Add check for private key in localstorage.

auth flow fixes

See merge request grassrootseconomics/cic-staff-client!27

src/app/_services/auth.service.ts

@@ -14,7 +14,6 @@ import { BehaviorSubject, Observable } from 'rxjs';
   providedIn: 'root',
 })
 export class AuthService {
-  sessionToken: any;
   mutableKeyStore: MutableKeyStore;
   trustedUsers: Array<Staff> = [];
   private trustedUsersList: BehaviorSubject<Array<Staff>> = new BehaviorSubject<Array<Staff>>(
@@ -32,128 +31,99 @@ export class AuthService {
 
   async init(): Promise<void> {
     await this.mutableKeyStore.loadKeyring();
-    // TODO setting these together should be atomic
-    if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
-      this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
-    }
     if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
       await this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')));
     }
   }
 
+  getSessionToken(): string {
+    return sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
+  }
+
+  setSessionToken(token): void {
+    sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), token);
+  }
+
   setState(s): void {
     document.getElementById('state').innerHTML = s;
   }
 
   getWithToken(): Promise<boolean> {
-    return new Promise((resolve, reject) => {
-      const headers = {
-        Authorization: 'Bearer ' + this.sessionToken,
-        'Content-Type': 'application/json;charset=utf-8',
-        'x-cic-automerge': 'none',
-      };
-      const options = {
-        headers,
-      };
-      fetch(environment.cicMetaUrl, options).then((response) => {
-        if (response.status === 401) {
-          return reject(rejectBody(response));
-        }
-        return resolve(true);
-      });
+    const headers = {
+      Authorization: 'Bearer ' + this.getSessionToken,
+      'Content-Type': 'application/json;charset=utf-8',
+      'x-cic-automerge': 'none',
+    };
+    const options = {
+      headers,
+    };
+    return fetch(environment.cicMetaUrl, options).then((response) => {
+      if (!response.ok) {
+        this.loggingService.sendErrorLevelMessage('failed to get with auth token.', this, {
+          error: '',
+        });
+
+        return false;
+      }
+      return true;
     });
   }
 
   // TODO rename to send signed challenge and set session. Also separate these responsibilities
-  sendResponse(hobaResponseEncoded: any): Promise<boolean> {
-    return new Promise((resolve, reject) => {
-      const headers = {
-        Authorization: 'HOBA ' + hobaResponseEncoded,
-        'Content-Type': 'application/json;charset=utf-8',
-        'x-cic-automerge': 'none',
-      };
-      const options = {
-        headers,
-      };
-      fetch(environment.cicMetaUrl, options).then((response) => {
-        if (response.status === 401) {
-          return reject(rejectBody(response));
-        }
-        this.sessionToken = response.headers.get('Token');
-        sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);
-        this.setState('Click button to log in');
-        return resolve(true);
-      });
-    });
+  sendSignedChallenge(hobaResponseEncoded: any): Promise<any> {
+    const headers = {
+      Authorization: 'HOBA ' + hobaResponseEncoded,
+      'Content-Type': 'application/json;charset=utf-8',
+      'x-cic-automerge': 'none',
+    };
+    const options = {
+      headers,
+    };
+    return fetch(environment.cicMetaUrl, options);
   }
 
   getChallenge(): Promise<any> {
-    return new Promise((resolve, reject) => {
-      fetch(environment.cicMetaUrl).then(async (response) => {
-        if (response.status === 401) {
-          const authHeader: string = response.headers.get('WWW-Authenticate');
-          return resolve(hobaParseChallengeHeader(authHeader));
-        }
-        if (!response.ok) {
-          return reject(rejectBody(response));
-        }
-      });
+    return fetch(environment.cicMetaUrl).then((response) => {
+      if (response.status === 401) {
+        const authHeader: string = response.headers.get('WWW-Authenticate');
+        return hobaParseChallengeHeader(authHeader);
+      }
     });
   }
 
   async login(): Promise<boolean> {
-    if (this.sessionToken !== undefined) {
-      try {
-        const response: boolean = await this.getWithToken();
-        return response === true;
-      } catch (e) {
-        this.loggingService.sendErrorLevelMessage('Login token failed', this, { error: e });
-      }
+    if (this.getSessionToken()) {
+      sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
     } else {
-      try {
-        const o = await this.getChallenge();
-        const response: boolean = await this.loginResponse(o);
-        return response === true;
-      } catch (e) {
-        this.loggingService.sendErrorLevelMessage('Login challenge failed', this, { error: e });
-      }
-    }
-    return false;
-  }
+      const o = await this.getChallenge();
 
-  async loginResponse(o: { challenge: string; realm: any }): Promise<any> {
-    return new Promise(async (resolve, reject) => {
-      try {
-        const r = await signChallenge(
-          o.challenge,
-          o.realm,
-          environment.cicMetaUrl,
-          this.mutableKeyStore
-        );
-        const response: boolean = await this.sendResponse(r);
-        resolve(response);
-      } catch (error) {
-        if (error instanceof HttpError) {
-          if (error.status === 403) {
-            this.errorDialogService.openDialog({
-              message: 'You are not authorized to use this system',
-            });
-          } else if (error.status === 401) {
-            this.errorDialogService.openDialog({
-              message:
-                'Unable to authenticate with the service. ' +
-                'Please speak with the staff at Grassroots ' +
-                'Economics for requesting access ' +
-                'staff@grassrootseconomics.net.',
-            });
-          }
-        } else {
-          // TODO define this error
-          this.errorDialogService.openDialog({ message: 'Incorrect key passphrase.' });
+      const r = await signChallenge(
+        o.challenge,
+        o.realm,
+        environment.cicMetaUrl,
+        this.mutableKeyStore
+      );
+
+      const tokenResponse = await this.sendSignedChallenge(r).then((response) => {
+        const token = response.headers.get('Token');
+        if (token) {
+          return token;
         }
-        resolve(false);
+        if (response.status === 401) {
+          throw new HttpError('You are not authorized to use this system', response.status);
+        }
+        if (!response.ok) {
+          throw new HttpError('Unknown error from authentication server', response.status);
+        }
+      });
+
+      if (tokenResponse) {
+        this.setSessionToken(tokenResponse);
+        this.setState('Click button to log in');
+        return true;
       }
-    });
+      return false;
+    }
   }
 
   loginView(): void {
@@ -171,7 +141,7 @@ export class AuthService {
       // TODO leaving this out for now.
       // const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
       // if (!isEncryptedKeyCheck) {
-      //   throw Error('The private key doesn\'t have a password!');
+      //   throw Error('The private key does not have a password!');
       // }
       const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
       localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
@@ -193,7 +163,6 @@ export class AuthService {
   logout(): void {
     sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
     localStorage.removeItem(btoa('CICADA_PRIVATE_KEY'));
-    this.sessionToken = undefined;
     window.location.reload();
   }
 

src/app/_services/token.service.ts

@@ -4,7 +4,7 @@ import { TokenRegistry } from '@app/_eth';
 import { HttpClient } from '@angular/common/http';
 import { RegistryService } from '@app/_services/registry.service';
 import { Token } from '@app/_models';
-import {BehaviorSubject, Observable, Subject} from 'rxjs';
+import { BehaviorSubject, Observable, Subject } from 'rxjs';
 
 @Injectable({
   providedIn: 'root',
@@ -14,7 +14,9 @@ export class TokenService {
   tokenRegistry: TokenRegistry;
   onload: (status: boolean) => void;
   tokens: Array<Token> = [];
-  private tokensList: BehaviorSubject<Array<Token>> = new BehaviorSubject<Array<Token>>(this.tokens);
+  private tokensList: BehaviorSubject<Array<Token>> = new BehaviorSubject<Array<Token>>(
+    this.tokens
+  );
   tokensSubject: Observable<Array<Token>> = this.tokensList.asObservable();
 
   constructor(private httpClient: HttpClient) {}

src/app/auth/auth.component.html

@@ -8,7 +8,7 @@
             <h1 class="text-white">CICADA</h1>
           </a>
         </mat-card-title>
-        <div  id="one" style="display: block" class="card-body p-4">
+        <div id="one" style="display: block" class="card-body p-4">
 
           <div class="text-center w-75 m-auto">
             <h4 class="text-dark-50 text-center font-weight-bold">Add Private Key</h4>
@@ -32,7 +32,7 @@
 
           </form>
         </div>
-        <div  id="two" style="display: none" class="card-body p-4 align-items-center">
+        <div id="two" style="display: none" class="card-body p-4 align-items-center">
 
           <div class="text-center w-75 m-auto">
             <h4 id="state" class="text-dark-50 text-center font-weight-bold"></h4>

src/app/auth/auth.component.ts

@@ -2,6 +2,8 @@ import { ChangeDetectionStrategy, Component, OnInit } from '@angular/core';
 import { FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { CustomErrorStateMatcher } from '@app/_helpers';
 import { AuthService } from '@app/_services';
+import { ErrorDialogService } from '@app/_services/error-dialog.service';
+import { LoggingService } from '@app/_services/logging.service';
 import { Router } from '@angular/router';
 
 @Component({
@@ -19,18 +21,17 @@ export class AuthComponent implements OnInit {
   constructor(
     private authService: AuthService,
     private formBuilder: FormBuilder,
-    private router: Router
+    private router: Router,
+    private errorDialogService: ErrorDialogService
   ) {}
 
   async ngOnInit(): Promise<void> {
     this.keyForm = this.formBuilder.group({
       key: ['', Validators.required],
     });
-    await this.authService.init();
-    // if (this.authService.privateKey !== undefined) {
-    //   const setKey = await this.authService.setKey(this.authService.privateKey);
-    //   }
-    // }
+    if (this.authService.getPrivateKey()) {
+      this.authService.loginView();
+    }
   }
 
   get keyFormStub(): any {
@@ -49,19 +50,20 @@ export class AuthComponent implements OnInit {
     this.loading = false;
   }
 
-  login(): void {
-    // TODO check if we have privatekey
-    // Send us to home if we have a private key
-    // talk to meta somehow
-    // in the error interceptor if 401/403 handle it
-    // if 200 go /home
-    if (this.authService.getPrivateKey()) {
-      this.router.navigate(['/home']);
+  async login(): Promise<void> {
+    try {
+      const loginResult = await this.authService.login();
+      if (loginResult) {
+        this.router.navigate(['/home']);
+      }
+    } catch (HttpError) {
+      this.errorDialogService.openDialog({
+        message: HttpError.message,
+      });
     }
   }
 
   switchWindows(): void {
-    this.authService.sessionToken = undefined;
     const divOne: HTMLElement = document.getElementById('one');
     const divTwo: HTMLElement = document.getElementById('two');
     this.toggleDisplay(divOne);