fix(api): only use homeLocation as a fallback (#40517)

2020-12-30 20:10:38 +01:00
parent 03fa21a565
commit a076547d43
22 changed files with 207 additions and 600 deletions
--- a/api-server/server/boot/authentication.js
+++ b/api-server/server/boot/authentication.js
@@ -4,7 +4,6 @@ import { check } from 'express-validator';
 import { isEmail } from 'validator';
 import jwt from 'jsonwebtoken';

-import { homeLocation } from '../../../config/env';
 import { jwtSecret } from '../../../config/secrets';

 import {
@@ -12,11 +11,11 @@ import {
  devSaveResponseAuthCookies,
  devLoginRedirect
 } from '../component-passport';
-import { ifUserRedirectTo, ifNoUserRedirectTo } from '../utils/middleware';
+import { ifUserRedirectTo, ifNoUserRedirectHome } from '../utils/middleware';
 import { wrapHandledError } from '../utils/create-handled-error.js';
 import { removeCookies } from '../utils/getSetAccessToken';
 import { decodeEmail } from '../../common/utils';
-import { getParamsFromReq } from '../utils/get-return-to';
+import { getRedirectParams } from '../utils/redirection';

 const isSignUpDisabled = !!process.env.DISABLE_SIGNUP;
 if (isSignUpDisabled) {
@@ -40,7 +39,7 @@ module.exports = function enableAuthentication(app) {
  // loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html
  app.enableAuth();
  const ifUserRedirect = ifUserRedirectTo();
-  const ifNoUserRedirectHome = ifNoUserRedirectTo(homeLocation);
+  const ifNoUserRedirect = ifNoUserRedirectHome();
  const devSaveAuthCookies = devSaveResponseAuthCookies();
  const devLoginSuccessRedirect = devLoginRedirect();
  const api = app.loopback.Router();
@@ -57,7 +56,7 @@ module.exports = function enableAuthentication(app) {
    );
  } else {
    api.get('/signin', ifUserRedirect, (req, res, next) => {
-      const { returnTo, origin, pathPrefix } = getParamsFromReq(req);
+      const { returnTo, origin, pathPrefix } = getRedirectParams(req);
      const state = jwt.sign({ returnTo, origin, pathPrefix }, jwtSecret);
      return passport.authenticate('auth0-login', { state })(req, res, next);
    });
@@ -69,23 +68,24 @@ module.exports = function enableAuthentication(app) {
  }

  api.get('/signout', (req, res) => {
+    const { origin } = getRedirectParams(req);
    req.logout();
    req.session.destroy(err => {
      if (err) {
        throw wrapHandledError(new Error('could not destroy session'), {
          type: 'info',
          message: 'We could not log you out, please try again in a moment.',
-          redirectTo: homeLocation
+          redirectTo: origin
        });
      }
      removeCookies(req, res);
-      res.redirect(homeLocation);
+      res.redirect(origin);
    });
  });

  api.get(
    '/confirm-email',
-    ifNoUserRedirectHome,
+    ifNoUserRedirect,
    passwordlessGetValidators,
    createGetPasswordlessAuth(app)
  );
@@ -106,14 +106,14 @@ function createGetPasswordlessAuth(app) {
    const {
      query: { email: encodedEmail, token: authTokenId, emailChange } = {}
    } = req;
-
+    const { origin } = getRedirectParams(req);
    const email = decodeEmail(encodedEmail);
    if (!isEmail(email)) {
      return next(
        wrapHandledError(new TypeError('decoded email is invalid'), {
          type: 'info',
          message: 'The email encoded in the link is incorrectly formatted',
-          redirectTo: `${homeLocation}/signin`
+          redirectTo: `${origin}/signin`
        })
      );
    }
@@ -127,7 +127,7 @@ function createGetPasswordlessAuth(app) {
              {
                type: 'info',
                message: defaultErrorMsg,
-                redirectTo: `${homeLocation}/signin`
+                redirectTo: `${origin}/signin`
              }
            );
          }
@@ -141,7 +141,7 @@ function createGetPasswordlessAuth(app) {
                  {
                    type: 'info',
                    message: defaultErrorMsg,
-                    redirectTo: `${homeLocation}/signin`
+                    redirectTo: `${origin}/signin`
                  }
                );
              }
@@ -152,7 +152,7 @@ function createGetPasswordlessAuth(app) {
                    {
                      type: 'info',
                      message: defaultErrorMsg,
-                      redirectTo: `${homeLocation}/signin`
+                      redirectTo: `${origin}/signin`
                    }
                  );
                }
@@ -167,7 +167,7 @@ function createGetPasswordlessAuth(app) {
                        Looks like the link you clicked has expired,
                        please request a fresh link, to sign in.
                      `,
-                      redirectTo: `${homeLocation}/signin`
+                      redirectTo: `${origin}/signin`
                    });
                  }
                  return authToken.destroy$();
@@ -184,7 +184,7 @@ function createGetPasswordlessAuth(app) {
            'success',
            'Success! You have signed in to your account. Happy Coding!'
          );
-          return res.redirectWithFlash(`${homeLocation}/learn`);
+          return res.redirectWithFlash(`${origin}/learn`);
        })
        .subscribe(() => {}, next)
    );