diff --git a/config.js.template b/config.js.template index d1598bf..d9d428f 100644 --- a/config.js.template +++ b/config.js.template @@ -28,8 +28,7 @@ config.app = { config.pep = { app_id: '', username: '', - password: '', - trusted_apps : [] + password: '' } // in seconds diff --git a/lib/idm.js b/lib/idm.js index 587145a..fd9962d 100644 --- a/lib/idm.js +++ b/lib/idm.js @@ -54,6 +54,8 @@ const IDM = (function() { let path = '/user?access_token=' + encodeURIComponent(token) + path = path + '&app_id=' + config.pep.app_id + if (action && resource) { path = path + '&action=' + action path = path + '&resource=' + resource @@ -103,61 +105,41 @@ const IDM = (function() { proxy.sendData(protocol, options, undefined, undefined, function (status, resp) { const userInfo = JSON.parse(resp); - - if (!checkApplication(userInfo.app_id)) { + /*if (!checkApplication(userInfo.app_id)) { log.error('User not authorized in application', config.pep.app_id); callbackError(401, 'User not authorized in application', config.pep.app_id); - } else { - cache[token] = {}; - cache[token].date = new Date(); - cache[token].userInfo = userInfo; - - if (config.authorization.enabled) { - if (config.authorization.pdp === 'idm' && userInfo.authorization_decision === "Permit") { - if (!cache[token][action]) { - cache[token][action] = []; - cache[token][action].push(resource); - } else if (cache[token][action] && cache[token][action].indexOf(resource) === -1) { - cache[token][action].push(resource); - } + } else {*/ + cache[token] = {}; + cache[token].date = new Date(); + cache[token].userInfo = userInfo; + + if (config.authorization.enabled) { + if (config.authorization.pdp === 'idm' && userInfo.authorization_decision === "Permit") { + if (!cache[token][action]) { + cache[token][action] = []; + cache[token][action].push(resource); + } else if (cache[token][action] && cache[token][action].indexOf(resource) === -1) { + cache[token][action].push(resource); } } - - callback(userInfo); } - }, function (status, e) { - - /*if (status === 401) { - - log.error('Error validating token. Proxy not authorized in keystone. Keystone authentication ...'); - authenticate (function (status, resp) { - - myToken = JSON.parse(resp).access.token.id; - - log.info('Success authenticating PEP proxy. Proxy Auth-token: ', myToken); - checkToken(token, callback, callbackError); - - }, function (status, e) { - log.error('Error in IDM communication ', e); - callbackError(503, 'Error in IDM communication'); - }); - } else { - callbackError(status, e); - }*/ + callback(userInfo); + /*}*/ + }, function (status, e) { log.error('Error in IDM communication ', e); callbackError(status, (e) ? JSON.parse(e) : undefined); }); }; - const checkApplication = function (appId) { + /*const checkApplication = function (appId) { log.debug('Token created in application: ', appId); log.debug('PEP Proxy application: ', config.pep.app_id); log.debug('PEP Proxy trusted_apps: ', config.pep.trusted_apps); if (appId === config.pep.app_id || config.pep.trusted_apps.indexOf(appId) !== -1) {return true;} return false; - } + }*/ return {