https forcing, simplified authenticator

borissedlak · Apr 23, 2018 · f2dd850 · f2dd850
1 parent 74ae589
commit f2dd850
Show file tree

Hide file tree

Showing 13 changed files with 128 additions and 106 deletions.
diff --git a/config/config.json b/config/config.json
@@ -4,7 +4,7 @@
 	"application_name": "Flagture",
 	"consumer_key": 328825967593367,
 	"consumer_secret": "56b902ade32adbff835492d83eed3b3c",
-	"callback_url": "/auth/facebook/callback" ,
+	"callback_url": "http://localhost:8080/auth/facebook/callback" ,
 	"jwt_secret": "tasmanianDevil",
 
 	"http_status_codes":{

diff --git a/config/key.pem b/config/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfKBFpqNOf04vl
+MwgsJa1y1sXn0T++xhaUDFtgxi6jadrftrPEa7Wmbp9EjMLo/oS0RCBDUjCTTAIB
+9IDQ7NhjCy5Z+B/ITxHV35o3bK+tDN0/+S84SLBBLo2h2+KnKEo1XW/s4xEAb45d
+6997+5tq8q+f5bV8J240iXYqLuzFKFkgs8WjM2u9k5sBqQ7LFyfBr+kX09tTiPbD
+0Am0ez5siLd1gopPChGfG4ehO59y7et5zUHnQd4p0GfpJBxbWmB6ZkrfZkxuYEQ3
+Yx4NrIRd+bwMDHs8+pEXYC1pDLWYTWZZbHCEPgrEXKpM6KO1cOLzMqb4dPKKg4+f
+tQFUtq/7AgMBAAECggEAHbDZ3r4yDIToei+U/LdiriPG88IjhDFsEN5lRZ5zIOUk
+gcuRqbj2QEAu0hj4W4Lvurli02xHx5LMZRT52v/0NjXlxb72HuYxS5bVLDXIaB4Y
+QFD6MCPPTbmjjmh41fo8LcxqjuSlTVGCW58fJ//+NGtlvAycWLb6Zi6mrqPmY7kh
+5B14/Sg21f7+gJVXAIyZUpzxenxzHtpxdyHRRSkOfk2cwCm47s/7BKUBaTZlluvW
+2bzxmF4edRB9legMdBR1//ujjoli+dKKINk4HFc/tgvQ9wb4Yxa0jTiuGPT/cJGr
+FBh091xY6IpYDoUSXyI/3ioptug2qH9oX83+cuPDUQKBgQDNoXUAMyj/WX6Ti+ZB
+Bh94zvK2zrKWVD8p65t9R8bukSRkkm6RHlZnooICWBZG5BM3Whip+zLNuIqHkqDw
+YNbNc2XHXRhB+vgfuvmlB0agfAIp/O2BjPKbV8a2OH8TRJskqn1JqPKmcs7yO+sA
+wCuo4F3dOvsLrXBhh5tgo9+TVwKBgQDGJFdqC/gUvGgFVURXTIjrOiKqMbjAF1Xa
+tw2NPeDAcDlVvUtQKNn8Y7PnEPMeEZv5pm5gyIKsCUUmmdFkbWhvjCO+Im0qlngD
+6vENs3N/2dpG1B3F7NteEWc57gcykE/584o+20RZyeJ3ro3NwMjJVFPj5Db9a8Bz
+69PP062l/QKBgQCd5q6mkaKYuotFF7efFOmT5i5hDEX8xAKg2ShUQorS5SdyBzPa
+QdaNzC9TR3sLwtWyun+X/6oaaOwPgRwOmf44U7XDKoyXFfX0v6o1/GlSkQdEYNGs
+mqQtf3C6upVyIUuVE0oUByUVhbG+Nx6VO/wKuQe6+zCN3ggfDHfW9N+ZDwKBgC5z
+bprJ24rg8HHvn2nn42Fh66aCqZE+5z2zFFY8X2g95vMWwYU1ToVAyngtHRG7hxlr
+zwyZdSjns3JtNQ2aKJWeAPMeFwGY7OHePky7+SPL6sQYDjLMaFERO2X1S3KrKlSq
+p4o81TVHgvQT0+Kcg3XPcytF4S5gCGokqy9ZrKfxAoGBAJv9xwy9KxenGfC5zHKW
+4gg/j/QOzgjNI99tgV/ngMHHlG8NYiqpUCMPsWsggfKSWKaKEBUcERkvIfaWCk4B
+oRYkhutCM7tPDVKfjGh9bnEivpVHLb7mJ5Yw2X+9BEOcbnz/v9XoqWoP3AGR60y6
+YGxSNfTYhFSx8vwUeQjt3Fjr
+-----END PRIVATE KEY-----
diff --git a/config/server.crt b/config/server.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQC90yM7Yil1iDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE4MDQyMzIwNDg1NloXDTE5MDQyMzIwNDg1NlowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJ8oEWmo05/Ti+UzCCwlrXLWxefRP77GFpQMW2DGLqNp2t+2s8RrtaZun0SMwuj+
+hLREIENSMJNMAgH0gNDs2GMLLln4H8hPEdXfmjdsr60M3T/5LzhIsEEujaHb4qco
+SjVdb+zjEQBvjl3r33v7m2ryr5/ltXwnbjSJdiou7MUoWSCzxaMza72TmwGpDssX
+J8Gv6RfT21OI9sPQCbR7PmyIt3WCik8KEZ8bh6E7n3Lt63nNQedB3inQZ+kkHFta
+YHpmSt9mTG5gRDdjHg2shF35vAwMezz6kRdgLWkMtZhNZllscIQ+CsRcqkzoo7Vw
+4vMypvh08oqDj5+1AVS2r/sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhrFZI2ov
+cR4EAMfG+Ab4cQ2zwe1Pjx+VH3gNrJ/z/YD6ND6ad9Gyx673xBxAJPW0VQlo6jXH
+pE0TPDYozeS6SpmlFsdySnEJRl201744MJCNzDXAafAmWWPtpiyCkiEVgAQlwwDq
+ElPfhahpXhpxG5K1eYZpUeX1hroKkm4s60GRsKnQL+LaUpsgkVJtwZRoaQRkEk7E
+6z1V/zHNUngnq8MKVT8vtXuF1VFjAJ7jReZk/nd/qpNMVOfx3G4he59d+sYTQtBH
+6/cJHcvfbTljShdxJWzcVL7a+odBome/h08DT1FTgtYv7ucv66Z2Zbkw2/ptG3gX
+6nwlUMdRrHOgCA==
+-----END CERTIFICATE-----
diff --git a/config/ssl-cert.pem b/config/ssl-cert.pem
diff --git a/config/ssl-key.pem b/config/ssl-key.pem
diff --git a/models/user.js b/models/user.js
@@ -5,7 +5,7 @@ var bcrypt = require('bcryptjs');
 // Define our user schema
 var UserSchema = new mongoose.Schema({
     local:{
-        private password: String,
+        password: String,
     },
     facebook: {
         facebookId: Number,

diff --git a/modules/authenticator.js b/modules/authenticator.js
@@ -69,7 +69,6 @@ module.exports = {
 				break;
 
 			case 'local':
-
 				try {
 					var decoded_payload = jwt.decode(access_token, config.jwt_secret);
 					var user = decoded_payload.user;

diff --git a/modules/passport.js b/modules/passport.js
@@ -9,17 +9,18 @@ module.exports = function (passport) {
 	passport.use(new FacebookStrategy({
 		clientID: config.consumer_key,
 		clientSecret: config.consumer_secret,
-		callbackURL: config.callback_url,
-		profileFields: ['email', 'first_name', 'picture']
+		callbackURL: config.callback_url
 	},
 		function (accessToken, refreshToken, profile, callback) {
 			process.nextTick(function () {
+				console.log('Strategy entered');
 				User.findOne({ 'facebook.facebookId': profile.id },
 					function (err, user) {
 						if (err)
 							return callback(err, null, { status: status_codes.server_error, message: 'Internal Error' });
 						if (user) {
-							return callback(null, user, { status: status_codes.success, message: 'User found' });
+							console.log(1, accessToken);
+							return callback(null, user, { status: status_codes.success, message: 'User found', token: accessToken });
 						}
 						else {
 							// Set the user properties that came from the POST data
@@ -33,7 +34,7 @@ module.exports = function (passport) {
 								if (err)
 									return callback(err, newUser, { status: status_codes.server_error, message: 'Couldnt insert user' });
 								else
-									return callback(null, newUser, { status: status_codes.created, message: 'New user inserted' });
+									return callback(null, newUser, { status: status_codes.created, message: 'New user inserted', token: accessToken });
 							});
 						}
 					}

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -15,12 +15,13 @@
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.18.2",
     "cookie-parser": "^1.4.0",
-    "cors": "^2.8.4",
     "csurf": "^1.9.0",
     "ejs": "^2.3.4",
     "express": "^4.13.3",
     "express-session": "^1.15.6",
-    "fs": "0.0.1-security",
+    "fs": "0.0.2",
+    "http": "0.0.0",
+    "https": "^1.0.0",
     "jsonwebtoken": "^8.1.0",
     "jwt-simple": "^0.5.1",
     "mongoose": "^4.10.8",

diff --git a/routing/api_routes.js b/routing/api_routes.js
@@ -9,31 +9,30 @@ module.exports = function (apiRouter, authenticator) {
 
         // IDEA: I get the Id from the debug_token function, so may I use it from there instead of the param
         // --> Every request is handles as if the user is in the db
-    
+
         authenticator.isValidRequest(req, function (valid, msg) {
             if (valid) {
-                return res.status(200).json({ data: msg });
+                return res.status(200).json({ data: valid });
             }
             else {
                 return res.status(401).json({ error: msg });
             }
         });
     });
-    
+
     apiRouter.get('/user', function (req, res) {
         authenticator.isValidRequest(req, function (valid, msg) {
             if (valid) {
                 User.find(function (err, data) {
                     if (err) {
                         return res.status(500).json(error);
                     }
-                    res.status(200).json(data);
+                    return res.status(200).json(data);
                 });
             }
             else {
                 return res.status(401).json({ error: msg });
             }
         });
     });
-
 }
diff --git a/routing/auth_routes.js b/routing/auth_routes.js
@@ -16,12 +16,13 @@ module.exports = function (authRouter, passport) {
         }
         passport.authenticate('local-login', function (err, user, info) {
             if (user) {
-                var payload = { id: req.user._id };
+                var payload = { user: user, strategy: 'local' };
                 var token = jwt.encode(payload, config.jwt_secret);
                 return res.status(info.status).json({ user: user, info: info.message, token: token });
             }
-            else
+            else{
                 return res.status(info.status).json({ info: info.message });
+            }
 
         })(req, res);
     });
@@ -34,6 +35,9 @@ module.exports = function (authRouter, passport) {
             return res.status(status_codes.bad_request).json({ info: 'Signup request must contain username and password in body' });
         }
         passport.authenticate('local-signup', function (err, user, info) {
+            if(err){
+                return res.status(info.status).json({ info: info.message });
+            }
             if (user) {
                 //How does the user object look like? Bette not include passwords here
                 var payload = { user: user, strategy: 'local' };
@@ -52,8 +56,9 @@ module.exports = function (authRouter, passport) {
     //If the passed credentials are invalid, the callback is never accessed!
     authRouter.get('/facebook/callback', function (req, res) {
         passport.authenticate('facebook', function (err, user, info) {
+            console.log(err,user,info);
             if (user) {
-                return res.status(info.status).json({ user: user, info: info.message });
+                return res.status(info.status).json({ user: user, info: info.message, token: info.token });
             }
             else
                 return res.status(info.status).json({ info: info.message });
-Original file line number
+Diff line change
@@ Expand Up / @@ -69,7 +69,6 @@ module.exports = { @@
     				break;
     			case 'local':
     				try {
     					var decoded_payload = jwt.decode(access_token, config.jwt_secret);
     					var user = decoded_payload.user;
@@ Expand Down @@