From 4908dc1e0b8002008c1d8ec293ab94be8ec03950 Mon Sep 17 00:00:00 2001 From: catarak Date: Mon, 13 Jun 2016 19:29:33 -0400 Subject: [PATCH] change authentication to cookies --- server/config/passport.js | 24 ------------------------ server/controllers/user.controller.js | 3 +-- server/server.js | 22 ++++++++++++++++------ shared/redux/actions/user.js | 3 +-- 4 files changed, 18 insertions(+), 34 deletions(-) diff --git a/server/config/passport.js b/server/config/passport.js index 7ebf173d..fe6c7c2f 100644 --- a/server/config/passport.js +++ b/server/config/passport.js @@ -1,17 +1,9 @@ const passport = require('passport'); -const JwtStrategy = require('passport-jwt').Strategy; -const ExtractJwt = require('passport-jwt').ExtractJwt; const GitHubStrategy = require('passport-github').Strategy; const LocalStrategy = require('passport-local').Strategy; const User = require('../models/user'); -// Setup options for JWT Strategy -const jwtOptions = { - jwtFromRequest: ExtractJwt.fromHeader('authorization'), - secretOrKey: "steve brule" -}; - passport.serializeUser((user, done) => { done(null, user.id); }); @@ -39,22 +31,6 @@ passport.use(new LocalStrategy({ usernameField: 'email' }, (email, password, don }); })); -// Create JWT strategy -passport.use(new JwtStrategy(jwtOptions, function(payload, done) { - // See if the user ID in the payload exists in our database - // If it does, call 'done' with that other - // otherwise, call done without a user object - User.findById(payload.sub, function(err, user) { - if (err) { return done(err, false); } - - if (user) { - done(null, user); - } else { - done(null, false); - } - }); -})); - /** * Sign in with GitHub. */ diff --git a/server/controllers/user.controller.js b/server/controllers/user.controller.js index c6de9d32..3cc91484 100644 --- a/server/controllers/user.controller.js +++ b/server/controllers/user.controller.js @@ -1,7 +1,6 @@ import User from '../models/user' import passport from 'passport' import path from 'path' -import { generateToken } from '../utils/jwt' export function newUser(req, res) { //eventually, it would be cool to have some isomorphic rendering @@ -25,7 +24,7 @@ export function createUser(req, res, next) { if (err) { return next(err); } - res.json({ token: generateToken(user) }); + res.json({success: true}); }); }); }); diff --git a/server/server.js b/server/server.js index 9beb631c..2f9a651e 100644 --- a/server/server.js +++ b/server/server.js @@ -3,6 +3,7 @@ import mongoose from 'mongoose'; import bodyParser from 'body-parser'; import cookieParser from 'cookie-parser'; import session from 'express-session'; +const MongoStore = require('connect-mongo')(session); import passport from 'passport'; import path from 'path'; @@ -29,12 +30,21 @@ app.use(Express.static(path.resolve(__dirname, '../static'))); app.use(bodyParser.urlencoded({extended: true})); app.use(bodyParser.json()); app.use(cookieParser()); -app.use(passport.initialize()); -app.use(passport.session()); -app.use(Express.static(path.resolve(__dirname, '../static'))); -app.use(bodyParser.urlencoded({extended: true})); -app.use(bodyParser.json()); -app.use(cookieParser()); +app.use(session({ + resave: true, + saveUninitialized: false, + secret: process.env.SESSION_SECRET, + proxy: true, + name: 'sessionId', + cookie: { + httpOnly: true, + secure: false, + }, + store: new MongoStore({ + url: process.env.MONGO_URL, + autoReconnect: true + }) +})); app.use(passport.initialize()); app.use(passport.session()); app.use('/', users); diff --git a/shared/redux/actions/user.js b/shared/redux/actions/user.js index 3689a515..8c48cc36 100644 --- a/shared/redux/actions/user.js +++ b/shared/redux/actions/user.js @@ -7,10 +7,9 @@ const ROOT_URL = location.href.indexOf('localhost') > 0 ? 'http://localhost:8000 export function signUpUser(formValues) { return function(dispatch) { - axios.post(`${ROOT_URL}/signup`, formValues) + axios.post(`${ROOT_URL}/signup`, formValues, {withCredentials: true}) .then(response => { dispatch({ type: ActionTypes.AUTH_USER }); - localStorage.setItem('token', response.data.token); browserHistory.push('/'); }) .catch(response => dispatch(authError(response.data.error)));