ch2 review

Author: derisen

.gitignore

@@ -102,3 +102,6 @@ dist
 
 # TernJS port file
 .tern-port
+
+# NPM lock file
+package-lock.json

1-Authentication/1-sign-in/App/routes/router.js

@@ -16,7 +16,7 @@ router.get('/signout', identity.signOut);
 router.get('/redirect', identity.handleRedirect);
 
 // protected routes
-router.get('/profile', identity.isAuthenticated, identity.getToken, mainController.getProfile); // get token for this route to call web API
+router.get('/profile', identity.isAuthenticated, mainController.getProfile);
 
 // 404
 router.get('*', (req, res) => res.status(404).redirect('/404.html'));

1-Authentication/1-sign-in/App/utils/identity.js

@@ -154,48 +154,13 @@ exports.signOut = (req, res) => {
     });
 };
 
-exports.getToken = (req, res, next) => {
-    if (!req.session.graphToken) {
-        
-        nonce = generateGuid();
-
-        const authCodeUrlParameters = {
-            redirectUri: auth.configuration.redirectUri,
-            scopes: auth.resources.graphAPI.scopes,
-            state: base64EncodeUrl(JSON.stringify({
-                stage: APP_STATES.acquireToken,
-                path: req.route.path,
-                nonce: nonce
-            })) 
-        };
-    
-        // get url to sign user in and consent to scopes needed for application
-        msalClient.getAuthCodeUrl(authCodeUrlParameters)
-            .then((response) => {
-                return res.redirect(response);
-            }).catch((error) => {
-                console.log(JSON.stringify(error));
-                return res.status(500).send(JSON.stringify(error));
-            });
-    } else {
-        next();
-    }
-};
-
 exports.isAuthenticated = (req, res, next) => {
     if (!req.session.isAuthenticated) {
         return res.redirect('/401.html');
     }
     next();
 };
 
-exports.isAuthorized = (req, res, next) => {
-    if (!req.session.graphToken) {
-        return res.redirect('/401.html');
-    }
-    next();
-}
-
 // ========= UTILITIES ============
 
 const validateIdToken = (idTokenClaims) => {
@@ -212,56 +177,6 @@ const validateIdToken = (idTokenClaims) => {
     }
 };
 
-const validateAccessToken = (token) => {
-    console.log(token);
-
-    // TODO: claims validation logic
-    // check scp
-    // check audience
-    // check issuer
-    // check tid if allowed
-    // check nonce replay
-
-    const validationOptions = {
-        audience: auth.credentials.clientId,
-    }
-
-    // without verifying signature
-    // var decoded = jwt.decode(token, {complete: true});
-
-    jwt.verify(token, getSigningKeys, validationOptions, (err, payload) => {
-        if (err) {
-            console.log(err);
-        }
-        console.log(payload);
-    });
-};
-
-const getSigningKeys = (header, callback) => {
-    const client = jwksClient({
-        jwksUri: 'https://login.microsoftonline.com/' + auth.credentials.tenantId + '/discovery/v2.0/keys'
-    });
-
-    client.getSigningKey(header.kid, function (err, key) {
-        const signingKey = key.publicKey || key.rsaPublicKey;
-        callback(null, signingKey);
-    });
-};
-
-const callAPI = (endpoint, accessToken, callback) => {
-    const options = {
-        headers: {
-            Authorization: `Bearer ${accessToken}`
-        }
-    };
-
-    console.log('request made to web API at: ' + new Date().toString());
-
-    axios.default.get(endpoint, options)
-        .then(response => callback(response.data))
-        .catch(error => console.log(error));
-}
-
 // ======== CRYPTO UTILS ==========
 
 const base64Encode = (str, encoding) => {

1-Authentication/1-sign-in/App/views/home.ejs

@@ -16,11 +16,11 @@
             <div id="card-div" class="col-md-3">
                 <div class="card text-center">
                     <div class="card-body">
-                        <h5 class="card-description">Sign-in to access your tasks</h5>
                         <% if (isAuthenticated) { %>
-                            <a class="btn btn-primary" href="/read" "role="button">Get my tasks</a>
-                            <a class="btn btn-primary" href="/write" "role="button">Add a task</a>
-                        <%  }  %>
+                            <h5 class="card-description">Welcome!</h5>
+                        <%  } else { %>
+                            <h5 class="card-description">Sign-in to get an ID Token</h5>
+                        <%  } %>
                     </div>
                 </div>
             </div>

1-Authentication/1-sign-in/App/views/includes/footer.ejs

@@ -1,5 +1,5 @@
 <footer class="footer font-small blue">
-    <div class="footer text-center py-3">© 2020 Microsoft identity platform
-      <a href="https://aka.ms/aadv2"> aka.ms/aadv2</a>
+    <div class="footer text-center py-3">How did we do?
+      <a href="https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR73pcsbpbxNJuZCMKN0lURpUQkRCSVdRSk8wUjdZSkg2NEZGOFFaTkxQVyQlQCN0PWcu" target="_blank">Share your experience with us!</a>
     </div>
 </footer>

1-Authentication/1-sign-in/AppCreationScripts/AppCreationScripts.md

@@ -75,8 +75,8 @@ The `Configure.ps1` will stop if it tries to create an Azure AD application whic
     Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process
     ```
 
-1. ### (Optionally) install AzureAD PowerShell modules
-2. 
+### (Optionally) install AzureAD PowerShell modules
+
 The scripts install the required PowerShell module (AzureAD) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps:
 
 1. If you have never done it already, in the PowerShell window, install the AzureAD PowerShell modules. For this: