diff --git a/client/angular/users/services/auth.service.ts b/client/angular/users/services/auth.service.ts index 89412c3df..c09f0a343 100644 --- a/client/angular/users/services/auth.service.ts +++ b/client/angular/users/services/auth.service.ts @@ -11,12 +11,29 @@ export class AuthService { private _loginChanged; private _baseLoginUrl = '/api/v1/users/token'; + private _baseClientUrl = '/api/v1/users/client'; private _clientId = '56f055587305d40b21904240'; private _clientSecret = 'megustalabanana'; constructor (private http: Http) { this._loginChanged = new Subject(); this.loginChanged$ = this._loginChanged.asObservable(); + + // Fetch the client_id/client_secret + // FIXME: save in local storage? + this.http.get(this._baseClientUrl) + .map(res => res.json()) + .catch(this.handleError) + .subscribe( + result => { + this._clientId = result.client_id; + this._clientSecret = result.client_secret; + console.log('Client credentials loaded.'); + }, + error => { + alert(error); + } + ) } login(username: string, password: string) { diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js index f45b47077..1125b9faa 100644 --- a/server/controllers/api/v1/users.js +++ b/server/controllers/api/v1/users.js @@ -1,13 +1,16 @@ 'use strict' +const config = require('config') const express = require('express') const oAuth2 = require('../../../middlewares/oauth2') const middleware = require('../../../middlewares') const cacheMiddleware = middleware.cache +const Users = require('../../../models/users') const router = express.Router() +router.get('/client', cacheMiddleware.cache(false), getAngularClient) router.post('/token', cacheMiddleware.cache(false), oAuth2.token, success) // --------------------------------------------------------------------------- @@ -16,6 +19,27 @@ module.exports = router // --------------------------------------------------------------------------- +function getAngularClient (req, res, next) { + const server_host = config.get('webserver.host') + const server_port = config.get('webserver.port') + let header_host_should_be = server_host + if (server_port !== 80 && server_port !== 443) { + header_host_should_be += ':' + server_port + } + + if (req.get('host') !== header_host_should_be) return res.type('json').status(403).end() + + Users.getFirstClient(function (err, client) { + if (err) return next(err) + if (!client) return next(new Error('No client available.')) + + res.json({ + client_id: client._id, + client_secret: client.clientSecret + }) + }) +} + function success (req, res, next) { res.end() } diff --git a/server/models/users.js b/server/models/users.js index 046fe462d..a852bf25b 100644 --- a/server/models/users.js +++ b/server/models/users.js @@ -35,6 +35,7 @@ const Users = { getAccessToken: getAccessToken, getClient: getClient, getClients: getClients, + getFirstClient: getFirstClient, getRefreshToken: getRefreshToken, getUser: getUser, getUsers: getUsers, @@ -64,6 +65,10 @@ function getAccessToken (bearerToken, callback) { return OAuthTokensDB.findOne({ accessToken: bearerToken }).populate('user') } +function getFirstClient (callback) { + return OAuthClientsDB.findOne({}, callback) +} + function getClient (clientId, clientSecret) { logger.debug('Getting Client (clientId: ' + clientId + ', clientSecret: ' + clientSecret + ').')