gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(api): only use homeLocation as a fallback (#40517)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2020-12-30 20:10:38 +01:00
committed by Mrugesh Mohapatra
parent 03fa21a565
commit a076547d43
22 changed files with 207 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api-server/server/middlewares/error-handlers.js
View File

@@ -2,9 +2,8 @@
// import _ from 'lodash/fp';
import accepts from 'accepts';
import { homeLocation } from '../../../config/env';
import { unwrapHandledError } from '../utils/create-handled-error.js';
import { getRedirectParams } from '../utils/redirection';
const errTemplate = (error, req) => {
const { message, stack } = error;
@@ -27,6 +26,7 @@ export default function prodErrorHandler() {
// error handling in production.
// eslint-disable-next-line no-unused-vars
return function(err, req, res, next) {
const { origin } = getRedirectParams(req);
const handled = unwrapHandledError(err);
// respect handled error status
let status = handled.status || err.status || res.statusCode;
@@ -39,7 +39,7 @@ export default function prodErrorHandler() {
const accept = accepts(req);
const type = accept.type('html', 'json', 'text');
const redirectTo = handled.redirectTo || `${homeLocation}/`;
const redirectTo = handled.redirectTo || `${origin}/`;
const message =
handled.message ||
'Oops! Something went wrong. Please try again in a moment.';

9
api-server/server/middlewares/request-authorization.js
View File

@@ -6,10 +6,10 @@ import {
errorTypes,
authHeaderNS
} from '../utils/getSetAccessToken';
import { homeLocation } from '../../../config/env';
import { jwtSecret as _jwtSecret } from '../../../config/secrets';
import { wrapHandledError } from '../utils/create-handled-error';
import { getRedirectParams } from '../utils/redirection';
const authRE = /^\/auth\//;
const confirmEmailRE = /^\/confirm-email$/;
@@ -50,6 +50,7 @@ export function isAllowedPath(path, pathsAllowedREs = _pathsAllowedREs) {
export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
function requestAuthorisation(req, res, next) {
const { origin } = getRedirectParams(req);
const { path } = req;
if (!isAllowedPath(path)) {
const { accessToken, error, jwt } = getAccessTokenFromRequest(
@@ -61,7 +62,7 @@ export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
new Error('Access token is required for this request'),
{
type: 'info',
redirect: `${homeLocation}/signin`,
redirect: `${origin}/signin`,
message: 'Access token is required for this request',
status: 403
}
@@ -70,7 +71,7 @@ export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
if (!accessToken && error === errorTypes.invalidToken) {
throw wrapHandledError(new Error('Access token is invalid'), {
type: 'info',
redirect: `${homeLocation}/signin`,
redirect: `${origin}/signin`,
message: 'Your access token is invalid',
status: 403
});
@@ -78,7 +79,7 @@ export default ({ jwtSecret = _jwtSecret, getUserById = _getUserById } = {}) =>
if (!accessToken && error === errorTypes.expiredToken) {
throw wrapHandledError(new Error('Access token is no longer valid'), {
type: 'info',
redirect: `${homeLocation}/signin`,
redirect: `${origin}/signin`,
message: 'Access token is no longer valid',
status: 403
});

9
api-server/server/middlewares/request-authorization.test.js
View File

@@ -1,8 +1,9 @@
/* global describe it expect */
import sinon from 'sinon';
import { mockReq, mockRes } from 'sinon-express-mock';
import { mockReq as mockRequest, mockRes } from 'sinon-express-mock';
import jwt from 'jsonwebtoken';
import { homeLocation } from '../../../config/env.json';
import createRequestAuthorization, {
isAllowedPath
} from './request-authorization';
@@ -26,6 +27,12 @@ const users = {
const mockGetUserById = id =>
id in users ? Promise.resolve(users[id]) : Promise.reject('No user found');
const mockReq = args => {
const mock = mockRequest(args);
mock.header = () => homeLocation;
return mock;
};
describe('request-authorization', () => {
describe('isAllowedPath', () => {
const authRE = /^\/auth\//;