14911871966

Committed 08 May 2025 04:57PM UTC coverage: 49.059% (+0.09%) from 48.969%

Build # 14911871966

Build Type

push

github

Committed by

emuvente

Commit Message

fix: provide current route ref value from server entry and remove contentful cookie

Run Details

1595 of 3417 branches covered (46.68%)

Branch coverage included in aggregate %.

0 of 11 new or added lines in 5 files covered. (0.0%)

3 existing lines in 2 files now uncovered.

2393 of 4712 relevant lines covered (50.79%)

286.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/util/authenticationGuard.js

import * as Sentry from '@sentry/vue';
import authenticationQuery from '#src/graphql/query/authenticationQuery.graphql';

const isServer = typeof window === 'undefined';

// Return true if user logged in recently enough and false otherwise
export function checkLastLoginTime(data, durationKey, defaultDuration) {
        const lastLogin = data?.my?.lastLoginTimestamp ?? 0;
        const durationKeyValue = data?.general?.[durationKey]?.value;
        const duration = 1000 * (parseInt(durationKeyValue, 10) || defaultDuration);

        if (Date.now() > lastLogin + duration) {
                return false;
        }
        return true;
}

const processErrors = (error, route) => {
        const doneUrl = route.fullPath || '';
        if (error.message.indexOf('activeLoginRequired') > -1 || error.message.indexOf('recentLoginRequired') > -1) {
                // Force a login when active/recent login is required
                return {
                        path: '/ui-login',
                        query: { force: true, doneUrl }
                };
        }

        if (error.message.indexOf('api.authenticationRequired') > -1) {
                // Redirect to login upon authentication error
                return {
                        path: '/ui-login',
                        query: { doneUrl }
                };
        }

        if (error.message.indexOf('verificationRequired') > -1) {
                const lastMatchedRoute = route.matched[route.matched.length - 1];
                // Redirect to email verification page
                return {
                        path: '/start-verification',
                        query: {
                                doneUrl,
                                process: lastMatchedRoute.meta.process || '',
                        }
                };
        }

        // Log other errors to Sentry
        if (!isServer) {
                Sentry.withScope(scope => {
                        scope.setTag('authentication_guard', 'unknown error');
                        Sentry.captureMessage(error);
                });
        }
        // catch all redirect to login
        return {
                path: '/ui-login',
                query: { doneUrl }
        };
};

// Given a route definition meta property, authenticationGuard will determine
// if a user has the right kind of login required to visit the route
// and return a resolved promise if the user has the right permissions
// to visit route or a rejection with the appropriate redirect params
// The two possible meta properties are activeLoginRequired, and authenticationRequired
// activeLoginRequired takes priority over authenticationRequired since it implies authenticationRequired
// and recentLoginRequired takes priority over activeLoginRequired since it implies activeLoginRequired

export function authenticationGuard({ route, apolloClient, kvAuth0 }) {
        // Skip authentication checks if Auth0 usage is not enabled
        if (!kvAuth0.enabled) {
                return Promise.resolve();
        }
        return new Promise((resolve, reject) => {
                const activeRequired = route.matched.some(matchedRoute => matchedRoute.meta.activeLoginRequired);
                const authRequired = route.matched.some(matchedRoute => matchedRoute.meta.authenticationRequired);
                const mfaRequired = route.matched.some(matchedRoute => matchedRoute.meta.mfaRequired);
                const recentRequired = route.matched.some(matchedRoute => matchedRoute.meta.recentLoginRequired);

                // Route requires some sort of authentication
                if (activeRequired || authRequired || mfaRequired || recentRequired) {
                        apolloClient.query({
                                query: authenticationQuery,
                                fetchPolicy: 'network-only',
                        }).then(({ data }) => {
                                if (!data.my) {
                                        throw new Error('api.authenticationRequired');
                                }
                                // Route requires active login
                                if (activeRequired && !checkLastLoginTime(data, 'activeLoginDuration', 3600)) {
                                        throw new Error('activeLoginRequired');
                                }
                                // Route requires recent login
                                if (recentRequired && !checkLastLoginTime(data, 'recentLoginDuration', 300)) {
                                        throw new Error('recentLoginRequired');
                                }
                                // Route requires multi factor authentication or email verification
                                if (mfaRequired && !kvAuth0.isMfaAuthenticated() && !data?.my?.emailVerifiedRecently) {
                                        throw new Error('verificationRequired');
                                }
                                resolve();
                        }).catch(e => {
                                reject(processErrors(e, route));
                        });
                } else {
                        // Route does not require any authentication
                        resolve();
                }
        });
}

1	import * as Sentry from '@sentry/vue';
2	import authenticationQuery from '#src/graphql/query/authenticationQuery.graphql';
3
4	const isServer = typeof window === 'undefined';	×
5
6	// Return true if user logged in recently enough and false otherwise
7	export function checkLastLoginTime(data, durationKey, defaultDuration) {
8	const lastLogin = data?.my?.lastLoginTimestamp ?? 0;	×
9	const durationKeyValue = data?.general?.[durationKey]?.value;	×
10	const duration = 1000 * (parseInt(durationKeyValue, 10) \|\| defaultDuration);	×
11
12	if (Date.now() > lastLogin + duration) {	×
13	return false;	×
14	}
15	return true;	×
16	}
17
18	const processErrors = (error, route) => {	×
NEW 19	const doneUrl = route.fullPath \|\| '';	×
20	if (error.message.indexOf('activeLoginRequired') > -1 \|\| error.message.indexOf('recentLoginRequired') > -1) {	×
21	// Force a login when active/recent login is required
22	return {	×
23	path: '/ui-login',
24	query: { force: true, doneUrl }
25	};
26	}
27
28	if (error.message.indexOf('api.authenticationRequired') > -1) {	×
29	// Redirect to login upon authentication error
30	return {	×
31	path: '/ui-login',
32	query: { doneUrl }
33	};
34	}
35
36	if (error.message.indexOf('verificationRequired') > -1) {	×
NEW 37	const lastMatchedRoute = route.matched[route.matched.length - 1];	×
38	// Redirect to email verification page
39	return {	×
40	path: '/start-verification',
41	query: {
42	doneUrl,
43	process: lastMatchedRoute.meta.process \|\| '',	×
44	}
45	};
46	}
47
48	// Log other errors to Sentry
49	if (!isServer) {	×
50	Sentry.withScope(scope => {	×
51	scope.setTag('authentication_guard', 'unknown error');	×
52	Sentry.captureMessage(error);	×
53	});
54	}
55	// catch all redirect to login
56	return {	×
57	path: '/ui-login',
58	query: { doneUrl }
59	};
60	};
61
62	// Given a route definition meta property, authenticationGuard will determine
63	// if a user has the right kind of login required to visit the route
64	// and return a resolved promise if the user has the right permissions
65	// to visit route or a rejection with the appropriate redirect params
66	// The two possible meta properties are activeLoginRequired, and authenticationRequired
67	// activeLoginRequired takes priority over authenticationRequired since it implies authenticationRequired
68	// and recentLoginRequired takes priority over activeLoginRequired since it implies activeLoginRequired
69
70	export function authenticationGuard({ route, apolloClient, kvAuth0 }) {
71	// Skip authentication checks if Auth0 usage is not enabled
72	if (!kvAuth0.enabled) {	×
73	return Promise.resolve();	×
74	}
75	return new Promise((resolve, reject) => {	×
NEW 76	const activeRequired = route.matched.some(matchedRoute => matchedRoute.meta.activeLoginRequired);	×
NEW 77	const authRequired = route.matched.some(matchedRoute => matchedRoute.meta.authenticationRequired);	×
NEW 78	const mfaRequired = route.matched.some(matchedRoute => matchedRoute.meta.mfaRequired);	×
NEW 79	const recentRequired = route.matched.some(matchedRoute => matchedRoute.meta.recentLoginRequired);	×
80
81	// Route requires some sort of authentication
82	if (activeRequired \|\| authRequired \|\| mfaRequired \|\| recentRequired) {	×
83	apolloClient.query({	×
84	query: authenticationQuery,
85	fetchPolicy: 'network-only',
86	}).then(({ data }) => {
87	if (!data.my) {	×
88	throw new Error('api.authenticationRequired');	×
89	}
90	// Route requires active login
91	if (activeRequired && !checkLastLoginTime(data, 'activeLoginDuration', 3600)) {	×
92	throw new Error('activeLoginRequired');	×
93	}
94	// Route requires recent login
95	if (recentRequired && !checkLastLoginTime(data, 'recentLoginDuration', 300)) {	×
96	throw new Error('recentLoginRequired');	×
97	}
98	// Route requires multi factor authentication or email verification
99	if (mfaRequired && !kvAuth0.isMfaAuthenticated() && !data?.my?.emailVerifiedRecently) {	×
100	throw new Error('verificationRequired');	×
101	}
102	resolve();	×
103	}).catch(e => {
104	reject(processErrors(e, route));	×
105	});
106	} else {
107	// Route does not require any authentication
108	resolve();	×
109	}
110	});
111	}

kiva / ui / 14911871966

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous