feat: Move to passport for authentication (#1934)

- Added `accountProvisioner` - Move authentication to use passport strategies - Make authentication more pluggable - Change language of services -> providers closes #1120
2021-03-11 10:02:22 -08:00
parent dc967be4fc
commit 5d6f68d399
33 changed files with 1104 additions and 725 deletions
--- a/server/utils/passport.js
+++ b/server/utils/passport.js
@ -0,0 +1,50 @@
+// @flow
+import addMinutes from "date-fns/add_minutes";
+import subMinutes from "date-fns/sub_minutes";
+import { type Request } from "koa";
+import { OAuthStateMismatchError } from "../errors";
+import { getCookieDomain } from "./domains";
+
+export class StateStore {
+  key: string = "state";
+
+  store = (req: Request, callback: (err: ?Error, state?: string) => void) => {
+    const state = Math.random().toString(36).substring(7);
+
+    // $FlowFixMe
+    req.cookies.set(this.key, state, {
+      httpOnly: false,
+      expires: addMinutes(new Date(), 10),
+      domain: getCookieDomain(req.hostname),
+    });
+
+    callback(null, state);
+  };
+
+  verify = (
+    req: Request,
+    providedState: string,
+    callback: (err: ?Error, ?boolean) => void
+  ) => {
+    // $FlowFixMe
+    const state = req.cookies.get(this.key);
+    if (!state) {
+      return callback(
+        new OAuthStateMismatchError("State not return in OAuth flow")
+      );
+    }
+
+    // $FlowFixMe
+    req.cookies.set(this.key, "", {
+      httpOnly: false,
+      expires: subMinutes(new Date(), 1),
+      domain: getCookieDomain(req.hostname),
+    });
+
+    if (state !== providedState) {
+      return callback(new OAuthStateMismatchError());
+    }
+
+    callback(null, true);
+  };
+}