feat: use mock authentication for local dev

api-server/server/boot/authentication.js

@@ -7,7 +7,11 @@ import { check } from 'express-validator/check';
 
 import { homeLocation } from '../../../config/env';
 import { createCookieConfig } from '../utils/cookieConfig';
-import { createPassportCallbackAuthenticator } from '../component-passport';
+import { 
+  createPassportCallbackAuthenticator,
+  saveResponseAuthCookies,
+  loginRedirect
+} from '../component-passport';
 import {
   ifUserRedirectTo,
   ifNoUserRedirectTo,
@@ -25,15 +29,34 @@ module.exports = function enableAuthentication(app) {
   // loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html
   app.enableAuth();
   const ifUserRedirect = ifUserRedirectTo();
+  const saveAuthCookies = saveResponseAuthCookies();
+  const loginSuccessRedirect = loginRedirect();
   const ifNoUserRedirectHome = ifNoUserRedirectTo(homeLocation);
   const api = app.loopback.Router();
   const { AuthToken, User } = app.models;
 
-  api.get('/signin', ifUserRedirect, passport.authenticate('auth0-login', {}));
-  api.get(
-    '/auth/auth0/callback',
-    createPassportCallbackAuthenticator('auth0-login', { provider: 'auth0' })
-  );
+  // Use a local mock strategy for signing in if we are in dev mode.
+  // Otherwise we use auth0 login. We use a string for 'true' because values
+  // set in the env file will always be strings and never boolean.
+  if (process.env.LOCAL_MOCK_AUTH === 'true') {
+    api.get(
+      '/signin',
+      passport.authenticate('devlogin'),
+      saveAuthCookies,
+      loginSuccessRedirect
+    );
+  } else {
+    api.get(
+      '/signin',
+      ifUserRedirect,
+      passport.authenticate('auth0-login', {})
+    );
+
+    api.get(
+      '/auth/auth0/callback',
+      createPassportCallbackAuthenticator('auth0-login', { provider: 'auth0' })
+    );
+  }
 
   api.get('/signout', (req, res) => {
     req.logout();

api-server/server/component-passport.js

@@ -131,6 +131,50 @@ export function setupPassport(app) {
   });
 }
 
+export const saveResponseAuthCookies = () => {
+
+  return (req, res, next) => {
+
+    const user = req.user;
+
+    if (!user) {
+      return res.redirect('/signin');
+    }
+
+    const { accessToken } = user;
+
+    const cookieConfig = {
+      ...createCookieConfig(req),
+      maxAge: 77760000000
+    };
+    const jwtAccess = jwt.sign({ accessToken }, jwtSecret);
+    res.cookie('jwt_access_token', jwtAccess, cookieConfig);
+    res.cookie('access_token', accessToken.id, cookieConfig);
+    res.cookie('userId', accessToken.userId, cookieConfig);
+
+    return next();
+  };
+};
+
+export const loginRedirect = () => {
+
+  return (req, res) => {
+    const successRedirect = req => {
+      if (!!req && req.session && req.session.returnTo) {
+        delete req.session.returnTo;
+        return `${homeLocation}/welcome`;
+      }
+      return `${homeLocation}/welcome`;
+    };
+
+    let redirect = url.parse(successRedirect(req), true);
+    delete redirect.search;
+
+    redirect = url.format(redirect);
+    return res.redirect(redirect);
+  };
+};
+
 export const createPassportCallbackAuthenticator = (strategy, config) => (
   req,
   res,

api-server/server/passport-providers.js

@@ -7,6 +7,11 @@ const successRedirect = `${homeLocation}/welcome`;
 const failureRedirect = '/signin';
 
 export default {
+  devlogin: {
+    authScheme: 'mock',
+    provider: 'dev',
+    module: 'passport-mock-strategy'
+  },
   local: {
     provider: 'local',
     module: 'passport-local',