fixing comments from pull request

Author: Vasileios Lekakis (lex)

.gitignore

@@ -11,6 +11,7 @@ app/platforms/
 app/plugins/
 app/src/assets/vendor/bower_components/
 app/www/assets
+app/www/build/
 api/dist/
 api/lambda/node_modules/
 api/later/

README.md

@@ -67,15 +67,8 @@ The framework relies on [Node.js] and [npm].
     cd ..
     gulp deploy
 
-    # Generate some sample data
-    gulp generate_sample_users
-    gulp generate_sample_data
-
-    # Generate Cognito User Groups
-    gulp generate_sample_groups
-    
-    # Assign user to groups
-    gulp assign_users_to_cognito_user_groups
+    # Bootstrap your application with Sample data
+    gulp bootstrap
 
 ----
 

api/gulpfile.js

@@ -176,7 +176,16 @@ gulp.task('deploy', gulp.series(
   'create_cognito_pools',
   'deploy_lambda',
   'deploy_api',
-  'generate_client_config'
+  'generate_client_config',
+  'generate_sample_data'
+));
+
+gulp.task('bootstrap', gulp.series(
+  'deploy',
+  'generate_sample_users',
+  'generate_sample_groups',
+  'sleep',
+  'assign_users_to_cognito_user_groups'
 ));
 
 gulp.task('undeploy', gulp.series(
@@ -187,3 +196,4 @@ gulp.task('undeploy', gulp.series(
   'delete_cloudwatch_logs'
 ));
 
+gulp.task('default', gulp.series('bootstrap'));

api/lambda/authorizer.js

@@ -320,27 +320,52 @@ AuthPolicy.prototype = (function AuthPolicyClass() {
 
 
 function processAuthRequest(event, tokenIssuer, callback) {
+
+  const apiOptions = {};
+  const tmp = event.methodArn.split(':');
+  const apiGatewayArnTmp = tmp[5].split('/');
+  const awsAccountId = tmp[4];
+
+  apiOptions.region = tmp[3];
+  apiOptions.restApiId = apiGatewayArnTmp[0];
+  apiOptions.stage = apiGatewayArnTmp[1];
+
+
+
+
+
+
   var token = event.authorizationToken;
 
   //Fail if the token is not jwt
   var decodedJwt = jwt.decode(token, {complete: true});
   if (!decodedJwt) {
-    console.log('Not a valid JWT token');
-    callback('Unauthorized');
+    let policy = new AuthPolicy('', awsAccountId, apiOptions);
+    logger.info("Not valid JWT token, returning deny all policy");
+    policy.denyAllMethods();
+    let iamPolicy = policy.build();
+    callback(null, iamPolicy);
     return;
   }
 
   //Fail if token is not from your User Pool
   if (decodedJwt.payload['iss'] != tokenIssuer) {
-    console.log("invalid Issuer");
-    callback("Unauthorized");
+    logger.info("Provided Token not from UserPool, returning deny all policy");
+    let policy = new AuthPolicy('', awsAccountId, apiOptions);
+    policy.denyAllMethods();
+    let iamPolicy = policy.build();
+    callback(null, iamPolicy);
     return;
   }
 
-  //Reject the jwt if it's not an 'Access Token'
+  //Reject the jwt if it's not an 'Identity Token'
   if (decodedJwt.payload['token_use'] != 'id') {
     console.log("Not an Identity token");
-    callback("Unauthorized");
+    logger.info("Provided Token is not and identity token, returning deny all policy");
+    let policy = new AuthPolicy('', awsAccountId, apiOptions);
+    policy.denyAllMethods();
+    let iamPolicy = policy.build();
+    callback(null, iamPolicy);
     return;
   }
 
@@ -349,39 +374,39 @@ function processAuthRequest(event, tokenIssuer, callback) {
   var pem = PEMS[kid];
   if (!pem) {
     console.log('Invalid Identity token');
-    callback("Unauthorized");
+    logger.info("Invalid Identity token, returning deny all policy");
+    let policy = new AuthPolicy('', awsAccountId, apiOptions);
+    policy.denyAllMethods();
+    let iamPolicy = policy.build();
+    callback(null, iamPolicy);
     return;
   }
 
   //Verify the signature of the JWT token to ensure it's really coming from your User Pool
 
   jwt.verify(token, pem, {issuer: tokenIssuer}, function (err, payload) {
     if (err) {
-      callback("Unauthorized");
+      logger.info("Error while trying to verify the Token, returning deny-all policy");
+      let policy = new AuthPolicy('', awsAccountId, apiOptions);
+      policy.denyAllMethods();
+      let iamPolicy = policy.build();
+      callback(null, iamPolicy);
     } else {
       //Valid token. Generate the API Gateway policy for the user
       //Always generate the policy on value of 'sub' claim and not for
       // 'username' because username is reassignable
       //sub is UUID for a user which is never reassigned to another user.
 
-      const apiOptions = {};
-      const tmp = event.methodArn.split(':');
-      const apiGatewayArnTmp = tmp[5].split('/');
-      const principalId = payload.sub;
-      const awsAccountId = tmp[4];
-
-      apiOptions.region = tmp[3];
-      apiOptions.restApiId = apiGatewayArnTmp[0];
-      apiOptions.stage = apiGatewayArnTmp[1];
-
       let admin = null;
-      let policy = new AuthPolicy(principalId, awsAccountId, apiOptions);
+      const pId = payload.sub;
+      logger.info(pId);
+      let policy = new AuthPolicy(pId, awsAccountId, apiOptions);
       policy.allowAllMethods();
 
-
       //Check the Cognito group entry for Admin.
       //Assuming here that the Admin group has always higher
       //precedence
+      const principalId = payload.sub;
 
       if (payload['cognito:groups'] &&
         payload['cognito:groups'][0] === 'adminGroup') {

api/lambda/locations.js

@@ -6,6 +6,7 @@ let LocationsTable = new data.LocationsTable();
 
 
 function Create(event) {
+
   return LocationsTable.put(JSON.parse(event.body));
 }
 

api/util/cognito.js

@@ -348,45 +348,52 @@ function deleteUserPool() {
   });
 }
 
+/**
+ * The function creates a Cognito UserGroup based on the input argument.
+ * If the group already exists, then it ignores the request.
+ * @param group The group we want to create
+ * @returns {Promise.<TResult>|*}
+ */
 function adminCreateGroup(group) {
   return getUserPoolId().then((userPoolId) => {
 
+    logger.info('Incoming request to crate group %s', group.name);
+    let listParams = {
+      UserPoolId: userPoolId
+    };
+
     let params = {
       UserPoolId: userPoolId,
       GroupName: group.name,
       Description: group.description,
       Precedence: group.precedence
     };
-    userPools.createGroup(params, function (err, data) {
+    userPools.listGroups(listParams, function (err, listData) {
       if (err) {
         throw (new Error(err));
       }
-      return (data)
-    });
-  });
+      for (let userGroupIndex in listData.Groups) {
 
-}
+        if (listData.Groups[userGroupIndex].GroupName === group.name) {
+          logger.info('Group %s already exists, ignoring', group.name);
+          return;
+        }
+      }
+      userPools.createGroup(params, function (err, data) {
 
 
-function adminAssignUserToGroup(user, group) {
-  return getUserPoolId().then((userPoolId) => {
-    let params = {
-      UserPoolId: userPoolId,
-      Username: user.username,
-      GroupName: group.name
-    };
-
-    userPools.adminAddUserToGroup(params, function (err, data) {
-      if (err) {
-        throw (new Error(err));
-      }
-      return (data)
-    })
+        if (err) {
+          throw (new Error(err));
+        }
+        return (data);
+      })
+    });
   });
 }
 
-
 function adminCreateUser(userData) {
+
+
   return getUserPoolId().then((userPoolId) => {
     let createUserParams = {
       UserPoolId: userPoolId,
@@ -408,15 +415,51 @@ function adminCreateUser(userData) {
         }
       ]
     };
-    userPools.adminCreateUser(createUserParams, function (err) {
+
+    let listUserParams = {
+      UserPoolId: userPoolId
+    }
+
+    userPools.listUsers(listUserParams, function (err, listUsersData) {
       if (err) {
         throw (new Error(err));
       }
-      return initialChangePassword(userData);
+
+      for (let poolUserIndex in listUsersData.Users) {
+        if (listUsersData.Users[poolUserIndex].Username === userData.username) {
+          logger.info('User %s already exists, ignoring', userData.username);
+          return;
+        }
+      }
+      userPools.adminCreateUser(createUserParams, function (err) {
+        if (err) {
+          throw (new Error(err));
+        }
+        return initialChangePassword(userData);
+      });
+
     });
+
+  });
+}
+
+function adminAssignUserToGroup(user, group) {
+  return getUserPoolId().then((userPoolId) => {
+    let params = {
+      UserPoolId: userPoolId,
+      Username: user.username,
+      GroupName: group.name
+    };
+    userPools.adminAddUserToGroup(params, function (err, data) {
+      if (err) {
+        throw (new Error(err));
+      }
+      return (data);
+    })
   });
 }
 
+
 function initialChangePassword(userData) {
   return new Promise((resolve, reject) => {
     getUserPoolId().then((userPoolId) => {

api/util/importer.js

@@ -1,10 +1,15 @@
 'use strict';
 var rfr = require('rfr');
+var logger = rfr('util/logger');
 var locations = rfr('lambda/locations');
 var resources = rfr('lambda/resources');
 var bookings = rfr('lambda/bookings');
 var cognito = rfr('util/cognito');
 
+/*
+ More information about the UserGroups and the precedence
+ http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html#assigning-precedence-values-to-groups
+ */
 
 var SampleGroups = [
   {
@@ -16,7 +21,7 @@ var SampleGroups = [
   {
     name: 'clientGroup',
     description: 'Cognito user group for spacefinder users',
-    precedence: 0,
+    precedence: 1,
     iam: 'something'
   },
 ];
@@ -29,6 +34,7 @@ var SampleUsers = [
     givenName: 'Admin',
     familyName: 'User',
     password: 'Test123!'
+
   },
   {
     username: 'user1',
@@ -103,6 +109,7 @@ class SampleData {
 
   generateSampleLocation(name, description, imageUrl) {
     return new Promise((resolve, reject) => {
+
       locations.Create({
           body: JSON.stringify({
             name: name,
@@ -264,13 +271,12 @@ class SampleData {
     return promise;
   }
 
+
   static assignUsersToGroups() {
     let promises = [];
     for (let user of SampleUsers) {
       let group = null;
-      //Just a trivial assignment to demonstrate adding users
-      //to a group. For the example admin1 user goes to admin group
-      //and user1 user goes to client group
+
       if (user.username === "admin1") {
         group = SampleGroups[0];
       } else {
@@ -279,12 +285,16 @@ class SampleData {
       let promise = SampleData.createUserAssignmentToGroupPromise(user, group);
       promises.push(promise);
     }
+    logger.info(promises.length);
     return Promise.all(promises);
+
+
   }
 
 
 } // end class
 
-module.exports = {
+module
+  .exports = {
   SampleData
 };