Implement option for anonymous access

CatalystCode · Feb 27, 2018 · 2703807 · 2703807
1 parent a86e975
commit 2703807
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 11 deletions.
diff --git a/project-fortis-interfaces/src/components/Header/Header.js b/project-fortis-interfaces/src/components/Header/Header.js
@@ -78,18 +78,30 @@ class Header extends React.Component {
     );
   }
 
-  renderLogoutLink() {
-    return (
-      <a onClick={this.props.logoutCallback}>
-        Logout {this.props.userName}
-      </a>
-    )
+  renderAuth() {
+    if (!this.props.userName && this.props.loginCallback) {
+      return (
+        <a onClick={this.props.loginCallback}>
+          Log in
+        </a>
+      );
+    }
+
+    if (this.props.userName && this.props.logoutCallback) {
+      return (
+        <a onClick={this.props.logoutCallback}>
+          Logout {this.props.userName}
+        </a>
+      );
+    }
+
+    return null;
   }
 
   renderRightNav() {
     return (
       <ul className="nav navbar-nav navbar-right">
-        { this.props.logoutCallback && <li>{ this.renderLogoutLink() }</li> }
+        <li>{ this.renderAuth() }</li>
       </ul>
     );
   }

diff --git a/project-fortis-interfaces/src/routes/AppPage.js b/project-fortis-interfaces/src/routes/AppPage.js
@@ -163,8 +163,24 @@ export const AppPage = createReactClass({
     return this.getFlux().store("DataStore").getState();
   },
 
+  didAuthFail() {
+    const { error } = this.state;
+
+    if (!error) {
+      return false;
+    }
+
+    return error.code === 401 || error.message.indexOf('Unknown user') !== -1;
+  },
+
+  isAuthAvailable() {
+    const { authInfo } = this.state;
+
+    return authInfo && authInfo.token;
+  },
+
   shouldRenderLogin() {
-    return this.adApplication && (!this.state.authInfo || !this.state.authInfo.user || !this.state.authInfo.token);
+    return this.adApplication && this.didAuthFail() && !this.isAuthAvailable();
   },
 
   shouldRenderUnknownCategory() {
@@ -178,7 +194,7 @@ export const AppPage = createReactClass({
       return false;
     }
 
-    if (this.state.error.code === 401 && this.state.authInfo && this.state.authInfo.token) {
+    if (this.didAuthFail() && this.isAuthAvailable()) {
       window.location.reload();
       return false;
     }
@@ -266,6 +282,7 @@ export const AppPage = createReactClass({
             title={this.state.title}
             logo={this.state.logo}
             logoutCallback={this.adApplication ? this.adLogout : null}
+            loginCallback={this.adApplication ? this.adLogin : null}
             userName={this.state.authInfo && this.state.authInfo.user && this.state.authInfo.user.name}
           />
           <div id="main">

diff --git a/project-fortis-pipeline/docs/admin-settings.md b/project-fortis-pipeline/docs/admin-settings.md
@@ -131,6 +131,9 @@ On this page, you can manage access to your Fortis site. There are currently two
 levels of access: `admin` and `user`. Users can only log into the site and view
 the dashboard. Admins can additionally chage the settings for the site.
 
+If you wish to enable anoymous access to Fortis, you can add the identity
+`anonymous@fortis` to your users list and give it a role such as `user`.
+
 The following list explains the settings managed on this site in more detail:
 
 - **Identity:** The canonical email address of the users who have access to the

diff --git a/project-fortis-services/package-lock.json b/project-fortis-services/package-lock.json
diff --git a/project-fortis-services/package.json b/project-fortis-services/package.json
@@ -55,6 +55,7 @@
     "moment": "^2.17.1",
     "node-cache": "^4.1.1",
     "passport": "^0.4.0",
+    "passport-anonymous": "^1.0.1",
     "passport-azure-ad": "^3.0.8",
     "promise": "^7.1.1",
     "request": "^2.79.0",

diff --git a/project-fortis-services/src/auth.js b/project-fortis-services/src/auth.js
@@ -1,6 +1,7 @@
 const Promise = require('promise');
 const passport = require('passport');
 const OIDCBearerStrategy = require('passport-azure-ad').BearerStrategy;
+const AnonymousStrategy = require('passport-anonymous').Strategy;
 const NodeCache = require('node-cache');
 const cassandraConnector = require('./clients/cassandra/CassandraConnector');
 const { getUserFromArgs } = require('./utils/request');
@@ -33,7 +34,8 @@ function initialize(app, route) {
   app.use(passport.initialize());
   app.use(passport.session());
   passport.use(bearerStrategy);
-  app.use(route, passport.authenticate('oauth-bearer', { session: false }));
+  passport.use(new AnonymousStrategy());
+  app.use(route, passport.authenticate(['oauth-bearer', 'anonymous'], { session: false }));
 }
 
 function checkIfUserHasRole(user, role) {

diff --git a/project-fortis-services/src/utils/request.js b/project-fortis-services/src/utils/request.js
@@ -1,5 +1,7 @@
+const anonymousUser = 'anonymous@fortis';
+
 function getUserFromArgs(...args) {
-  return (args && args.length >= 2 && args[1].user && args[1].user.identifier) || '';
+  return (args && args.length >= 2 && args[1].user && args[1].user.identifier) || anonymousUser;
 }
 
 module.exports = {