fix: user profile to principal

loopbackio · Sep 26, 2019 · c801f0f · c801f0f
1 parent 866c7db
commit c801f0f
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 18 deletions.
diff --git a/packages/authorization/src/__tests__/unit/util.test.ts b/packages/authorization/src/__tests__/unit/util.test.ts
@@ -0,0 +1,26 @@
+// Copyright IBM Corp. 2019. All Rights Reserved.
+// Node module: @loopback/authorization
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+import {Principal, securityId, UserProfile} from '@loopback/security';
+import {expect} from '@loopback/testlab';
+import {userProfileToPrincipalBuilder} from '../../util';
+
+describe('utils', () => {
+  it('generates the correct principal', () => {
+    const userProfile: UserProfile = {
+      [securityId]: 'auser',
+      email: '[email protected]',
+    };
+    const expectedPrincipal: Principal = {
+      [securityId]: 'auser',
+      email: '[email protected]',
+      name: 'auser',
+      type: 'USER',
+    };
+    expect(userProfileToPrincipalBuilder(userProfile)).to.deepEqual(
+      expectedPrincipal,
+    );
+  });
+});
diff --git a/packages/authorization/src/authorize-interceptor.ts b/packages/authorization/src/authorize-interceptor.ts
@@ -17,12 +17,7 @@ import {
   Next,
   Provider,
 } from '@loopback/context';
-import {
-  Principal,
-  SecurityBindings,
-  securityId,
-  UserProfile,
-} from '@loopback/security';
+import {SecurityBindings, UserProfile} from '@loopback/security';
 import * as debugFactory from 'debug';
 import {getAuthorizationMetadata} from './decorators/authorize';
 import {AuthorizationBindings, AuthorizationTags} from './keys';
@@ -33,6 +28,7 @@ import {
   AuthorizationOptions,
   Authorizer,
 } from './types';
+import {userProfileToPrincipalBuilder} from './util';
 
 const debug = debugFactory('loopback:authorization:interceptor');
 
@@ -83,7 +79,7 @@ export class AuthorizationInterceptor implements Provider<Interceptor> {
     debug('Current user', user);
 
     const authorizationCtx: AuthorizationContext = {
-      principals: user ? [userToPrinciple(user)] : [],
+      principals: user ? [userProfileToPrincipalBuilder(user)] : [],
       roles: [],
       scopes: [],
       resource: invocationCtx.targetName,
@@ -151,14 +147,3 @@ async function loadAuthorizers(
   }
   return authorizerFunctions;
 }
-
-// This is a workaround before we extract a common layer
-// for authentication and authorization.
-function userToPrinciple(user: UserProfile): Principal {
-  return {
-    name: user.name || user[securityId],
-    [securityId]: user.id,
-    email: user.email,
-    type: 'USER',
-  };
-}
diff --git a/packages/authorization/src/util.ts b/packages/authorization/src/util.ts
@@ -0,0 +1,24 @@
+import { Principal, securityId, UserProfile } from '@loopback/security';
+
+// This is a workaround before we specify `TypedPrincipal` instead of
+// `Principal` for the principals in the authorization context.
+
+/**
+ * Module `@loopback/authentication` passes a user profile to
+ * `@loopback/authorization` as the user identity. Authorization verifies
+ * whether a user has access to a certain resource.
+ *
+ * The builder function:
+ * - preserves all the fields from user profile
+ * - specifies 'USER' as type
+ * - assign the value of `securityId` to name if it's missing in the
+ * user profile
+ * @param user The user profile passed from `@loopback/authentication`.
+ */
+export function createPrincipalFromUserProfile(user: UserProfile): Principal {
+  return {
+    ...user,
+    name: user.name || user[securityId],
+    type: 'USER',
+  };
+}