jprdonnelly/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-01-06 06:01:31 -05:00
Code Issues Projects Releases Wiki Activity

revert: mobile auth for unblocking deployments (#49212)

Browse Source
This commit is contained in:
Mrugesh Mohapatra
2023-01-31 22:06:17 +05:30
committed by GitHub
parent 74b1ff96a1
commit c3103bae3d
8 changed files with 5 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
api-server/src/common/models/user.js
View File

@@ -162,8 +162,6 @@ export default function initializeUser(User) {
User.definition.properties.rand.default = getRandomNumber;
// increase user accessToken ttl to 900 days
User.settings.ttl = 900 * 24 * 60 * 60 * 1000;
// Sets ttl to 900 days for mobile login created access tokens
User.settings.maxTTL = 900 * 24 * 60 * 60 * 1000;
// username should not be in blocklist
User.validatesExclusionOf('username', {
@@ -343,21 +341,6 @@ export default function initializeUser(User) {
);
};
User.prototype.mobileLoginByRequest = function mobileLoginByRequest(
req,
res
) {
return new Promise((resolve, reject) =>
this.createAccessToken({}, (err, accessToken) => {
if (err) {
return reject(err);
}
setAccessTokenToResponse({ accessToken }, req, res);
return resolve(accessToken);
})
);
};
User.afterRemote('logout', function ({ req, res }, result, next) {
removeCookies(req, res);
next();

62
api-server/src/server/boot/authentication.js
View File

@@ -2,9 +2,10 @@ import dedent from 'dedent';
import { check } from 'express-validator';
import jwt from 'jsonwebtoken';
import passport from 'passport';
import fetch from 'node-fetch';
import { isEmail } from 'validator';
import { jwtSecret } from '../../../../config/secrets';
import { decodeEmail } from '../../common/utils';
import {
createPassportCallbackAuthenticator,
@@ -13,11 +14,7 @@ import {
} from '../component-passport';
import { wrapHandledError } from '../utils/create-handled-error.js';
import { removeCookies } from '../utils/getSetAccessToken';
import {
ifUserRedirectTo,
ifNoUserRedirectHome,
ifNotMobileRedirect
} from '../utils/middleware';
import { ifUserRedirectTo, ifNoUserRedirectHome } from '../utils/middleware';
import { getRedirectParams } from '../utils/redirection';
import { createDeleteUserToken } from '../middlewares/user-token';
@@ -37,7 +34,6 @@ module.exports = function enableAuthentication(app) {
// enable loopback access control authentication. see:
// loopback.io/doc/en/lb2/Authentication-authorization-and-permissions.html
app.enableAuth();
const ifNotMobile = ifNotMobileRedirect();
const ifUserRedirect = ifUserRedirectTo();
const ifNoUserRedirect = ifNoUserRedirectHome();
const devSaveAuthCookies = devSaveResponseAuthCookies();
@@ -91,8 +87,6 @@ module.exports = function enableAuthentication(app) {
createGetPasswordlessAuth(app)
);
api.get('/mobile-login', ifNotMobile, ifUserRedirect, mobileLogin(app));
app.use(api);
};
@@ -194,53 +188,3 @@ function createGetPasswordlessAuth(app) {
);
};
}
function mobileLogin(app) {
const {
models: { User }
} = app;
return async function getPasswordlessAuth(req, res, next) {
try {
const auth0Res = await fetch(
`https://${process.env.AUTH0_DOMAIN}/userinfo`,
{
headers: { Authorization: req.headers.authorization }
}
);
if (!auth0Res.ok) {
return next(
wrapHandledError(new Error('Invalid Auth0 token'), {
type: 'danger',
message: 'We could not log you in, please try again in a moment.',
status: auth0Res.status
})
);
}
const { email } = await auth0Res.json();
if (!isEmail(email)) {
return next(
wrapHandledError(new TypeError('decoded email is invalid'), {
type: 'danger',
message: 'The email is incorrectly formatted',
status: 400
})
);
}
User.findOne$({ where: { email } })
.do(async user => {
if (!user) {
user = await User.create({ email });
}
await user.mobileLoginByRequest(req, res);
res.end();
})
.subscribe(() => {}, next);
} catch (err) {
next(err);
}
};
}

5
api-server/src/server/middleware.json
View File

@@ -39,10 +39,7 @@
"./middlewares/constant-headers": {},
"./middlewares/csp": {},
"./middlewares/flash-cheaters": {},
"./middlewares/passport-login": {},
"./middlewares/rate-limit": {
"paths": ["/mobile-login"]
}
"./middlewares/passport-login": {}
},
"files": {},
"final:after": {

19
api-server/src/server/middlewares/rate-limit.js
View File

@@ -1,19 +0,0 @@
import rateLimit from 'express-rate-limit';
import MongoStore from 'rate-limit-mongo';
const url = process.env.MONGODB || process.env.MONGOHQ_URL;
// Rate limit for mobile login
// 10 requests per 15 minute windows
export default function rateLimitMiddleware() {
return rateLimit({
windowMs: 15 * 60 * 1000,
max: 10,
standardHeaders: true,
legacyHeaders: false,
store: new MongoStore({
uri: url,
expireTimeMs: 15 * 60 * 1000
})
});
}

4
api-server/src/server/middlewares/request-authorization.js
View File

@@ -26,7 +26,6 @@ const updateHooksRE = /^\/hooks\/update-paypal$/;
// note: this would be replaced by webhooks later
const donateRE = /^\/donate\/charge-stripe$/;
const submitCoderoadChallengeRE = /^\/coderoad-challenge-completed$/;
const mobileLoginRE = /^\/mobile-login\/?$/;
const _pathsAllowedREs = [
authRE,
@@ -42,8 +41,7 @@ const _pathsAllowedREs = [
unsubscribeRE,
updateHooksRE,
donateRE,
submitCoderoadChallengeRE,
mobileLoginRE
submitCoderoadChallengeRE
];
export function isAllowedPath(path, pathsAllowedREs = _pathsAllowedREs) {

14
api-server/src/server/utils/middleware.js
View File

@@ -77,20 +77,6 @@ export function ifUserRedirectTo(status) {
};
}
export function ifNotMobileRedirect() {
return (req, res, next) => {
//
// Todo: Use the below check once we have done more research on usage
//
// const isMobile = /(iPhone|iPad|Android)/.test(req.headers['user-agent']);
// if (!isMobile) {
// res.json({ error: 'not from mobile' });
// } else {
// next();
// }
next();
};
}
// for use with express-validator error formatter
export const createValidatorErrorHandler =
(...args) =>