Recover some steam auths (#1353)

* Should run this code for at least 6 months * Fix a bug in implementation with mongoose Applies to #1347 Auto-merge
OpenUserJS · Apr 23, 2018 · 6273552 · 6273552
1 parent aa2eda3
commit 6273552
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/controllers/auth.js b/controllers/auth.js
@@ -244,7 +244,9 @@ exports.callback = function (aReq, aRes, aNext) {
  }
 
  if (aInfo === 'readonly strategy') {
- aRes.redirect(doneUri + (doneUri === '/' ? 'login' : '') + '?rostrat');
+ aRes.redirect(doneUri + (doneUri === '/' ? 'login' : '') + '?roauth');
+ } else if (aInfo === 'username recovered') {
+ aRes.redirect(doneUri + (doneUri === '/' ? 'login' : '') + '?retryauth');
  } else {
  aRes.redirect(doneUri + (doneUri === '/' ? 'login' : '') + '?authfail');
  }

diff --git a/libs/passportVerify.js b/libs/passportVerify.js
@@ -19,6 +19,7 @@ var allStrategies = require('../controllers/strategies.json');
 exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
  var shasum = crypto.createHash('sha256');
  var digest = null;
+ var digestUnsecure = null;
  var query = {};
  var ids = [];
 
@@ -88,8 +89,42 @@ exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
  }
  } else if (aUser) {
  // user was found matching name but can't be authenticated
- aDone(null, false, 'username is taken');
- return;
+
+ if (aStrategy === 'steam') {
+ // Attempt to recover from http to https switch #1347
+ if (new Date(aUser._since) < new Date('2018-04-05T00:00:00.000Z')) {
+
+ digestUnsecure = crypto.createHash('sha256').update(String(aId)
+ .replace(/^https:/, 'http:')).digest('hex');
+ pos = aUser.auths.indexOf(digestUnsecure);
+
+ if (pos > -1) {
+ aUser.auths[pos] = digest;
+
+ aUser.markModified('auths');
+ aUser.save(function (aErr, aUser) {
+ if (aErr) {
+ aDone(null, false, 'username recovery failed');
+ return;
+ }
+ console.log('RECOVERED STEAM AUTH', aUser.name, digestUnsecure, '->', digest);
+
+ aDone(null, false, 'username recovered');
+ return;
+ });
+ } else {
+ aDone(null, false, 'username is taken');
+ return;
+ }
+ } else {
+ aDone(null, false, 'username is taken');
+ return;
+ }
+
+ } else {
+ aDone(null, false, 'username is taken');
+ return;
+ }
  } else {
  // Check for strategy readonly
  if (allStrategies[aStrategy].readonly) {
@@ -113,11 +148,14 @@ exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
  }
  });
  } else if (pos > -1 && pos < aUser.auths.length - 1) {
- // Toggle to the existing default strategy
+ // Set current strategy to use as default
  aUser.strategies.splice(pos, 1);
  aUser.auths.splice(pos, 1);
  aUser.strategies.push(aStrategy);
  aUser.auths.push(digest);
+
+ aUser.markModified('strategies');
+ aUser.markModified('auths');
  aUser.save(function (aErr, aUser) {
  aDone(aErr, aUser);
  return;
@@ -126,6 +164,8 @@ exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
  // The user was authenticated however...
  // Migrate from OpenID to OAuth
  aUser.auths[openIdIdPos] = digest;
+
+ aUser.markModified('auths');
  aUser.save(function (aErr, aUser) {
  aDone(aErr, aUser);
  return;