search

integreat-io / integreat

Node.js integration layer
Other
13 stars 3 forks source link

Complete ident on incoming authentication #357

Closed kjellmorten closed 2 months ago

kjellmorten commented 3 months ago

Today, idents are completed with a middleware, and if an ident is not found with GET_IDENT the ident is simply removed. This may stop an ident from access something it shouldn't, but for incoming actions, we will have already told the transporter that the action is authenticated and by remove it later, the transporter is not given a chance to handle an unknown ident in the right way.

So to supplement, and in some cases replace, the completion middleware, there should be an option to complete the ident when it's first authenticated on an incoming action. If GET_IDENT returns no matching ident, we can respond with noaccess right away. This should happen in the authenticate() callback given to the transporter when listen() is first called.

The completed ident should be marked with isCompleted as in the completer middleware, to avoid it being completed by the middleware too.

kjellmorten commented 2 months ago

Implemented with the completeIdent option on identConfig. Will also complete on dispatched actions, so should render the middleware unneeded.