fix(auth): Fix auth flow for the client app

2018-10-24 00:24:48 +01:00
parent a656cbf98a
commit c08bb95ea8
19 changed files with 348 additions and 212 deletions
--- a/api-server/server/component-passport.js
+++ b/api-server/server/component-passport.js
@ -1,11 +1,16 @@
 import passport from 'passport';
-import { PassportConfigurator } from
- '@freecodecamp/loopback-component-passport';
-import passportProviders from './passport-providers';
+import {
+  PassportConfigurator
+} from '@freecodecamp/loopback-component-passport';
 import url from 'url';
 import jwt from 'jsonwebtoken';
 import dedent from 'dedent';

+import { homeLocation } from '../../config/env.json';
+import { jwtSecret } from '../../config/secrets';
+import passportProviders from './passport-providers';
+import { createCookieConfig } from './utils/cookieConfig';
+
 const passportOptions = {
  emailOptional: true,
  profileToUser: null
@ -23,15 +28,14 @@ function getCompletedCertCount(user) {
    'isInfosecQaCert',
    'isJsAlgoDataStructCert',
    'isRespWebDesignCert'
-  ].reduce((sum, key) => user[key] ? sum + 1 : sum, 0);
+  ].reduce((sum, key) => (user[key] ? sum + 1 : sum), 0);
 }

 function getLegacyCertCount(user) {
-  return [
-    'isFrontEndCert',
-    'isBackEndCert',
-    'isDataVisCert'
-  ].reduce((sum, key) => user[key] ? sum + 1 : sum, 0);
+  return ['isFrontEndCert', 'isBackEndCert', 'isDataVisCert'].reduce(
+    (sum, key) => (user[key] ? sum + 1 : sum),
+    0
+  );
 }

 PassportConfigurator.prototype.init = function passportInit(noSession) {
@ -51,7 +55,6 @@ PassportConfigurator.prototype.init = function passportInit(noSession) {
  });

  passport.deserializeUser((id, done) => {
-
    this.userModel.findById(id, { fields }, (err, user) => {
      if (err || !user) {
        return done(err, user);
@ -62,8 +65,12 @@ PassportConfigurator.prototype.init = function passportInit(noSession) {
        .aggregate([
          { $match: { _id: user.id } },
          { $project: { points: { $size: '$progressTimestamps' } } }
-        ]).get(function(err, [{ points = 1 } = {}]) {
-          if (err) { console.error(err); return done(err); }
+        ])
+        .get(function(err, [{ points = 1 } = {}]) {
+          if (err) {
+            console.error(err);
+            return done(err);
+          }
          user.points = points;
          let completedChallengeCount = 0;
          let completedProjectCount = 0;
@ -90,6 +97,15 @@ PassportConfigurator.prototype.init = function passportInit(noSession) {
 };

 export function setupPassport(app) {
+  // NOTE(Bouncey): Not sure this is doing much now
+  // Loopback complains about userCredentialModle when this
+  // setup is remoed from server/server.js
+  //
+  // I have split the custom callback in to it's own export that we can use both
+  // here and in boot:auth
+  //
+  // Needs more investigation...
+
  const configurator = new PassportConfigurator(app);

  configurator.setupModels({
@ -104,78 +120,77 @@ export function setupPassport(app) {
    let config = passportProviders[strategy];
    config.session = config.session !== false;

-    // https://stackoverflow.com/q/37430452
-    let successRedirect = (req) => {
-      if (!!req && req.session && req.session.returnTo) {
-        delete req.session.returnTo;
-        return '/';
-      }
-      return config.successRedirect || '';
-    };
-
    config.customCallback = !config.useCustomCallback
      ? null
-      : (req, res, next) => {
+      : createPassportCallbackAuthenticator(strategy, config);

-        passport.authenticate(
-          strategy,
-          { session: false },
-          (err, user, userInfo) => {
-
-            if (err) {
-              return next(err);
-            }
-
-            if (!user || !userInfo) {
-              return res.redirect(config.failureRedirect);
-            }
-            let redirect = url.parse(successRedirect(req), true);
-
-            delete redirect.search;
-
-            const { accessToken } = userInfo;
-            const { provider } = config;
-            if (accessToken && accessToken.id) {
-              if (provider === 'auth0') {
-                req.flash(
-                  'success',
-                  dedent`
-                    Success! You have signed in to your account. Happy Coding!
-                  `
-                );
-              } else if (user.email) {
-                req.flash(
-                  'info',
-                  dedent`
-  We are moving away from social authentication for privacy reasons. Next time
-  we recommend using your email address: ${user.email} to sign in instead.
-                  `
-                );
-              }
-              const cookieConfig = {
-                signed: !!req.signedCookies,
-                maxAge: accessToken.ttl,
-                domain: process.env.COOKIE_DOMAIN || 'localhost'
-              };
-              const jwtAccess = jwt.sign({accessToken}, process.env.JWT_SECRET);
-              res.cookie('jwt_access_token', jwtAccess, cookieConfig);
-              res.cookie('access_token', accessToken.id, cookieConfig);
-              res.cookie('userId', accessToken.userId, cookieConfig);
-              req.login(user);
-            }
-
-            redirect = url.format(redirect);
-            return res.redirect(redirect);
-          }
-        )(req, res, next);
-    };
-
-    configurator.configureProvider(
-      strategy,
-      {
-        ...config,
-        ...passportOptions
-      }
-    );
+    configurator.configureProvider(strategy, {
+      ...config,
+      ...passportOptions
+    });
  });
 }
+
+export const createPassportCallbackAuthenticator = (strategy, config) => (
+  req,
+  res,
+  next
+) => {
+  // https://stackoverflow.com/q/37430452
+  const successRedirect = req => {
+    if (!!req && req.session && req.session.returnTo) {
+      delete req.session.returnTo;
+      return `${homeLocation}/welcome`;
+    }
+    return config.successRedirect || `${homeLocation}/welcome`;
+  };
+  return passport.authenticate(
+    strategy,
+    { session: false },
+    (err, user, userInfo) => {
+      if (err) {
+        return next(err);
+      }
+
+      if (!user || !userInfo) {
+        return res.redirect('/signin');
+      }
+      let redirect = url.parse(successRedirect(req), true);
+
+      delete redirect.search;
+
+      const { accessToken } = userInfo;
+      const { provider } = config;
+      if (accessToken && accessToken.id) {
+        if (provider === 'auth0') {
+          req.flash(
+            'success',
+            dedent`
+              Success! You have signed in to your account. Happy Coding!
+            `
+          );
+        } else if (user.email) {
+          req.flash(
+            'info',
+            dedent`
+We are moving away from social authentication for privacy reasons. Next time
+we recommend using your email address: ${user.email} to sign in instead.
+            `
+          );
+        }
+        const cookieConfig = {
+          ...createCookieConfig(req),
+          maxAge: accessToken.ttl
+        };
+        const jwtAccess = jwt.sign({ accessToken }, jwtSecret);
+        res.cookie('jwt_access_token', jwtAccess, cookieConfig);
+        res.cookie('access_token', accessToken.id, cookieConfig);
+        res.cookie('userId', accessToken.userId, cookieConfig);
+        req.login(user);
+      }
+
+      redirect = url.format(redirect);
+      return res.redirect(redirect);
+    }
+  )(req, res, next);
+};