bigbluebutton-Github/bigbluebutton-html5/imports/api/users/server/handlers/validateAuthToken.js

158 lines
4.9 KiB
JavaScript

import { check } from 'meteor/check';
import Logger from '/imports/startup/server/logger';
import Users from '/imports/api/users';
import userJoin from './userJoin';
import pendingAuthenticationsStore from '../store/pendingAuthentications';
import createDummyUser from '../modifiers/createDummyUser';
import updateUserConnectionId from '../modifiers/updateUserConnectionId';
import ClientConnections from '/imports/startup/server/ClientConnections';
import upsertValidationState from '/imports/api/auth-token-validation/server/modifiers/upsertValidationState';
import { ValidationStates } from '/imports/api/auth-token-validation';
const clearOtherSessions = (sessionUserId, current = false) => {
const serverSessions = Meteor.server.sessions;
Object.keys(serverSessions)
.filter(i => serverSessions[i].userId === sessionUserId)
.filter(i => i !== current)
.forEach(i => serverSessions[i].close());
};
export default async function handleValidateAuthToken({ body }, meetingId) {
const {
userId,
valid,
authToken,
waitForApproval,
registeredOn,
authTokenValidatedOn,
reasonCode,
} = body;
check(userId, String);
check(authToken, String);
check(valid, Boolean);
check(waitForApproval, Boolean);
check(registeredOn, Number);
check(authTokenValidatedOn, Number);
check(reasonCode, String);
const pendingAuths = pendingAuthenticationsStore.take(meetingId, userId, authToken);
const printablePendingAuthStore = pendingAuths.map((a) => {
return { meetingId: a.meetingId, userId: a.userId, authToken: a.authToken }
})
Logger.info(`PendingAuths length [${pendingAuths.length}]: ${JSON.stringify(printablePendingAuthStore)}`);
if (pendingAuths.length === 0) return;
if (!valid) {
await Promise.all(pendingAuths.map(
async (pendingAuth) => {
try {
const { methodInvocationObject } = pendingAuth;
const connectionId = methodInvocationObject.connection.id;
await upsertValidationState(
meetingId,
userId,
ValidationStates.INVALID,
connectionId,
reasonCode,
);
// Schedule socket disconnection for this user
// giving some time for client receiving the reason of disconnection
Logger.info(`Scheduling socket disconnection for user ${userId} ${connectionId} due to invalid auth token`);
new Promise((resolve) => {
Meteor.setTimeout(() => {
methodInvocationObject.connection.close();
Logger.info(`Closed connection ${connectionId} due to invalid auth token.`);
resolve();
}, 2000);
});
} catch (e) {
Logger.error(`Error closing socket for meetingId '${meetingId}', userId '${userId}', authToken ${authToken}`);
}
},
));
return;
}
// Define user ID on connections
await Promise.all(pendingAuths.map(
async (pendingAuth) => {
const { methodInvocationObject } = pendingAuth;
/* Logic migrated from validateAuthToken method
( postponed to only run in case of success response ) - Begin */
const sessionId = `${meetingId}--${userId}`;
methodInvocationObject.setUserId(sessionId);
const User = await Users.findOneAsync({
meetingId,
userId,
});
if (!User) {
await createDummyUser(meetingId, userId, authToken);
} else {
await updateUserConnectionId(meetingId, userId, methodInvocationObject.connection.id);
}
ClientConnections.add(sessionId, methodInvocationObject.connection);
await upsertValidationState(
meetingId,
userId,
ValidationStates.VALIDATED,
methodInvocationObject.connection.id,
);
/* End of logic migrated from validateAuthToken */
},
));
const selector = {
meetingId,
userId,
clientType: 'HTML5',
};
const User = await Users.findOneAsync(selector);
// If we dont find the user on our collection is a flash user and we can skip
if (!User) return;
// Publish user join message
if (!waitForApproval) {
Logger.info('User=', User);
userJoin(meetingId, userId, User.authToken);
}
const modifier = {
$set: {
validated: valid,
approved: !waitForApproval,
loginTime: registeredOn,
authTokenValidatedTime: authTokenValidatedOn,
inactivityCheck: false,
},
};
try {
const numberAffected = await Users.updateAsync(selector, modifier);
if (numberAffected) {
const sessionUserId = `${meetingId}-${userId}`;
const currentConnectionId = User.connectionId ? User.connectionId : false;
clearOtherSessions(sessionUserId, currentConnectionId);
Logger.info(`Validated auth token as ${valid} user=${userId} meeting=${meetingId}`);
} else {
Logger.info('No auth to validate');
}
} catch (err) {
Logger.error(`Validating auth token: ${err}`);
}
}