticate, (req, res) => {
   var id = req.params.id;
 
   if (!ObjectID.isValid(id)) {
@@ -199,6 +201,8 @@ router.delete('/:id', (req, res) => {
       return res.status(404).send();
     }
 
+    tools.mylog('DELETED ', todo.descr, todo._id);
+
     res.send({todo});
   }).catch((e) => {
     res.status(400).send();

server/router/users_router.js

@@ -36,7 +36,7 @@ router.post('/', (req, res) => {
 
         tools.mylog("TROVATO USERNAME ? ", user.username, usertrovato);
         if (usertrovato !== null) {
-          return user.generateAuthToken();
+          return user.generateAuthToken(req);
         } else {
           res.status(11100).send();
           return 0;
@@ -76,7 +76,7 @@ router.post('/login', (req, res) => {
   var body = _.pick(req.body, ['username', 'password', 'idapp', 'keyappid', 'lang']);
   var user = new User(body);
 
-  tools.mylog("username: " + user.username + " pwd = " + user.password);
+  tools.mylog("LOGIN: username: " + user.username + " pwd = " + user.password);
 
   tools.mylog("user REC:", user);
 
@@ -91,7 +91,7 @@ router.post('/login', (req, res) => {
         tools.mylogshow("NOT FOUND !");
         res.status(404).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
       } else {
-        return user.generateAuthToken().then((token) => {
+        return user.generateAuthToken(req).then((token) => {
           var usertosend = User();
           usertosend.username = user.username;
           usertosend.email = user.email;
@@ -105,10 +105,12 @@ router.post('/login', (req, res) => {
           // tools.mylog(usertosend);
           res.header('x-auth', token).send({usertosend, code: server_constants.RIS_CODE_OK});
           // tools.mylog("TROVATOOO!");
+
+          tools.mylog('FINE LOGIN')
         });
       }
     }).catch((e) => {
-    tools.mylog("ERR: " + e);
+    tools.mylog("ERRORE IN LOGIN: " + e);
     res.status(400).send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC });
   });
 });

server/server.js

@@ -120,4 +120,3 @@ if (process.env.NODE_ENV === 'production') {
 //});
 
 module.exports = { app };
-

server/tests/server.test.js

@@ -170,12 +170,12 @@ describe('DELETE /users/me/token', () => {
       });
   });
 
-  it('should return 401 deleting an invalid token', (done) => {
+  it('should return 403 deleting with an invalid token', (done) => {
     request(app)
       .delete('/users/me/token')
       .set('x-auth', users[0].tokens[0].token + '1')
       .send()
-      .expect(401)
+      .expect(403)
       .end((err, res) => {
         if (err) {
           return done(err);
@@ -276,14 +276,15 @@ describe('GET /todos/:id', () => {
       .end(done);
   });
 
-  it('should return [] if user not found', (done) => {
+  it('FORBIDDEN ! should return [] if user not found', (done) => {
     var hexId = new ObjectID().toHexString();
 
     request(app)
-      .get(`/todos/${users[0]._id + '111'}`)
+      .get(`/todos/${hexId}`)
       .set('x-auth', users[0].tokens[0].token)
       .expect(404)
       .expect((res) => {
+        console.log('res', res.status)
         expect(res.body.todos).toBe(undefined);
       })
       .end(done);

server/tools/server_constants.js

@@ -10,4 +10,7 @@ module.exports = Object.freeze({
   RIS_CODE_OK: 1,
 
   RIS_CODE_LOGIN_OK: 1,
+
+  RIS_CODE_HTTP_INVALID_TOKEN: 403,
+
 });