gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(api): only use homeLocation as a fallback (#40517)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2020-12-30 20:10:38 +01:00
committed by Mrugesh Mohapatra
parent 03fa21a565
commit a076547d43
22 changed files with 207 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
api-server/server/boot/authentication.js
View File

@@ -4,7 +4,6 @@ import { check } from 'express-validator';
import { isEmail } from 'validator';
import jwt from 'jsonwebtoken';
import { homeLocation } from '../../../config/env';
import { jwtSecret } from '../../../config/secrets';
import {
@@ -12,11 +11,11 @@ import {
devSaveResponseAuthCookies,
devLoginRedirect
} from '../component-passport';
import { ifUserRedirectTo, ifNoUserRedirectTo } from '../utils/middleware';
import { ifUserRedirectTo, ifNoUserRedirectHome } from '../utils/middleware';
import { wrapHandledError } from '../utils/create-handled-error.js';
import { removeCookies } from '../utils/getSetAccessToken';
import { decodeEmail } from '../../common/utils';
import { getParamsFromReq } from '../utils/get-return-to';
import { getRedirectParams } from '../utils/redirection';
const isSignUpDisabled = !!process.env.DISABLE_SIGNUP;
if (isSignUpDisabled) {
@@ -40,7 +39,7 @@ module.exports = function enableAuthentication(app) {
// loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html
app.enableAuth();
const ifUserRedirect = ifUserRedirectTo();
const ifNoUserRedirectHome = ifNoUserRedirectTo(homeLocation);
const ifNoUserRedirect = ifNoUserRedirectHome();
const devSaveAuthCookies = devSaveResponseAuthCookies();
const devLoginSuccessRedirect = devLoginRedirect();
const api = app.loopback.Router();
@@ -57,7 +56,7 @@ module.exports = function enableAuthentication(app) {
);
} else {
api.get('/signin', ifUserRedirect, (req, res, next) => {
const { returnTo, origin, pathPrefix } = getParamsFromReq(req);
const { returnTo, origin, pathPrefix } = getRedirectParams(req);
const state = jwt.sign({ returnTo, origin, pathPrefix }, jwtSecret);
return passport.authenticate('auth0-login', { state })(req, res, next);
});
@@ -69,23 +68,24 @@ module.exports = function enableAuthentication(app) {
}
api.get('/signout', (req, res) => {
const { origin } = getRedirectParams(req);
req.logout();
req.session.destroy(err => {
if (err) {
throw wrapHandledError(new Error('could not destroy session'), {
type: 'info',
message: 'We could not log you out, please try again in a moment.',
redirectTo: homeLocation
redirectTo: origin
});
}
removeCookies(req, res);
res.redirect(homeLocation);
res.redirect(origin);
});
});
api.get(
'/confirm-email',
ifNoUserRedirectHome,
ifNoUserRedirect,
passwordlessGetValidators,
createGetPasswordlessAuth(app)
);
@@ -106,14 +106,14 @@ function createGetPasswordlessAuth(app) {
const {
query: { email: encodedEmail, token: authTokenId, emailChange } = {}
} = req;
const { origin } = getRedirectParams(req);
const email = decodeEmail(encodedEmail);
if (!isEmail(email)) {
return next(
wrapHandledError(new TypeError('decoded email is invalid'), {
type: 'info',
message: 'The email encoded in the link is incorrectly formatted',
redirectTo: `${homeLocation}/signin`
redirectTo: `${origin}/signin`
})
);
}
@@ -127,7 +127,7 @@ function createGetPasswordlessAuth(app) {
{
type: 'info',
message: defaultErrorMsg,
redirectTo: `${homeLocation}/signin`
redirectTo: `${origin}/signin`
}
);
}
@@ -141,7 +141,7 @@ function createGetPasswordlessAuth(app) {
{
type: 'info',
message: defaultErrorMsg,
redirectTo: `${homeLocation}/signin`
redirectTo: `${origin}/signin`
}
);
}
@@ -152,7 +152,7 @@ function createGetPasswordlessAuth(app) {
{
type: 'info',
message: defaultErrorMsg,
redirectTo: `${homeLocation}/signin`
redirectTo: `${origin}/signin`
}
);
}
@@ -167,7 +167,7 @@ function createGetPasswordlessAuth(app) {
Looks like the link you clicked has expired,
please request a fresh link, to sign in.
`,
redirectTo: `${homeLocation}/signin`
redirectTo: `${origin}/signin`
});
}
return authToken.destroy$();
@@ -184,7 +184,7 @@ function createGetPasswordlessAuth(app) {
'success',
'Success! You have signed in to your account. Happy Coding!'
);
return res.redirectWithFlash(`${homeLocation}/learn`);
return res.redirectWithFlash(`${origin}/learn`);
})
.subscribe(() => {}, next)
);

4
api-server/server/boot/certificate.js
View File

@@ -29,7 +29,6 @@ import {
import { oldDataVizId } from '../../../config/misc';
import certTypes from '../utils/certTypes.json';
import superBlockCertTypeMap from '../utils/superBlockCertTypeMap';
import { completeCommitment$ } from '../utils/commit';
import { getChallenges } from '../utils/get-curriculum';
const log = debug('fcc:certification');
@@ -354,9 +353,6 @@ function createVerifyCert(certTypeIds, app) {
return Observable.combineLatest(
// update user data
Observable.fromPromise(updatePromise),
// If user has committed to nonprofit,
// this will complete their pledge
completeCommitment$(user),
// sends notification email is user has all 6 certs
// if not it noop
sendCertifiedEmail(user, Email.send$),

10
api-server/server/boot/challenge.js
View File

@@ -17,10 +17,10 @@ import { dasherize } from '../../../utils/slugs';
import { fixCompletedChallengeItem } from '../../common/utils';
import { getChallenges } from '../utils/get-curriculum';
import {
getParamsFromReq,
getRedirectParams,
getRedirectBase,
normalizeParams
} from '../utils/get-return-to';
} from '../utils/redirection';
const log = debug('fcc:boot:challenges');
@@ -34,7 +34,7 @@ export default async function bootChallenge(app, done) {
const redirectToCurrentChallenge = createRedirectToCurrentChallenge(
challengeUrlResolver,
normalizeParams,
getParamsFromReq
getRedirectParams
);
api.post(
@@ -336,11 +336,11 @@ function backendChallengeCompleted(req, res, next) {
export function createRedirectToCurrentChallenge(
challengeUrlResolver,
normalizeParams,
getParamsFromReq
getRedirectParams
) {
return async function redirectToCurrentChallenge(req, res, next) {
const { user } = req;
const { origin, pathPrefix } = normalizeParams(getParamsFromReq(req));
const { origin, pathPrefix } = getRedirectParams(req, normalizeParams);
const redirectBase = getRedirectBase(origin, pathPrefix);
if (!user) {

194
api-server/server/boot/commit.js
View File

@@ -1,194 +0,0 @@
import _ from 'lodash';
import { Observable } from 'rx';
import debugFactory from 'debug';
import dedent from 'dedent';
import { homeLocation } from '../../../config/env';
import nonprofits from '../utils/commit.json';
import { commitGoals, completeCommitment$ } from '../utils/commit';
import { unDasherize } from '../../../utils/slugs';
import { observeQuery, saveInstance } from '../utils/rx';
import { ifNoUserRedirectTo } from '../utils/middleware';
const sendNonUserToSignIn = ifNoUserRedirectTo(
`${homeLocation}/signin`,
'You must be signed in to commit to a nonprofit.',
'info'
);
const sendNonUserToCommit = ifNoUserRedirectTo(
'/commit',
'You must be signed in to update commit',
'info'
);
const debug = debugFactory('fcc:commit');
function findNonprofit(name) {
let nonprofit;
if (name) {
nonprofit = _.find(nonprofits, nonprofit => {
return name === nonprofit.name;
});
}
nonprofit = nonprofit || nonprofits[_.random(0, nonprofits.length - 1)];
return nonprofit;
}
export default function commit(app) {
const router = app.loopback.Router();
const api = app.loopback.Router();
const { Pledge } = app.models;
router.get('/commit', commitToNonprofit);
router.get('/commit/pledge', sendNonUserToSignIn, pledge);
router.get('/commit/directory', renderDirectory);
api.post('/commit/stop-commitment', sendNonUserToCommit, stopCommit);
api.post('/commit/complete-goal', sendNonUserToCommit, completeCommitment);
app.use(api);
app.use(router);
function commitToNonprofit(req, res, next) {
const { user } = req;
let nonprofitName = unDasherize(req.query.nonprofit);
debug('looking for nonprofit', nonprofitName);
const nonprofit = findNonprofit(nonprofitName);
Observable.just(user)
.flatMap(user => {
if (user) {
debug('getting user pledge');
return observeQuery(user, 'pledge');
}
return Observable.just();
})
.subscribe(pledge => {
if (pledge) {
debug('found previous pledge');
req.flash(
'info',
dedent`
Looks like you already have a pledge to ${pledge.displayName}.
Clicking "Commit" here will replace your old commitment. If you
do change your commitment, please remember to cancel your
previous recurring donation directly with ${pledge.displayName}.
`
);
}
res.render('commit/', {
title: 'Commit to a nonprofit. Commit to your goal.',
pledge,
...commitGoals,
...nonprofit
});
}, next);
}
function pledge(req, res, next) {
const { user } = req;
const {
nonprofit: nonprofitName = 'girl develop it',
amount = '5',
goal = commitGoals.respWebDesignCert
} = req.query;
const nonprofit = findNonprofit(nonprofitName);
observeQuery(user, 'pledge')
.flatMap(oldPledge => {
// create new pledge for user
const pledge = Pledge({
amount,
goal,
userId: user.id,
...nonprofit
});
if (oldPledge) {
debug('user already has pledge, creating a new one');
// we orphan last pledge since a user only has one pledge at a time
oldPledge.userId = '';
oldPledge.formerUser = user.id;
oldPledge.endDate = new Date();
oldPledge.isOrphaned = true;
return saveInstance(oldPledge).flatMap(() => {
return saveInstance(pledge);
});
}
return saveInstance(pledge);
})
.subscribe(({ displayName, goal, amount }) => {
req.flash(
'success',
dedent`
Congratulations, you have committed to giving
${displayName} $${amount} each month until you have completed
your ${goal}. Please remember to cancel your pledge directly
with ${displayName} once you finish.
`
);
res.redirect('/' + user.username);
}, next);
}
function renderDirectory(req, res) {
res.render('commit/directory', {
title: 'Commit Directory',
nonprofits
});
}
function completeCommitment(req, res, next) {
const { user } = req;
return completeCommitment$(user).subscribe(msgOrPledge => {
if (typeof msgOrPledge === 'string') {
return res.send(msgOrPledge);
}
return res.send(true);
}, next);
}
function stopCommit(req, res, next) {
const { user } = req;
observeQuery(user, 'pledge')
.flatMap(pledge => {
if (!pledge) {
return Observable.just();
}
pledge.formerUserId = pledge.userId;
pledge.userId = null;
pledge.isOrphaned = true;
pledge.dateEnded = new Date();
return saveInstance(pledge);
})
.subscribe(pledge => {
let msg = dedent`
You have successfully stopped your pledge. Please
remember to cancel your recurring donation directly
with the nonprofit if you haven't already done so.
`;
if (!pledge) {
msg = dedent`
It doesn't look like you had an active pledge, so
there's no pledge to stop.
`;
}
req.flash('info', msg);
return res.redirect(`/${user.username}`);
}, next);
}
}

20
api-server/server/boot/randomAPIs.js
View File

@@ -1,8 +1,7 @@
import request from 'request';
import { homeLocation } from '../../../config/env';
import constantStrings from '../utils/constantStrings.json';
import { getRedirectParams } from '../utils/redirection';
const githubClient = process.env.GITHUB_ID;
const githubSecret = process.env.GITHUB_SECRET;
@@ -51,19 +50,21 @@ module.exports = function(app) {
'We are no longer able to process this unsubscription request. ' +
'Please go to your settings to update your email preferences'
);
res.redirectWithFlash(homeLocation);
const { origin } = getRedirectParams(req);
res.redirectWithFlash(origin);
}
function unsubscribeById(req, res, next) {
const { origin } = getRedirectParams(req);
const { unsubscribeId } = req.params;
if (!unsubscribeId) {
req.flash('info', 'We could not find an account to unsubscribe');
return res.redirectWithFlash(homeLocation);
return res.redirectWithFlash(origin);
}
return User.find({ where: { unsubscribeId } }, (err, users) => {
if (err || !users.length) {
req.flash('info', 'We could not find an account to unsubscribe');
return res.redirectWithFlash(homeLocation);
return res.redirectWithFlash(origin);
}
const updates = users.map(user => {
return new Promise((resolve, reject) =>
@@ -88,7 +89,7 @@ module.exports = function(app) {
"We've successfully updated your email preferences."
);
return res.redirectWithFlash(
`${homeLocation}/unsubscribed/${unsubscribeId}`
`${origin}/unsubscribed/${unsubscribeId}`
);
})
.catch(next);
@@ -111,17 +112,18 @@ module.exports = function(app) {
function resubscribe(req, res, next) {
const { unsubscribeId } = req.params;
const { origin } = getRedirectParams(req);
if (!unsubscribeId) {
req.flash(
'info',
'We we unable to process this request, please check and try againÍ'
);
res.redirect(homeLocation);
res.redirect(origin);
}
return User.find({ where: { unsubscribeId } }, (err, users) => {
if (err || !users.length) {
req.flash('info', 'We could not find an account to resubscribe');
return res.redirectWithFlash(homeLocation);
return res.redirectWithFlash(origin);
}
const [user] = users;
return new Promise((resolve, reject) =>
@@ -144,7 +146,7 @@ module.exports = function(app) {
"We've successfully updated your email preferences. Thank you " +
'for resubscribing.'
);
return res.redirectWithFlash(homeLocation);
return res.redirectWithFlash(origin);
})
.catch(next);
});

14
api-server/server/boot/user.js
View File

@@ -4,19 +4,19 @@ import { pick } from 'lodash';
import { Observable } from 'rx';
import { body } from 'express-validator';
import { homeLocation } from '../../../config/env';
import {
getProgress,
normaliseUserFields,
userPropsForSession
} from '../utils/publicUserProps';
import { fixCompletedChallengeItem } from '../../common/utils';
import { ifNoUser401, ifNoUserRedirectTo } from '../utils/middleware';
import { ifNoUser401, ifNoUserRedirectHome } from '../utils/middleware';
import { removeCookies } from '../utils/getSetAccessToken';
import { trimTags } from '../utils/validators';
import { getRedirectParams } from '../utils/redirection';
const log = debugFactory('fcc:boot:user');
const sendNonUserToHome = ifNoUserRedirectTo(homeLocation);
const sendNonUserToHome = ifNoUserRedirectHome();
function bootUser(app) {
const api = app.loopback.Router();
@@ -100,7 +100,7 @@ function getAccount(req, res) {
function getUnlinkSocial(req, res, next) {
const { user } = req;
const { username } = user;
const { origin } = getRedirectParams(req);
let social = req.params.social;
if (!social) {
req.flash('danger', 'No social account found');
@@ -151,7 +151,7 @@ function getUnlinkSocial(req, res, next) {
log(`${social} has been unlinked successfully`);
req.flash('info', `You've successfully unlinked your ${social}.`);
return res.redirectWithFlash(`${homeLocation}/${username}`);
return res.redirectWithFlash(`${origin}/${username}`);
});
});
});
@@ -209,7 +209,7 @@ function createPostReportUserProfile(app) {
return function postReportUserProfile(req, res, next) {
const { user } = req;
const { username, reportDescription: report } = req.body;
const { origin } = getRedirectParams(req);
log(username);
log(report);
@@ -241,7 +241,7 @@ function createPostReportUserProfile(app) {
},
err => {
if (err) {
err.redirectTo = `${homeLocation}/${username}`;
err.redirectTo = `${origin}/${username}`;
return next(err);
}

6
api-server/server/boot/z-not-found.js
View File

@@ -1,16 +1,16 @@
import accepts from 'accepts';
import { homeLocation } from '../../../config/env';
import { getRedirectParams } from '../utils/redirection';
export default function fourOhFour(app) {
app.all('*', function(req, res) {
const accept = accepts(req);
const type = accept.type('html', 'json', 'text');
const { path } = req;
const { origin } = getRedirectParams(req);
if (type === 'html') {
req.flash('danger', `We couldn't find path ${path}`);
return res.redirectWithFlash(`${homeLocation}/404`);
return res.redirectWithFlash(`${origin}/404`);
}
if (type === 'json') {