@flyeralarmdigital/fad-authentication NPM

Flyeralarm Digital @devops | Authentication

This module is our custom Authentication module for all react applications.

Installation

    git clone https://stash.flyeralarm.com/scm/fldigi/npm_react_authentication.git

cd into the directory for this module

    npm link

cd into the directory for the application where you want to install this module

    npm link @flyeralarmdigital/react-authentication

    npm install

Usage

    import AUTH from 'react.authentication'

METHODS:

AUTH.genKey(): generates a random 64 byte character string to be used per session for encryption. This method is run automatically during login. Setting a value in the localstorage allows encryption and decryption of Authentication Objects. Logging out doe snot destroy this value, as there is no need unless compromise. However a deletion will result in a new generation. You may also call this method yourself in the event you want to shift encryption, however it ust be called once in your index.js or App.js as objects are encrypted and decrypted for the duration of the visit.

AUTH.isAuthorized(role, scope, referer = '/', loginUrl): returns true if a user is logged in already. If not logged in then user will be forwarded through the the remote authentication process and returned to the referrer url.

parameters:

role - if this route requires the user to have a specific role to access, will return true if user has. For no role required, just submit null. scope - same as role referer - send a URI path such as '/account' to return a user to this route AFTER the login process is complete. Default is '/' loginUrl - A required parameter with no default. THis should be the full path with parameters to your remote login url. You may have different URLs for development and production. for example: const LOGINURL = "http://localhost:9059/auth?client_id=183nq1izo2kh33xqx8&redirect_url=https://localhost:3000/auth/login";

AUTH.setSession(): sets a UUIDv4 session cookie

AUTH.login(): activated the user login process and returns the user to '/'

AUTH.logout(): logs a user out of the app by destroying all cookies and APP_KEY for encryption.

AUTH.user(): returns the user object which is decrypted from the AUTH cookie. This is the only acceptable method as the auth cookie is encrypted for the session.

##Middleware You can use AUTH.isAuthorized() as a private middleware also. To do so in your APP.js add the follwing method...

const authMiddleware = (role, scope, referer = '/', loginUrl, component) => {
        if(AUTH.isAuthorized(role, scope, referer = '/', loginUrl) === true){
            return (
                <Fragment>{component}</Fragment>
            )
        }
    }

Then in your Router, you can use this method as so...

<Route exact path="/dashboard" render={() => authMiddleware(null, null, "/dashboard", LOGINURL, <Dashboard props={props}/>)}/>

... where Dasboard is the component page that you are trying to protect. In the event that a user is NOT logged in, then send a referer parameter of /dashboard and the user will go through the login workflow and return to the /dashboard page.