feat: Move to passport for authentication (#1934)
- Added `accountProvisioner` - Move authentication to use passport strategies - Make authentication more pluggable - Change language of services -> providers closes #1120
This commit is contained in:
parent
dc967be4fc
commit
5d6f68d399
|
@ -34,7 +34,7 @@ Interested in more documentation on the API routes? Check out the [API documenta
|
|||
server
|
||||
├── api - All API routes are contained within here
|
||||
│ └── middlewares - Koa middlewares specific to the API
|
||||
├── auth - OAuth routes for Slack and Google, plus email authentication routes
|
||||
├── auth - Authentication providers, in the form of passport.js strategies
|
||||
├── commands - We are gradually moving to the command pattern for new write logic
|
||||
├── config - Database configuration
|
||||
├── emails - Transactional email templates
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
// @flow
|
||||
import * as React from "react";
|
||||
import SlackLogo from "../SlackLogo";
|
||||
import GoogleLogo from "./GoogleLogo";
|
||||
|
||||
type Props = {|
|
||||
providerName: string,
|
||||
|};
|
||||
|
||||
export default function AuthLogo({ providerName }: Props) {
|
||||
switch (providerName) {
|
||||
case "slack":
|
||||
return <SlackLogo size={16} />;
|
||||
case "google":
|
||||
return <GoogleLogo size={16} />;
|
||||
default:
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -11,7 +11,7 @@ export default function AlertNotice({ children }: { children: React.Node }) {
|
|||
viewBox="0 0 16 16"
|
||||
fill="none"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
style={{ position: "relative", top: "2px" }}
|
||||
style={{ position: "relative", top: "2px", marginRight: "4px" }}
|
||||
>
|
||||
<path
|
||||
d="M15.6676 11.5372L10.0155 1.14735C9.10744 -0.381434 6.89378 -0.383465 5.98447 1.14735L0.332715 11.5372C-0.595598 13.0994 0.528309 15.0776 2.34778 15.0776H13.652C15.47 15.0776 16.5959 13.101 15.6676 11.5372ZM8 13.2026C7.48319 13.2026 7.0625 12.7819 7.0625 12.2651C7.0625 11.7483 7.48319 11.3276 8 11.3276C8.51681 11.3276 8.9375 11.7483 8.9375 12.2651C8.9375 12.7819 8.51681 13.2026 8 13.2026ZM8.9375 9.45257C8.9375 9.96938 8.51681 10.3901 8 10.3901C7.48319 10.3901 7.0625 9.96938 7.0625 9.45257V4.76507C7.0625 4.24826 7.48319 3.82757 8 3.82757C8.51681 3.82757 8.9375 4.24826 8.9375 4.76507V9.45257Z"
|
||||
|
|
|
@ -35,7 +35,7 @@ export default function Notices({ notice }: Props) {
|
|||
)}
|
||||
{notice === "auth-error" && (
|
||||
<NoticeAlert>
|
||||
Authentication failed - we were unable to sign you in at this time.
|
||||
Authentication failed – we were unable to sign you in at this time.
|
||||
Please try again.
|
||||
</NoticeAlert>
|
||||
)}
|
||||
|
@ -51,6 +51,12 @@ export default function Notices({ notice }: Props) {
|
|||
please contact a team admin.
|
||||
</NoticeAlert>
|
||||
)}
|
||||
{notice === "authentication-provider-disabled" && (
|
||||
<NoticeAlert>
|
||||
Authentication failed – this login method was disabled by a team
|
||||
admin.
|
||||
</NoticeAlert>
|
||||
)}
|
||||
</>
|
||||
);
|
||||
}
|
||||
|
|
|
@ -2,10 +2,9 @@
|
|||
import { EmailIcon } from "outline-icons";
|
||||
import * as React from "react";
|
||||
import styled from "styled-components";
|
||||
import AuthLogo from "components/AuthLogo";
|
||||
import ButtonLarge from "components/ButtonLarge";
|
||||
import GoogleLogo from "components/GoogleLogo";
|
||||
import InputLarge from "components/InputLarge";
|
||||
import SlackLogo from "components/SlackLogo";
|
||||
import { client } from "utils/ApiClient";
|
||||
|
||||
type Props = {
|
||||
|
@ -22,7 +21,7 @@ type State = {
|
|||
email: string,
|
||||
};
|
||||
|
||||
class Service extends React.Component<Props, State> {
|
||||
class Provider extends React.Component<Props, State> {
|
||||
state = {
|
||||
showEmailSignin: false,
|
||||
isSubmitting: false,
|
||||
|
@ -98,22 +97,13 @@ class Service extends React.Component<Props, State> {
|
|||
);
|
||||
}
|
||||
|
||||
const icon =
|
||||
id === "slack" ? (
|
||||
<Logo>
|
||||
<SlackLogo size={16} />
|
||||
</Logo>
|
||||
) : id === "google" ? (
|
||||
<Logo>
|
||||
<GoogleLogo size={16} />
|
||||
</Logo>
|
||||
) : undefined;
|
||||
const icon = <AuthLogo providerName={id} />;
|
||||
|
||||
return (
|
||||
<Wrapper key={id}>
|
||||
<ButtonLarge
|
||||
onClick={() => (window.location.href = authUrl)}
|
||||
icon={icon}
|
||||
icon={icon ? <Logo>{icon}</Logo> : null}
|
||||
fullwidth
|
||||
>
|
||||
{isCreate ? "Sign up" : "Continue"} with {name}
|
||||
|
@ -142,4 +132,4 @@ const Form = styled.form`
|
|||
justify-content: space-between;
|
||||
`;
|
||||
|
||||
export default Service;
|
||||
export default Provider;
|
|
@ -15,7 +15,7 @@ import OutlineLogo from "components/OutlineLogo";
|
|||
import PageTitle from "components/PageTitle";
|
||||
import TeamLogo from "components/TeamLogo";
|
||||
import Notices from "./Notices";
|
||||
import Service from "./Service";
|
||||
import Provider from "./Provider";
|
||||
import env from "env";
|
||||
import useStores from "hooks/useStores";
|
||||
|
||||
|
@ -41,8 +41,6 @@ function Login({ location }: Props) {
|
|||
auth.fetchConfig();
|
||||
}, [auth]);
|
||||
|
||||
console.log(config);
|
||||
|
||||
if (auth.authenticated) {
|
||||
return <Redirect to="/home" />;
|
||||
}
|
||||
|
@ -52,10 +50,10 @@ function Login({ location }: Props) {
|
|||
return null;
|
||||
}
|
||||
|
||||
const hasMultipleServices = config.services.length > 1;
|
||||
const defaultService = find(
|
||||
config.services,
|
||||
(service) => service.id === auth.lastSignedIn && !isCreate
|
||||
const hasMultipleProviders = config.providers.length > 1;
|
||||
const defaultProvider = find(
|
||||
config.providers,
|
||||
(provider) => provider.id === auth.lastSignedIn && !isCreate
|
||||
);
|
||||
|
||||
const header =
|
||||
|
@ -113,33 +111,35 @@ function Login({ location }: Props) {
|
|||
|
||||
<Notices notice={getQueryVariable("notice")} />
|
||||
|
||||
{defaultService && (
|
||||
<React.Fragment key={defaultService.id}>
|
||||
<Service
|
||||
{defaultProvider && (
|
||||
<React.Fragment key={defaultProvider.id}>
|
||||
<Provider
|
||||
isCreate={isCreate}
|
||||
onEmailSuccess={handleEmailSuccess}
|
||||
{...defaultService}
|
||||
{...defaultProvider}
|
||||
/>
|
||||
{hasMultipleServices && (
|
||||
{hasMultipleProviders && (
|
||||
<>
|
||||
<Note>You signed in with {defaultService.name} last time.</Note>
|
||||
<Note>
|
||||
You signed in with {defaultProvider.name} last time.
|
||||
</Note>
|
||||
<Or />
|
||||
</>
|
||||
)}
|
||||
</React.Fragment>
|
||||
)}
|
||||
|
||||
{config.services.map((service) => {
|
||||
if (defaultService && service.id === defaultService.id) {
|
||||
{config.providers.map((provider) => {
|
||||
if (defaultProvider && provider.id === defaultProvider.id) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (
|
||||
<Service
|
||||
key={service.id}
|
||||
<Provider
|
||||
key={provider.id}
|
||||
isCreate={isCreate}
|
||||
onEmailSuccess={handleEmailSuccess}
|
||||
{...service}
|
||||
{...provider}
|
||||
/>
|
||||
);
|
||||
})}
|
||||
|
|
|
@ -14,7 +14,7 @@ import { getCookieDomain } from "utils/domains";
|
|||
const AUTH_STORE = "AUTH_STORE";
|
||||
const NO_REDIRECT_PATHS = ["/", "/create", "/home"];
|
||||
|
||||
type Service = {|
|
||||
type Provider = {|
|
||||
id: string,
|
||||
name: string,
|
||||
authUrl: string,
|
||||
|
@ -23,7 +23,7 @@ type Service = {|
|
|||
type Config = {|
|
||||
name?: string,
|
||||
hostname?: string,
|
||||
services: Service[],
|
||||
providers: Provider[],
|
||||
|};
|
||||
|
||||
export default class AuthStore {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
// @flow
|
||||
declare var process: {
|
||||
exit: (code?: number) => void,
|
||||
cwd: () => string,
|
||||
env: {
|
||||
[string]: string,
|
||||
},
|
||||
|
|
|
@ -1,161 +0,0 @@
|
|||
// flow-typed signature: cb42a60ec13995444fb6e5202fef8698
|
||||
// flow-typed version: <<STUB>>/google-auth-library_v^5.5.1/flow_v0.104.0
|
||||
|
||||
/**
|
||||
* This is an autogenerated libdef stub for:
|
||||
*
|
||||
* 'google-auth-library'
|
||||
*
|
||||
* Fill this stub out by replacing all the `any` types.
|
||||
*
|
||||
* Once filled out, we encourage you to share your work with the
|
||||
* community by sending a pull request to:
|
||||
* https://github.com/flowtype/flow-typed
|
||||
*/
|
||||
|
||||
declare module 'google-auth-library' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
/**
|
||||
* We include stubs for each file inside this npm package in case you need to
|
||||
* require those files directly. Feel free to delete any files that aren't
|
||||
* needed.
|
||||
*/
|
||||
declare module 'google-auth-library/build/src/auth/authclient' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/computeclient' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/credentials' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/envDetect' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/googleauth' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/iam' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/idtokenclient' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/jwtaccess' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/jwtclient' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/loginticket' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/oauth2client' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/auth/refreshclient' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/crypto/browser/crypto' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/crypto/crypto' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/crypto/node/crypto' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/messages' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/options' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
declare module 'google-auth-library/build/src/transporters' {
|
||||
declare module.exports: any;
|
||||
}
|
||||
|
||||
// Filename aliases
|
||||
declare module 'google-auth-library/build/src/auth/authclient.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/authclient'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/computeclient.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/computeclient'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/credentials.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/credentials'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/envDetect.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/envDetect'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/googleauth.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/googleauth'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/iam.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/iam'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/idtokenclient.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/idtokenclient'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/jwtaccess.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/jwtaccess'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/jwtclient.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/jwtclient'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/loginticket.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/loginticket'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/oauth2client.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/oauth2client'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/auth/refreshclient.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/auth/refreshclient'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/crypto/browser/crypto.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/crypto/browser/crypto'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/crypto/crypto.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/crypto/crypto'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/crypto/node/crypto.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/crypto/node/crypto'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/index' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/index.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/messages.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/messages'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/options.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/options'>;
|
||||
}
|
||||
declare module 'google-auth-library/build/src/transporters.js' {
|
||||
declare module.exports: $Exports<'google-auth-library/build/src/transporters'>;
|
||||
}
|
|
@ -66,6 +66,7 @@
|
|||
"@babel/preset-env": "^7.11.0",
|
||||
"@babel/preset-flow": "^7.10.4",
|
||||
"@babel/preset-react": "^7.10.4",
|
||||
"@outlinewiki/koa-passport": "^4.1.4",
|
||||
"@rehooks/window-scroll-position": "^1.0.1",
|
||||
"@sentry/node": "^6.1.0",
|
||||
"@sentry/react": "^6.1.0",
|
||||
|
@ -94,7 +95,6 @@
|
|||
"flow-typed": "^2.6.2",
|
||||
"focus-visible": "^5.1.0",
|
||||
"fs-extra": "^4.0.2",
|
||||
"google-auth-library": "^5.5.1",
|
||||
"http-errors": "1.4.0",
|
||||
"i18next": "^19.8.3",
|
||||
"i18next-http-backend": "^1.0.21",
|
||||
|
@ -129,6 +129,9 @@
|
|||
"nodemailer": "^4.4.0",
|
||||
"outline-icons": "^1.24.0",
|
||||
"oy-vey": "^0.10.0",
|
||||
"passport": "^0.4.1",
|
||||
"passport-google-oauth2": "^0.2.0",
|
||||
"passport-slack-oauth2": "^1.1.0",
|
||||
"pg": "^8.5.1",
|
||||
"pg-hstore": "^2.3.3",
|
||||
"polished": "3.6.5",
|
||||
|
|
|
@ -1,57 +1,45 @@
|
|||
// @flow
|
||||
import path from "path";
|
||||
import Router from "koa-router";
|
||||
import { reject } from "lodash";
|
||||
import { find } from "lodash";
|
||||
import { parseDomain, isCustomSubdomain } from "../../shared/utils/domains";
|
||||
import { signin } from "../../shared/utils/routeHelpers";
|
||||
import auth from "../middlewares/authentication";
|
||||
import { Team } from "../models";
|
||||
import { presentUser, presentTeam, presentPolicies } from "../presenters";
|
||||
import { isCustomDomain } from "../utils/domains";
|
||||
import { requireDirectory } from "../utils/fs";
|
||||
|
||||
const router = new Router();
|
||||
let providers = [];
|
||||
|
||||
let services = [];
|
||||
|
||||
if (process.env.GOOGLE_CLIENT_ID) {
|
||||
services.push({
|
||||
id: "google",
|
||||
name: "Google",
|
||||
authUrl: signin("google"),
|
||||
});
|
||||
}
|
||||
|
||||
if (process.env.SLACK_KEY) {
|
||||
services.push({
|
||||
id: "slack",
|
||||
name: "Slack",
|
||||
authUrl: signin("slack"),
|
||||
});
|
||||
}
|
||||
|
||||
services.push({
|
||||
id: "email",
|
||||
name: "Email",
|
||||
authUrl: "",
|
||||
});
|
||||
|
||||
function filterServices(team) {
|
||||
let output = services;
|
||||
|
||||
const providerNames = team
|
||||
? team.authenticationProviders.map((provider) => provider.name)
|
||||
: [];
|
||||
|
||||
if (team && !providerNames.includes("google")) {
|
||||
output = reject(output, (service) => service.id === "google");
|
||||
}
|
||||
if (team && !providerNames.includes("slack")) {
|
||||
output = reject(output, (service) => service.id === "slack");
|
||||
}
|
||||
if (!team || !team.guestSignin) {
|
||||
output = reject(output, (service) => service.id === "email");
|
||||
requireDirectory(path.join(__dirname, "..", "auth")).forEach(
|
||||
([{ config }, id]) => {
|
||||
if (config && config.enabled) {
|
||||
providers.push({
|
||||
id,
|
||||
name: config.name,
|
||||
authUrl: signin(id),
|
||||
});
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
return output;
|
||||
function filterProviders(team) {
|
||||
return providers
|
||||
.sort((provider) => (provider.id === "email" ? 1 : -1))
|
||||
.filter((provider) => {
|
||||
// guest sign-in is an exception as it does not have an authentication
|
||||
// provider using passport, instead it exists as a boolean option on the team
|
||||
if (provider.id === "email") {
|
||||
return team && team.guestSignin;
|
||||
}
|
||||
|
||||
return (
|
||||
!team ||
|
||||
find(team.authenticationProviders, { name: provider.id, enabled: true })
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
router.post("auth.config", async (ctx) => {
|
||||
|
@ -66,7 +54,7 @@ router.post("auth.config", async (ctx) => {
|
|||
ctx.body = {
|
||||
data: {
|
||||
name: team.name,
|
||||
services: filterServices(team),
|
||||
providers: filterProviders(team),
|
||||
},
|
||||
};
|
||||
return;
|
||||
|
@ -83,7 +71,7 @@ router.post("auth.config", async (ctx) => {
|
|||
data: {
|
||||
name: team.name,
|
||||
hostname: ctx.request.hostname,
|
||||
services: filterServices(team),
|
||||
providers: filterProviders(team),
|
||||
},
|
||||
};
|
||||
return;
|
||||
|
@ -108,7 +96,7 @@ router.post("auth.config", async (ctx) => {
|
|||
data: {
|
||||
name: team.name,
|
||||
hostname: ctx.request.hostname,
|
||||
services: filterServices(team),
|
||||
providers: filterProviders(team),
|
||||
},
|
||||
};
|
||||
return;
|
||||
|
@ -118,7 +106,7 @@ router.post("auth.config", async (ctx) => {
|
|||
// Otherwise, we're requesting from the standard root signin page
|
||||
ctx.body = {
|
||||
data: {
|
||||
services: filterServices(),
|
||||
providers: filterProviders(),
|
||||
},
|
||||
};
|
||||
});
|
||||
|
|
|
@ -41,3 +41,149 @@ describe("#auth.info", () => {
|
|||
expect(res.status).toEqual(401);
|
||||
});
|
||||
});
|
||||
|
||||
describe("#auth.config", () => {
|
||||
it("should return available SSO providers", async () => {
|
||||
const res = await server.post("/api/auth.config");
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(2);
|
||||
expect(body.data.providers[0].name).toBe("Slack");
|
||||
expect(body.data.providers[1].name).toBe("Google");
|
||||
});
|
||||
|
||||
it("should return available providers for team subdomain", async () => {
|
||||
process.env.URL = "http://localoutline.com";
|
||||
|
||||
await buildTeam({
|
||||
guestSignin: false,
|
||||
subdomain: "example",
|
||||
authenticationProviders: [
|
||||
{
|
||||
name: "slack",
|
||||
providerId: "123",
|
||||
},
|
||||
],
|
||||
});
|
||||
const res = await server.post("/api/auth.config", {
|
||||
headers: { host: `example.localoutline.com` },
|
||||
});
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(1);
|
||||
expect(body.data.providers[0].name).toBe("Slack");
|
||||
});
|
||||
|
||||
it("should return available providers for team custom domain", async () => {
|
||||
await buildTeam({
|
||||
guestSignin: false,
|
||||
domain: "docs.mycompany.com",
|
||||
authenticationProviders: [
|
||||
{
|
||||
name: "slack",
|
||||
providerId: "123",
|
||||
},
|
||||
],
|
||||
});
|
||||
const res = await server.post("/api/auth.config", {
|
||||
headers: { host: "docs.mycompany.com" },
|
||||
});
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(1);
|
||||
expect(body.data.providers[0].name).toBe("Slack");
|
||||
});
|
||||
|
||||
it("should return email provider for team when guest signin enabled", async () => {
|
||||
process.env.URL = "http://localoutline.com";
|
||||
|
||||
await buildTeam({
|
||||
guestSignin: true,
|
||||
subdomain: "example",
|
||||
authenticationProviders: [
|
||||
{
|
||||
name: "slack",
|
||||
providerId: "123",
|
||||
},
|
||||
],
|
||||
});
|
||||
const res = await server.post("/api/auth.config", {
|
||||
headers: { host: "example.localoutline.com" },
|
||||
});
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(2);
|
||||
expect(body.data.providers[0].name).toBe("Slack");
|
||||
expect(body.data.providers[1].name).toBe("Email");
|
||||
});
|
||||
|
||||
it("should not return provider when disabled", async () => {
|
||||
process.env.URL = "http://localoutline.com";
|
||||
|
||||
await buildTeam({
|
||||
guestSignin: false,
|
||||
subdomain: "example",
|
||||
authenticationProviders: [
|
||||
{
|
||||
name: "slack",
|
||||
providerId: "123",
|
||||
enabled: false,
|
||||
},
|
||||
],
|
||||
});
|
||||
const res = await server.post("/api/auth.config", {
|
||||
headers: { host: "example.localoutline.com" },
|
||||
});
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(0);
|
||||
});
|
||||
|
||||
describe("self hosted", () => {
|
||||
it("should return available providers for team", async () => {
|
||||
process.env.DEPLOYMENT = "";
|
||||
|
||||
await buildTeam({
|
||||
guestSignin: false,
|
||||
authenticationProviders: [
|
||||
{
|
||||
name: "slack",
|
||||
providerId: "123",
|
||||
},
|
||||
],
|
||||
});
|
||||
const res = await server.post("/api/auth.config");
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(1);
|
||||
expect(body.data.providers[0].name).toBe("Slack");
|
||||
});
|
||||
|
||||
it("should return email provider for team when guest signin enabled", async () => {
|
||||
process.env.DEPLOYMENT = "";
|
||||
|
||||
await buildTeam({
|
||||
guestSignin: true,
|
||||
authenticationProviders: [
|
||||
{
|
||||
name: "slack",
|
||||
providerId: "123",
|
||||
},
|
||||
],
|
||||
});
|
||||
const res = await server.post("/api/auth.config");
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.providers.length).toBe(2);
|
||||
expect(body.data.providers[0].name).toBe("Slack");
|
||||
expect(body.data.providers[1].name).toBe("Email");
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
# Authentication Providers
|
||||
|
||||
A new auth provider can be added with the addition of a single file in this
|
||||
folder, and (optionally) a matching logo in `/app/components/AuthLogo/index.js`
|
||||
that will appear on the signin button.
|
||||
|
||||
Auth providers generally use [Passport](http://www.passportjs.org/) strategies,
|
||||
although they can use any custom logic if needed. See the `google` auth provider for the cleanest example of what is required – some rules:
|
||||
|
||||
- The strategy name _must_ be lowercase
|
||||
- The stragegy _must_ call the `accountProvisioner` command in the verify callback
|
||||
- The auth file _must_ export a `config` object with `name` and `enabled` keys
|
|
@ -12,6 +12,11 @@ import { getUserForEmailSigninToken } from "../utils/jwt";
|
|||
|
||||
const router = new Router();
|
||||
|
||||
export const config = {
|
||||
name: "Email",
|
||||
enabled: true,
|
||||
};
|
||||
|
||||
router.use(methodOverride());
|
||||
router.use(validation());
|
||||
|
||||
|
|
|
@ -1,135 +1,100 @@
|
|||
// @flow
|
||||
import * as Sentry from "@sentry/node";
|
||||
import { OAuth2Client } from "google-auth-library";
|
||||
import invariant from "invariant";
|
||||
import passport from "@outlinewiki/koa-passport";
|
||||
import Router from "koa-router";
|
||||
import { capitalize } from "lodash";
|
||||
import Sequelize from "sequelize";
|
||||
import teamCreator from "../commands/teamCreator";
|
||||
import userCreator from "../commands/userCreator";
|
||||
import { Strategy as GoogleStrategy } from "passport-google-oauth2";
|
||||
import accountProvisioner from "../commands/accountProvisioner";
|
||||
import env from "../env";
|
||||
import {
|
||||
GoogleWorkspaceRequiredError,
|
||||
GoogleWorkspaceInvalidError,
|
||||
} from "../errors";
|
||||
import auth from "../middlewares/authentication";
|
||||
import { User } from "../models";
|
||||
import passportMiddleware from "../middlewares/passport";
|
||||
import { StateStore } from "../utils/passport";
|
||||
|
||||
const router = new Router();
|
||||
const client = new OAuth2Client(
|
||||
process.env.GOOGLE_CLIENT_ID,
|
||||
process.env.GOOGLE_CLIENT_SECRET,
|
||||
`${process.env.URL}/auth/google.callback`
|
||||
);
|
||||
const providerName = "google";
|
||||
const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID;
|
||||
const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET;
|
||||
const allowedDomainsEnv = process.env.GOOGLE_ALLOWED_DOMAINS;
|
||||
const allowedDomains = allowedDomainsEnv ? allowedDomainsEnv.split(",") : [];
|
||||
|
||||
// start the oauth process and redirect user to Google
|
||||
router.get("google", async (ctx) => {
|
||||
// Generate the url that will be used for the consent dialog.
|
||||
const authorizeUrl = client.generateAuthUrl({
|
||||
access_type: "offline",
|
||||
scope: [
|
||||
"https://www.googleapis.com/auth/userinfo.profile",
|
||||
"https://www.googleapis.com/auth/userinfo.email",
|
||||
],
|
||||
prompt: "select_account consent",
|
||||
});
|
||||
ctx.redirect(authorizeUrl);
|
||||
});
|
||||
const scopes = [
|
||||
"https://www.googleapis.com/auth/userinfo.profile",
|
||||
"https://www.googleapis.com/auth/userinfo.email",
|
||||
];
|
||||
|
||||
// signin callback from Google
|
||||
router.get("google.callback", auth({ required: false }), async (ctx) => {
|
||||
const { code } = ctx.request.query;
|
||||
ctx.assertPresent(code, "code is required");
|
||||
const response = await client.getToken(code);
|
||||
client.setCredentials(response.tokens);
|
||||
export const config = {
|
||||
name: "Google",
|
||||
enabled: !!GOOGLE_CLIENT_ID,
|
||||
};
|
||||
|
||||
const profile = await client.request({
|
||||
url: "https://www.googleapis.com/oauth2/v1/userinfo",
|
||||
});
|
||||
|
||||
if (!profile.data.hd) {
|
||||
ctx.redirect("/?notice=google-hd");
|
||||
return;
|
||||
}
|
||||
|
||||
// allow all domains by default if the env is not set
|
||||
const allowedDomains = allowedDomainsEnv && allowedDomainsEnv.split(",");
|
||||
if (allowedDomains && !allowedDomains.includes(profile.data.hd)) {
|
||||
ctx.redirect("/?notice=hd-not-allowed");
|
||||
return;
|
||||
}
|
||||
|
||||
const domain = profile.data.hd;
|
||||
const subdomain = profile.data.hd.split(".")[0];
|
||||
const teamName = capitalize(subdomain);
|
||||
|
||||
let result;
|
||||
try {
|
||||
result = await teamCreator({
|
||||
name: teamName,
|
||||
domain,
|
||||
subdomain,
|
||||
authenticationProvider: {
|
||||
name: "google",
|
||||
providerId: domain,
|
||||
if (GOOGLE_CLIENT_ID) {
|
||||
passport.use(
|
||||
new GoogleStrategy(
|
||||
{
|
||||
clientID: GOOGLE_CLIENT_ID,
|
||||
clientSecret: GOOGLE_CLIENT_SECRET,
|
||||
callbackURL: `${env.URL}/auth/google.callback`,
|
||||
prompt: "select_account consent",
|
||||
passReqToCallback: true,
|
||||
store: new StateStore(),
|
||||
scope: scopes,
|
||||
},
|
||||
});
|
||||
} catch (err) {
|
||||
if (err instanceof Sequelize.UniqueConstraintError) {
|
||||
ctx.redirect(`/?notice=auth-error&error=team-exists`);
|
||||
return;
|
||||
}
|
||||
}
|
||||
async function (req, accessToken, refreshToken, profile, done) {
|
||||
try {
|
||||
const domain = profile._json.hd;
|
||||
|
||||
invariant(result, "Team creator result must exist");
|
||||
const { team, isNewTeam, authenticationProvider } = result;
|
||||
if (!domain) {
|
||||
throw new GoogleWorkspaceRequiredError();
|
||||
}
|
||||
|
||||
try {
|
||||
const result = await userCreator({
|
||||
name: profile.data.name,
|
||||
email: profile.data.email,
|
||||
isAdmin: isNewTeam,
|
||||
avatarUrl: profile.data.picture,
|
||||
teamId: team.id,
|
||||
ip: ctx.request.ip,
|
||||
authentication: {
|
||||
authenticationProviderId: authenticationProvider.id,
|
||||
providerId: profile.data.id,
|
||||
accessToken: response.tokens.access_token,
|
||||
refreshToken: response.tokens.refresh_token,
|
||||
scopes: response.tokens.scope.split(" "),
|
||||
},
|
||||
});
|
||||
if (allowedDomains.length && !allowedDomains.includes(domain)) {
|
||||
throw new GoogleWorkspaceInvalidError();
|
||||
}
|
||||
|
||||
const { user, isNewUser } = result;
|
||||
const subdomain = domain.split(".")[0];
|
||||
const teamName = capitalize(subdomain);
|
||||
|
||||
if (isNewTeam) {
|
||||
await team.provisionFirstCollection(user.id);
|
||||
}
|
||||
|
||||
// set cookies on response and redirect to team subdomain
|
||||
ctx.signIn(user, team, "google", isNewUser);
|
||||
} catch (err) {
|
||||
if (err instanceof Sequelize.UniqueConstraintError) {
|
||||
const exists = await User.findOne({
|
||||
where: {
|
||||
email: profile.data.email,
|
||||
teamId: team.id,
|
||||
},
|
||||
});
|
||||
|
||||
if (exists) {
|
||||
ctx.redirect(`${team.url}?notice=email-auth-required`);
|
||||
} else {
|
||||
if (process.env.SENTRY_DSN) {
|
||||
Sentry.captureException(err);
|
||||
} else {
|
||||
console.error(err);
|
||||
const result = await accountProvisioner({
|
||||
ip: req.ip,
|
||||
team: {
|
||||
name: teamName,
|
||||
domain,
|
||||
subdomain,
|
||||
},
|
||||
user: {
|
||||
name: profile.displayName,
|
||||
email: profile.email,
|
||||
avatarUrl: profile.picture,
|
||||
},
|
||||
authenticationProvider: {
|
||||
name: providerName,
|
||||
providerId: domain,
|
||||
},
|
||||
authentication: {
|
||||
providerId: profile.id,
|
||||
accessToken,
|
||||
refreshToken,
|
||||
scopes,
|
||||
},
|
||||
});
|
||||
return done(null, result.user, result);
|
||||
} catch (err) {
|
||||
return done(err, null);
|
||||
}
|
||||
ctx.redirect(`${team.url}?notice=auth-error`);
|
||||
}
|
||||
)
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
router.get("google", passport.authenticate(providerName));
|
||||
|
||||
throw err;
|
||||
}
|
||||
});
|
||||
router.get(
|
||||
"google.callback",
|
||||
auth({ required: false }),
|
||||
passportMiddleware(providerName)
|
||||
);
|
||||
}
|
||||
|
||||
export default router;
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
// @flow
|
||||
import passport from "@outlinewiki/koa-passport";
|
||||
import addMonths from "date-fns/add_months";
|
||||
import debug from "debug";
|
||||
import Koa from "koa";
|
||||
import bodyParser from "koa-body";
|
||||
import Router from "koa-router";
|
||||
|
@ -7,17 +9,25 @@ import { AuthenticationError } from "../errors";
|
|||
import auth from "../middlewares/authentication";
|
||||
import validation from "../middlewares/validation";
|
||||
import { Team } from "../models";
|
||||
import { requireDirectory } from "../utils/fs";
|
||||
|
||||
import email from "./email";
|
||||
import google from "./google";
|
||||
import slack from "./slack";
|
||||
|
||||
const log = debug("server");
|
||||
const app = new Koa();
|
||||
const router = new Router();
|
||||
|
||||
router.use("/", slack.routes());
|
||||
router.use("/", google.routes());
|
||||
router.use("/", email.routes());
|
||||
router.use(passport.initialize());
|
||||
|
||||
// dynamically load available authentication providers
|
||||
requireDirectory(__dirname).forEach(([{ default: provider, config }]) => {
|
||||
if (provider && provider.routes) {
|
||||
if (!config) {
|
||||
throw new Error("Auth providers must export a 'config' object");
|
||||
}
|
||||
|
||||
router.use("/", provider.routes());
|
||||
log(`loaded ${config.name} auth provider`);
|
||||
}
|
||||
});
|
||||
|
||||
router.get("/redirect", auth(), async (ctx) => {
|
||||
const user = ctx.state.user;
|
||||
|
|
|
@ -1,138 +1,164 @@
|
|||
// @flow
|
||||
import * as Sentry from "@sentry/node";
|
||||
import addHours from "date-fns/add_hours";
|
||||
import invariant from "invariant";
|
||||
import passport from "@outlinewiki/koa-passport";
|
||||
import Router from "koa-router";
|
||||
import Sequelize from "sequelize";
|
||||
import { slackAuth } from "../../shared/utils/routeHelpers";
|
||||
import teamCreator from "../commands/teamCreator";
|
||||
import userCreator from "../commands/userCreator";
|
||||
import { Strategy as SlackStrategy } from "passport-slack-oauth2";
|
||||
import accountProvisioner from "../commands/accountProvisioner";
|
||||
import env from "../env";
|
||||
import auth from "../middlewares/authentication";
|
||||
import { Authentication, Collection, Integration, User, Team } from "../models";
|
||||
import passportMiddleware from "../middlewares/passport";
|
||||
import { Authentication, Collection, Integration, Team } from "../models";
|
||||
import * as Slack from "../slack";
|
||||
import { getCookieDomain } from "../utils/domains";
|
||||
import { StateStore } from "../utils/passport";
|
||||
|
||||
const router = new Router();
|
||||
const providerName = "slack";
|
||||
const SLACK_CLIENT_ID = process.env.SLACK_KEY;
|
||||
const SLACK_CLIENT_SECRET = process.env.SLACK_SECRET;
|
||||
|
||||
// start the oauth process and redirect user to Slack
|
||||
router.get("slack", async (ctx) => {
|
||||
const state = Math.random().toString(36).substring(7);
|
||||
const scopes = [
|
||||
"identity.email",
|
||||
"identity.basic",
|
||||
"identity.avatar",
|
||||
"identity.team",
|
||||
];
|
||||
|
||||
ctx.cookies.set("state", state, {
|
||||
httpOnly: false,
|
||||
expires: addHours(new Date(), 1),
|
||||
domain: getCookieDomain(ctx.request.hostname),
|
||||
});
|
||||
ctx.redirect(slackAuth(state));
|
||||
});
|
||||
export const config = {
|
||||
name: "Slack",
|
||||
enabled: !!SLACK_CLIENT_ID,
|
||||
};
|
||||
|
||||
// signin callback from Slack
|
||||
router.get("slack.callback", auth({ required: false }), async (ctx) => {
|
||||
const { code, error, state } = ctx.request.query;
|
||||
ctx.assertPresent(code || error, "code is required");
|
||||
ctx.assertPresent(state, "state is required");
|
||||
|
||||
if (state !== ctx.cookies.get("state")) {
|
||||
ctx.redirect("/?notice=auth-error&error=state_mismatch");
|
||||
return;
|
||||
}
|
||||
if (error) {
|
||||
ctx.redirect(`/?notice=auth-error&error=${error}`);
|
||||
return;
|
||||
}
|
||||
|
||||
const data = await Slack.oauthAccess(code);
|
||||
|
||||
let result;
|
||||
try {
|
||||
result = await teamCreator({
|
||||
name: data.team.name,
|
||||
subdomain: data.team.domain,
|
||||
avatarUrl: data.team.image_230,
|
||||
authenticationProvider: {
|
||||
name: "slack",
|
||||
providerId: data.team.id,
|
||||
},
|
||||
});
|
||||
} catch (err) {
|
||||
if (err instanceof Sequelize.UniqueConstraintError) {
|
||||
ctx.redirect(`/?notice=auth-error&error=team-exists`);
|
||||
return;
|
||||
}
|
||||
throw err;
|
||||
}
|
||||
|
||||
invariant(result, "Team creator result must exist");
|
||||
const { authenticationProvider, team, isNewTeam } = result;
|
||||
|
||||
try {
|
||||
const result = await userCreator({
|
||||
name: data.user.name,
|
||||
email: data.user.email,
|
||||
isAdmin: isNewTeam,
|
||||
avatarUrl: data.user.image_192,
|
||||
teamId: team.id,
|
||||
ip: ctx.request.ip,
|
||||
authentication: {
|
||||
authenticationProviderId: authenticationProvider.id,
|
||||
providerId: data.user.id,
|
||||
accessToken: data.access_token,
|
||||
scopes: data.scope.split(","),
|
||||
},
|
||||
});
|
||||
|
||||
const { user, isNewUser } = result;
|
||||
|
||||
if (isNewTeam) {
|
||||
await team.provisionFirstCollection(user.id);
|
||||
}
|
||||
|
||||
// set cookies on response and redirect to team subdomain
|
||||
ctx.signIn(user, team, "slack", isNewUser);
|
||||
} catch (err) {
|
||||
if (err instanceof Sequelize.UniqueConstraintError) {
|
||||
const exists = await User.findOne({
|
||||
where: {
|
||||
email: data.user.email,
|
||||
teamId: team.id,
|
||||
},
|
||||
});
|
||||
|
||||
if (exists) {
|
||||
ctx.redirect(`${team.url}?notice=email-auth-required`);
|
||||
} else {
|
||||
if (process.env.SENTRY_DSN) {
|
||||
Sentry.captureException(err);
|
||||
} else {
|
||||
console.error(err);
|
||||
}
|
||||
ctx.redirect(`${team.url}?notice=auth-error`);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
throw err;
|
||||
}
|
||||
});
|
||||
|
||||
router.get("slack.commands", auth({ required: false }), async (ctx) => {
|
||||
const { code, state, error } = ctx.request.query;
|
||||
const user = ctx.state.user;
|
||||
ctx.assertPresent(code || error, "code is required");
|
||||
|
||||
if (error) {
|
||||
ctx.redirect(`/settings/integrations/slack?error=${error}`);
|
||||
return;
|
||||
}
|
||||
|
||||
// this code block accounts for the root domain being unable to
|
||||
// access authentication for subdomains. We must forward to the appropriate
|
||||
// subdomain to complete the oauth flow
|
||||
if (!user) {
|
||||
if (state) {
|
||||
if (SLACK_CLIENT_ID) {
|
||||
const strategy = new SlackStrategy(
|
||||
{
|
||||
clientID: SLACK_CLIENT_ID,
|
||||
clientSecret: SLACK_CLIENT_SECRET,
|
||||
callbackURL: `${env.URL}/auth/slack.callback`,
|
||||
passReqToCallback: true,
|
||||
store: new StateStore(),
|
||||
scope: scopes,
|
||||
},
|
||||
async function (req, accessToken, refreshToken, profile, done) {
|
||||
try {
|
||||
const team = await Team.findByPk(state);
|
||||
const result = await accountProvisioner({
|
||||
ip: req.ip,
|
||||
team: {
|
||||
name: profile.team.name,
|
||||
subdomain: profile.team.domain,
|
||||
avatarUrl: profile.team.image_230,
|
||||
},
|
||||
user: {
|
||||
name: profile.user.name,
|
||||
email: profile.user.email,
|
||||
avatarUrl: profile.user.image_192,
|
||||
},
|
||||
authenticationProvider: {
|
||||
name: providerName,
|
||||
providerId: profile.team.id,
|
||||
},
|
||||
authentication: {
|
||||
providerId: profile.user.id,
|
||||
accessToken,
|
||||
refreshToken,
|
||||
scopes,
|
||||
},
|
||||
});
|
||||
return done(null, result.user, result);
|
||||
} catch (err) {
|
||||
return done(err, null);
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
// For some reason the author made the strategy name capatilised, I don't know
|
||||
// why but we need everything lowercase so we just monkey-patch it here.
|
||||
strategy.name = providerName;
|
||||
passport.use(strategy);
|
||||
|
||||
router.get("slack", passport.authenticate(providerName));
|
||||
|
||||
router.get(
|
||||
"slack.callback",
|
||||
auth({ required: false }),
|
||||
passportMiddleware(providerName)
|
||||
);
|
||||
|
||||
router.get("slack.commands", auth({ required: false }), async (ctx) => {
|
||||
const { code, state, error } = ctx.request.query;
|
||||
const user = ctx.state.user;
|
||||
ctx.assertPresent(code || error, "code is required");
|
||||
|
||||
if (error) {
|
||||
ctx.redirect(`/settings/integrations/slack?error=${error}`);
|
||||
return;
|
||||
}
|
||||
|
||||
// this code block accounts for the root domain being unable to
|
||||
// access authentication for subdomains. We must forward to the appropriate
|
||||
// subdomain to complete the oauth flow
|
||||
if (!user) {
|
||||
if (state) {
|
||||
try {
|
||||
const team = await Team.findByPk(state);
|
||||
return ctx.redirect(
|
||||
`${team.url}/auth${ctx.request.path}?${ctx.request.querystring}`
|
||||
);
|
||||
} catch (err) {
|
||||
return ctx.redirect(
|
||||
`/settings/integrations/slack?error=unauthenticated`
|
||||
);
|
||||
}
|
||||
} else {
|
||||
return ctx.redirect(
|
||||
`/settings/integrations/slack?error=unauthenticated`
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
const endpoint = `${process.env.URL || ""}/auth/slack.commands`;
|
||||
const data = await Slack.oauthAccess(code, endpoint);
|
||||
|
||||
const authentication = await Authentication.create({
|
||||
service: "slack",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
token: data.access_token,
|
||||
scopes: data.scope.split(","),
|
||||
});
|
||||
|
||||
await Integration.create({
|
||||
service: "slack",
|
||||
type: "command",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
authenticationId: authentication.id,
|
||||
settings: {
|
||||
serviceTeamId: data.team_id,
|
||||
},
|
||||
});
|
||||
|
||||
ctx.redirect("/settings/integrations/slack");
|
||||
});
|
||||
|
||||
router.get("slack.post", auth({ required: false }), async (ctx) => {
|
||||
const { code, error, state } = ctx.request.query;
|
||||
const user = ctx.state.user;
|
||||
ctx.assertPresent(code || error, "code is required");
|
||||
|
||||
const collectionId = state;
|
||||
ctx.assertUuid(collectionId, "collectionId must be an uuid");
|
||||
|
||||
if (error) {
|
||||
ctx.redirect(`/settings/integrations/slack?error=${error}`);
|
||||
return;
|
||||
}
|
||||
|
||||
// this code block accounts for the root domain being unable to
|
||||
// access authentcation for subdomains. We must forward to the
|
||||
// appropriate subdomain to complete the oauth flow
|
||||
if (!user) {
|
||||
try {
|
||||
const collection = await Collection.findByPk(state);
|
||||
const team = await Team.findByPk(collection.teamId);
|
||||
return ctx.redirect(
|
||||
`${team.url}/auth${ctx.request.path}?${ctx.request.querystring}`
|
||||
);
|
||||
|
@ -141,91 +167,36 @@ router.get("slack.commands", auth({ required: false }), async (ctx) => {
|
|||
`/settings/integrations/slack?error=unauthenticated`
|
||||
);
|
||||
}
|
||||
} else {
|
||||
return ctx.redirect(`/settings/integrations/slack?error=unauthenticated`);
|
||||
}
|
||||
}
|
||||
|
||||
const endpoint = `${process.env.URL || ""}/auth/slack.commands`;
|
||||
const data = await Slack.oauthAccess(code, endpoint);
|
||||
const endpoint = `${process.env.URL || ""}/auth/slack.post`;
|
||||
const data = await Slack.oauthAccess(code, endpoint);
|
||||
|
||||
const authentication = await Authentication.create({
|
||||
service: "slack",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
token: data.access_token,
|
||||
scopes: data.scope.split(","),
|
||||
const authentication = await Authentication.create({
|
||||
service: "slack",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
token: data.access_token,
|
||||
scopes: data.scope.split(","),
|
||||
});
|
||||
|
||||
await Integration.create({
|
||||
service: "slack",
|
||||
type: "post",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
authenticationId: authentication.id,
|
||||
collectionId,
|
||||
events: [],
|
||||
settings: {
|
||||
url: data.incoming_webhook.url,
|
||||
channel: data.incoming_webhook.channel,
|
||||
channelId: data.incoming_webhook.channel_id,
|
||||
},
|
||||
});
|
||||
|
||||
ctx.redirect("/settings/integrations/slack");
|
||||
});
|
||||
|
||||
await Integration.create({
|
||||
service: "slack",
|
||||
type: "command",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
authenticationId: authentication.id,
|
||||
settings: {
|
||||
serviceTeamId: data.team_id,
|
||||
},
|
||||
});
|
||||
|
||||
ctx.redirect("/settings/integrations/slack");
|
||||
});
|
||||
|
||||
router.get("slack.post", auth({ required: false }), async (ctx) => {
|
||||
const { code, error, state } = ctx.request.query;
|
||||
const user = ctx.state.user;
|
||||
ctx.assertPresent(code || error, "code is required");
|
||||
|
||||
const collectionId = state;
|
||||
ctx.assertUuid(collectionId, "collectionId must be an uuid");
|
||||
|
||||
if (error) {
|
||||
ctx.redirect(`/settings/integrations/slack?error=${error}`);
|
||||
return;
|
||||
}
|
||||
|
||||
// this code block accounts for the root domain being unable to
|
||||
// access authentcation for subdomains. We must forward to the
|
||||
// appropriate subdomain to complete the oauth flow
|
||||
if (!user) {
|
||||
try {
|
||||
const collection = await Collection.findByPk(state);
|
||||
const team = await Team.findByPk(collection.teamId);
|
||||
return ctx.redirect(
|
||||
`${team.url}/auth${ctx.request.path}?${ctx.request.querystring}`
|
||||
);
|
||||
} catch (err) {
|
||||
return ctx.redirect(`/settings/integrations/slack?error=unauthenticated`);
|
||||
}
|
||||
}
|
||||
|
||||
const endpoint = `${process.env.URL || ""}/auth/slack.post`;
|
||||
const data = await Slack.oauthAccess(code, endpoint);
|
||||
|
||||
const authentication = await Authentication.create({
|
||||
service: "slack",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
token: data.access_token,
|
||||
scopes: data.scope.split(","),
|
||||
});
|
||||
|
||||
await Integration.create({
|
||||
service: "slack",
|
||||
type: "post",
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
authenticationId: authentication.id,
|
||||
collectionId,
|
||||
events: [],
|
||||
settings: {
|
||||
url: data.incoming_webhook.url,
|
||||
channel: data.incoming_webhook.channel,
|
||||
channelId: data.incoming_webhook.channel_id,
|
||||
},
|
||||
});
|
||||
|
||||
ctx.redirect("/settings/integrations/slack");
|
||||
});
|
||||
}
|
||||
|
||||
export default router;
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
// @flow
|
||||
import invariant from "invariant";
|
||||
import Sequelize from "sequelize";
|
||||
import {
|
||||
AuthenticationError,
|
||||
EmailAuthenticationRequiredError,
|
||||
AuthenticationProviderDisabledError,
|
||||
} from "../errors";
|
||||
import { Team, User } from "../models";
|
||||
import teamCreator from "./teamCreator";
|
||||
import userCreator from "./userCreator";
|
||||
|
||||
type Props = {|
|
||||
ip: string,
|
||||
user: {|
|
||||
name: string,
|
||||
email: string,
|
||||
avatarUrl?: string,
|
||||
|},
|
||||
team: {|
|
||||
name: string,
|
||||
domain?: string,
|
||||
subdomain: string,
|
||||
avatarUrl?: string,
|
||||
|},
|
||||
authenticationProvider: {|
|
||||
name: string,
|
||||
providerId: string,
|
||||
|},
|
||||
authentication: {|
|
||||
providerId: string,
|
||||
scopes: string[],
|
||||
accessToken?: string,
|
||||
refreshToken?: string,
|
||||
|},
|
||||
|};
|
||||
|
||||
export type AccountProvisionerResult = {|
|
||||
user: User,
|
||||
team: Team,
|
||||
isNewTeam: boolean,
|
||||
isNewUser: boolean,
|
||||
|};
|
||||
|
||||
export default async function accountProvisioner({
|
||||
ip,
|
||||
user: userParams,
|
||||
team: teamParams,
|
||||
authenticationProvider: authenticationProviderParams,
|
||||
authentication: authenticationParams,
|
||||
}: Props): Promise<AccountProvisionerResult> {
|
||||
let result;
|
||||
try {
|
||||
result = await teamCreator({
|
||||
name: teamParams.name,
|
||||
domain: teamParams.domain,
|
||||
subdomain: teamParams.subdomain,
|
||||
avatarUrl: teamParams.avatarUrl,
|
||||
authenticationProvider: authenticationProviderParams,
|
||||
});
|
||||
} catch (err) {
|
||||
throw new AuthenticationError(err.message);
|
||||
}
|
||||
|
||||
invariant(result, "Team creator result must exist");
|
||||
const { authenticationProvider, team, isNewTeam } = result;
|
||||
|
||||
if (!authenticationProvider.enabled) {
|
||||
throw new AuthenticationProviderDisabledError();
|
||||
}
|
||||
|
||||
try {
|
||||
const result = await userCreator({
|
||||
name: userParams.name,
|
||||
email: userParams.email,
|
||||
isAdmin: isNewTeam,
|
||||
avatarUrl: userParams.avatarUrl,
|
||||
teamId: team.id,
|
||||
ip,
|
||||
authentication: {
|
||||
...authenticationParams,
|
||||
authenticationProviderId: authenticationProvider.id,
|
||||
},
|
||||
});
|
||||
|
||||
const { isNewUser, user } = result;
|
||||
|
||||
if (isNewTeam) {
|
||||
await team.provisionFirstCollection(user.id);
|
||||
}
|
||||
|
||||
return {
|
||||
user,
|
||||
team,
|
||||
isNewUser,
|
||||
isNewTeam,
|
||||
};
|
||||
} catch (err) {
|
||||
if (err instanceof Sequelize.UniqueConstraintError) {
|
||||
const exists = await User.findOne({
|
||||
where: {
|
||||
email: userParams.email,
|
||||
teamId: team.id,
|
||||
},
|
||||
});
|
||||
|
||||
if (exists) {
|
||||
throw new EmailAuthenticationRequiredError(
|
||||
"Email authentication required",
|
||||
team.url
|
||||
);
|
||||
} else {
|
||||
throw new AuthenticationError(err.message, team.url);
|
||||
}
|
||||
}
|
||||
|
||||
throw err;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,182 @@
|
|||
// @flow
|
||||
import { Collection, UserAuthentication } from "../models";
|
||||
import { buildUser, buildTeam } from "../test/factories";
|
||||
import { flushdb } from "../test/support";
|
||||
import accountProvisioner from "./accountProvisioner";
|
||||
|
||||
jest.mock("aws-sdk", () => {
|
||||
const mS3 = { putObject: jest.fn().mockReturnThis(), promise: jest.fn() };
|
||||
return {
|
||||
S3: jest.fn(() => mS3),
|
||||
Endpoint: jest.fn(),
|
||||
};
|
||||
});
|
||||
|
||||
beforeEach(() => flushdb());
|
||||
|
||||
describe("accountProvisioner", () => {
|
||||
const ip = "127.0.0.1";
|
||||
|
||||
it("should create a new user and team", async () => {
|
||||
const { user, team, isNewTeam, isNewUser } = await accountProvisioner({
|
||||
ip,
|
||||
user: {
|
||||
name: "Jenny Tester",
|
||||
email: "jenny@example.com",
|
||||
avatarUrl: "https://example.com/avatar.png",
|
||||
},
|
||||
team: {
|
||||
name: "New team",
|
||||
avatarUrl: "https://example.com/avatar.png",
|
||||
subdomain: "example",
|
||||
},
|
||||
authenticationProvider: {
|
||||
name: "google",
|
||||
providerId: "example.com",
|
||||
},
|
||||
authentication: {
|
||||
providerId: "123456789",
|
||||
accessToken: "123",
|
||||
scopes: ["read"],
|
||||
},
|
||||
});
|
||||
|
||||
const authentications = await user.getAuthentications();
|
||||
const auth = authentications[0];
|
||||
|
||||
expect(auth.accessToken).toEqual("123");
|
||||
expect(auth.scopes.length).toEqual(1);
|
||||
expect(auth.scopes[0]).toEqual("read");
|
||||
expect(team.name).toEqual("New team");
|
||||
expect(user.email).toEqual("jenny@example.com");
|
||||
expect(isNewUser).toEqual(true);
|
||||
expect(isNewTeam).toEqual(true);
|
||||
|
||||
const collectionCount = await Collection.count();
|
||||
expect(collectionCount).toEqual(1);
|
||||
});
|
||||
|
||||
it("should update exising user and authentication", async () => {
|
||||
const existingTeam = await buildTeam();
|
||||
const providers = await existingTeam.getAuthenticationProviders();
|
||||
const authenticationProvider = providers[0];
|
||||
const existing = await buildUser({ teamId: existingTeam.id });
|
||||
const authentications = await existing.getAuthentications();
|
||||
const authentication = authentications[0];
|
||||
const newEmail = "test@example.com";
|
||||
|
||||
const { user } = await accountProvisioner({
|
||||
ip,
|
||||
user: {
|
||||
name: existing.name,
|
||||
email: newEmail,
|
||||
avatarUrl: existing.avatarUrl,
|
||||
},
|
||||
team: {
|
||||
name: existingTeam.name,
|
||||
avatarUrl: existingTeam.avatarUrl,
|
||||
subdomain: "example",
|
||||
},
|
||||
authenticationProvider: {
|
||||
name: authenticationProvider.name,
|
||||
providerId: authenticationProvider.providerId,
|
||||
},
|
||||
authentication: {
|
||||
providerId: authentication.providerId,
|
||||
accessToken: "123",
|
||||
scopes: ["read"],
|
||||
},
|
||||
});
|
||||
|
||||
const auth = await UserAuthentication.findByPk(authentication.id);
|
||||
expect(auth.accessToken).toEqual("123");
|
||||
expect(auth.scopes.length).toEqual(1);
|
||||
expect(auth.scopes[0]).toEqual("read");
|
||||
expect(user.email).toEqual(newEmail);
|
||||
|
||||
const collectionCount = await Collection.count();
|
||||
expect(collectionCount).toEqual(0);
|
||||
});
|
||||
|
||||
it("should throw an error when authentication provider is disabled", async () => {
|
||||
const existingTeam = await buildTeam();
|
||||
const providers = await existingTeam.getAuthenticationProviders();
|
||||
const authenticationProvider = providers[0];
|
||||
await authenticationProvider.update({ enabled: false });
|
||||
|
||||
const existing = await buildUser({ teamId: existingTeam.id });
|
||||
const authentications = await existing.getAuthentications();
|
||||
const authentication = authentications[0];
|
||||
let error;
|
||||
|
||||
try {
|
||||
await accountProvisioner({
|
||||
ip,
|
||||
user: {
|
||||
name: existing.name,
|
||||
email: existing.email,
|
||||
avatarUrl: existing.avatarUrl,
|
||||
},
|
||||
team: {
|
||||
name: existingTeam.name,
|
||||
avatarUrl: existingTeam.avatarUrl,
|
||||
subdomain: "example",
|
||||
},
|
||||
authenticationProvider: {
|
||||
name: authenticationProvider.name,
|
||||
providerId: authenticationProvider.providerId,
|
||||
},
|
||||
authentication: {
|
||||
providerId: authentication.providerId,
|
||||
accessToken: "123",
|
||||
scopes: ["read"],
|
||||
},
|
||||
});
|
||||
} catch (err) {
|
||||
error = err;
|
||||
}
|
||||
|
||||
expect(error).toBeTruthy();
|
||||
});
|
||||
|
||||
it("should create a new user in an existing team", async () => {
|
||||
const team = await buildTeam();
|
||||
const authenticationProviders = await team.getAuthenticationProviders();
|
||||
const authenticationProvider = authenticationProviders[0];
|
||||
|
||||
const { user, isNewUser } = await accountProvisioner({
|
||||
ip,
|
||||
user: {
|
||||
name: "Jenny Tester",
|
||||
email: "jenny@example.com",
|
||||
avatarUrl: "https://example.com/avatar.png",
|
||||
},
|
||||
team: {
|
||||
name: team.name,
|
||||
avatarUrl: team.avatarUrl,
|
||||
subdomain: "example",
|
||||
},
|
||||
authenticationProvider: {
|
||||
name: authenticationProvider.name,
|
||||
providerId: authenticationProvider.providerId,
|
||||
},
|
||||
authentication: {
|
||||
providerId: "123456789",
|
||||
accessToken: "123",
|
||||
scopes: ["read"],
|
||||
},
|
||||
});
|
||||
|
||||
const authentications = await user.getAuthentications();
|
||||
const auth = authentications[0];
|
||||
|
||||
expect(auth.accessToken).toEqual("123");
|
||||
expect(auth.scopes.length).toEqual(1);
|
||||
expect(auth.scopes[0]).toEqual("read");
|
||||
expect(user.email).toEqual("jenny@example.com");
|
||||
expect(isNewUser).toEqual(true);
|
||||
|
||||
const collectionCount = await Collection.count();
|
||||
expect(collectionCount).toEqual(0);
|
||||
});
|
||||
});
|
|
@ -1,10 +1,15 @@
|
|||
// @flow
|
||||
import httpErrors from "http-errors";
|
||||
import env from "./env";
|
||||
|
||||
export function AuthenticationError(
|
||||
message: string = "Invalid authentication"
|
||||
message: string = "Invalid authentication",
|
||||
redirectUrl: string = env.URL
|
||||
) {
|
||||
return httpErrors(401, message, { id: "authentication_required" });
|
||||
return httpErrors(401, message, {
|
||||
redirectUrl,
|
||||
id: "authentication_required",
|
||||
});
|
||||
}
|
||||
|
||||
export function AuthorizationError(
|
||||
|
@ -57,3 +62,38 @@ export function FileImportError(
|
|||
) {
|
||||
return httpErrors(400, message, { id: "import_error" });
|
||||
}
|
||||
|
||||
export function OAuthStateMismatchError(
|
||||
message: string = "State returned in OAuth flow did not match"
|
||||
) {
|
||||
return httpErrors(400, message, { id: "state_mismatch" });
|
||||
}
|
||||
|
||||
export function EmailAuthenticationRequiredError(
|
||||
message: string = "User must authenticate with email",
|
||||
redirectUrl: string = env.URL
|
||||
) {
|
||||
return httpErrors(400, message, { redirectUrl, id: "email_auth_required" });
|
||||
}
|
||||
|
||||
export function GoogleWorkspaceRequiredError(
|
||||
message: string = "Google Workspace is required to authenticate"
|
||||
) {
|
||||
return httpErrors(400, message, { id: "google_hd" });
|
||||
}
|
||||
|
||||
export function GoogleWorkspaceInvalidError(
|
||||
message: string = "Google Workspace is invalid"
|
||||
) {
|
||||
return httpErrors(400, message, { id: "hd_not_allowed" });
|
||||
}
|
||||
|
||||
export function AuthenticationProviderDisabledError(
|
||||
message: string = "Authentication method has been disabled by an admin",
|
||||
redirectUrl: string = env.URL
|
||||
) {
|
||||
return httpErrors(400, message, {
|
||||
redirectUrl,
|
||||
id: "authentication_provider_disabled",
|
||||
});
|
||||
}
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
// @flow
|
||||
import passport from "@outlinewiki/koa-passport";
|
||||
import type { AccountProvisionerResult } from "../commands/accountProvisioner";
|
||||
import type { ContextWithAuthMiddleware } from "../types";
|
||||
|
||||
export default function createMiddleware(providerName: string) {
|
||||
return function passportMiddleware(ctx: ContextWithAuthMiddleware) {
|
||||
return passport.authorize(
|
||||
providerName,
|
||||
{ session: false },
|
||||
(err, _, result: AccountProvisionerResult) => {
|
||||
if (err) {
|
||||
if (err.id) {
|
||||
console.error(err);
|
||||
const notice = err.id.replace(/_/g, "-");
|
||||
return ctx.redirect(`${err.redirectUrl || "/"}?notice=${notice}`);
|
||||
}
|
||||
|
||||
if (process.env.NODE_ENV === "development") {
|
||||
throw err;
|
||||
}
|
||||
return ctx.redirect(`/?notice=auth-error`);
|
||||
}
|
||||
|
||||
if (result.user.isSuspended) {
|
||||
return ctx.redirect("/?notice=suspended");
|
||||
}
|
||||
|
||||
ctx.signIn(result.user, result.team, providerName, result.isNewUser);
|
||||
}
|
||||
)(ctx);
|
||||
};
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
'use strict';
|
||||
|
||||
module.exports = {
|
||||
up: async (queryInterface, Sequelize) => {
|
||||
await queryInterface.removeColumn("users", "slackData");
|
||||
await queryInterface.removeColumn("teams", "slackData");
|
||||
},
|
||||
|
||||
down: async (queryInterface, Sequelize) => {
|
||||
await queryInterface.addColumn("teams", "slackData", {
|
||||
type: 'JSONB',
|
||||
allowNull: true,
|
||||
});
|
||||
await queryInterface.addColumn("users", "slackData", {
|
||||
type: 'JSONB',
|
||||
allowNull: true,
|
||||
});
|
||||
}
|
||||
};
|
|
@ -10,6 +10,7 @@ import {
|
|||
} from "../../shared/utils/domains";
|
||||
import { ValidationError } from "../errors";
|
||||
import { DataTypes, sequelize, Op } from "../sequelize";
|
||||
import { generateAvatarUrl } from "../utils/avatars";
|
||||
import { publicS3Endpoint, uploadToS3FromUrl } from "../utils/s3";
|
||||
|
||||
import Collection from "./Collection";
|
||||
|
@ -66,7 +67,6 @@ const Team = sequelize.define(
|
|||
allowNull: false,
|
||||
defaultValue: true,
|
||||
},
|
||||
slackData: DataTypes.JSONB,
|
||||
},
|
||||
{
|
||||
paranoid: true,
|
||||
|
@ -85,7 +85,11 @@ const Team = sequelize.define(
|
|||
},
|
||||
logoUrl() {
|
||||
return (
|
||||
this.avatarUrl || (this.slackData ? this.slackData.image_88 : null)
|
||||
this.avatarUrl ||
|
||||
generateAvatarUrl({
|
||||
id: this.id,
|
||||
name: this.name,
|
||||
})
|
||||
);
|
||||
},
|
||||
},
|
||||
|
@ -164,17 +168,10 @@ Team.prototype.provisionFirstCollection = async function (userId) {
|
|||
"Our Editor",
|
||||
"What is Outline",
|
||||
];
|
||||
|
||||
for (const title of onboardingDocs) {
|
||||
const text = await readFile(
|
||||
path.join(
|
||||
__dirname,
|
||||
"..",
|
||||
"..",
|
||||
"..",
|
||||
"server",
|
||||
"onboarding",
|
||||
`${title}.md`
|
||||
),
|
||||
path.join(process.cwd(), "server", "onboarding", `${title}.md`),
|
||||
"utf8"
|
||||
);
|
||||
const document = await Document.create({
|
||||
|
|
|
@ -8,11 +8,10 @@ import { languages } from "../../shared/i18n";
|
|||
import { ValidationError } from "../errors";
|
||||
import { sendEmail } from "../mailer";
|
||||
import { DataTypes, sequelize, encryptedFields } from "../sequelize";
|
||||
import { DEFAULT_AVATAR_HOST } from "../utils/avatars";
|
||||
import { publicS3Endpoint, uploadToS3FromUrl } from "../utils/s3";
|
||||
import { Star, Team, Collection, NotificationSetting, ApiKey } from ".";
|
||||
|
||||
const DEFAULT_AVATAR_HOST = "https://tiley.herokuapp.com";
|
||||
|
||||
const User = sequelize.define(
|
||||
"user",
|
||||
{
|
||||
|
@ -28,7 +27,6 @@ const User = sequelize.define(
|
|||
isAdmin: DataTypes.BOOLEAN,
|
||||
service: { type: DataTypes.STRING, allowNull: true },
|
||||
serviceId: { type: DataTypes.STRING, allowNull: true, unique: true },
|
||||
slackData: DataTypes.JSONB,
|
||||
jwtSecret: encryptedFields().vault("jwtSecret"),
|
||||
lastActiveAt: DataTypes.DATE,
|
||||
lastActiveIp: { type: DataTypes.STRING, allowNull: true },
|
||||
|
@ -210,7 +208,6 @@ const removeIdentifyingInfo = async (model, options) => {
|
|||
model.avatarUrl = "";
|
||||
model.serviceId = null;
|
||||
model.username = null;
|
||||
model.slackData = null;
|
||||
model.lastActiveIp = null;
|
||||
model.lastSignedInIp = null;
|
||||
|
||||
|
|
|
@ -6,9 +6,6 @@ it("presents a user", async () => {
|
|||
id: "123",
|
||||
name: "Test User",
|
||||
username: "testuser",
|
||||
slackData: {
|
||||
image_192: "http://example.com/avatar.png",
|
||||
},
|
||||
});
|
||||
|
||||
expect(user).toMatchSnapshot();
|
||||
|
@ -19,7 +16,6 @@ it("presents a user without slack data", async () => {
|
|||
id: "123",
|
||||
name: "Test User",
|
||||
username: "testuser",
|
||||
slackData: null,
|
||||
});
|
||||
|
||||
expect(user).toMatchSnapshot();
|
||||
|
|
|
@ -1,27 +1,18 @@
|
|||
// @flow
|
||||
import path from "path";
|
||||
import debug from "debug";
|
||||
import fs from "fs-extra";
|
||||
import { requireDirectory } from "../utils/fs";
|
||||
|
||||
const log = debug("services");
|
||||
const services = {};
|
||||
|
||||
if (!process.env.SINGLE_RUN) {
|
||||
fs.readdirSync(__dirname)
|
||||
.filter(
|
||||
(file) =>
|
||||
file.indexOf(".") !== 0 &&
|
||||
file !== path.basename(__filename) &&
|
||||
!file.includes(".test")
|
||||
)
|
||||
.forEach((fileName) => {
|
||||
const servicePath = path.join(__dirname, fileName);
|
||||
const name = path.basename(servicePath.replace(/\.js$/, ""));
|
||||
// $FlowIssue
|
||||
const Service = require(servicePath).default;
|
||||
requireDirectory(__dirname).forEach(([module, name]) => {
|
||||
if (module && module.default) {
|
||||
const Service = module.default;
|
||||
services[name] = new Service();
|
||||
log(`loaded ${name} service`);
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
export default services;
|
||||
|
|
|
@ -4,6 +4,8 @@ require("dotenv").config({ silent: true });
|
|||
// test environment variables
|
||||
process.env.DATABASE_URL = process.env.DATABASE_URL_TEST;
|
||||
process.env.NODE_ENV = "test";
|
||||
process.env.GOOGLE_CLIENT_ID = "123";
|
||||
process.env.SLACK_KEY = "123";
|
||||
|
||||
// This is needed for the relative manual mock to be picked up
|
||||
jest.mock("../events");
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// @flow
|
||||
import { type Context } from "koa";
|
||||
import { User } from "./models";
|
||||
import { User, Team } from "./models";
|
||||
|
||||
export type ContextWithState = {|
|
||||
...$Exact<Context>,
|
||||
|
@ -10,3 +10,13 @@ export type ContextWithState = {|
|
|||
authType: "app" | "api",
|
||||
},
|
||||
|};
|
||||
|
||||
export type ContextWithAuthMiddleware = {|
|
||||
...$Exact<ContextWithState>,
|
||||
signIn: (
|
||||
user: User,
|
||||
team: Team,
|
||||
providerName: string,
|
||||
isFirstSignin: boolean
|
||||
) => void,
|
||||
|};
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
import crypto from "crypto";
|
||||
import fetch from "isomorphic-fetch";
|
||||
|
||||
export const DEFAULT_AVATAR_HOST = "https://tiley.herokuapp.com";
|
||||
|
||||
export async function generateAvatarUrl({
|
||||
id,
|
||||
domain,
|
||||
|
@ -27,6 +29,6 @@ export async function generateAvatarUrl({
|
|||
}
|
||||
}
|
||||
|
||||
const tileyUrl = `https://tiley.herokuapp.com/avatar/${hashedId}/${name[0]}.png`;
|
||||
const tileyUrl = `${DEFAULT_AVATAR_HOST}/avatar/${hashedId}/${name[0]}.png`;
|
||||
return cbUrl && cbResponse && cbResponse.status === 200 ? cbUrl : tileyUrl;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
// @flow
|
||||
import path from "path";
|
||||
import fs from "fs-extra";
|
||||
|
||||
export function requireDirectory<T>(dirName: string): [T, string][] {
|
||||
return fs
|
||||
.readdirSync(dirName)
|
||||
.filter(
|
||||
(file) =>
|
||||
file.indexOf(".") !== 0 &&
|
||||
file.endsWith(".js") &&
|
||||
file !== path.basename(__filename) &&
|
||||
!file.includes(".test")
|
||||
)
|
||||
.map((fileName) => {
|
||||
const filePath = path.join(dirName, fileName);
|
||||
const name = path.basename(filePath.replace(/\.js$/, ""));
|
||||
|
||||
// $FlowIssue
|
||||
return [require(filePath), name];
|
||||
});
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
// @flow
|
||||
import addMinutes from "date-fns/add_minutes";
|
||||
import subMinutes from "date-fns/sub_minutes";
|
||||
import { type Request } from "koa";
|
||||
import { OAuthStateMismatchError } from "../errors";
|
||||
import { getCookieDomain } from "./domains";
|
||||
|
||||
export class StateStore {
|
||||
key: string = "state";
|
||||
|
||||
store = (req: Request, callback: (err: ?Error, state?: string) => void) => {
|
||||
const state = Math.random().toString(36).substring(7);
|
||||
|
||||
// $FlowFixMe
|
||||
req.cookies.set(this.key, state, {
|
||||
httpOnly: false,
|
||||
expires: addMinutes(new Date(), 10),
|
||||
domain: getCookieDomain(req.hostname),
|
||||
});
|
||||
|
||||
callback(null, state);
|
||||
};
|
||||
|
||||
verify = (
|
||||
req: Request,
|
||||
providedState: string,
|
||||
callback: (err: ?Error, ?boolean) => void
|
||||
) => {
|
||||
// $FlowFixMe
|
||||
const state = req.cookies.get(this.key);
|
||||
if (!state) {
|
||||
return callback(
|
||||
new OAuthStateMismatchError("State not return in OAuth flow")
|
||||
);
|
||||
}
|
||||
|
||||
// $FlowFixMe
|
||||
req.cookies.set(this.key, "", {
|
||||
httpOnly: false,
|
||||
expires: subMinutes(new Date(), 1),
|
||||
domain: getCookieDomain(req.hostname),
|
||||
});
|
||||
|
||||
if (state !== providedState) {
|
||||
return callback(new OAuthStateMismatchError());
|
||||
}
|
||||
|
||||
callback(null, true);
|
||||
};
|
||||
}
|
192
yarn.lock
192
yarn.lock
|
@ -1698,6 +1698,13 @@
|
|||
dependencies:
|
||||
"@types/node" ">= 8"
|
||||
|
||||
"@outlinewiki/koa-passport@^4.1.4":
|
||||
version "4.1.4"
|
||||
resolved "https://registry.yarnpkg.com/@outlinewiki/koa-passport/-/koa-passport-4.1.4.tgz#f7536b81860b28065227c0521e9c9fddb532968a"
|
||||
integrity sha512-CgBAGLQU52rMy3WqsW/VSChSVJkMg4iT7P0ITvPigOedvmd0HNDuAmuOf2IBKsv2vpe4qYoVb7uBFjah7dA31A==
|
||||
dependencies:
|
||||
passport "^0.4.0"
|
||||
|
||||
"@popperjs/core@^2.5.4":
|
||||
version "2.6.0"
|
||||
resolved "https://registry.yarnpkg.com/@popperjs/core/-/core-2.6.0.tgz#f022195afdfc942e088ee2101285a1d31c7d727f"
|
||||
|
@ -2291,13 +2298,6 @@ abbrev@1:
|
|||
resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
|
||||
integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
|
||||
|
||||
abort-controller@^3.0.0:
|
||||
version "3.0.0"
|
||||
resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392"
|
||||
integrity sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==
|
||||
dependencies:
|
||||
event-target-shim "^5.0.0"
|
||||
|
||||
accepts@^1.3.5, accepts@~1.3.4:
|
||||
version "1.3.7"
|
||||
resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
|
||||
|
@ -2579,11 +2579,6 @@ arrify@^1.0.1:
|
|||
resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d"
|
||||
integrity sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=
|
||||
|
||||
arrify@^2.0.0:
|
||||
version "2.0.1"
|
||||
resolved "https://registry.yarnpkg.com/arrify/-/arrify-2.0.1.tgz#c9655e9331e0abcd588d2a7cad7e9956f66701fa"
|
||||
integrity sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==
|
||||
|
||||
asn1.js@^5.2.0:
|
||||
version "5.4.1"
|
||||
resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-5.4.1.tgz#11a980b84ebb91781ce35b0fdc2ee294e3783f07"
|
||||
|
@ -2973,7 +2968,7 @@ base64-arraybuffer@0.1.5:
|
|||
resolved "https://registry.yarnpkg.com/base64-arraybuffer/-/base64-arraybuffer-0.1.5.tgz#73926771923b5a19747ad666aa5cd4bf9c6e9ce8"
|
||||
integrity sha1-c5JncZI7Whl0etZmqlzUv5xunOg=
|
||||
|
||||
base64-js@^1.0.2, base64-js@^1.2.0, base64-js@^1.3.0, base64-js@^1.3.1:
|
||||
base64-js@^1.0.2, base64-js@^1.2.0, base64-js@^1.3.1:
|
||||
version "1.5.1"
|
||||
resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
|
||||
integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
|
||||
|
@ -2983,6 +2978,11 @@ base64id@2.0.0:
|
|||
resolved "https://registry.yarnpkg.com/base64id/-/base64id-2.0.0.tgz#2770ac6bc47d312af97a8bf9a634342e0cd25cb6"
|
||||
integrity sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==
|
||||
|
||||
base64url@3.x.x:
|
||||
version "3.0.1"
|
||||
resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
|
||||
integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
|
||||
|
||||
base@^0.11.1:
|
||||
version "0.11.2"
|
||||
resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
|
||||
|
@ -3030,11 +3030,6 @@ big.js@^5.2.2:
|
|||
resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328"
|
||||
integrity sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==
|
||||
|
||||
bignumber.js@^9.0.0:
|
||||
version "9.0.1"
|
||||
resolved "https://registry.yarnpkg.com/bignumber.js/-/bignumber.js-9.0.1.tgz#8d7ba124c882bfd8e43260c67475518d0689e4e5"
|
||||
integrity sha512-IdZR9mh6ahOBv/hYGiXyVuyCetmGJhtYkqLBpTStdhEGjegpPlUawydyaF3pbIOFynJTpllEs+NP+CS9jKFLjA==
|
||||
|
||||
binary-extensions@^1.0.0:
|
||||
version "1.13.1"
|
||||
resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65"
|
||||
|
@ -4776,7 +4771,7 @@ ecc-jsbn@~0.1.1:
|
|||
jsbn "~0.1.0"
|
||||
safer-buffer "^2.1.0"
|
||||
|
||||
ecdsa-sig-formatter@1.0.11, ecdsa-sig-formatter@^1.0.11:
|
||||
ecdsa-sig-formatter@1.0.11:
|
||||
version "1.0.11"
|
||||
resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz#ae0f0fa2d85045ef14a817daa3ce9acd0489e5bf"
|
||||
integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==
|
||||
|
@ -5320,11 +5315,6 @@ event-emitter@^0.3.5:
|
|||
d "1"
|
||||
es5-ext "~0.10.14"
|
||||
|
||||
event-target-shim@^5.0.0:
|
||||
version "5.0.1"
|
||||
resolved "https://registry.yarnpkg.com/event-target-shim/-/event-target-shim-5.0.1.tgz#5d4d3ebdf9583d63a5333ce2deb7480ab2b05789"
|
||||
integrity sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==
|
||||
|
||||
events@1.1.1:
|
||||
version "1.1.1"
|
||||
resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924"
|
||||
|
@ -5466,7 +5456,7 @@ extend-shallow@^3.0.0, extend-shallow@^3.0.2:
|
|||
assign-symbols "^1.0.0"
|
||||
is-extendable "^1.0.1"
|
||||
|
||||
extend@^3.0.0, extend@^3.0.2, extend@~3.0.2:
|
||||
extend@^3.0.0, extend@~3.0.2:
|
||||
version "3.0.2"
|
||||
resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
|
||||
integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
|
||||
|
@ -5520,11 +5510,6 @@ fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6:
|
|||
resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
|
||||
integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=
|
||||
|
||||
fast-text-encoding@^1.0.0:
|
||||
version "1.0.3"
|
||||
resolved "https://registry.yarnpkg.com/fast-text-encoding/-/fast-text-encoding-1.0.3.tgz#ec02ac8e01ab8a319af182dae2681213cfe9ce53"
|
||||
integrity sha512-dtm4QZH9nZtcDt8qJiOH9fcQd1NAgi+K1O2DbE6GG1PPCK/BWfOH3idCTRQ4ImXRUOyopDEgDEnVEE7Y/2Wrig==
|
||||
|
||||
fb-watchman@^2.0.0:
|
||||
version "2.0.1"
|
||||
resolved "https://registry.yarnpkg.com/fb-watchman/-/fb-watchman-2.0.1.tgz#fc84fb39d2709cf3ff6d743706157bb5708a8a85"
|
||||
|
@ -5895,25 +5880,6 @@ functional-red-black-tree@^1.0.1:
|
|||
resolved "https://registry.yarnpkg.com/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz#1b0ab3bd553b2a0d6399d29c0e3ea0b252078327"
|
||||
integrity sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=
|
||||
|
||||
gaxios@^2.1.0:
|
||||
version "2.3.4"
|
||||
resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-2.3.4.tgz#eea99353f341c270c5f3c29fc46b8ead56f0a173"
|
||||
integrity sha512-US8UMj8C5pRnao3Zykc4AAVr+cffoNKRTg9Rsf2GiuZCW69vgJj38VK2PzlPuQU73FZ/nTk9/Av6/JGcE1N9vA==
|
||||
dependencies:
|
||||
abort-controller "^3.0.0"
|
||||
extend "^3.0.2"
|
||||
https-proxy-agent "^5.0.0"
|
||||
is-stream "^2.0.0"
|
||||
node-fetch "^2.3.0"
|
||||
|
||||
gcp-metadata@^3.4.0:
|
||||
version "3.5.0"
|
||||
resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-3.5.0.tgz#6d28343f65a6bbf8449886a0c0e4a71c77577055"
|
||||
integrity sha512-ZQf+DLZ5aKcRpLzYUyBS3yo3N0JSa82lNDO8rj3nMSlovLcz2riKFBsYgDzeXcv75oo5eqB2lx+B14UvPoCRnA==
|
||||
dependencies:
|
||||
gaxios "^2.1.0"
|
||||
json-bigint "^0.3.0"
|
||||
|
||||
gensync@^1.0.0-beta.1:
|
||||
version "1.0.0-beta.2"
|
||||
resolved "https://registry.yarnpkg.com/gensync/-/gensync-1.0.0-beta.2.tgz#32a6ee76c3d7f52d46b2b1ae5d93fea8580a25e0"
|
||||
|
@ -6110,21 +6076,6 @@ good-listener@^1.2.2:
|
|||
dependencies:
|
||||
delegate "^3.1.2"
|
||||
|
||||
google-auth-library@^5.5.1:
|
||||
version "5.10.1"
|
||||
resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-5.10.1.tgz#504ec75487ad140e68dd577c21affa363c87ddff"
|
||||
integrity sha512-rOlaok5vlpV9rSiUu5EpR0vVpc+PhN62oF4RyX/6++DG1VsaulAFEMlDYBLjJDDPI6OcNOCGAKy9UVB/3NIDXg==
|
||||
dependencies:
|
||||
arrify "^2.0.0"
|
||||
base64-js "^1.3.0"
|
||||
ecdsa-sig-formatter "^1.0.11"
|
||||
fast-text-encoding "^1.0.0"
|
||||
gaxios "^2.1.0"
|
||||
gcp-metadata "^3.4.0"
|
||||
gtoken "^4.1.0"
|
||||
jws "^4.0.0"
|
||||
lru-cache "^5.0.0"
|
||||
|
||||
google-closure-compiler-js@^20170423.0.0:
|
||||
version "20170423.0.0"
|
||||
resolved "https://registry.yarnpkg.com/google-closure-compiler-js/-/google-closure-compiler-js-20170423.0.0.tgz#e9e8b40dadfdf0e64044c9479b5d26d228778fbc"
|
||||
|
@ -6134,13 +6085,6 @@ google-closure-compiler-js@^20170423.0.0:
|
|||
vinyl "^2.0.1"
|
||||
webpack-core "^0.6.8"
|
||||
|
||||
google-p12-pem@^2.0.0:
|
||||
version "2.0.4"
|
||||
resolved "https://registry.yarnpkg.com/google-p12-pem/-/google-p12-pem-2.0.4.tgz#036462394e266472632a78b685f0cc3df4ef337b"
|
||||
integrity sha512-S4blHBQWZRnEW44OcR7TL9WR+QCqByRvhNDZ/uuQfpxywfupikf/miba8js1jZi6ZOGv5slgSuoshCWh6EMDzg==
|
||||
dependencies:
|
||||
node-forge "^0.9.0"
|
||||
|
||||
got@^6.7.1:
|
||||
version "6.7.1"
|
||||
resolved "https://registry.yarnpkg.com/got/-/got-6.7.1.tgz#240cd05785a9a18e561dc1b44b41c763ef1e8db0"
|
||||
|
@ -6196,16 +6140,6 @@ growly@^1.3.0:
|
|||
resolved "https://registry.yarnpkg.com/growly/-/growly-1.3.0.tgz#f10748cbe76af964b7c96c93c6bcc28af120c081"
|
||||
integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=
|
||||
|
||||
gtoken@^4.1.0:
|
||||
version "4.1.4"
|
||||
resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-4.1.4.tgz#925ff1e7df3aaada06611d30ea2d2abf60fcd6a7"
|
||||
integrity sha512-VxirzD0SWoFUo5p8RDP8Jt2AGyOmyYcT/pOUgDKJCK+iSw0TMqwrVfY37RXTNmoKwrzmDHSk0GMT9FsgVmnVSA==
|
||||
dependencies:
|
||||
gaxios "^2.1.0"
|
||||
google-p12-pem "^2.0.0"
|
||||
jws "^4.0.0"
|
||||
mime "^2.2.0"
|
||||
|
||||
gulp-sort@^2.0.0:
|
||||
version "2.0.0"
|
||||
resolved "https://registry.yarnpkg.com/gulp-sort/-/gulp-sort-2.0.0.tgz#c6762a2f1f0de0a3fc595a21599d3fac8dba1aca"
|
||||
|
@ -7819,13 +7753,6 @@ jsesc@~0.5.0:
|
|||
resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d"
|
||||
integrity sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0=
|
||||
|
||||
json-bigint@^0.3.0:
|
||||
version "0.3.1"
|
||||
resolved "https://registry.yarnpkg.com/json-bigint/-/json-bigint-0.3.1.tgz#0c1729d679f580d550899d6a2226c228564afe60"
|
||||
integrity sha512-DGWnSzmusIreWlEupsUelHrhwmPPE+FiQvg+drKfk2p+bdEYa5mp4PJ8JsCWqae0M2jQNb0HPvnwvf1qOTThzQ==
|
||||
dependencies:
|
||||
bignumber.js "^9.0.0"
|
||||
|
||||
json-buffer@3.0.0:
|
||||
version "3.0.0"
|
||||
resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.0.tgz#5b1f397afc75d677bde8bcfc0e47e1f9a3d9a898"
|
||||
|
@ -7973,15 +7900,6 @@ jwa@^1.4.1:
|
|||
ecdsa-sig-formatter "1.0.11"
|
||||
safe-buffer "^5.0.1"
|
||||
|
||||
jwa@^2.0.0:
|
||||
version "2.0.0"
|
||||
resolved "https://registry.yarnpkg.com/jwa/-/jwa-2.0.0.tgz#a7e9c3f29dae94027ebcaf49975c9345593410fc"
|
||||
integrity sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA==
|
||||
dependencies:
|
||||
buffer-equal-constant-time "1.0.1"
|
||||
ecdsa-sig-formatter "1.0.11"
|
||||
safe-buffer "^5.0.1"
|
||||
|
||||
jws@^3.2.2:
|
||||
version "3.2.2"
|
||||
resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304"
|
||||
|
@ -7990,14 +7908,6 @@ jws@^3.2.2:
|
|||
jwa "^1.4.1"
|
||||
safe-buffer "^5.0.1"
|
||||
|
||||
jws@^4.0.0:
|
||||
version "4.0.0"
|
||||
resolved "https://registry.yarnpkg.com/jws/-/jws-4.0.0.tgz#2d4e8cf6a318ffaa12615e9dec7e86e6c97310f4"
|
||||
integrity sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg==
|
||||
dependencies:
|
||||
jwa "^2.0.0"
|
||||
safe-buffer "^5.0.1"
|
||||
|
||||
keygrip@~1.1.0:
|
||||
version "1.1.0"
|
||||
resolved "https://registry.yarnpkg.com/keygrip/-/keygrip-1.1.0.tgz#871b1681d5e159c62a445b0c74b615e0917e7226"
|
||||
|
@ -8676,7 +8586,7 @@ lru-cache@^4.0.1, lru-cache@^4.1.5:
|
|||
pseudomap "^1.0.2"
|
||||
yallist "^2.1.2"
|
||||
|
||||
lru-cache@^5.0.0, lru-cache@^5.1.1:
|
||||
lru-cache@^5.1.1:
|
||||
version "5.1.1"
|
||||
resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-5.1.1.tgz#1da27e6710271947695daf6848e847f01d84b920"
|
||||
integrity sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==
|
||||
|
@ -8931,7 +8841,7 @@ mime-types@^2.1.12, mime-types@^2.1.18, mime-types@~2.1.19, mime-types@~2.1.24:
|
|||
dependencies:
|
||||
mime-db "1.44.0"
|
||||
|
||||
mime@2.4.6, mime@^2.2.0:
|
||||
mime@2.4.6:
|
||||
version "2.4.6"
|
||||
resolved "https://registry.yarnpkg.com/mime/-/mime-2.4.6.tgz#e5b407c90db442f2beb5b162373d07b69affa4d1"
|
||||
integrity sha512-RZKhC3EmpBchfTGBVb8fb+RL2cWyw/32lshnsETttkBAyAUXSGHxbEJWWRXc751DrIxG1q04b8QwMbAwkRPpUA==
|
||||
|
@ -9213,7 +9123,7 @@ nocache@2.1.0:
|
|||
resolved "https://registry.yarnpkg.com/nocache/-/nocache-2.1.0.tgz#120c9ffec43b5729b1d5de88cd71aa75a0ba491f"
|
||||
integrity sha512-0L9FvHG3nfnnmaEQPjT9xhfN4ISk0A8/2j4M37Np4mcDesJjHgEUfgPhdCyZuFI954tjokaIj/A3NdpFNdEh4Q==
|
||||
|
||||
node-fetch@2.6.1, node-fetch@^2.1.2, node-fetch@^2.3.0, node-fetch@^2.6.1:
|
||||
node-fetch@2.6.1, node-fetch@^2.1.2, node-fetch@^2.6.1:
|
||||
version "2.6.1"
|
||||
resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
|
||||
integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==
|
||||
|
@ -9226,11 +9136,6 @@ node-fetch@^1.0.1:
|
|||
encoding "^0.1.11"
|
||||
is-stream "^1.0.1"
|
||||
|
||||
node-forge@^0.9.0:
|
||||
version "0.9.2"
|
||||
resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.9.2.tgz#b35a44c28889b2ea55cabf8c79e3563f9676190a"
|
||||
integrity sha512-naKSScof4Wn+aoHU6HBsifh92Zeicm1GDQKd1vp3Y/kOi8ub0DozCa9KpvYNCXslFHYRmLNiqRopGdTGwNLpNw==
|
||||
|
||||
node-gyp-build@^3.8.0:
|
||||
version "3.9.0"
|
||||
resolved "https://registry.yarnpkg.com/node-gyp-build/-/node-gyp-build-3.9.0.tgz#53a350187dd4d5276750da21605d1cb681d09e25"
|
||||
|
@ -9406,6 +9311,11 @@ oauth-sign@~0.9.0:
|
|||
resolved "https://registry.yarnpkg.com/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455"
|
||||
integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==
|
||||
|
||||
oauth@0.9.x:
|
||||
version "0.9.15"
|
||||
resolved "https://registry.yarnpkg.com/oauth/-/oauth-0.9.15.tgz#bd1fefaf686c96b75475aed5196412ff60cfb9c1"
|
||||
integrity sha1-vR/vr2hslrdUda7VGWQS/2DPucE=
|
||||
|
||||
object-assign@^4.0.1, object-assign@^4.1.0, object-assign@^4.1.1:
|
||||
version "4.1.1"
|
||||
resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
|
||||
|
@ -9918,6 +9828,45 @@ pascalcase@^0.1.1:
|
|||
resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
|
||||
integrity sha1-s2PlXoAGym/iF4TS2yK9FdeRfxQ=
|
||||
|
||||
passport-google-oauth2@^0.2.0:
|
||||
version "0.2.0"
|
||||
resolved "https://registry.yarnpkg.com/passport-google-oauth2/-/passport-google-oauth2-0.2.0.tgz#fc9ea59e7091f02e24fd16d6be9257ea982ebbc3"
|
||||
integrity sha512-62EdPtbfVdc55nIXi0p1WOa/fFMM8v/M8uQGnbcXA4OexZWCnfsEi3wo2buag+Is5oqpuHzOtI64JpHk0Xi5RQ==
|
||||
dependencies:
|
||||
passport-oauth2 "^1.1.2"
|
||||
|
||||
passport-oauth2@^1.1.2, passport-oauth2@^1.5.0:
|
||||
version "1.5.0"
|
||||
resolved "https://registry.yarnpkg.com/passport-oauth2/-/passport-oauth2-1.5.0.tgz#64babbb54ac46a4dcab35e7f266ed5294e3c4108"
|
||||
integrity sha512-kqBt6vR/5VlCK8iCx1/KpY42kQ+NEHZwsSyt4Y6STiNjU+wWICG1i8ucc1FapXDGO15C5O5VZz7+7vRzrDPXXQ==
|
||||
dependencies:
|
||||
base64url "3.x.x"
|
||||
oauth "0.9.x"
|
||||
passport-strategy "1.x.x"
|
||||
uid2 "0.0.x"
|
||||
utils-merge "1.x.x"
|
||||
|
||||
passport-slack-oauth2@^1.1.0:
|
||||
version "1.1.0"
|
||||
resolved "https://registry.yarnpkg.com/passport-slack-oauth2/-/passport-slack-oauth2-1.1.0.tgz#4a153b3d0d5a9e1a5041b61599d2b41a4b9486f1"
|
||||
integrity sha512-rd0V5lWhtNMTmDWuIIk1eXj+ANgP74fD9h28XEp6AtgtQgWPa577qfeM9YLkl7oUNn8gIQeghsvtW6ziWt52dQ==
|
||||
dependencies:
|
||||
passport-oauth2 "^1.5.0"
|
||||
pkginfo "^0.4.1"
|
||||
|
||||
passport-strategy@1.x.x:
|
||||
version "1.0.0"
|
||||
resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4"
|
||||
integrity sha1-tVOaqPwiWj0a0XlHbd8ja0QPUuQ=
|
||||
|
||||
passport@^0.4.0, passport@^0.4.1:
|
||||
version "0.4.1"
|
||||
resolved "https://registry.yarnpkg.com/passport/-/passport-0.4.1.tgz#941446a21cb92fc688d97a0861c38ce9f738f270"
|
||||
integrity sha512-IxXgZZs8d7uFSt3eqNjM9NQ3g3uQCW5avD8mRNoXV99Yig50vjuaez6dQK2qC0kVWPRTujxY0dWgGfT09adjYg==
|
||||
dependencies:
|
||||
passport-strategy "1.x.x"
|
||||
pause "0.0.1"
|
||||
|
||||
passthrough-counter@^1.0.0:
|
||||
version "1.0.0"
|
||||
resolved "https://registry.yarnpkg.com/passthrough-counter/-/passthrough-counter-1.0.0.tgz#1967d9e66da572b5c023c787db112a387ab166fa"
|
||||
|
@ -9999,6 +9948,11 @@ path-type@^4.0.0:
|
|||
resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b"
|
||||
integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==
|
||||
|
||||
pause@0.0.1:
|
||||
version "0.0.1"
|
||||
resolved "https://registry.yarnpkg.com/pause/-/pause-0.0.1.tgz#1d408b3fdb76923b9543d96fb4c9dfd535d9cb5d"
|
||||
integrity sha1-HUCLP9t2kjuVQ9lvtMnf1TXZy10=
|
||||
|
||||
pbkdf2@^3.0.3:
|
||||
version "3.1.1"
|
||||
resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.1.tgz#cb8724b0fada984596856d1a6ebafd3584654b94"
|
||||
|
@ -10133,6 +10087,11 @@ pkg-dir@^4.1.0, pkg-dir@^4.2.0:
|
|||
dependencies:
|
||||
find-up "^4.0.0"
|
||||
|
||||
pkginfo@^0.4.1:
|
||||
version "0.4.1"
|
||||
resolved "https://registry.yarnpkg.com/pkginfo/-/pkginfo-0.4.1.tgz#b5418ef0439de5425fc4995042dced14fb2a84ff"
|
||||
integrity sha1-tUGO8EOd5UJfxJlQQtztFPsqhP8=
|
||||
|
||||
pngjs@^3.0.0, pngjs@^3.3.3:
|
||||
version "3.4.0"
|
||||
resolved "https://registry.yarnpkg.com/pngjs/-/pngjs-3.4.0.tgz#99ca7d725965fb655814eaf65f38f12bbdbf555f"
|
||||
|
@ -12995,7 +12954,7 @@ uglify-js@3.4.x:
|
|||
commander "~2.19.0"
|
||||
source-map "~0.6.1"
|
||||
|
||||
uid2@0.0.3:
|
||||
uid2@0.0.3, uid2@0.0.x:
|
||||
version "0.0.3"
|
||||
resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.3.tgz#483126e11774df2f71b8b639dcd799c376162b82"
|
||||
integrity sha1-SDEm4Rd03y9xuLY53NeZw3YWK4I=
|
||||
|
@ -13320,6 +13279,11 @@ utila@~0.4:
|
|||
resolved "https://registry.yarnpkg.com/utila/-/utila-0.4.0.tgz#8a16a05d445657a3aea5eecc5b12a4fa5379772c"
|
||||
integrity sha1-ihagXURWV6Oupe7MWxKk+lN5dyw=
|
||||
|
||||
utils-merge@1.x.x:
|
||||
version "1.0.1"
|
||||
resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"
|
||||
integrity sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=
|
||||
|
||||
uuid@2.0.2:
|
||||
version "2.0.2"
|
||||
resolved "https://registry.yarnpkg.com/uuid/-/uuid-2.0.2.tgz#48bd5698f0677e3c7901a1c46ef15b1643794726"
|
||||
|
|
Reference in New Issue