p5.js-web-editor/server/config/passport.js

import slugify from 'slugify';
import friendlyWords from 'friendly-words';
import lodash from 'lodash';

import passport from 'passport';
import GitHubStrategy from 'passport-github';
import LocalStrategy from 'passport-local';
import GoogleStrategy from 'passport-google-oauth20';
import { BasicStrategy } from 'passport-http';

import User from '../models/user';

passport.serializeUser((user, done) => {
  done(null, user.id);
});

passport.deserializeUser((id, done) => {
  User.findById(id, (err, user) => {
    done(err, user);
  });
});

/**
 * Sign in using Email/Username and Password.
 */
passport.use(new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {
  User.findByMailOrName(email.toLowerCase())
    .then((user) => { // eslint-disable-line consistent-return
      if (!user) {
        return done(null, false, { msg: `Email ${email} not found.` });
      }
      user.comparePassword(password, (innerErr, isMatch) => {
        if (isMatch) {
          return done(null, user);
        }
        return done(null, false, { msg: 'Invalid email or password.' });
      });
    })
    .catch(err => done(null, false, { msg: err }));
}));

/**
 * Authentificate using Basic Auth (Username + Api Key)
 */
passport.use(new BasicStrategy((userid, key, done) => {
  User.findOne({ username: userid }, (err, user) => { // eslint-disable-line consistent-return
    if (err) { return done(err); }
    if (!user) { return done(null, false); }
    user.findMatchingKey(key, (innerErr, isMatch, keyID) => {
      if (isMatch) {
        User.update(
          { 'apiKeys._id': keyID },
          { '$set': { 'apiKeys.$.lastUsedAt': Date.now() } }
        );
        return done(null, user);
      }
      return done(null, false, { msg: 'Invalid username or API key' });
    });
  });
}));

/*
  Input:
  [
    { value: 'email@example.com', primary: false, verified: true },
    { value: 'unverified@example.com', primary: false, verified: false }
  ]

  Output:
    ['email@example.com']
*/
const getVerifiedEmails = githubEmails => (
  (githubEmails || [])
    .filter(item => item.verified === true)
    .map(item => item.value)
);

const getPrimaryEmail = githubEmails => (
  (
    lodash.find(githubEmails, { primary: true }) || {}
  ).value
);

/**
 * Sign in with GitHub.
 */
passport.use(new GitHubStrategy({
  clientID: process.env.GITHUB_ID,
  clientSecret: process.env.GITHUB_SECRET,
  callbackURL: '/auth/github/callback',
  passReqToCallback: true,
  scope: ['user:email'],
}, (req, accessToken, refreshToken, profile, done) => {
  User.findOne({ github: profile.id }, (findByGithubErr, existingUser) => {
    if (existingUser) {
      done(null, existingUser);
      return;
    }

    const emails = getVerifiedEmails(profile.emails);
    const primaryEmail = getPrimaryEmail(profile.emails);

    User.findOne({
      email: { $in: emails },
    }, (findByEmailErr, existingEmailUser) => {
      if (existingEmailUser) {
        existingEmailUser.email = existingEmailUser.email || primaryEmail;
        existingEmailUser.github = profile.id;
        existingEmailUser.username = existingEmailUser.username || profile.username;
        existingEmailUser.tokens.push({ kind: 'github', accessToken });
        existingEmailUser.name = existingEmailUser.name || profile.displayName;
        existingEmailUser.verified = User.EmailConfirmation.Verified;
        existingEmailUser.save(saveErr => done(null, existingEmailUser));
      } else {
        const user = new User();
        user.email = primaryEmail;
        user.github = profile.id;
        user.username = profile.username;
        user.tokens.push({ kind: 'github', accessToken });
        user.name = profile.displayName;
        user.verified = User.EmailConfirmation.Verified;
        user.save(saveErr => done(null, user));
      }
    });
  });
}));

/**
 * Sign in with Google.
 */
passport.use(new GoogleStrategy({
  clientID: process.env.GOOGLE_ID,
  clientSecret: process.env.GOOGLE_SECRET,
  callbackURL: '/auth/google/callback',
  passReqToCallback: true,
  scope: ['openid email'],
}, (req, accessToken, refreshToken, profile, done) => {
  User.findOne({ google: profile._json.emails[0].value }, (findByGoogleErr, existingUser) => {
    if (existingUser) {
      done(null, existingUser);
      return;
    }

    const primaryEmail = profile._json.emails[0].value;

    User.findOne({
      email: primaryEmail,
    }, (findByEmailErr, existingEmailUser) => {
      let username = profile._json.emails[0].value.split('@')[0];
      User.findOne({ username }, (findByUsernameErr, existingUsernameUser) => {
        if (existingUsernameUser) {
          const adj = friendlyWords.predicates[Math.floor(Math.random() * friendlyWords.predicates.length)];
          username = slugify(`${username} ${adj}`);
        }
        // what if a username is already taken from the display name too?
        // then, append a random friendly word?
        if (existingEmailUser) {
          existingEmailUser.email = existingEmailUser.email || primaryEmail;
          existingEmailUser.google = profile._json.emails[0].value;
          existingEmailUser.username = existingEmailUser.username || username;
          existingEmailUser.tokens.push({ kind: 'google', accessToken });
          existingEmailUser.name = existingEmailUser.name || profile._json.displayName;
          existingEmailUser.verified = User.EmailConfirmation.Verified;
          existingEmailUser.save((saveErr) => {
            if (saveErr) {
              console.log(saveErr);
            }
            done(null, existingEmailUser);
          });
        } else {
          const user = new User();
          user.email = primaryEmail;
          user.google = profile._json.emails[0].value;
          user.username = username;
          user.tokens.push({ kind: 'google', accessToken });
          user.name = profile._json.displayName;
          user.verified = User.EmailConfirmation.Verified;
          user.save((saveErr) => {
            if (saveErr) {
              console.log(saveErr);
            }
            done(null, user);
          });
        }
      });
    });
  });
}));
Fixes #760 (#1046) * fixes #760 * fixes linting errors 2019-05-01 21:38:11 +02:00			`import slugify from 'slugify';`
			`import friendlyWords from 'friendly-words';`
Added Basic Auth using passport-http 2018-11-06 17:28:17 +01:00			`import lodash from 'lodash';`
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused 2017-02-22 20:29:35 +01:00
Added Basic Auth using passport-http 2018-11-06 17:28:17 +01:00			`import passport from 'passport';`
			`import GitHubStrategy from 'passport-github';`
			`import LocalStrategy from 'passport-local';`
			`import GoogleStrategy from 'passport-google-oauth20';`
			`import { BasicStrategy } from 'passport-http';`
Solving #553 Addition of google oauth 2.0 for easy login (#608) * google oauth added * google credentials updated .env description for google oauth * changes done wrt review 2018-04-18 22:38:02 +02:00
Added Basic Auth using passport-http 2018-11-06 17:28:17 +01:00			`import User from '../models/user';`
add a lot of server side libraries, preemptively, still hooking everything up 2016-05-17 21:50:37 +02:00
			`passport.serializeUser((user, done) => {`
			`done(null, user.id);`
			`});`

			`passport.deserializeUser((id, done) => {`
			`User.findById(id, (err, user) => {`
			`done(err, user);`
			`});`
			`});`

			`/**`
Use username also to log in (#250) * Use username also to log in * Minor changes 2017-01-07 00:14:42 +01:00			`* Sign in using Email/Username and Password.`
add a lot of server side libraries, preemptively, still hooking everything up 2016-05-17 21:50:37 +02:00			`*/`
			`passport.use(new LocalStrategy({ usernameField: 'email' }, (email, password, done) => {`
Use username also to log in (#250) * Use username also to log in * Minor changes 2017-01-07 00:14:42 +01:00			`User.findByMailOrName(email.toLowerCase())`
update eslint and fix linting errors 2018-05-05 02:22:39 +02:00			`.then((user) => { // eslint-disable-line consistent-return`
			`if (!user) {`
			return done(null, false, { msg: `Email ${email} not found.` });
add a lot of server side libraries, preemptively, still hooking everything up 2016-05-17 21:50:37 +02:00			`}`
update eslint and fix linting errors 2018-05-05 02:22:39 +02:00			`user.comparePassword(password, (innerErr, isMatch) => {`
			`if (isMatch) {`
			`return done(null, user);`
			`}`
			`return done(null, false, { msg: 'Invalid email or password.' });`
			`});`
			`})`
			`.catch(err => done(null, false, { msg: err }));`
add a lot of server side libraries, preemptively, still hooking everything up 2016-05-17 21:50:37 +02:00			`}));`

Added Basic Auth using passport-http 2018-11-06 17:28:17 +01:00			`/**`
			`* Authentificate using Basic Auth (Username + Api Key)`
			`*/`
			`passport.use(new BasicStrategy((userid, key, done) => {`
			`User.findOne({ username: userid }, (err, user) => { // eslint-disable-line consistent-return`
			`if (err) { return done(err); }`
			`if (!user) { return done(null, false); }`
			`user.findMatchingKey(key, (innerErr, isMatch, keyID) => {`
			`if (isMatch) {`
			`User.update(`
			`{ 'apiKeys._id': keyID },`
			`{ '$set': { 'apiKeys.$.lastUsedAt': Date.now() } }`
			`);`
			`return done(null, user);`
			`}`
			`return done(null, false, { msg: 'Invalid username or API key' });`
			`});`
			`});`
			`}));`

Search for existing user account using Github emails (#337) * Tries to match user account from list of emails in Github API Requests the 'user:email' scope from Github which returns the private emails associated with the user's account. * Centres GitHub button in layout 2017-04-13 18:04:10 +02:00			`/*`
			`Input:`
			`[`
			`{ value: 'email@example.com', primary: false, verified: true },`
			`{ value: 'unverified@example.com', primary: false, verified: false }`
			`]`

			`Output:`
			`['email@example.com']`
			`*/`
			`const getVerifiedEmails = githubEmails => (`
			`(githubEmails \|\| [])`
			`.filter(item => item.verified === true)`
			`.map(item => item.value)`
			`);`

			`const getPrimaryEmail = githubEmails => (`
			`(`
			`lodash.find(githubEmails, { primary: true }) \|\| {}`
			`).value`
			`);`

add a lot of server side libraries, preemptively, still hooking everything up 2016-05-17 21:50:37 +02:00			`/**`
			`* Sign in with GitHub.`
			`*/`
add github button styling, add backend for login with github 2016-08-31 18:28:06 +02:00			`passport.use(new GitHubStrategy({`
			`clientID: process.env.GITHUB_ID,`
			`clientSecret: process.env.GITHUB_SECRET,`
			`callbackURL: '/auth/github/callback',`
Search for existing user account using Github emails (#337) * Tries to match user account from list of emails in Github API Requests the 'user:email' scope from Github which returns the private emails associated with the user's account. * Centres GitHub button in layout 2017-04-13 18:04:10 +02:00			`passReqToCallback: true,`
			`scope: ['user:email'],`
add github button styling, add backend for login with github 2016-08-31 18:28:06 +02:00			`}, (req, accessToken, refreshToken, profile, done) => {`
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused 2017-02-22 20:29:35 +01:00			`User.findOne({ github: profile.id }, (findByGithubErr, existingUser) => {`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`if (existingUser) {`
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused 2017-02-22 20:29:35 +01:00			`done(null, existingUser);`
			`return;`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`}`
Search for existing user account using Github emails (#337) * Tries to match user account from list of emails in Github API Requests the 'user:email' scope from Github which returns the private emails associated with the user's account. * Centres GitHub button in layout 2017-04-13 18:04:10 +02:00
			`const emails = getVerifiedEmails(profile.emails);`
			`const primaryEmail = getPrimaryEmail(profile.emails);`

			`User.findOne({`
			`email: { $in: emails },`
			`}, (findByEmailErr, existingEmailUser) => {`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`if (existingEmailUser) {`
Search for existing user account using Github emails (#337) * Tries to match user account from list of emails in Github API Requests the 'user:email' scope from Github which returns the private emails associated with the user's account. * Centres GitHub button in layout 2017-04-13 18:04:10 +02:00			`existingEmailUser.email = existingEmailUser.email \|\| primaryEmail;`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`existingEmailUser.github = profile.id;`
			`existingEmailUser.username = existingEmailUser.username \|\| profile.username;`
			`existingEmailUser.tokens.push({ kind: 'github', accessToken });`
			`existingEmailUser.name = existingEmailUser.name \|\| profile.displayName;`
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config 2017-06-26 18:48:28 +02:00			`existingEmailUser.verified = User.EmailConfirmation.Verified;`
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused 2017-02-22 20:29:35 +01:00			`existingEmailUser.save(saveErr => done(null, existingEmailUser));`
add github button styling, add backend for login with github 2016-08-31 18:28:06 +02:00			`} else {`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`const user = new User();`
Search for existing user account using Github emails (#337) * Tries to match user account from list of emails in Github API Requests the 'user:email' scope from Github which returns the private emails associated with the user's account. * Centres GitHub button in layout 2017-04-13 18:04:10 +02:00			`user.email = primaryEmail;`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`user.github = profile.id;`
			`user.username = profile.username;`
			`user.tokens.push({ kind: 'github', accessToken });`
			`user.name = profile.displayName;`
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config 2017-06-26 18:48:28 +02:00			`user.verified = User.EmailConfirmation.Verified;`
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused 2017-02-22 20:29:35 +01:00			`user.save(saveErr => done(null, user));`
add github button styling, add backend for login with github 2016-08-31 18:28:06 +02:00			`}`
			`});`
fix passport strategy config, remove github button from signup form 2016-08-31 21:30:37 +02:00			`});`
add github button styling, add backend for login with github 2016-08-31 18:28:06 +02:00			`}));`
Solving #553 Addition of google oauth 2.0 for easy login (#608) * google oauth added * google credentials updated .env description for google oauth * changes done wrt review 2018-04-18 22:38:02 +02:00
			`/**`
			`* Sign in with Google.`
			`*/`
			`passport.use(new GoogleStrategy({`
			`clientID: process.env.GOOGLE_ID,`
			`clientSecret: process.env.GOOGLE_SECRET,`
			`callbackURL: '/auth/google/callback',`
			`passReqToCallback: true,`
Fixes #760 (#1046) * fixes #760 * fixes linting errors 2019-05-01 21:38:11 +02:00			`scope: ['openid email'],`
Solving #553 Addition of google oauth 2.0 for easy login (#608) * google oauth added * google credentials updated .env description for google oauth * changes done wrt review 2018-04-18 22:38:02 +02:00			`}, (req, accessToken, refreshToken, profile, done) => {`
			`User.findOne({ google: profile._json.emails[0].value }, (findByGoogleErr, existingUser) => {`
			`if (existingUser) {`
			`done(null, existingUser);`
			`return;`
			`}`

			`const primaryEmail = profile._json.emails[0].value;`

			`User.findOne({`
			`email: primaryEmail,`
			`}, (findByEmailErr, existingEmailUser) => {`
Fixes #760 (#1046) * fixes #760 * fixes linting errors 2019-05-01 21:38:11 +02:00			`let username = profile._json.emails[0].value.split('@')[0];`
			`User.findOne({ username }, (findByUsernameErr, existingUsernameUser) => {`
			`if (existingUsernameUser) {`
			`const adj = friendlyWords.predicates[Math.floor(Math.random() * friendlyWords.predicates.length)];`
			username = slugify(`${username} ${adj}`);
			`}`
			`// what if a username is already taken from the display name too?`
			`// then, append a random friendly word?`
			`if (existingEmailUser) {`
			`existingEmailUser.email = existingEmailUser.email \|\| primaryEmail;`
			`existingEmailUser.google = profile._json.emails[0].value;`
			`existingEmailUser.username = existingEmailUser.username \|\| username;`
			`existingEmailUser.tokens.push({ kind: 'google', accessToken });`
			`existingEmailUser.name = existingEmailUser.name \|\| profile._json.displayName;`
			`existingEmailUser.verified = User.EmailConfirmation.Verified;`
			`existingEmailUser.save((saveErr) => {`
			`if (saveErr) {`
			`console.log(saveErr);`
			`}`
			`done(null, existingEmailUser);`
			`});`
			`} else {`
			`const user = new User();`
			`user.email = primaryEmail;`
			`user.google = profile._json.emails[0].value;`
			`user.username = username;`
			`user.tokens.push({ kind: 'google', accessToken });`
			`user.name = profile._json.displayName;`
			`user.verified = User.EmailConfirmation.Verified;`
			`user.save((saveErr) => {`
			`if (saveErr) {`
			`console.log(saveErr);`
			`}`
			`done(null, user);`
			`});`
			`}`
			`});`
Solving #553 Addition of google oauth 2.0 for easy login (#608) * google oauth added * google credentials updated .env description for google oauth * changes done wrt review 2018-04-18 22:38:02 +02:00			`});`
			`});`
			`}));`