Merge pull request #88 from i-on-project/staging

2021 final version

.docker/docker-compose-heroku.yml

@@ -12,6 +12,7 @@ services:
         CORE_URL: "${CORE_URL-http://172.17.0.1:10023}"
         CORE_READ_TOKEN: "${CORE_READ_TOKEN-l7kowOOkliu21oXxNpuCyM47u2omkysxb8lv3qEhm5U}"
         CORE_CLIENT_ID: "${CORE_CLIENT_ID-22dd1551-db23-481b-acde-d286440388a5}"
+        CORE_CLIENT_SECRET: "${CORE_CLIENT_SECRET-gntBY4mjX8PH4_5_i_H54fMFLl2x15Q0O4jWXodQ4aPmofF4i6VBf39tXi5vhdjA2WZ-5hwaOXAL11oibnZ8og}"
         DB_ELASTIC_URL: "${DB_ELASTIC_URL-http://elasticsearch:9200}"
         PATH_PREFIX: "${PATH_PREFIX-}"
     ports:

.docker/docker-compose.yml

@@ -12,6 +12,7 @@ services:
         CORE_URL: "${CORE_URL-http://172.17.0.1:10023}"
         CORE_READ_TOKEN: "${CORE_READ_TOKEN-l7kowOOkliu21oXxNpuCyM47u2omkysxb8lv3qEhm5U}"
         CORE_CLIENT_ID: "${CORE_CLIENT_ID-22dd1551-db23-481b-acde-d286440388a5}"
+        CORE_CLIENT_SECRET: "${CORE_CLIENT_SECRET-gntBY4mjX8PH4_5_i_H54fMFLl2x15Q0O4jWXodQ4aPmofF4i6VBf39tXi5vhdjA2WZ-5hwaOXAL11oibnZ8og}"
         DB_ELASTIC_URL: "${DB_ELASTIC_URL-http://elasticsearch:9200}"
         PATH_PREFIX: "${PATH_PREFIX-}"
     ports:

README.md

@@ -67,6 +67,8 @@ __Note:__ Usually Docker uses the default `172.17.0.0/16` subnet for container n
 
 - __`CORE_CLIENT_ID`__ - The unique id of the client provided by the core system. By default, it has the value indicated in the i-on Core documentation `22dd1551-db23-481b-acde-d286440388a5`;
 
+- __`CORE_CLIENT_SECRET`__ - The client secret provided by the core system. By default, it has the value indicated by i-on Core;
+
 - __`DB_ELASTIC_URL`__ - Where we can indicate the location of the Elasticsearch database. By default is set to `http://elasticsearch:9200`;
 
 - __`PATH_PREFIX`__ - Where we can indicate a path prefix to the applicattion. By default it has no value.

project/__tests__/test-i-on-web.js

@@ -5,7 +5,9 @@ const fetch = require('node-fetch');
 const setCookieParser = require('set-cookie-parser');
 //const Joi = frisby.Joi;
 
-const app_base_url = 'http://localhost:' + process.env.PORT;
+/// Port definition
+const port = process.env.PORT || 8080;
+const app_base_url = 'http://localhost:' + port;
 const db_base_url = process.env.DB_ELASTIC_URL;
 
 let cookie;

project/business-logic-layer/i-on-web-auth.js

@@ -33,7 +33,7 @@ module.exports = (app, data, sessionDB) => {
 		saveUninitialized: false,  
 		secret: 'secret',
 		cookie: { maxAge: sessionMaxAge },
-		store: new FileStore() 
+		store: new FileStore({logFn: function(){}}) 
     }))
 
 	app.use(passport.initialize());
@@ -46,10 +46,20 @@ module.exports = (app, data, sessionDB) => {
 
 		submitInstitutionalEmail: async function(email) {
 
+			if(!email) throw internalErrors.BAD_REQUEST;
+
+			const allowed_domains = (await data.loadAuthenticationMethodsAndFeatures())
+				.find(method => method.type === "email")
+				.allowed_domains;
+
+			function isBeingUsed(domain) {
+				return email.endsWith(domain.substring(1));
+			}
+
 			/// Using regular expressions to validate email
 			const re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-			if(!email || !re.test(email)) throw internalErrors.BAD_REQUEST;
-			
+			if(!allowed_domains.some(isBeingUsed) || !re.test(email)) throw internalErrors.BAD_REQUEST;
+
 			return data.submitInstitutionalEmail(email);
         }, 
 
@@ -160,4 +170,4 @@ const getUserAndSessionInfo = async function(data, sessionDB, sessionId) { // Th
 const updateUserSession = async function(data, sessionDB, sessionInfo, sessionId) {
 	const newTokens = await data.refreshAccessToken(sessionInfo);
 	await sessionDB.storeUpdatedInfo(sessionInfo.email, newTokens, sessionId)
-}
+}