fix: Flow modification in generate token using clientId and secrat API

Signed-off-by: shitrerohit <[email protected]>

Author: shitrerohit

apps/api-gateway/src/authz/authz.controller.ts

@@ -7,9 +7,11 @@ import {
   Param,
   Post,
   Query,
+  Req,
   Res,
   UnauthorizedException,
-  UseFilters
+  UseFilters,
+  UseGuards
 } from '@nestjs/common';
 import { AuthzService } from './authz.service';
 import { CommonService } from '../../../../libs/common/src/common.service';
@@ -18,7 +20,7 @@ import { ApiResponseDto } from '../dtos/apiResponse.dto';
 import { UserEmailVerificationDto } from '../user/dto/create-user.dto';
 import IResponseType from '@credebl/common/interfaces/response.interface';
 import { ResponseMessages } from '@credebl/common/response-messages';
-import { Response } from 'express';
+import { Response, Request } from 'express';
 import { EmailVerificationDto } from '../user/dto/email-verify.dto';
 import { AuthTokenResponse } from './dtos/auth-token-res.dto';
 import { LoginUserDto } from '../user/dto/login-user.dto';
@@ -30,6 +32,10 @@ import { ResetTokenPasswordDto } from './dtos/reset-token-password';
 import { RefreshTokenDto } from './dtos/refresh-token.dto';
 import { getDefaultClient } from '../user/utils';
 import { ClientAliasValidationPipe } from './decorators/user-auth-client';
+import { SessionGuard } from './guards/session.guard';
+interface SessionDetails {
+  sessionId: string;
+}
 @Controller('auth')
 @ApiTags('auth')
 @UseFilters(CustomExceptionFilter)
@@ -174,18 +180,30 @@ export class AuthzController {
    * @returns User's access token details
    */
   @Get('/sessionDetails')
+  @UseGuards(SessionGuard)
   @ApiOperation({
     summary: 'Fetch session details',
     description: 'Fetch session details against logged in user'
   })
   @ApiQuery({
     name: 'sessionId',
-    type: String,
-    required: true
+    required: false
   })
   @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: AuthTokenResponse })
-  async sessionDetails(@Query() sessionId: string, @Res() res: Response): Promise<Response> {
-    const sessionDetails = await this.authzService.getSession(sessionId);
+  async sessionDetails(
+    @Res() res: Response,
+    @Req() req: Request,
+    @Query() sessionId: SessionDetails
+  ): Promise<Response> {
+    this.logger.debug(`in authz controller`);
+
+    let sessionDetails;
+    if (0 < Object.keys(sessionId).length) {
+      sessionDetails = await this.authzService.getSession(sessionId);
+    }
+    if (req.user) {
+      sessionDetails = req.user;
+    }
 
     const finalResponse: IResponseType = {
       statusCode: HttpStatus.OK,

apps/api-gateway/src/authz/guards/session.guard.ts

@@ -1,4 +1,4 @@
-import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
 
 import { Request } from 'express';
 import { UserRepository } from 'apps/user/repositories/user.repository';
@@ -10,17 +10,18 @@ export class SessionGuard implements CanActivate {
   async canActivate(context: ExecutionContext): Promise<boolean> {
     const request = context.switchToHttp().getRequest<Request>();
     const sessionId = request.cookies['session_id'];
-    if (!sessionId) {
-      throw new UnauthorizedException('Missing session cookie');
-    }
-
-    const user = await this.userRepository.validateSession(sessionId);
 
-    if (!user) {
-      throw new UnauthorizedException('Invalid session');
+    // if (!sessionId) {
+    //   throw new UnauthorizedException('Missing session cookie');
+    // }
+    if (sessionId) {
+      const user = await this.userRepository.validateSession(sessionId);
+      request.user = user;
     }
 
-    request.user = user;
+    // if (!user) {
+    //   throw new UnauthorizedException('Invalid session');
+    // }
     return true;
   }
 }

apps/api-gateway/src/organization/organization.controller.ts

@@ -550,11 +550,18 @@ export class OrganizationController {
     }
 
     const orgCredentials = await this.organizationService.clientLoginCredentials(clientCredentialsDto);
+
     const finalResponse: IResponse = {
       statusCode: HttpStatus.OK,
       message: ResponseMessages.organisation.success.clientCredentials,
       data: orgCredentials
     };
+    res.cookie('session_id', orgCredentials.sessionId, {
+      httpOnly: true,
+      sameSite: 'lax',
+      secure: false
+    });
+
     return res.status(HttpStatus.OK).json(finalResponse);
   }
   /**

apps/organization/repositories/organization.repository.ts

@@ -760,7 +760,29 @@ export class OrganizationRepository {
       throw error;
     }
   }
-
+  async getOrgAndAdminUser(orgId: string): Promise<user_org_roles> {
+    try {
+      return this.prisma.user_org_roles.findFirst({
+        where: {
+          orgId
+          // orgRole:{
+          //   name:'admin'
+          // }
+        },
+        include: {
+          user: {
+            select: {
+              id: true,
+              keycloakUserId: true
+            }
+          }
+        }
+      });
+    } catch (error) {
+      this.logger.error(`Error in fetch in organization with admin details`);
+      throw error;
+    }
+  }
   async getCredDefByOrg(orgId: string): Promise<
     {
       tag: string;