review changes

derisen · derisen · commit 32464cf832e5 · 2021-06-08T16:12:49.000-07:00
diff --git a/4-AccessControl/1-app-roles/App/controllers/todolistController.js b/4-AccessControl/1-app-roles/App/controllers/todolistController.js
@@ -2,6 +2,7 @@ const lowdb = require('lowdb');
 const FileSync = require('lowdb/adapters/FileSync');
 const adapter = new FileSync('./data/db.json');
 const db = lowdb(adapter);
+const { nanoid } = require('nanoid')
 
 exports.getTodos = (req, res) => {
     const owner = req.session.account.idTokenClaims['preferred_username'];
@@ -14,7 +15,13 @@ exports.getTodos = (req, res) => {
 }
 
 exports.postTodo = (req, res) => {
-    db.get('todos').push(req.body).write();
+    const newTodo = {
+        id: nanoid(),
+        name: req.body.name,
+        owner: req.session.account.idTokenClaims['preferred_username'],
+    };
+
+    db.get('todos').push(newTodo).write();
     res.redirect('/todolist');
 }
 
diff --git a/4-AccessControl/1-app-roles/App/data/db.json b/4-AccessControl/1-app-roles/App/data/db.json
@@ -1,3 +1,4 @@
 {
-    "todos": []
+  "todos": [
+  ]
 }
diff --git a/4-AccessControl/1-app-roles/App/views/dashboard.ejs b/4-AccessControl/1-app-roles/App/views/dashboard.ejs
@@ -16,6 +16,25 @@
             <p>You can only see this page if you are in <strong>TaskAdmin</strong> role</p>
         </div>
 
+        <div class="table-area-div">
+            <table class="table">
+                <thead class="thead-dark">
+                    <tr>
+                        <th scope="col">Task</th>
+                        <th scope="col">Owner</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <% for (let i=0; i < todos.length; i++) { %>
+                        <tr>
+                            <td><%= todos[i]['name'] %></td>
+                            <td><%= todos[i]['owner'] %></td>
+                        </tr>
+                    <% } %>
+                </tbody>
+            </table>
+        </div> 
+
         <%- include('includes/footer'); %>
 
         <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
diff --git a/4-AccessControl/1-app-roles/App/views/todolist.ejs b/4-AccessControl/1-app-roles/App/views/todolist.ejs
@@ -16,6 +16,31 @@
             <p>You can see this page if you are in <strong>TaskUser</strong> or <strong>TaskAdmin</strong> role</p>
         </div>
 
+        <div class="table-area-div">
+            <form action='/todolist' method='POST'>
+                <input type='text' name='name'>
+                <button type='submit'>Add</button>
+            </form>
+        </div>
+
+        <div class="table-area-div">
+            <table class="table">
+                <tbody>
+                    <% for (let i=0; i < todos.length; i++) { %>
+                        <tr>
+                            <td><%= todos[i]['name'] %></td>
+                            <td>
+                                <form action='/todolist' method='POST'>
+                                    <input type='hidden' name='id' value='<%= todos[i]["id"] %>'>
+                                    <button type='submit'>Delete</button>
+                                </form>
+                            </td>
+                        </tr>
+                    <% } %>
+                </tbody>
+            </table>
+        </div>
+
         <%- include('includes/footer'); %>
 
         <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
diff --git a/4-AccessControl/1-app-roles/AppCreationScripts/Configure.ps1 b/4-AccessControl/1-app-roles/AppCreationScripts/Configure.ps1
@@ -21,6 +21,32 @@ param(
  There are four ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
 #>
 
+# Create a password that can be used as an application key
+Function ComputePassword
+{
+    $aesManaged = New-Object "System.Security.Cryptography.AesManaged"
+    $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
+    $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
+    $aesManaged.BlockSize = 128
+    $aesManaged.KeySize = 256
+    $aesManaged.GenerateKey()
+    return [System.Convert]::ToBase64String($aesManaged.Key)
+}
+
+# Create an application key
+# See https://www.sabin.io/blog/adding-an-azure-active-directory-application-and-key-using-powershell/
+Function CreateAppKey([DateTime] $fromDate, [double] $durationInMonths, [string]$pw)
+{
+    $endDate = $fromDate.AddMonths($durationInMonths);
+    $keyId = (New-Guid).ToString();
+    $key = New-Object Microsoft.Open.AzureAD.Model.PasswordCredential
+    $key.StartDate = $fromDate
+    $key.EndDate = $endDate
+    $key.Value = $pw
+    $key.KeyId = $keyId
+    return $key
+}
+
 Function UpdateLine([string] $line, [string] $value)
 {
     $index = $line.IndexOf('=')
@@ -148,10 +174,16 @@ Function ConfigureApplications
 
    # Create the client AAD application
    Write-Host "Creating the AAD application (msal-node-webapp)"
+   # Get a 6 months application key for the client Application
+   $pw = ComputePassword
+   $fromDate = [DateTime]::Now;
+   $key = CreateAppKey -fromDate $fromDate -durationInMonths 6 -pw $pw
+   $clientAppKey = $pw
    # create the application 
    $clientAadApplication = New-AzureADApplication -DisplayName "msal-node-webapp" `
                                                   -HomePage "http://localhost:4000" `
                                                   -ReplyUrls "http://localhost:4000/redirect" `
+                                                  -PasswordCredentials $key `
                                                   -PublicClient $False
 
    # create the service principal of the newly created application 
diff --git a/4-AccessControl/1-app-roles/AppCreationScripts/sample.json b/4-AccessControl/1-app-roles/AppCreationScripts/sample.json
@@ -15,6 +15,7 @@
             "Audience": "AzureADMyOrg",
             "HomePage": "http://localhost:4000",
             "ReplyUrls": "http://localhost:4000/redirect",
+            "PasswordCredentials": "Auto",
             "AppRoles": [
                 {
                     "Types": [
diff --git a/4-AccessControl/1-app-roles/README.md b/4-AccessControl/1-app-roles/README.md
@@ -123,6 +123,11 @@ There is one project in this sample. To register it, you can:
 1. Select **Register** to create the application.
 1. In the app's registration screen, find and note the **Application (client) ID**. You use this value in your app's configuration file(s) later in your code.
 1. Select **Save** to save your changes.
+1. In the **Client secrets** section, select **New client secret**:
+   - Type a key description (for instance `app secret`),
+   - Select one of the available key durations (**6 months**, **12 months** or **Custom**) as per your security posture.
+   - The generated key value will be displayed when you select the **Add** button. Copy and save the generated value for use in later steps.
+   - You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
 
 ### Define Application Roles
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
`1`	`1`	`{`
`2`		`- "todos": []`
	`2`	`+ "todos": [`
	`3`	`+ ]`
`3`	`4`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`	`"Audience": "AzureADMyOrg",`
`16`	`16`	`"HomePage": "http://localhost:4000",`
`17`	`17`	`"ReplyUrls": "http://localhost:4000/redirect",`
	`18`	`+ "PasswordCredentials": "Auto",`
`18`	`19`	`"AppRoles": [`
`19`	`20`	`{`
`20`	`21`	`"Types": [`