Auth working on the VM, must be on the usask network for it to work

ConnerWithAnE · ConnerWithAnE · commit 55789306bdc0 · 2024-12-02T13:59:35.000-06:00
diff --git a/server/src/index.ts b/server/src/index.ts
@@ -2,6 +2,7 @@ import express from "express";
 import sqlite3 from "sqlite3";
 import cors from "cors";
 import bodyParser from "body-parser";
+import dotenv from "dotenv";
 import { open, Database } from "sqlite";
 
 // Import routers
@@ -13,7 +14,7 @@ import adminRouter from "./routes/admin-router";
 
 const app = express();
 const PORT = process.env.PORT || 3000; // Use environment variable if available, otherwise default to 3000
-
+dotenv.config();
 /* In the future this will be used to ensure that only requests from certain domains are accepted
 const corsOptions = {
   origin: (origin: string | undefined, callback: (err: Error | null, allowed: boolean) => void) => {
diff --git a/server/src/routes/admin-router.ts b/server/src/routes/admin-router.ts
@@ -55,9 +55,6 @@ export default function adminRouter(dbController: DatabaseController): Router {
   router.get("/auth/cas-validate", async (req: Request, res: Response) => {
     const { ticket, service } = req.query;
 
-	console.log("hit");
-	console.log(ticket);
-	console.log(service);
     if (!ticket || !service) {
       res.status(400).json({ error: "Missing ticket or service" });
     }
@@ -74,25 +71,27 @@ export default function adminRouter(dbController: DatabaseController): Router {
 
 
       const casData = casResponse.data; // assumed user CAS info, need to test to see
-      const nsid = casData.user; // Potentally the nsid of the user. Again need to test
-
-	console.log(casData);
-	console.log(nsid);
-      if (!nsid) {
-        res.status(401).json({ error: "Invalid CAS Ticket" });
-      }
-
-      if (!allowedNSIDs.includes(nsid)) {
-        res.status(403).json({ error: "Access denied" });
-      }
-
-      const token = jwt.sign(
-        { username: casData.user, roles: casData.roles },
-        process.env.JWT_SECRET!,
-        { expiresIn: "3h" },
-      );
-
-      res.json({ token });
+      if (casData.includes('<cas:authenticationSuccess>')) {
+	      const nsid = casData.match(/<cas:user>(.*?)<\/cas:user>/)[1];
+      	      console.log(`User logged in with nsid: ${nsid}`);
+	      if (!nsid) {
+              res.status(401).json({ error: "Invalid CAS Ticket" });
+      	      }
+
+             if (!allowedNSIDs.includes(nsid)) {
+		     console.log(`User attempted to login with nsid: ${nsid}`);
+                  res.status(403).json({ error: "Access denied" });
+             }
+      	     const token = jwt.sign(
+        	{ username: casData.user, roles: casData.roles },
+        	process.env.JWT_SECRET!,
+        	{ expiresIn: "3h" },
+      	     );
+	     res.json({token});
+      }	else {
+	res.status(401).json({ error: 'CAS authentication failed' });      
+
+	}
     } catch (error) {
       res.status(500).json({ error: "CAS validation failed" });
     }
diff --git a/web/src/auth/CASCallback.tsx b/web/src/auth/CASCallback.tsx
@@ -8,8 +8,6 @@ const CASCallback: React.FC = () => {
         const urlParams = new URLSearchParams(window.location.search);
         const ticket = urlParams.get('ticket');
 
-	console.log(ticket);
-
         if (ticket) {
             // Call backend to validate ticket
             fetch(`${BACKEND_URL}/api/adminRequest/auth/cas-validate?ticket=${ticket}&service=${encodeURIComponent(window.location.origin + '/cas-callback')}`)
