freeCodeCamp/api-server/server/component-passport.js

import passport from 'passport';
import {
  PassportConfigurator
} from '@freecodecamp/loopback-component-passport';
import url from 'url';
import jwt from 'jsonwebtoken';
import dedent from 'dedent';

import { homeLocation } from '../../config/env.json';
import { jwtSecret } from '../../config/secrets';
import passportProviders from './passport-providers';
import { createCookieConfig } from './utils/cookieConfig';

const passportOptions = {
  emailOptional: true,
  profileToUser: null
};

const fields = {
  progressTimestamps: false
};

function getCompletedCertCount(user) {
  return [
    'isApisMicroservicesCert',
    'is2018DataVisCert',
    'isFrontEndLibsCert',
    'isInfosecQaCert',
    'isJsAlgoDataStructCert',
    'isRespWebDesignCert'
  ].reduce((sum, key) => (user[key] ? sum + 1 : sum), 0);
}

function getLegacyCertCount(user) {
  return ['isFrontEndCert', 'isBackEndCert', 'isDataVisCert'].reduce(
    (sum, key) => (user[key] ? sum + 1 : sum),
    0
  );
}

PassportConfigurator.prototype.init = function passportInit(noSession) {
  this.app.middleware('session:after', passport.initialize());

  if (noSession) {
    return;
  }

  this.app.middleware('session:after', passport.session());

  // Serialization and deserialization is only required if passport session is
  // enabled

  passport.serializeUser((user, done) => {
    done(null, user.id);
  });

  passport.deserializeUser((id, done) => {
    this.userModel.findById(id, { fields }, (err, user) => {
      if (err || !user) {
        return done(err, user);
      }

      return this.app.dataSources.db.connector
        .collection('user')
        .aggregate([
          { $match: { _id: user.id } },
          { $project: { points: { $size: '$progressTimestamps' } } }
        ])
        .get(function(err, [{ points = 1 } = {}]) {
          if (err) {
            console.error(err);
            return done(err);
          }
          user.points = points;
          let completedChallengeCount = 0;
          let completedProjectCount = 0;
          if ('completedChallenges' in user) {
            completedChallengeCount = user.completedChallenges.length;
            user.completedChallenges.forEach(item => {
              if (
                'challengeType' in item &&
                (item.challengeType === 3 || item.challengeType === 4)
              ) {
                completedProjectCount++;
              }
            });
          }
          user.completedChallengeCount = completedChallengeCount;
          user.completedProjectCount = completedProjectCount;
          user.completedCertCount = getCompletedCertCount(user);
          user.completedLegacyCertCount = getLegacyCertCount(user);
          user.completedChallenges = [];
          return done(null, user);
        });
    });
  });
};

export function setupPassport(app) {
  // NOTE(Bouncey): Not sure this is doing much now
  // Loopback complains about userCredentialModle when this
  // setup is remoed from server/server.js
  //
  // I have split the custom callback in to it's own export that we can use both
  // here and in boot:auth
  //
  // Needs more investigation...

  const configurator = new PassportConfigurator(app);

  configurator.setupModels({
    userModel: app.models.user,
    userIdentityModel: app.models.userIdentity,
    userCredentialModel: app.models.userCredential
  });

  configurator.init();

  Object.keys(passportProviders).map(function(strategy) {
    let config = passportProviders[strategy];
    config.session = config.session !== false;

    config.customCallback = !config.useCustomCallback
      ? null
      : createPassportCallbackAuthenticator(strategy, config);

    configurator.configureProvider(strategy, {
      ...config,
      ...passportOptions
    });
  });
}

export const saveResponseAuthCookies = () => {

  return (req, res, next) => {

    const user = req.user;

    if (!user) {
      return res.redirect('/signin');
    }

    const { accessToken } = user;

    const cookieConfig = {
      ...createCookieConfig(req),
      maxAge: 77760000000
    };
    const jwtAccess = jwt.sign({ accessToken }, jwtSecret);
    res.cookie('jwt_access_token', jwtAccess, cookieConfig);
    res.cookie('access_token', accessToken.id, cookieConfig);
    res.cookie('userId', accessToken.userId, cookieConfig);

    return next();
  };
};

export const loginRedirect = () => {

  return (req, res) => {
    const successRedirect = req => {
      if (!!req && req.session && req.session.returnTo) {
        delete req.session.returnTo;
        return `${homeLocation}/welcome`;
      }
      return `${homeLocation}/welcome`;
    };

    let redirect = url.parse(successRedirect(req), true);
    delete redirect.search;

    redirect = url.format(redirect);
    return res.redirect(redirect);
  };
};

export const createPassportCallbackAuthenticator = (strategy, config) => (
  req,
  res,
  next
) => {
  // https://stackoverflow.com/q/37430452
  const successRedirect = req => {
    if (!!req && req.session && req.session.returnTo) {
      delete req.session.returnTo;
      return `${homeLocation}/welcome`;
    }
    return config.successRedirect || `${homeLocation}/welcome`;
  };
  return passport.authenticate(
    strategy,
    { session: false },
    (err, user, userInfo) => {
      if (err) {
        return next(err);
      }

      if (!user || !userInfo) {
        return res.redirect('/signin');
      }
      let redirect = url.parse(successRedirect(req), true);

      delete redirect.search;

      const { accessToken } = userInfo;
      const { provider } = config;
      if (accessToken && accessToken.id) {
        if (provider === 'auth0') {
          req.flash(
            'success',
            dedent`
              Success! You have signed in to your account. Happy Coding!
            `
          );
        } else if (user.email) {
          req.flash(
            'info',
            dedent`
We are moving away from social authentication for privacy reasons. Next time
we recommend using your email address: ${user.email} to sign in instead.
            `
          );
        }
        const cookieConfig = {
          ...createCookieConfig(req),
          maxAge: accessToken.ttl
        };
        const jwtAccess = jwt.sign({ accessToken }, jwtSecret);
        res.cookie('jwt_access_token', jwtAccess, cookieConfig);
        res.cookie('access_token', accessToken.id, cookieConfig);
        res.cookie('userId', accessToken.userId, cookieConfig);
        req.login(user);
      }

      redirect = url.format(redirect);
      return res.redirect(redirect);
    }
  )(req, res, next);
};
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`import passport from 'passport';`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`import {`
			`PassportConfigurator`
			`} from '@freecodecamp/loopback-component-passport';`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`import url from 'url';`
feat(auth): Authorise 'external' requests through JWT (#17224) 2018-05-23 21:10:56 +01:00			`import jwt from 'jsonwebtoken';`
fix(auth): Login everyone with an social account (#17333) * fix(auth): Login everyone with an social account * fix: update the flash message for social 2018-06-01 02:29:27 +05:30			`import dedent from 'dedent';`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`import { homeLocation } from '../../config/env.json';`
			`import { jwtSecret } from '../../config/secrets';`
			`import passportProviders from './passport-providers';`
			`import { createCookieConfig } from './utils/cookieConfig';`

Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`const passportOptions = {`
			`emailOptional: true,`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`profileToUser: null`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`};`

			`const fields = {`
Chore: Update User model (#17171) * fix(logs): Remove console.log's * chore(challengeMap): challengeMap -> completedChallenges * chore(userModel): Update user model * feat(userIDs): Add user ident fields * chore(github): Remove more refs to github data 2018-05-15 14:56:26 +01:00			`progressTimestamps: false`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`};`

Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00			`function getCompletedCertCount(user) {`
			`return [`
			`'isApisMicroservicesCert',`
			`'is2018DataVisCert',`
			`'isFrontEndLibsCert',`
			`'isInfosecQaCert',`
			`'isJsAlgoDataStructCert',`
			`'isRespWebDesignCert'`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`].reduce((sum, key) => (user[key] ? sum + 1 : sum), 0);`
Fix: Settings/Portfolio UI (#17202) * chore(names): Certificate -> Certification * fix(style): Profile Certs alignment and font-size * fix(button): Remove user icon * fix(style): Adjust profile timeline UI * fix(style): General account settings style fixes * chore(updateEmail): Remove update email until we sort out auth0 * fix(copy): website -> personal website * fix(copy): profile -> portfolio * feat(home): Add legacy certs to user home page * fix(copy): Change Honest settings copy * fix(cert-settings): Filter out 'take home's * fix(copy): next lesson -> next coding challenge * fix(alignment): Align portfolio item settings' buttons 2018-05-21 16:21:15 +01:00			`}`
Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00
Fix: Settings/Portfolio UI (#17202) * chore(names): Certificate -> Certification * fix(style): Profile Certs alignment and font-size * fix(button): Remove user icon * fix(style): Adjust profile timeline UI * fix(style): General account settings style fixes * chore(updateEmail): Remove update email until we sort out auth0 * fix(copy): website -> personal website * fix(copy): profile -> portfolio * feat(home): Add legacy certs to user home page * fix(copy): Change Honest settings copy * fix(cert-settings): Filter out 'take home's * fix(copy): next lesson -> next coding challenge * fix(alignment): Align portfolio item settings' buttons 2018-05-21 16:21:15 +01:00			`function getLegacyCertCount(user) {`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`return ['isFrontEndCert', 'isBackEndCert', 'isDataVisCert'].reduce(`
			`(sum, key) => (user[key] ? sum + 1 : sum),`
			`0`
			`);`
Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00			`}`

Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`PassportConfigurator.prototype.init = function passportInit(noSession) {`
			`this.app.middleware('session:after', passport.initialize());`

			`if (noSession) {`
			`return;`
			`}`

			`this.app.middleware('session:after', passport.session());`

			`// Serialization and deserialization is only required if passport session is`
			`// enabled`

			`passport.serializeUser((user, done) => {`
			`done(null, user.id);`
			`});`

			`passport.deserializeUser((id, done) => {`
Revert "Fix give-brownie-points/about API DB queries" 2016-04-14 17:07:40 -07:00			`this.userModel.findById(id, { fields }, (err, user) => {`
			`if (err \|\| !user) {`
			`return done(err, user);`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`}`
Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00
Revert "Fix give-brownie-points/about API DB queries" 2016-04-14 17:07:40 -07:00			`return this.app.dataSources.db.connector`
			`.collection('user')`
			`.aggregate([`
			`{ $match: { _id: user.id } },`
			`{ $project: { points: { $size: '$progressTimestamps' } } }`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`])`
			`.get(function(err, [{ points = 1 } = {}]) {`
			`if (err) {`
			`console.error(err);`
			`return done(err);`
			`}`
Revert "Fix give-brownie-points/about API DB queries" 2016-04-14 17:07:40 -07:00			`user.points = points;`
Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00			`let completedChallengeCount = 0;`
			`let completedProjectCount = 0;`
Chore: Update User model (#17171) * fix(logs): Remove console.log's * chore(challengeMap): challengeMap -> completedChallenges * chore(userModel): Update user model * feat(userIDs): Add user ident fields * chore(github): Remove more refs to github data 2018-05-15 14:56:26 +01:00			`if ('completedChallenges' in user) {`
			`completedChallengeCount = user.completedChallenges.length;`
			`user.completedChallenges.forEach(item => {`
			`if (`
			`'challengeType' in item &&`
			`(item.challengeType === 3 \|\| item.challengeType === 4)`
			`) {`
			`completedProjectCount++;`
			`}`
			`});`
Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00			`}`
			`user.completedChallengeCount = completedChallengeCount;`
			`user.completedProjectCount = completedProjectCount;`
			`user.completedCertCount = getCompletedCertCount(user);`
Fix: Settings/Portfolio UI (#17202) * chore(names): Certificate -> Certification * fix(style): Profile Certs alignment and font-size * fix(button): Remove user icon * fix(style): Adjust profile timeline UI * fix(style): General account settings style fixes * chore(updateEmail): Remove update email until we sort out auth0 * fix(copy): website -> personal website * fix(copy): profile -> portfolio * feat(home): Add legacy certs to user home page * fix(copy): Change Honest settings copy * fix(cert-settings): Filter out 'take home's * fix(copy): next lesson -> next coding challenge * fix(alignment): Align portfolio item settings' buttons 2018-05-21 16:21:15 +01:00			`user.completedLegacyCertCount = getLegacyCertCount(user);`
Chore: Update User model (#17171) * fix(logs): Remove console.log's * chore(challengeMap): challengeMap -> completedChallenges * chore(userModel): Update user model * feat(userIDs): Add user ident fields * chore(github): Remove more refs to github data 2018-05-15 14:56:26 +01:00			`user.completedChallenges = [];`
Revert "Fix give-brownie-points/about API DB queries" 2016-04-14 17:07:40 -07:00			`return done(null, user);`
			`});`
			`});`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`});`
			`};`

feat(gatsby): Initial gatsby scaffolding 2018-08-23 16:29:26 +01:00			`export function setupPassport(app) {`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`// NOTE(Bouncey): Not sure this is doing much now`
			`// Loopback complains about userCredentialModle when this`
			`// setup is remoed from server/server.js`
			`//`
			`// I have split the custom callback in to it's own export that we can use both`
			`// here and in boot:auth`
			`//`
			`// Needs more investigation...`

Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`const configurator = new PassportConfigurator(app);`

			`configurator.setupModels({`
			`userModel: app.models.user,`
			`userIdentityModel: app.models.userIdentity,`
			`userCredentialModel: app.models.userCredential`
			`});`

			`configurator.init();`

			`Object.keys(passportProviders).map(function(strategy) {`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`let config = passportProviders[strategy];`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`config.session = config.session !== false;`
fix(component-passport): Add falback redirects for external paths 2018-05-20 00:50:55 +05:30
fix: add user object to Observables 2018-05-20 13:40:15 +05:30			`config.customCallback = !config.useCustomCallback`
fix(component-passport): Add falback redirects for external paths 2018-05-20 00:50:55 +05:30			`? null`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`: createPassportCallbackAuthenticator(strategy, config);`

			`configurator.configureProvider(strategy, {`
			`...config,`
			`...passportOptions`
			`});`
Reduce initial user query load Refactor passport to own file 2016-02-11 22:33:54 -08:00			`});`
			`}`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00
feat: use mock authentication for local dev 2018-10-30 18:17:07 -03:00			`export const saveResponseAuthCookies = () => {`

			`return (req, res, next) => {`

			`const user = req.user;`

			`if (!user) {`
			`return res.redirect('/signin');`
			`}`

			`const { accessToken } = user;`

			`const cookieConfig = {`
			`...createCookieConfig(req),`
			`maxAge: 77760000000`
			`};`
			`const jwtAccess = jwt.sign({ accessToken }, jwtSecret);`
			`res.cookie('jwt_access_token', jwtAccess, cookieConfig);`
			`res.cookie('access_token', accessToken.id, cookieConfig);`
			`res.cookie('userId', accessToken.userId, cookieConfig);`

			`return next();`
			`};`
			`};`

			`export const loginRedirect = () => {`

			`return (req, res) => {`
			`const successRedirect = req => {`
			`if (!!req && req.session && req.session.returnTo) {`
			`delete req.session.returnTo;`
			return `${homeLocation}/welcome`;
			`}`
			return `${homeLocation}/welcome`;
			`};`

			`let redirect = url.parse(successRedirect(req), true);`
			`delete redirect.search;`

			`redirect = url.format(redirect);`
			`return res.redirect(redirect);`
			`};`
			`};`

fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`export const createPassportCallbackAuthenticator = (strategy, config) => (`
			`req,`
			`res,`
			`next`
			`) => {`
			`// https://stackoverflow.com/q/37430452`
			`const successRedirect = req => {`
			`if (!!req && req.session && req.session.returnTo) {`
			`delete req.session.returnTo;`
			return `${homeLocation}/welcome`;
			`}`
			return config.successRedirect \|\| `${homeLocation}/welcome`;
			`};`
			`return passport.authenticate(`
			`strategy,`
			`{ session: false },`
			`(err, user, userInfo) => {`
			`if (err) {`
			`return next(err);`
			`}`

			`if (!user \|\| !userInfo) {`
			`return res.redirect('/signin');`
			`}`
			`let redirect = url.parse(successRedirect(req), true);`

			`delete redirect.search;`

			`const { accessToken } = userInfo;`
			`const { provider } = config;`
			`if (accessToken && accessToken.id) {`
			`if (provider === 'auth0') {`
			`req.flash(`
			`'success',`
			dedent`
			`Success! You have signed in to your account. Happy Coding!`
			`
			`);`
			`} else if (user.email) {`
			`req.flash(`
			`'info',`
			dedent`
			`We are moving away from social authentication for privacy reasons. Next time`
			`we recommend using your email address: ${user.email} to sign in instead.`
			`
			`);`
			`}`
			`const cookieConfig = {`
			`...createCookieConfig(req),`
			`maxAge: accessToken.ttl`
			`};`
			`const jwtAccess = jwt.sign({ accessToken }, jwtSecret);`
			`res.cookie('jwt_access_token', jwtAccess, cookieConfig);`
			`res.cookie('access_token', accessToken.id, cookieConfig);`
			`res.cookie('userId', accessToken.userId, cookieConfig);`
			`req.login(user);`
			`}`

			`redirect = url.format(redirect);`
			`return res.redirect(redirect);`
			`}`
			`)(req, res, next);`
			`};`