fix: Improve handling of suspended users signing in with email (#2012)

* chore: Separate signin/auth middleware fix: Email signin token parsed by JWT middleware fix: Email signin marked as active when logging in as suspended fix: Suspended email signin correctly redirected to login screen closes #1740 * refactor middleware -> lib * lint
2021-04-08 20:40:04 -07:00
parent 1a889e9913
commit 190f0b6dc5
8 changed files with 96 additions and 109 deletions
--- a/server/middlewares/authentication.js
+++ b/server/middlewares/authentication.js
@ -1,10 +1,7 @@
 // @flow
-import addMonths from "date-fns/add_months";
-import JWT from "jsonwebtoken";
 import { AuthenticationError, UserSuspendedError } from "../errors";
-import { User, Event, Team, ApiKey } from "../models";
+import { User, Team, ApiKey } from "../models";
 import type { ContextWithState } from "../types";
-import { getCookieDomain } from "../utils/domains";
 import { getUserForJWT } from "../utils/jwt";

 export default function auth(options?: { required?: boolean } = {}) {
@ -94,78 +91,6 @@ export default function auth(options?: { required?: boolean } = {}) {
      ctx.state.user = user;
    }

-    ctx.signIn = (user: User, team: Team, service, isFirstSignin = false) => {
-      if (user.isSuspended) {
-        return ctx.redirect("/?notice=suspended");
-      }
-
-      // update the database when the user last signed in
-      user.updateSignedIn(ctx.request.ip);
-
-      // don't await event creation for a faster sign-in
-      Event.create({
-        name: "users.signin",
-        actorId: user.id,
-        userId: user.id,
-        teamId: team.id,
-        data: {
-          name: user.name,
-          service,
-        },
-        ip: ctx.request.ip,
-      });
-
-      const domain = getCookieDomain(ctx.request.hostname);
-      const expires = addMonths(new Date(), 3);
-
-      // set a cookie for which service we last signed in with. This is
-      // only used to display a UI hint for the user for next time
-      ctx.cookies.set("lastSignedIn", service, {
-        httpOnly: false,
-        expires: new Date("2100"),
-        domain,
-      });
-
-      // set a transfer cookie for the access token itself and redirect
-      // to the teams subdomain if subdomains are enabled
-      if (process.env.SUBDOMAINS_ENABLED === "true" && team.subdomain) {
-        // get any existing sessions (teams signed in) and add this team
-        const existing = JSON.parse(
-          decodeURIComponent(ctx.cookies.get("sessions") || "") || "{}"
-        );
-        const sessions = encodeURIComponent(
-          JSON.stringify({
-            ...existing,
-            [team.id]: {
-              name: team.name,
-              logoUrl: team.logoUrl,
-              url: team.url,
-            },
-          })
-        );
-        ctx.cookies.set("sessions", sessions, {
-          httpOnly: false,
-          expires,
-          domain,
-        });
-
-        ctx.redirect(
-          `${team.url}/auth/redirect?token=${user.getTransferToken()}`
-        );
-      } else {
-        ctx.cookies.set("accessToken", user.getJwtToken(), {
-          httpOnly: false,
-          expires,
-        });
-        ctx.redirect(`${team.url}/home${isFirstSignin ? "?welcome" : ""}`);
-      }
-    };
-
    return next();
  };
 }
-
-// Export JWT methods as a convenience
-export const sign = JWT.sign;
-export const verify = JWT.verify;
-export const decode = JWT.decode;