gristlabs_grist-core/app/server/lib/Sessions.ts

import {ScopedSession} from 'app/server/lib/BrowserSession';
import {cookieName, SessionStore} from 'app/server/lib/gristSessions';
import * as cookie from 'cookie';
import * as cookieParser from 'cookie-parser';
import {Request} from 'express';

/**
 *
 * A collection of all the sessions relevant to this instance of Grist.
 *
 * This collection was previously maintained by the Comm object.  This
 * class is added as a stepping stone to disentangling session management
 * from code related to websockets.
 *
 * The collection caches all existing interfaces to sessions.
 * ScopedSessions play an important role in
 * hosted Grist and address per-organization scoping of identity.
 *
 * TODO: now this is separated out, we could refactor to share sessions
 * across organizations.  Currently, when a user moves between organizations,
 * the session interfaces are not shared.  This was for simplicity in working
 * with existing code.
 *
 */
export class Sessions {
  private _sessions = new Map<string, ScopedSession>();

  constructor(private _sessionSecret: string, private _sessionStore: SessionStore) {
  }

  /**
   * Get the session id and organization from the request (or just pass it in if known), and
   * return the identified session.
   */
  public getOrCreateSessionFromRequest(req: Request, sessionId?: string): ScopedSession {
    const sid = sessionId || this.getSessionIdFromRequest(req);
    const org = (req as any).org;
    if (!sid) { throw new Error("session not found"); }
    return this.getOrCreateSession(sid, org, '');  // TODO: allow for tying to a preferred user.
  }

  /**
   * Get or create a session given the session id and organization name.
   */
  public getOrCreateSession(sid: string, domain: string, userSelector: string): ScopedSession {
    const key = this._getSessionOrgKey(sid, domain, userSelector);
    if (!this._sessions.has(key)) {
      const scopedSession = new ScopedSession(sid, this._sessionStore, domain, userSelector);
      this._sessions.set(key, scopedSession);
    }
    return this._sessions.get(key)!;
  }

  /**
   * Returns the sessionId from the signed grist cookie.
   */
  public getSessionIdFromCookie(gristCookie: string) {
    return cookieParser.signedCookie(gristCookie, this._sessionSecret);
  }

  /**
   * Get the session id from the grist cookie.  Returns null if no cookie found.
   */
  public getSessionIdFromRequest(req: Request): string|null {
    if (req.headers.cookie) {
      const cookies = cookie.parse(req.headers.cookie);
      const sessionId = this.getSessionIdFromCookie(cookies[cookieName]);
      return sessionId;
    }
    return null;
  }

  /**
   * Get a per-organization, per-session key.
   * Grist has historically cached sessions in memory by their session id.
   * With the introduction of per-organization identity, that cache is now
   * needs to be keyed by the session id and organization name.
   * Also, clients may now want to be tied to a particular user available within
   * a session, so we add that into key too.
   */
  private _getSessionOrgKey(sid: string, domain: string, userSelector: string): string {
    return `${sid}__${domain}__${userSelector}`;
  }
}
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`import {ScopedSession} from 'app/server/lib/BrowserSession';`
			`import {cookieName, SessionStore} from 'app/server/lib/gristSessions';`
			`import * as cookie from 'cookie';`
			`import * as cookieParser from 'cookie-parser';`
			`import {Request} from 'express';`

			`/**`
			`*`
			`* A collection of all the sessions relevant to this instance of Grist.`
			`*`
			`* This collection was previously maintained by the Comm object. This`
			`* class is added as a stepping stone to disentangling session management`
			`* from code related to websockets.`
			`*`
			`* The collection caches all existing interfaces to sessions.`
(core) Remove LoginSession, which was mainly serving situations that are no longer used. Summary: In the past, Cognito sign-ins were intended to give authorization to some AWS services (like SQS); various tokens were stored in the session for this purpose. This is no longer used. Profiles from Cognito now serve a limited purpose: first-time initialization of name and picture, and keeping track of which login method was used. For these remaining needs, ScopedSession is sufficient. Test Plan: Existing test pass. Tested manually that logins work with Google and Email + Password. Tested manually that on a clean database, name and picture are picked up from a Google Login. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2907 2021-07-12 16:10:04 +00:00			`* ScopedSessions play an important role in`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`* hosted Grist and address per-organization scoping of identity.`
			`*`
			`* TODO: now this is separated out, we could refactor to share sessions`
			`* across organizations. Currently, when a user moves between organizations,`
			`* the session interfaces are not shared. This was for simplicity in working`
			`* with existing code.`
			`*`
			`*/`
			`export class Sessions {`
(core) Remove LoginSession, which was mainly serving situations that are no longer used. Summary: In the past, Cognito sign-ins were intended to give authorization to some AWS services (like SQS); various tokens were stored in the session for this purpose. This is no longer used. Profiles from Cognito now serve a limited purpose: first-time initialization of name and picture, and keeping track of which login method was used. For these remaining needs, ScopedSession is sufficient. Test Plan: Existing test pass. Tested manually that logins work with Google and Email + Password. Tested manually that on a clean database, name and picture are picked up from a Google Login. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2907 2021-07-12 16:10:04 +00:00			`private _sessions = new Map<string, ScopedSession>();`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00
(core) clean up a collection of small problems affecting grist-core Summary: * Remove adjustSession hack, interfering with loading docs under saml. * Allow the anonymous user to receive an empty list of workspaces for the merged org. * Behave better on first page load when org is in path - this used to fail because of lack of cookie. This is very visible in grist-core, as a failure to load localhost:8484 on first visit. * Mark cookie explicitly as SameSite=Lax to remove a warning in firefox. * Make errorPages available in grist-core. This changes the default behavior of grist-core to now start off in anonymous mode, with an explicit sign-in step available. If SAML is not configured, the sign-in operation will unconditionally sign the user in as a default user, without any password check or other security. The user email is taken from GRIST_DEFAULT_EMAIL if set. This is a significant change, but makes anonymous mode available in grist-core (which is convenient for testing) and makes behavior with and without SAML much more consistent. Test Plan: updated test; manual (time to start adding grist-core tests though!) Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2980 2021-08-17 15:22:30 +00:00			`constructor(private _sessionSecret: string, private _sessionStore: SessionStore) {`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`}`

			`/**`
(core) revive saml support and test against Auth0 Summary: SAML support had broken due to SameSite changes in browsers. This makes it work again, and tests it against Auth0 (now owned by Okta). Logging in and out works. The logged out state is confusing, and may not be complete. The "Add Account" menu item doesn't work. But with this, an important part of self-hosting becomes easier. SAML support works also in grist-core, for site pages, but there is a glitch on document pages that I'll look into separately. Test Plan: tested manually Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2976 2021-08-16 15:11:17 +00:00			`* Get the session id and organization from the request (or just pass it in if known), and`
			`* return the identified session.`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`*/`
(core) revive saml support and test against Auth0 Summary: SAML support had broken due to SameSite changes in browsers. This makes it work again, and tests it against Auth0 (now owned by Okta). Logging in and out works. The logged out state is confusing, and may not be complete. The "Add Account" menu item doesn't work. But with this, an important part of self-hosting becomes easier. SAML support works also in grist-core, for site pages, but there is a glitch on document pages that I'll look into separately. Test Plan: tested manually Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2976 2021-08-16 15:11:17 +00:00			`public getOrCreateSessionFromRequest(req: Request, sessionId?: string): ScopedSession {`
			`const sid = sessionId \|\| this.getSessionIdFromRequest(req);`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`const org = (req as any).org;`
			`if (!sid) { throw new Error("session not found"); }`
(core) revamp user attribute handling Summary: This changes how user attributes are loaded. They are now loaded directly from sqlite, with per-session caching. Optimizations considered but not addressed yet are (1) adding indexes to user attribute tables and (2) swapping in a thinner sqlite wrapper. The main benefit of this diff is that changes to user attribute tables now work. Clients whose user attributes are not changed see no effect; clients whose user attributes have changed have their document reloaded. For the purposes of testing, the diff includes a tweak to GristWSConnection to be "sticky" to a specific user when reloading (and support machinery on the server side to honor that). Until now, if a GristWSConnection reloads, it uses whatever the current default user is in the cookie-based session, which can change. This was complicating a test where multiple users were accessing the same document via different clients with occasional document reloads. Code for updating when schema or rule changes happen is moved around but not improved in any meaningful way in this diff. Test Plan: existing tests pass; extended test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2685 2020-12-11 19:22:35 +00:00			`return this.getOrCreateSession(sid, org, ''); // TODO: allow for tying to a preferred user.`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`}`

			`/**`
			`* Get or create a session given the session id and organization name.`
			`*/`
(core) Remove LoginSession, which was mainly serving situations that are no longer used. Summary: In the past, Cognito sign-ins were intended to give authorization to some AWS services (like SQS); various tokens were stored in the session for this purpose. This is no longer used. Profiles from Cognito now serve a limited purpose: first-time initialization of name and picture, and keeping track of which login method was used. For these remaining needs, ScopedSession is sufficient. Test Plan: Existing test pass. Tested manually that logins work with Google and Email + Password. Tested manually that on a clean database, name and picture are picked up from a Google Login. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2907 2021-07-12 16:10:04 +00:00			`public getOrCreateSession(sid: string, domain: string, userSelector: string): ScopedSession {`
(core) revamp user attribute handling Summary: This changes how user attributes are loaded. They are now loaded directly from sqlite, with per-session caching. Optimizations considered but not addressed yet are (1) adding indexes to user attribute tables and (2) swapping in a thinner sqlite wrapper. The main benefit of this diff is that changes to user attribute tables now work. Clients whose user attributes are not changed see no effect; clients whose user attributes have changed have their document reloaded. For the purposes of testing, the diff includes a tweak to GristWSConnection to be "sticky" to a specific user when reloading (and support machinery on the server side to honor that). Until now, if a GristWSConnection reloads, it uses whatever the current default user is in the cookie-based session, which can change. This was complicating a test where multiple users were accessing the same document via different clients with occasional document reloads. Code for updating when schema or rule changes happen is moved around but not improved in any meaningful way in this diff. Test Plan: existing tests pass; extended test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2685 2020-12-11 19:22:35 +00:00			`const key = this._getSessionOrgKey(sid, domain, userSelector);`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`if (!this._sessions.has(key)) {`
(core) revamp user attribute handling Summary: This changes how user attributes are loaded. They are now loaded directly from sqlite, with per-session caching. Optimizations considered but not addressed yet are (1) adding indexes to user attribute tables and (2) swapping in a thinner sqlite wrapper. The main benefit of this diff is that changes to user attribute tables now work. Clients whose user attributes are not changed see no effect; clients whose user attributes have changed have their document reloaded. For the purposes of testing, the diff includes a tweak to GristWSConnection to be "sticky" to a specific user when reloading (and support machinery on the server side to honor that). Until now, if a GristWSConnection reloads, it uses whatever the current default user is in the cookie-based session, which can change. This was complicating a test where multiple users were accessing the same document via different clients with occasional document reloads. Code for updating when schema or rule changes happen is moved around but not improved in any meaningful way in this diff. Test Plan: existing tests pass; extended test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2685 2020-12-11 19:22:35 +00:00			`const scopedSession = new ScopedSession(sid, this._sessionStore, domain, userSelector);`
(core) Remove LoginSession, which was mainly serving situations that are no longer used. Summary: In the past, Cognito sign-ins were intended to give authorization to some AWS services (like SQS); various tokens were stored in the session for this purpose. This is no longer used. Profiles from Cognito now serve a limited purpose: first-time initialization of name and picture, and keeping track of which login method was used. For these remaining needs, ScopedSession is sufficient. Test Plan: Existing test pass. Tested manually that logins work with Google and Email + Password. Tested manually that on a clean database, name and picture are picked up from a Google Login. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2907 2021-07-12 16:10:04 +00:00			`this._sessions.set(key, scopedSession);`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`}`
			`return this._sessions.get(key)!;`
			`}`

			`/**`
			`* Returns the sessionId from the signed grist cookie.`
			`*/`
			`public getSessionIdFromCookie(gristCookie: string) {`
			`return cookieParser.signedCookie(gristCookie, this._sessionSecret);`
			`}`

			`/**`
			`* Get the session id from the grist cookie. Returns null if no cookie found.`
			`*/`
			`public getSessionIdFromRequest(req: Request): string\|null {`
			`if (req.headers.cookie) {`
			`const cookies = cookie.parse(req.headers.cookie);`
			`const sessionId = this.getSessionIdFromCookie(cookies[cookieName]);`
			`return sessionId;`
			`}`
			`return null;`
			`}`

			`/**`
			`* Get a per-organization, per-session key.`
			`* Grist has historically cached sessions in memory by their session id.`
			`* With the introduction of per-organization identity, that cache is now`
			`* needs to be keyed by the session id and organization name.`
(core) revamp user attribute handling Summary: This changes how user attributes are loaded. They are now loaded directly from sqlite, with per-session caching. Optimizations considered but not addressed yet are (1) adding indexes to user attribute tables and (2) swapping in a thinner sqlite wrapper. The main benefit of this diff is that changes to user attribute tables now work. Clients whose user attributes are not changed see no effect; clients whose user attributes have changed have their document reloaded. For the purposes of testing, the diff includes a tweak to GristWSConnection to be "sticky" to a specific user when reloading (and support machinery on the server side to honor that). Until now, if a GristWSConnection reloads, it uses whatever the current default user is in the cookie-based session, which can change. This was complicating a test where multiple users were accessing the same document via different clients with occasional document reloads. Code for updating when schema or rule changes happen is moved around but not improved in any meaningful way in this diff. Test Plan: existing tests pass; extended test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2685 2020-12-11 19:22:35 +00:00			`* Also, clients may now want to be tied to a particular user available within`
			`* a session, so we add that into key too.`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`*/`
(core) revamp user attribute handling Summary: This changes how user attributes are loaded. They are now loaded directly from sqlite, with per-session caching. Optimizations considered but not addressed yet are (1) adding indexes to user attribute tables and (2) swapping in a thinner sqlite wrapper. The main benefit of this diff is that changes to user attribute tables now work. Clients whose user attributes are not changed see no effect; clients whose user attributes have changed have their document reloaded. For the purposes of testing, the diff includes a tweak to GristWSConnection to be "sticky" to a specific user when reloading (and support machinery on the server side to honor that). Until now, if a GristWSConnection reloads, it uses whatever the current default user is in the cookie-based session, which can change. This was complicating a test where multiple users were accessing the same document via different clients with occasional document reloads. Code for updating when schema or rule changes happen is moved around but not improved in any meaningful way in this diff. Test Plan: existing tests pass; extended test Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2685 2020-12-11 19:22:35 +00:00			`private _getSessionOrgKey(sid: string, domain: string, userSelector: string): string {`
			return `${sid}__${domain}__${userSelector}`;
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`}`
			`}`