search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Gitter migration: Setup redirects (rollout pt. 3)
[gitter.git] / server / handlers / auth-providers / github.js
blob6666f58c459ebbf94c266e7e37c8ac67e49eceac
1 'use strict';
2
3 var env = require('gitter-web-env');
4 var identifyRoute = env.middlewares.identifyRoute;
5 var config = env.config;
6
7 const ensureUserIdentityByProvider = require('../../web/middlewares/ensure-user-identity-from-provider');
8 var passport = require('passport');
9 const identityService = require('gitter-web-identity');
10 var trackLoginForProvider = require('../../web/middlewares/track-login-for-provider');
11 var rememberMe = require('../../web/middlewares/rememberme-middleware');
12 var ensureLoggedIn = require('../../web/middlewares/ensure-logged-in');
13 var redirectAfterLogin = require('../../web/middlewares/redirect-after-login');
14 var passportCallbackForStrategy = require('../../web/middlewares/passport-callback-for-strategy');
15 var userScopes = require('gitter-web-identity/lib/user-scopes');
16 var fonts = require('../../web/fonts');
17
18 var routes = {};
19
20 const SCOPE_ALLOWLIST = {
21 'user:email': true,
22 'read:org': true,
23 repo: true
24 };
25
26 function getScopesFromReq(req) {
27 const inputScopes = req.query.scopes ? req.query.scopes.split(/\s*,\s*/) : [''];
28 const newScopes = inputScopes.filter(scope => SCOPE_ALLOWLIST[scope]);
29 newScopes.push('user:email');
30 newScopes.push('read:org');
31
32 return newScopes;
33 }
34
35 routes.login = [
36 identifyRoute('login-github'),
37 trackLoginForProvider('github'),
38 passport.authorize('github_user', {
39 scope: 'user:email,read:org',
40 failWithError: true
41 })
42 ];
43
44 routes.invited = [
45 identifyRoute('login-invited'),
46 function(req, res) {
47 var query = req.query;
48
49 // checks if we have a relative url path and adds it to the session
50 if (query.uri) req.session.returnTo = config.get('web:basepath') + '/' + query.uri;
51
52 res.render('login_invited', {
53 username: query.welcome,
54 uri: query.uri,
55 bootScriptName: 'router-login',
56 cssFileName: 'styles/login.css',
57 // TODO: remove this and just show it anyway
58 showNewLogin: true
59 });
60 }
61 ];
62
63 routes.upgradeLandingPage = [
64 ensureLoggedIn,
65 identifyRoute('login-upgrade-landing-page'),
66 // Once we allow multiple identities for a single user, we should get rid of this #multiple-identity-user
67 ensureUserIdentityByProvider(identityService.GITHUB_IDENTITY_PROVIDER),
68 function(req, res) {
69 const newScopes = getScopesFromReq(req);
70
71 res.render('login-upgrade-landing', {
72 accessToken: req.accessToken,
73 user: req.user,
74 newScopes,
75 fonts: fonts.getFonts(),
76 hasCachedFonts: fonts.hasCachedFonts(req.cookies)
77 });
78 }
79 ];
80
81 routes.upgrade = [
82 ensureLoggedIn,
83 identifyRoute('login-upgrade'),
84 // Once we allow multiple identities for a single user, we should get rid of this #multiple-identity-user
85 ensureUserIdentityByProvider(identityService.GITHUB_IDENTITY_PROVIDER),
86 function(req, res, next) {
87 var scopes = getScopesFromReq(req);
88 var existing = req.user.githubScopes || {};
89 var addedScopes = false;
90
91 scopes.forEach(function(scope) {
92 if (!existing[scope]) addedScopes = true;
93 existing[scope] = true;
94 });
95
96 if (!addedScopes) {
97 res.render('github-upgrade-complete', {
98 oAuthCompletePostMessage: JSON.stringify({
99 type: 'oauth_upgrade_complete',
100 scopes: userScopes.getScopesHash(req.user)
101 })
102 });
103 return;
104 }
105
106 var requestedScopes = Object.keys(existing).filter(function(f) {
107 return !!f;
108 });
109 req.session.githubScopeUpgrade = true;
110
111 passport.authorize('github_upgrade', {
112 scope: requestedScopes,
113 failWithError: true
114 })(req, res, next);
115 }
116 ];
117
118 routes.callback = [
119 identifyRoute('login-callback'),
120 function(req, res, next) {
121 var upgrade = req.session && req.session.githubScopeUpgrade;
122 var strategy;
123 if (upgrade) {
124 strategy = 'github_upgrade';
125 } else {
126 strategy = 'github_user';
127 }
128 passportCallbackForStrategy(strategy, { failWithError: true })(req, res, next);
129 },
130 ensureLoggedIn,
131 rememberMe.generateRememberMeTokenMiddleware,
132 redirectAfterLogin
133 ];
134
135 module.exports = routes;