Closed jennet closed 2 years ago
from middleware.clj:
(def wrap-manage-recipes
{:name ::manage-recipes
:description "Middleware to check if a user can manage recipes"
:wrap (fn [handler]
(fn [request]
(let [roles (get-in request [:claims "https://cheffy.jennet-dummy-domain.com/roles"])]
(if (some #{"manage-recipes"} roles)
(handler request)
(-> (rr/response {:message "You need to be a cook to manager recipes"
:data (:uri request)
:type :authorization-required})
(rr/status 401))))))})
from recipe/routes.clj:
(defn routes
[env]
(let [db (:jdbc-url env)]
["/recipes" {:swagger {:tags ["recipes"]}
:middleware [[mw/wrap-auth0]]}
[""
{:get {:handler (recipe/list-all-recipes db)
:response {200 {:body responses/recipes}}
:summary "List all recipes"}
:post {:handler (recipe/create-recipe! db)
:middleware [[mw/wrap-manage-recipes]]
:parameters {:body {:name string?
:prep-time number?
:img string?}}
:responses {201 {:body {:recipe-id string?}}}
:summary "Create recipe"}
}]
["/:recipe-id"
[""
{:get {:handler (recipe/retrieve-recipe db)
:parameters {:path {:recipe-id string?}}
:response {200 {:body responses/recipe}}
:summary "Get recipe by ID"}
:put {:handler (recipe/update-recipe! db)
:middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]
:parameters {:path {:recipe-id string?}
:body {:name string? :prep-time int? :public boolean? :img string?}}
:responses {204 {:body nil?}}
:summary "Update recipe"}
:delete {:handler (recipe/delete-recipe! db)
:middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]
:parameters {:path {:recipe-id string?}}
:response {204 {:body nil?}}
:summary "Delete recipe by ID"}}]
["/steps" {:middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]}
[""
{:post {:handler (recipe/create-step! db)
:parameters {:path {:recipe-id string?}
:body {:description string? :sort number?}}
:responses {201 {:step-id string?}}
:summary "Create step"}
:put {:handler (recipe/update-step! db)
:parameters {:path {:recipe-id string?}
:body {:step-id string?
:description string?
:sort number?}}
:responses {204 {:body nil?}}
:summary "Update step"}
:delete {:handler (recipe/delete-step! db)
:parameters {:path {:recipe-id string?}
:body {:step-id string?}}
:response {204 {:body nil?}}
:summary "Delete step"}}]]
["/ingredients" {:middleware [[mw/wrap-recipe-owner db] [mw/wrap-manage-recipes]]}
[""
{:post {:handler (recipe/create-ingredient! db)
:parameters {:path {:recipe-id string?}
:body {:name string?
:sort number?
:amount number?
:measure string?}}
:responses {201 {:ingredient-id string?}}
:summary "Create ingredient"}
:put {:handler (recipe/update-ingredient! db)
:parameters {:path {:recipe-id string?}
:body {:ingredient-id string?
:name string?
:sort number?
:amount number?
:measure string?}}
:responses {204 {:body nil?}}
:summary "Update ingredient"}
:delete {:handler (recipe/delete-ingredient! db)
:parameters {:path {:recipe-id string?}
:body {:ingredient-id string?}}
:response {204 {:body nil?}}
:summary "Delete ingredient"}}]]
["/favorite" ;/recipes/:recipe-id/favorite
{:post {:handler (recipe/favorite-recipe! db)
:parameters {:path {:recipe-id string?}}
:responses {204 {:body nil?}}
:summary "Favorite recipe"}
:delete {:handler (recipe/unfavorite-recipe! db)
:parameters {:path {:recipe-id string?}}
:response {204 {:body nil?}}
:summary "Unfavorite recipe"}}]]]))
The get
recipes doesn't require manage-recipes role, that is why it passes. When it comes to create and other routes that require wrap-manage-recipes
here is the problem:
When you decode your token you get:
{
"https://temp-jen.publishmydata.com/roles": [
"manage-recipes"
],
"iss": "https://ddj-learn-reitit.eu.auth0.com/",
"sub": "auth0|6005ac5ef84781006965d98b",
"aud": [
"https://ddj-learn-reitit.eu.auth0.com/api/v2/",
"https://ddj-learn-reitit.eu.auth0.com/userinfo"
],
"iat": 1610984545,
"exp": 1611070945,
"azp": "a9yn4qNka6jXPZffYjZ0zxEhc7Otjjhw",
"scope": "openid profile email read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities",
"gty": "password"
}
As you. can see the domain that you are getting is https://temp-jen.publishmydata.com/roles
and with the middleware your are checking for https://cheffy.jennet-dummy-domain.com/roles
, since they are different the test fails.
PS. Sorry for my late reply, I didn't notice the issues before.
@jennet could we close this one?
stale
My auth0 middleware to check whether the user has the role
manage-recipes
keeps failing and I'm not sure what I've missed.I'm up to lesson 49, but I've not found any adjustments to the code so I must have something wrong in my code I'm just not sure where.
I've completed the tests reformatting lesson, and create an account during the fixture. I can see this being created via the Auth0 management panel, and can see the role added successfully. I can also see the expected keys in the updated token by copying and pasting into jwt.io:
The get recipes test runs fine, but then the create recipe fails with "You need to be a cook to manager recipes"
Full request diffs are:
Does anything obvious stand out to you in that diff that would point me in the direction of where I might have gone wrong?