| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  | import _ from 'lodash'; | 
					
						
							|  |  |  | import { Observable } from 'rx'; | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | import dedent from 'dedent'; | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  | // import debugFactory from 'debug';
 | 
					
						
							|  |  |  | import { isEmail } from 'validator'; | 
					
						
							| 
									
										
										
										
											2018-01-22 17:08:33 -08:00
										 |  |  | import { check } from 'express-validator/check'; | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | import { | 
					
						
							| 
									
										
										
										
											2018-01-22 17:08:33 -08:00
										 |  |  |   ifUserRedirectTo, | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  |   ifNoUserRedirectTo, | 
					
						
							| 
									
										
										
										
											2018-01-22 17:08:33 -08:00
										 |  |  |   createValidatorErrorHandler | 
					
						
							|  |  |  | } from '../utils/middleware'; | 
					
						
							|  |  |  | import { wrapHandledError } from '../utils/create-handled-error.js'; | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  | import { homeURL } from '../../common/utils/constantStrings.json'; | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | const isSignUpDisabled = !!process.env.DISABLE_SIGNUP; | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  | // const debug = debugFactory('fcc:boot:auth');
 | 
					
						
							| 
									
										
										
										
											2018-01-01 15:01:50 -08:00
										 |  |  | if (isSignUpDisabled) { | 
					
						
							|  |  |  |   console.log('fcc:boot:auth - Sign up is disabled'); | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-03 12:26:11 -07:00
										 |  |  | module.exports = function enableAuthentication(app) { | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |   // enable loopback access control authentication. see:
 | 
					
						
							|  |  |  |   //  loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html
 | 
					
						
							| 
									
										
										
										
											2015-06-03 12:26:11 -07:00
										 |  |  |   app.enableAuth(); | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   const ifUserRedirect = ifUserRedirectTo(); | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  |   const ifNoUserRedirectHome = ifNoUserRedirectTo(homeURL); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |   const router = app.loopback.Router(); | 
					
						
							|  |  |  |   const api = app.loopback.Router(); | 
					
						
							| 
									
										
										
										
											2017-12-29 09:59:27 -08:00
										 |  |  |   const { AuthToken, User } = app.models; | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   router.get('/login', (req, res) => res.redirect(301, '/signin')); | 
					
						
							|  |  |  |   router.get('/logout', (req, res) => res.redirect(301, '/signout')); | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |   router.get('/signup', (req, res) => res.redirect(301, '/signin')); | 
					
						
							|  |  |  |   router.get('/email-signin', (req, res) => res.redirect(301, '/signin')); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  |   function getEmailSignin(req, res) { | 
					
						
							|  |  |  |     if (isSignUpDisabled) { | 
					
						
							|  |  |  |       return res.render('account/beta', { | 
					
						
							|  |  |  |         title: 'New sign ups are disabled' | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     return res.render('account/email-signin', { | 
					
						
							|  |  |  |       title: 'Sign in to freeCodeCamp using your Email Address' | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   router.get('/signin', ifUserRedirect, getEmailSignin); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   router.get('/signout', (req, res) => { | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |     req.logout(); | 
					
						
							|  |  |  |     res.redirect('/'); | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   }); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   router.get( | 
					
						
							|  |  |  |     '/deprecated-signin', | 
					
						
							|  |  |  |     ifUserRedirect, | 
					
						
							|  |  |  |     (req, res) => res.render('account/deprecated-signin', { | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |       title: 'Sign in to freeCodeCamp using a Deprecated Login' | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     }) | 
					
						
							|  |  |  |   ); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  |   const defaultErrorMsg = dedent`
 | 
					
						
							|  |  |  |     Oops, something is not right, | 
					
						
							|  |  |  |     please request a fresh link to sign in / sign up. | 
					
						
							|  |  |  |   `;
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   const passwordlessGetValidators = [ | 
					
						
							|  |  |  |     check('email') | 
					
						
							|  |  |  |       .isBase64() | 
					
						
							| 
									
										
										
										
											2018-01-01 15:39:14 -08:00
										 |  |  |       .withMessage('Email should be a base64 encoded string.'), | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     check('token') | 
					
						
							|  |  |  |       .exists() | 
					
						
							| 
									
										
										
										
											2018-01-01 15:39:14 -08:00
										 |  |  |       .withMessage('Token should exist.') | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |       // based on strongloop/loopback/common/models/access-token.js#L15
 | 
					
						
							|  |  |  |       .isLength({ min: 64, max: 64 }) | 
					
						
							| 
									
										
										
										
											2018-01-01 15:39:14 -08:00
										 |  |  |       .withMessage('Token is not the right length.') | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |   function getPasswordlessAuth(req, res, next) { | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     const { | 
					
						
							|  |  |  |       query: { | 
					
						
							|  |  |  |         email: encodedEmail, | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  |         token: authTokenId, | 
					
						
							|  |  |  |         emailChange | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |       } = {} | 
					
						
							|  |  |  |     } = req; | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     const email = User.decodeEmail(encodedEmail); | 
					
						
							|  |  |  |     if (!isEmail(email)) { | 
					
						
							|  |  |  |       return next(wrapHandledError( | 
					
						
							|  |  |  |         new TypeError('decoded email is invalid'), | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           type: 'info', | 
					
						
							|  |  |  |           message: 'The email encoded in the link is incorrectly formatted', | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |           redirectTo: '/signin' | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |         } | 
					
						
							|  |  |  |       )); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     // first find
 | 
					
						
							| 
									
										
										
										
											2017-12-29 09:59:27 -08:00
										 |  |  |     return AuthToken.findOne$({ where: { id: authTokenId } }) | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |       .flatMap(authToken => { | 
					
						
							| 
									
										
										
										
											2017-12-27 17:35:21 -08:00
										 |  |  |         if (!authToken) { | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |           throw wrapHandledError( | 
					
						
							|  |  |  |             new Error(`no token found for id: ${authTokenId}`), | 
					
						
							|  |  |  |             { | 
					
						
							|  |  |  |               type: 'info', | 
					
						
							|  |  |  |               message: defaultErrorMsg, | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |               redirectTo: '/signin' | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |             } | 
					
						
							|  |  |  |           ); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |         // find user then validate and destroy email validation token
 | 
					
						
							|  |  |  |         // finally retun user instance
 | 
					
						
							| 
									
										
										
										
											2017-12-27 17:35:21 -08:00
										 |  |  |         return User.findOne$({ where: { id: authToken.userId } }) | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |           .flatMap(user => { | 
					
						
							|  |  |  |             if (!user) { | 
					
						
							|  |  |  |               throw wrapHandledError( | 
					
						
							|  |  |  |                 new Error(`no user found for token: ${authTokenId}`), | 
					
						
							|  |  |  |                 { | 
					
						
							|  |  |  |                   type: 'info', | 
					
						
							|  |  |  |                   message: defaultErrorMsg, | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |                   redirectTo: '/signin' | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |                 } | 
					
						
							|  |  |  |               ); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             if (user.email !== email) { | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  |               if (!emailChange || (emailChange && user.newEmail !== email)) { | 
					
						
							|  |  |  |                 throw wrapHandledError( | 
					
						
							|  |  |  |                   new Error('user email does not match'), | 
					
						
							|  |  |  |                   { | 
					
						
							|  |  |  |                     type: 'info', | 
					
						
							|  |  |  |                     message: defaultErrorMsg, | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |                     redirectTo: '/signin' | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  |                   } | 
					
						
							|  |  |  |                 ); | 
					
						
							|  |  |  |               } | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |             } | 
					
						
							| 
									
										
										
										
											2018-01-22 11:59:24 -08:00
										 |  |  |             return authToken.validate$() | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |               .map(isValid => { | 
					
						
							|  |  |  |                 if (!isValid) { | 
					
						
							|  |  |  |                   throw wrapHandledError( | 
					
						
							|  |  |  |                     new Error('token is invalid'), | 
					
						
							|  |  |  |                     { | 
					
						
							|  |  |  |                       type: 'info', | 
					
						
							|  |  |  |                       message: `
 | 
					
						
							|  |  |  |                         Looks like the link you clicked has expired, | 
					
						
							|  |  |  |                         please request a fresh link, to sign in. | 
					
						
							|  |  |  |                       `,
 | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |                       redirectTo: '/signin' | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |                     } | 
					
						
							|  |  |  |                   ); | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2018-01-22 11:59:24 -08:00
										 |  |  |                 return authToken.destroy$(); | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |               }) | 
					
						
							|  |  |  |               .map(() => user); | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |       }) | 
					
						
							|  |  |  |       // at this point token has been validated and destroyed
 | 
					
						
							|  |  |  |       // update user and log them in
 | 
					
						
							| 
									
										
										
										
											2017-12-29 11:28:42 -08:00
										 |  |  |       .map(user => user.loginByRequest(req, res)) | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |       .do(() => { | 
					
						
							|  |  |  |         let redirectTo = '/'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ( | 
					
						
							|  |  |  |           req.session && | 
					
						
							|  |  |  |           req.session.returnTo | 
					
						
							|  |  |  |         ) { | 
					
						
							|  |  |  |           redirectTo = req.session.returnTo; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-12 14:16:33 -08:00
										 |  |  |         req.flash( | 
					
						
							|  |  |  |           'success', | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |           'Success! You have signed in to your account. Happy Coding!' | 
					
						
							| 
									
										
										
										
											2018-01-12 14:16:33 -08:00
										 |  |  |         ); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |         return res.redirect(redirectTo); | 
					
						
							|  |  |  |       }) | 
					
						
							|  |  |  |       .subscribe( | 
					
						
							|  |  |  |         () => {}, | 
					
						
							|  |  |  |         next | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   router.get( | 
					
						
							|  |  |  |     '/passwordless-auth', | 
					
						
							|  |  |  |     ifUserRedirect, | 
					
						
							|  |  |  |     passwordlessGetValidators, | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |     createValidatorErrorHandler('errors', '/signin'), | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     getPasswordlessAuth | 
					
						
							|  |  |  |   ); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-16 23:18:53 +00:00
										 |  |  |   router.get( | 
					
						
							|  |  |  |     '/passwordless-change', | 
					
						
							|  |  |  |     ifNoUserRedirectHome, | 
					
						
							|  |  |  |     passwordlessGetValidators, | 
					
						
							|  |  |  |     getPasswordlessAuth | 
					
						
							|  |  |  |   ); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   const passwordlessPostValidators = [ | 
					
						
							|  |  |  |     check('email') | 
					
						
							|  |  |  |       .isEmail() | 
					
						
							| 
									
										
										
										
											2018-01-01 15:39:14 -08:00
										 |  |  |       .withMessage('Email is not a valid email address.') | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   ]; | 
					
						
							|  |  |  |   function postPasswordlessAuth(req, res, next) { | 
					
						
							|  |  |  |     const { body: { email } = {} } = req; | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     return User.findOne$({ where: { email } }) | 
					
						
							| 
									
										
										
										
											2017-12-28 20:38:16 -08:00
										 |  |  |       .flatMap(_user => Observable.if( | 
					
						
							|  |  |  |           // if no user found create new user and save to db
 | 
					
						
							|  |  |  |           _.constant(_user), | 
					
						
							|  |  |  |           Observable.of(_user), | 
					
						
							|  |  |  |           User.create$({ email }) | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |         .flatMap(user => user.requestAuthEmail(!_user)) | 
					
						
							|  |  |  |       ) | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |       .do(msg => { | 
					
						
							|  |  |  |         let redirectTo = '/'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ( | 
					
						
							|  |  |  |           req.session && | 
					
						
							|  |  |  |           req.session.returnTo | 
					
						
							|  |  |  |         ) { | 
					
						
							|  |  |  |           redirectTo = req.session.returnTo; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         req.flash('info', msg); | 
					
						
							|  |  |  |         return res.redirect(redirectTo); | 
					
						
							|  |  |  |       }) | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |       .subscribe(_.noop, next); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |   api.post( | 
					
						
							|  |  |  |     '/passwordless-auth', | 
					
						
							|  |  |  |     ifUserRedirect, | 
					
						
							|  |  |  |     passwordlessPostValidators, | 
					
						
							| 
									
										
										
										
											2018-04-13 20:18:10 +05:30
										 |  |  |     createValidatorErrorHandler('errors', '/signin'), | 
					
						
							| 
									
										
										
										
											2017-12-27 10:11:17 -08:00
										 |  |  |     postPasswordlessAuth | 
					
						
							|  |  |  |   ); | 
					
						
							| 
									
										
										
										
											2017-12-26 13:20:03 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  |   app.use('/:lang', router); | 
					
						
							|  |  |  |   app.use(api); | 
					
						
							| 
									
										
										
										
											2015-06-02 17:27:02 -07:00
										 |  |  | }; |