freeCodeCamp/api-server/common/models/User-Identity.js

import { Observable } from 'rx';
// import debug from 'debug';
import dedent from 'dedent';
import { isEmail } from 'validator';

import { observeMethod, observeQuery } from '../../server/utils/rx';
import { wrapHandledError } from '../../server/utils/create-handled-error.js';

// const log = debug('fcc:models:userIdent');

export function ensureLowerCaseEmail(profile) {
  return typeof profile?.emails?.[0]?.value === 'string'
    ? profile.emails[0].value.toLowerCase()
    : '';
}

export default function(UserIdent) {
  UserIdent.on('dataSourceAttached', () => {
    UserIdent.findOne$ = observeMethod(UserIdent, 'findOne');
  });

  UserIdent.login = function(
    _provider,
    authScheme,
    profile,
    credentials,
    options,
    cb
  ) {
    const User = UserIdent.app.models.User;
    const AccessToken = UserIdent.app.models.AccessToken;
    options = options || {};
    if (typeof options === 'function' && !cb) {
      cb = options;
      options = {};
    }

    // get the social provider data and the external id from auth0
    profile.id = profile.id || profile.openid;
    const auth0IdString = '' + profile.id;
    const [provider, socialExtId] = auth0IdString.split('|');
    const query = {
      where: {
        provider: provider,
        externalId: socialExtId
      },
      include: 'user'
    };
    // get the email from the auth0 (its expected from social providers)
    const email = ensureLowerCaseEmail(profile);

    if (!isEmail('' + email)) {
      throw wrapHandledError(
        new Error('invalid or empty email received from auth0'),
        {
          message: dedent`
    ${provider} did not return a valid email address.
    Please try again with a different account that has an
    email associated with it your update your settings on ${provider}, for us to be able to retrieve your email.
          `,
          type: 'info',
          redirectTo: '/'
        }
      );
    }

    if (provider === 'email') {
      return User.findOne$({ where: { email } })
        .flatMap(user => {
          return user
            ? Observable.of(user)
            : User.create$({ email }).toPromise();
        })
        .flatMap(user => {
          if (!user) {
            throw wrapHandledError(
              new Error('could not find or create a user'),
              {
                message: dedent`
    We could not find or create a user with that email address.
                `,
                type: 'info',
                redirectTo: '/'
              }
            );
          }
          const createToken = observeQuery(AccessToken, 'create', {
            userId: user.id,
            created: new Date(),
            ttl: user.constructor.settings.ttl
          });
          const updateUserPromise = new Promise((resolve, reject) =>
            user.updateAttributes(
              {
                emailVerified: true,
                emailAuthLinkTTL: null,
                emailVerifyTTL: null
              },
              err => {
                if (err) {
                  return reject(err);
                }
                return resolve();
              }
            )
          );
          return Observable.combineLatest(
            Observable.of(user),
            createToken,
            Observable.fromPromise(updateUserPromise),
            (user, token) => ({ user, token })
          );
        })
        .subscribe(({ user, token }) => cb(null, user, null, token), cb);
    } else {
      return UserIdent.findOne$(query)
        .flatMap(identity => {
          return identity
            ? Observable.of(identity.user())
            : User.findOne$({ where: { email } }).flatMap(user => {
                return user
                  ? Observable.of(user)
                  : User.create$({ email }).toPromise();
              });
        })
        .flatMap(user => {
          const createToken = observeQuery(AccessToken, 'create', {
            userId: user.id,
            created: new Date(),
            ttl: user.constructor.settings.ttl
          });
          const updateUser = new Promise((resolve, reject) =>
            user.updateAttributes(
              {
                email: email,
                emailVerified: true,
                emailAuthLinkTTL: null,
                emailVerifyTTL: null
              },
              err => {
                if (err) {
                  return reject(err);
                }
                return resolve();
              }
            )
          );
          return Observable.combineLatest(
            Observable.of(user),
            createToken,
            Observable.fromPromise(updateUser),
            (user, token) => ({ user, token })
          );
        })
        .subscribe(({ user, token }) => cb(null, user, null, token), cb);
    }
  };
}
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`import { Observable } from 'rx';`
			`// import debug from 'debug';`
			`import dedent from 'dedent';`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`import { isEmail } from 'validator';`
add pull in user image on signup when available 2015-06-11 11:38:08 -07:00
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`import { observeMethod, observeQuery } from '../../server/utils/rx';`
			`import { wrapHandledError } from '../../server/utils/create-handled-error.js';`
Move auth functions to central location 2015-08-12 12:15:19 -07:00
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`// const log = debug('fcc:models:userIdent');`
add pull in user image on signup when available 2015-06-11 11:38:08 -07:00
fix(api): add toLowerCase method to email (#38586) 2020-04-24 11:53:29 +01:00			`export function ensureLowerCaseEmail(profile) {`
			`return typeof profile?.emails?.[0]?.value === 'string'`
			`? profile.emails[0].value.toLowerCase()`
			`: '';`
			`}`

add github check on login with github. 2015-08-04 14:52:06 -07:00			`export default function(UserIdent) {`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`UserIdent.on('dataSourceAttached', () => {`
			`UserIdent.findOne$ = observeMethod(UserIdent, 'findOne');`
			`});`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30
fix override user identity login to reformat provider 2015-08-12 19:08:05 -07:00			`UserIdent.login = function(`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`_provider,`
fix override user identity login to reformat provider 2015-08-12 19:08:05 -07:00			`authScheme,`
			`profile,`
			`credentials,`
			`options,`
			`cb`
			`) {`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`const User = UserIdent.app.models.User;`
			`const AccessToken = UserIdent.app.models.AccessToken;`
fix override user identity login to reformat provider 2015-08-12 19:08:05 -07:00			`options = options \|\| {};`
			`if (typeof options === 'function' && !cb) {`
			`cb = options;`
			`options = {};`
			`}`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30
			`// get the social provider data and the external id from auth0`
fix override user identity login to reformat provider 2015-08-12 19:08:05 -07:00			`profile.id = profile.id \|\| profile.openid;`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`const auth0IdString = '' + profile.id;`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`const [provider, socialExtId] = auth0IdString.split('\|');`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`const query = {`
fix override user identity login to reformat provider 2015-08-12 19:08:05 -07:00			`where: {`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`provider: provider,`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`externalId: socialExtId`
fix(signup): signup auth (#15628) * fix(models.user): Colocate all user methods Moved user methods/extensions into one file. Tracked down `next method called more than once` error and setting headers after their sent. Let regular error handler handle api errors as well. * feat(server.auth): Disable github account creation We are no longer allowing account creation through github * refactor(Auth): Move user identity link into models dir * feat(Disable link account login): This removes the ability to use a linked account t * feat(errorhandlers): Add opbeat, filter out handled error 2017-07-13 11:39:07 -07:00			`},`
			`include: 'user'`
Remove o-auth account creation Accounts can only be created with Github or email 2016-04-21 20:35:19 -07:00			`};`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`// get the email from the auth0 (its expected from social providers)`
fix(api): add toLowerCase method to email (#38586) 2020-04-24 11:53:29 +01:00			`const email = ensureLowerCaseEmail(profile);`

fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`if (!isEmail('' + email)) {`
			`throw wrapHandledError(`
Fix: Ensure emails are processed in lower-case 2019-09-10 00:02:40 +01:00			`new Error('invalid or empty email received from auth0'),`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`{`
			message: dedent`
fix(client): Vague Error messages (#36047) Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> 2019-06-19 15:31:03 +01:00			`${provider} did not return a valid email address.`
			`Please try again with a different account that has an`
			`email associated with it your update your settings on ${provider}, for us to be able to retrieve your email.`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`,
			`type: 'info',`
			`redirectTo: '/'`
			`}`
			`);`
			`}`
feat: update user identity login 2018-05-19 21:21:49 +05:30
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`if (provider === 'email') {`
fix(api): revert regex based email query (#37393) 2019-10-19 01:09:29 +05:30			`return User.findOne$({ where: { email } })`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`.flatMap(user => {`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`return user`
			`? Observable.of(user)`
			`: User.create$({ email }).toPromise();`
fix(auth): Set domain cookies, and chain user 2018-05-22 18:10:00 +05:30			`})`
			`.flatMap(user => {`
			`if (!user) {`
			`throw wrapHandledError(`
fix: typo in the error message 2018-05-22 21:56:12 +05:30			`new Error('could not find or create a user'),`
fix(auth): Set domain cookies, and chain user 2018-05-22 18:10:00 +05:30			`{`
			message: dedent`
fix(client): Vague Error messages (#36047) Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> 2019-06-19 15:31:03 +01:00			`We could not find or create a user with that email address.`
fix(auth): Set domain cookies, and chain user 2018-05-22 18:10:00 +05:30			`,
			`type: 'info',`
			`redirectTo: '/'`
			`}`
			`);`
			`}`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`const createToken = observeQuery(AccessToken, 'create', {`
			`userId: user.id,`
			`created: new Date(),`
			`ttl: user.constructor.settings.ttl`
fix(auth): Set domain cookies, and chain user 2018-05-22 18:10:00 +05:30			`});`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`const updateUserPromise = new Promise((resolve, reject) =>`
			`user.updateAttributes(`
			`{`
			`emailVerified: true,`
			`emailAuthLinkTTL: null,`
			`emailVerifyTTL: null`
			`},`
			`err => {`
			`if (err) {`
			`return reject(err);`
			`}`
			`return resolve();`
			`}`
			`)`
			`);`
fix: making login flow async again for cookies 2018-05-22 00:37:01 +05:30			`return Observable.combineLatest(`
			`Observable.of(user),`
			`createToken,`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`Observable.fromPromise(updateUserPromise),`
			`(user, token) => ({ user, token })`
fix: making login flow async again for cookies 2018-05-22 00:37:01 +05:30			`);`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`})`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`.subscribe(({ user, token }) => cb(null, user, null, token), cb);`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`} else {`
			`return UserIdent.findOne$(query)`
			`.flatMap(identity => {`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`return identity`
			`? Observable.of(identity.user())`
			`: User.findOne$({ where: { email } }).flatMap(user => {`
feat: Use prettier-eslint to format code 2019-02-18 19:32:49 +00:00			`return user`
			`? Observable.of(user)`
			`: User.create$({ email }).toPromise();`
			`});`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`})`
			`.flatMap(user => {`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`const createToken = observeQuery(AccessToken, 'create', {`
			`userId: user.id,`
			`created: new Date(),`
			`ttl: user.constructor.settings.ttl`
			`});`
fix(update$): Remove User.update$, refactor to use native loopback interfaces 2018-11-12 16:58:34 +00:00			`const updateUser = new Promise((resolve, reject) =>`
			`user.updateAttributes(`
			`{`
			`email: email,`
			`emailVerified: true,`
			`emailAuthLinkTTL: null,`
			`emailVerifyTTL: null`
			`},`
			`err => {`
			`if (err) {`
			`return reject(err);`
			`}`
			`return resolve();`
			`}`
			`)`
			`);`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`return Observable.combineLatest(`
fix: add user object to Observables 2018-05-20 13:40:15 +05:30			`Observable.of(user),`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`createToken,`
fix(update$): Remove User.update$, refactor to use native loopback interfaces 2018-11-12 16:58:34 +00:00			`Observable.fromPromise(updateUser),`
fix(auth0): Unify authentication via auth0 as provider 2018-06-28 20:27:15 +05:30			`(user, token) => ({ user, token })`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`);`
			`})`
feat(email-settings): Add email settings 2018-09-20 10:22:45 +01:00			`.subscribe(({ user, token }) => cb(null, user, null, token), cb);`
feat: update user identity login 2018-05-19 21:21:49 +05:30			`}`
fix override user identity login to reformat provider 2015-08-12 19:08:05 -07:00			`};`
add github check on login with github. 2015-08-04 14:52:06 -07:00			`}`