bcgov
diff --git a/‎backend/package-lock.json‎
Lines changed: 5544 additions & 6617 deletions b/‎backend/package-lock.json‎
Lines changed: 5544 additions & 6617 deletions
diff --git a/‎backend/package.json‎
Lines changed: 6 additions & 1 deletion b/‎backend/package.json‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎backend/src/app.js‎
Lines changed: 25 additions & 2 deletions b/‎backend/src/app.js‎
Lines changed: 25 additions & 2 deletions
diff --git a/‎backend/src/components/auth.js‎
Lines changed: 0 additions & 3 deletions b/‎backend/src/components/auth.js‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎backend/src/components/utils.js‎
Lines changed: 22 additions & 0 deletions b/‎backend/src/components/utils.js‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎backend/src/routes/auth.js‎
Lines changed: 58 additions & 0 deletions b/‎backend/src/routes/auth.js‎
Lines changed: 58 additions & 0 deletions
@@ -21,7 +21,7 @@
     "@js-joda/locale_en": "^3.2.2",
     "async-retry": "^1.3.1",
     "atob": "2.1.2",
-    "axios": "0.25.0",
+    "axios": "0.28.0",
     "body-parser": "^1.19.0",
     "config": "^3.3.3",
     "connect-redis": "^5.1.0",
@@ -79,6 +79,11 @@
     "redis-mock": "^0.56.3",
     "supertest": "^6.1.3"
   },
+  "overrides": {
+    "semver": "7.7.1",
+    "tough-cookie": "5.1.1",
+    "xml2js": "0.6.2"
+  },
   "eslintConfig": {
     "root": true,
     "env": {
 
@@ -27,7 +27,6 @@ const promMid = require("express-prometheus-middleware");
 
 function addVersionToReq(req, res, next) {
   const { version } = req.params;
-  console.log(version)
   // Check if the version is supported
   const supportedVersions = ["v1", "v2"];
   if (!supportedVersions.includes(version)) {
@@ -134,7 +133,8 @@ auth
           scope: discovery.scopes_supported,
           kc_idp_hint: config.get("server:idirIDPHint"),
         },
-        (_issuer, _sub, profile, accessToken, refreshToken, done) => {
+        (_issuer, _sub, profile, accessToken, refreshToken, params, done) => {
+          const idToken = params.id_token;
           if (
             typeof accessToken === "undefined" ||
             accessToken === null ||
@@ -148,10 +148,33 @@ auth
           profile.jwtFrontend = auth.generateUiToken();
           profile.jwt = accessToken;
           profile.refreshToken = refreshToken;
+          profile.idToken = idToken;
           return done(null, profile);
         }
       )
     );
+    passport.use('oidcIDIRSilent', new OidcStrategy({
+      issuer: discovery.issuer,
+      authorizationURL: discovery.authorization_endpoint,
+      tokenURL: discovery.token_endpoint,
+      userInfoURL: discovery['userinfo_endpoint'],
+      clientID: config.get('oidc:clientId'),
+      clientSecret: config.get('oidc:clientSecret'),
+      callbackURL: config.get('server:frontend') + '/api/auth/callback_idir_silent',
+      scope: 'openid profile',
+      kc_idp_hint: config.get('server:idirIDPHint')
+    }, (_issuer, _sub, profile, accessToken, refreshToken, done) => {
+      if ((typeof (accessToken) === 'undefined') || (accessToken === null) ||
+          (typeof (refreshToken) === 'undefined') || (refreshToken === null)) {
+        return done('No access token', null);
+      }
+      //Generate token for frontend validation
+      //set access and refresh tokens
+      profile.jwtFrontend = auth.generateUiToken();
+      profile.jwt = accessToken;
+      profile.refreshToken = refreshToken;
+      return done(null, profile);
+    }));
     //JWT strategy is used for authorization
     passport.use(
       "jwt",
 
@@ -199,9 +199,6 @@ const auth = {
           },
         }
       );
-
-      log.verbose("getServiceAccountToken Res", safeStringify(response.data));
-
       let result = {};
       result.accessToken = response.data.access_token;
       return result.accessToken;
 
@@ -16,13 +16,25 @@ let memCache = new cache.Cache();
 
 axios.interceptors.request.use((axiosRequestConfig) => {
   axiosRequestConfig.headers["X-Client-Name"] = "GRAD-ADMIN";
+  axiosRequestConfig.headers["Request-Source"] = "grad-admin";
   return axiosRequestConfig;
 });
 
 async function getBackendServiceToken() {
   return await auth.getBackendServiceToken();
 }
 
+function getUsernameFromToken(token) {
+  try {
+      const decoded = jsonwebtoken.decode(token); // Use decode if you don't need verification
+      return decoded?.idir_username || null;
+      
+  } catch (error) {
+      console.error('Invalid token:', error);
+      return null;
+  }
+}
+
 function getUser(req) {
   const thisSession = req.session;
   if (
@@ -69,10 +81,12 @@ function getAccessToken(req) {
 
 async function deleteData(token, url, correlationID) {
   try {
+    const username = getUsernameFromToken(token)
     const delConfig = {
       headers: {
         Authorization: `Bearer ${token}`,
         correlationID: correlationID || uuidv4(),
+        "User-Name": username || 'N/A'
       },
     };
 
@@ -165,11 +179,13 @@ async function getCommonServiceData(url, params) {
 }
 
 async function getData(token, url, correlationID) {
+  const username = getUsernameFromToken(token)
   try {
     const getDataConfig = {
       headers: {
         Authorization: `Bearer ${token}`,
         correlationID: correlationID || uuidv4(),
+        "User-Name": username || 'N/A'
       },
     };
     // log.info('get Data Url', url);
@@ -190,9 +206,11 @@ async function getData(token, url, correlationID) {
 
 async function getDataWithParams(token, url, params, correlationID) {
   try {
+    const username = getUsernameFromToken(token)
     params.headers = {
       Authorization: `Bearer ${token}`,
       correlationID: correlationID || uuidv4(),
+      "User-Name": username || 'N/A'
     };
 
     log.info("get Data Url", url);
@@ -246,10 +264,12 @@ async function forwardPostReq(req, res, url) {
 
 async function postData(token, url, data, correlationID) {
   try {
+    const username = getUsernameFromToken(token)
     const postDataConfig = {
       headers: {
         Authorization: `Bearer ${token}`,
         correlationID: correlationID || uuidv4(),
+        "User-Name": username || 'N/A'
       },
       maxContentLength: Infinity,
       maxBodyLength: Infinity,
@@ -289,10 +309,12 @@ async function postData(token, url, data, correlationID) {
 
 async function putData(token, data, url, correlationID) {
   try {
+    const username = getUsernameFromToken(token)
     const putDataConfig = {
       headers: {
         Authorization: `Bearer ${token}`,
         correlationID: correlationID || uuidv4(),
+        "User-Name": username || 'N/A'
       },
     };
 
 
@@ -8,8 +8,14 @@ const roles = require("../components/roles");
 const jsonwebtoken = require("jsonwebtoken");
 const log = require("../components/logger");
 const HttpStatus = require("http-status-codes");
+const redis = require('../util/redis/redis-client');
 const { v4: uuidv4 } = require("uuid");
+const { v4: validate } = require("uuid");
 const { body, validationResult } = require("express-validator");
+const UnauthorizedRsp = {
+  error: 'Unauthorized',
+  error_description: 'Not logged in'
+};
 
 const isValidStaffUserWithRoles = auth.isValidUserWithRoles(
   "GRAD_INFO_OFFICER",
@@ -228,4 +234,56 @@ router.get(
   }
 );
 
+router.get('/silent_idir_login', async function (req, res, next) {
+  const client = redis.getRedisClient();
+
+  if(!req.query.idir_guid){
+    res.status(401).json(UnauthorizedRsp);
+  }
+  let idir_guid = req.query.idir_guid;
+  console.log('idir_guid', idir_guid);
+  if(req.query.studentDetails && req.query.studentID){
+    let studentID = req.query.studentID;
+    if (!validate(studentID)) {
+      res.status(401).json('Invalid Student ID.');
+    }
+    
+    const redis_key_prefix = idir_guid.toLowerCase();
+
+    await client.set(redis_key_prefix + '::studentDetails', true, 'EX', 1800);
+    await client.set(redis_key_prefix + '::studentID', studentID, 'EX', 1800);
+  }
+  else{
+    res.status(401).json(UnauthorizedRsp);
+  }
+
+  const authenticator = passport.authenticate('oidcIDIRSilent', { failureRedirect: 'error', scope: 'openid profile' });
+  authenticator(req, res, next);
+});
+
+router.get('/callback_idir_silent',
+  passport.authenticate('oidcIDIRSilent', { failureRedirect: 'error', scope: 'openid profile'}),
+  async (req, res) => {
+    const idir_guid = req.session?.passport?.user?._json?.idir_guid;
+    if(!idir_guid){
+      await res.redirect(config.get('server:frontend') + '/unauthorized');
+      return;
+    }
+    const client = redis.getRedisClient();
+    const redis_key_prefix = idir_guid.toLowerCase();
+
+    let studentDetails = await client.get(redis_key_prefix + '::studentDetails');
+    let studentID = await client.get(redis_key_prefix + '::studentID');
+
+    await client.del(redis_key_prefix + '::studentDetails');
+    await client.del(redis_key_prefix + '::studentID');
+
+    if (studentDetails) {
+      res.redirect(config.get('server:frontend') + '/student-profile/' + studentID);
+    } else {
+      res.status(401).json(UnauthorizedRsp);
+    }
+  }
+);
+
 module.exports = router;