gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(signup): signup auth (#15628)

Browse Source 
* fix(models.user): Colocate all user methods

Moved user methods/extensions into one file. Tracked down `next method
called more than once` error and setting headers after their sent. Let
regular error handler handle api errors as well.

* feat(server.auth): Disable github account creation

We are no longer allowing account creation through github

* refactor(Auth): Move user identity link into models dir

* feat(Disable link account login): This removes the ability to use a linked account t

* feat(errorhandlers): Add opbeat, filter out handled error
This commit is contained in:
Berkeley Martinez
2017-07-13 11:39:07 -07:00
committed by mrugesh mohapatra
parent 7805d74ea7
commit 2fcd976700
17 changed files with 591 additions and 497 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
common/models/User-Identity.js
View File

@ -1,172 +1,131 @@
import loopback from 'loopback';
import debugFactory from 'debug';
import { Observable } from 'rx';
// import debug from 'debug';
import dedent from 'dedent';
import {
setProfileFromGithub,
getFirstImageFromProfile,
getSocialProvider,
getUsernameFromProvider,
getSocialProvider
createUserUpdatesFromProfile
} from '../../server/utils/auth';
import { defaultProfileImage } from '../utils/constantStrings.json';
import { observeMethod, observeQuery } from '../../server/utils/rx';
import { wrapHandledError } from '../../server/utils/create-handled-error.js';
const githubRegex = (/github/i);
const debug = debugFactory('fcc:models:userIdent');
// const log = debug('fcc:models:userIdent');
export default function(UserIdent) {
UserIdent.on('dataSourceAttached', () => {
UserIdent.findOne$ = observeMethod(UserIdent, 'findOne');
});
// original source
// github.com/strongloop/loopback-component-passport
const createAccountMessage =
'Accounts can only be created using GitHub or though email';
// find identity if it exist
// if not redirect to email signup
// if yes and github
// update profile
// update username
// update picture
UserIdent.login = function(
provider,
_provider,
authScheme,
profile,
credentials,
options,
cb
) {
const User = UserIdent.app.models.User;
const AccessToken = UserIdent.app.models.AccessToken;
const provider = getSocialProvider(_provider);
options = options || {};
if (typeof options === 'function' && !cb) {
cb = options;
options = {};
}
const userIdentityModel = UserIdent;
profile.id = profile.id || profile.openid;
const filter = {
const query = {
where: {
provider: getSocialProvider(provider),
provider: provider,
externalId: profile.id
}
},
include: 'user'
};
return userIdentityModel.findOne(filter)
.then(identity => {
return UserIdent.findOne$(query)
.flatMap(identity => {
if (!identity) {
throw wrapHandledError(
new Error('user identity account not found'),
{
message: dedent`
New accounts can only be created using an email address.
Please create an account below
`,
type: 'info',
redirectTo: '/signup'
}
);
}
const modified = new Date();
const user = identity.user();
if (!user) {
const username = getUsernameFromProvider(provider, profile);
return observeQuery(
identity,
'updateAttributes',
{
isOrphaned: username || true
}
)
.do(() => {
throw wrapHandledError(
new Error('user identity is not associated with a user'),
{
type: 'info',
redirectTo: '/signup',
message: dedent`
The user account associated with the ${provider} user ${username || 'Anon'}
no longer exists.
`
}
);
});
}
const updateUser = User.update$(
{ id: user.id },
createUserUpdatesFromProfile(provider, profile)
).map(() => user);
// identity already exists
// find user and log them in
if (identity) {
identity.credentials = credentials;
const options = {
profile: profile,
credentials: credentials,
modified: new Date()
};
return identity.updateAttributes(options)
// grab user associated with identity
.then(() => identity.user())
.then(user => {
// Create access token for user
const options = {
created: new Date(),
ttl: user.constructor.settings.ttl
};
return user.accessTokens.create(options)
.then(token => ({ user, token }));
})
.then(({ token, user })=> {
cb(null, user, identity, token);
})
.catch(err => cb(err));
}
// Find the user model
const userModel = userIdentityModel.relations.user &&
userIdentityModel.relations.user.modelTo ||
loopback.getModelByType(loopback.User);
const userObj = options.profileToUser(provider, profile, options);
if (getSocialProvider(provider) !== 'github') {
const err = new Error(createAccountMessage);
err.userMessage = createAccountMessage;
err.messageType = 'info';
err.redirectTo = '/signin';
return process.nextTick(() => cb(err));
}
let query;
if (userObj.email) {
query = { or: [
{ username: userObj.username },
{ email: userObj.email }
]};
} else {
query = { username: userObj.username };
}
return userModel.findOrCreate({ where: query }, userObj)
.then(([ user ]) => {
const promises = [
userIdentityModel.create({
provider: getSocialProvider(provider),
externalId: profile.id,
authScheme: authScheme,
profile: profile,
credentials: credentials,
userId: user.id,
created: new Date(),
modified: new Date()
}),
user.accessTokens.create({
created: new Date(),
ttl: user.constructor.settings.ttl
})
];
return Promise.all(promises)
.then(([ identity, token ]) => ({ user, identity, token }));
})
.then(({ user, token, identity }) => cb(null, user, identity, token))
.catch(err => cb(err));
});
identity.credentials = credentials;
const attributes = {
// we no longer want to keep the profile
// this is information we do not need or use
profile: null,
credentials: credentials,
modified
};
const updateIdentity = observeQuery(
identity,
'updateAttributes',
attributes
);
const createToken = observeQuery(
AccessToken,
'create',
{
userId: user.id,
created: new Date(),
ttl: user.constructor.settings.ttl
}
);
return Observable.combineLatest(
updateUser,
updateIdentity,
createToken,
(user, identity, token) => ({ user, identity, token })
);
})
.subscribe(
({ user, identity, token }) => cb(null, user, identity, token),
cb
);
};
UserIdent.observe('before save', function(ctx, next) {
const userIdent = ctx.currentInstance || ctx.instance;
if (!userIdent) {
debug('no user identity instance found');
return next();
}
return userIdent.user(function(err, user) {
let userChanged = false;
if (err) { return next(err); }
if (!user) {
debug('no user attached to identity!');
return next();
}
const { profile, provider } = userIdent;
const picture = getFirstImageFromProfile(profile);
debug('picture', picture, user.picture);
// check if picture was found
// check if user has no picture
// check if user has default picture
// set user.picture from oauth provider
if (
picture &&
(!user.picture || user.picture === defaultProfileImage)
) {
debug('setting user picture');
user.picture = picture;
userChanged = true;
}
if (!githubRegex.test(provider) && profile) {
user[provider] = getUsernameFromProvider(provider, profile);
userChanged = true;
}
// if user signed in with github refresh their info
if (githubRegex.test(provider) && profile && profile._json) {
debug("user isn't github cool or username from github is different");
setProfileFromGithub(user, profile, profile._json);
userChanged = true;
}
if (userChanged) {
return user.save(function(err) {
if (err) { return next(err); }
return next();
});
}
debug('exiting after user identity before save');
return next();
});
});
}