staging latest fixes (github oauth)

docker-entrypoint.sh

@@ -48,7 +48,6 @@ fi
 set -e
 
 if [[ ${ENVIRONMENT} == "test" ]]; then
-  echo "[thinx-entrypoint] Running in TEST MODE!"
   curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
   chmod +x ./cc-test-reporter
 

lib/router.auth.js

@@ -206,6 +206,7 @@ module.exports = function (app) {
                 console.log(`[OID:${user_data.owner}] [LOGIN_INVALID] Password mismatch.`);
                 auditLogError(user_data.owner, "password_mismatch");
                 alog.log(req.session.owner, "Password mismatch.");
+                stored_response.status(401);
                 Util.responder(stored_response, false, "password_mismatch");
             }
             return true;

lib/router.github.js

@@ -15,34 +15,36 @@ const app_config = Globals.app_config();
 var AuditLog = require("../lib/thinx/audit"); var alog = new AuditLog();
 var User = require("../lib/thinx/owner"); var user = new User();
 
+const Util = require("./thinx/util");
+
 //
 // OAuth2 for GitHub
 //
 
-var githubOAuth;
-
-if (typeof (process.env.GITHUB_CLIENT_SECRET) !== "undefined" && process.env.GITHUB_CLIENT_SECRET !== null) {
-    try {
-        let specs = {
-            githubClient: process.env.GITHUB_CLIENT_ID,
-            githubSecret: process.env.GITHUB_CLIENT_SECRET,
-            baseURL: github_ocfg.base_url, // should be rather gotten from global config!
-            loginURI: '/api/oauth/github',
-            callbackURI: '/api/oauth/github/callback',
-            scope: 'user'
-        };
-        githubOAuth = require('./thinx/oauth-github.js')(specs);
-    } catch (e) {
-        console.log(`[debug] [oauth] [github] github_ocfg init error: ${e}`);
-    }
-}
-
 module.exports = function (app) {
 
     /*
     * OAuth 2 with GitHub
     */
 
+    var githubOAuth;
+
+    if (typeof (process.env.GITHUB_CLIENT_SECRET) !== "undefined" && process.env.GITHUB_CLIENT_SECRET !== null) {
+        try {
+            let specs = {
+                githubClient: process.env.GITHUB_CLIENT_ID,
+                githubSecret: process.env.GITHUB_CLIENT_SECRET,
+                baseURL: github_ocfg.base_url, // should be rather gotten from global config!
+                loginURI: '/api/oauth/github',
+                callbackURI: '/api/oauth/github/callback',
+                scope: 'user'
+            };
+            githubOAuth = require('./thinx/oauth-github.js')(specs);
+        } catch (e) {
+            console.log(`[debug] [oauth] [github] github_ocfg init error: ${e}`);
+        }
+    }
+
     function validateGithubUser(response, token, userWrapper) {
 
         let owner_id = userWrapper.owner; // must not be nil
@@ -157,7 +159,22 @@ module.exports = function (app) {
                 if (typeof (original_response) !== "undefined") original_response.end("test-ok");
         });
 
-        githubOAuth.on('token', (oauth_token_string/* , resp, _res, req */) => {
+        githubOAuth.on('token', (oauth_token_string, resp, /* _res, req */) => {
+
+            if (!Util.isDefined(oauth_token_string)) {
+                console.log("[github] debug token event without token", { oauth_token_string }, resp);
+                original_response.redirect(
+                    app_config.public_url + '/error.html?success=failed&title=Sorry&reason=Intruder%20alert.'
+                );
+
+                return;
+            }
+
+            if (typeof (oauth_token_string) === "object") {
+                console.log("[github] oauth token response:", oauth_token_string);
+                original_response.status(401).end();
+                return;
+            }
 
             let oauth_token_array = oauth_token_string.split("&");
             let access_token = oauth_token_array[0].replace("access_token=", "");
@@ -166,6 +183,7 @@ module.exports = function (app) {
 
             if (typeof (access_token) === "undefined") {
                 console.log("[debug] [github] [token] No token, exiting.");
+                original_response.status(401).end();
                 return;
             }
 
@@ -263,16 +281,12 @@ module.exports = function (app) {
 
     // Callback service parsing the authorization token and asking for the access token
     app.get('/api/oauth/github/callback', function (req, res) {
-
+        // save original response to callbacks in this code path... when callback is called, response is used to reply (except for error)
         secureGithubCallbacks(res, () => {
-            if (githubOAuth.callback === "function") {
-                githubOAuth.callback(req, res);
-            } else {
-                console.log("[warning] githubOAuth.callback(req, res); is not a function");
-                res.status(401).end();
-            }
-        }); // save original response to callbacks in this code path... when callback is called, response is used to reply
-
+            githubOAuth.callback(req, res, (err) => {
+                console.log("[spec] GitHub OAuth result", err);
+                //res.end(); // why does not the res end?
+            });
+        });
     });
-
 };

lib/router.google.js

@@ -46,7 +46,7 @@ module.exports = function (app) {
    */
 
   function createUserWithGoogle(req, ores, odata, userWrapper, access_token) {
-    console.log("Creating new user...");
+    console.log("[google] Creating new user...");
 
     // No e-mail to validate.
     var will_require_activation = true;
@@ -73,6 +73,7 @@ module.exports = function (app) {
 
       const ourl = app_config.public_url + "/auth.html?t=" + token + "&g=true"; // require GDPR consent
       console.log(ourl);
+      console.log("Redirecting to:", ourl);
       ores.redirect(ourl);
     });
   }

lib/router.user.js

@@ -14,6 +14,7 @@ module.exports = function (app) {
                 req.session.destroy((err) => {
                     console.log(err);
                 });
+                res.status(401);
                 Util.responder(res, success, message);
             } else {
                 res.redirect(message.redirectURL);
@@ -25,6 +26,7 @@ module.exports = function (app) {
         user.password_reset(req.query.owner, req.query.reset_key, (success, message) => {
             if (!success) {
                 req.session.destroy((/*err*/) => {
+                    res.status(401);
                     Util.responder(res, success, message);
                 });
             } else {
@@ -37,6 +39,7 @@ module.exports = function (app) {
         user.password_reset_init(req.body.email, (success, message) => {
             if (!success) {
                 req.session.destroy();
+                res.status(401);
             }
             console.log("[debug] password_reset_init", success, message);
             Util.responder(res, success, message);
@@ -50,6 +53,7 @@ module.exports = function (app) {
             console.log(cid, "[debug] set_password callback", success, message);
             if (!success) {
                 if (typeof (req.session) !== "undefined") req.session.destroy();   
+                res.status(401);
             } 
             console.log(cid, "[debug] set_password respond with success, message", success, message);
             Util.responder(res, success, message);
@@ -64,6 +68,7 @@ module.exports = function (app) {
             if (err) {
                 let errString = err.toString();
                 console.log(`[OID:${owner}] Chat message failed with error ${errString}`);
+                res.status(400);
             } else {
                 console.log(`[OID:${owner}] Chat message sent.`);
             }

lib/thinx/builder.js

@@ -471,6 +471,67 @@ module.exports = class Builder {
 		return true;
 	}
 
+	generate_thinx_json(api_envs, device, api_key, commit_id, git_tag, XBUILD_PATH) {
+
+		// Load template
+		var thinx_json = JSON.parse(
+			fs.readFileSync(
+				__dirname + "/../../builder.thinx.dist.json"
+			)
+		);
+
+		if (typeof (api_envs) === "undefined" || api_envs === null) {
+			console.log("[builder] No env vars to apply...");
+			api_envs = [];
+		}
+
+		if (api_envs.count > 0) {
+			console.log("[builder] Applying environment vars...");
+			for (var object in api_envs) {
+				var key = Object.keys(object)[0];
+				console.log("Setting " + key + " to " + object[key]);
+				thinx_json[key] = object[key];
+			}
+		} else {
+			console.log("[builder] No environment vars to apply...");
+		}
+
+		// Attach/replace with important data
+		thinx_json.THINX_ALIAS = device.alias;
+		thinx_json.THINX_API_KEY = api_key; // inferred from last_key_hash
+
+		// Replace important data...
+		thinx_json.THINX_COMMIT_ID = commit_id.replace("\n", "");
+		thinx_json.THINX_FIRMWARE_VERSION_SHORT = git_tag.replace("\n", "");
+
+		var REPO_NAME = XBUILD_PATH.replace(/^.*[\\\/]/, '').replace(".git", "");
+
+		thinx_json.THINX_FIRMWARE_VERSION = REPO_NAME + ":" + git_tag.replace("\n", "");
+		thinx_json.THINX_APP_VERSION = thinx_json.THINX_FIRMWARE_VERSION;
+
+		thinx_json.THINX_OWNER = device.owner;
+		thinx_json.THINX_PLATFORM = device.platform;
+		thinx_json.LANGUAGE_NAME = JSON2H.languageNameForPlatform(device.platform);
+		thinx_json.THINX_UDID = device.udid;
+
+		// Attach/replace with more specific data...");
+		thinx_json.THINX_CLOUD_URL = app_config.api_url.replace("https://", "").replace("http://", "");
+		thinx_json.THINX_MQTT_URL = app_config.mqtt.server.replace("mqtt://", ""); // due to problem with slashes in json and some libs on platforms
+		thinx_json.THINX_AUTO_UPDATE = true; // device.autoUpdate
+		thinx_json.THINX_MQTT_PORT = app_config.mqtt.port;
+		thinx_json.THINX_API_PORT = app_config.port;
+		thinx_json.THINX_ENV_SSID = "";
+		thinx_json.THINX_ENV_PASS = "";
+
+		if (typeof (app_config.secure_port) !== "undefined") {
+			thinx_json.THINX_API_PORT_SECURE = app_config.secure_port;
+		}
+
+		thinx_json.THINX_AUTO_UPDATE = device.auto_update;
+		thinx_json.THINX_FORCED_UPDATE = false;
+
+		return thinx_json;
+	}
 
 	run_build(br, notifiers, callback, transmit_key) {
 
@@ -710,27 +771,7 @@ module.exports = class Builder {
 
 					console.log("[builder] REPO_VERSION (TAG+REV) [unused var]: '" + REPO_VERSION.replace(/\n/g, "") + "'");
 
-					var header_file = null;
-					try {
-						console.log("Finding", HEADER_FILE_NAME, "in", XBUILD_PATH);
-						var h_file = finder.from(XBUILD_PATH).findFiles(HEADER_FILE_NAME);
-						if ((typeof (h_file) !== "undefined") && h_file !== null) {
-							header_file = h_file[0];
-						}
-						console.log("[builder] found header_file: " + header_file);
-					} catch (e) {
-						console.log("Exception while getting header, use FINDER!: " + e);
-						blog.state(build_id, owner, udid, "error");
-					}
-
-					if (header_file === null) {
-						header_file = XBUILD_PATH / HEADER_FILE_NAME;
-						console.log("header_file empty, assigning path:", header_file);
-					}
-
-					console.log("[builder] Final header_file:", header_file);
-
-					var REPO_NAME = XBUILD_PATH.replace(/^.*[\\\/]/, '').replace(".git", "");
+
 
 					//
 					// Fetch API Envs and create header file
@@ -743,63 +784,7 @@ module.exports = class Builder {
 							// must not be blocking
 						}
 
-						// --> extract from here
-
-						// Load template
-						var thinx_json = JSON.parse(
-							fs.readFileSync(
-								__dirname + "/../../builder.thinx.dist.json"
-							)
-						);
-
-						if (typeof (api_envs) === "undefined" || api_envs === null) {
-							console.log("[builder] No env vars to apply...");
-							api_envs = [];
-						}
-
-						if (api_envs.count > 0) {
-							console.log("[builder] Applying environment vars...");
-							for (var object in api_envs) {
-								var key = Object.keys(object)[0];
-								console.log("Setting " + key + " to " + object[key]);
-								thinx_json[key] = object[key];
-							}
-						} else {
-							console.log("[builder] No environment vars to apply...");
-						}
-
-						// Attach/replace with important data
-						thinx_json.THINX_ALIAS = device.alias;
-						thinx_json.THINX_API_KEY = api_key; // inferred from last_key_hash
-
-						// Replace important data...
-						thinx_json.THINX_COMMIT_ID = commit_id.replace("\n", "");
-						thinx_json.THINX_FIRMWARE_VERSION_SHORT = git_tag.replace("\n", "");
-						thinx_json.THINX_FIRMWARE_VERSION = REPO_NAME + ":" + git_tag.replace("\n", "");
-						thinx_json.THINX_APP_VERSION = thinx_json.THINX_FIRMWARE_VERSION;
-
-						thinx_json.THINX_OWNER = device.owner;
-						thinx_json.THINX_PLATFORM = device.platform;
-						thinx_json.LANGUAGE_NAME = JSON2H.languageNameForPlatform(device.platform);
-						thinx_json.THINX_UDID = udid;
-
-						// Attach/replace with more specific data...");
-						thinx_json.THINX_CLOUD_URL = app_config.api_url.replace("https://", "").replace("http://", "");
-						thinx_json.THINX_MQTT_URL = app_config.mqtt.server.replace("mqtt://", ""); // due to problem with slashes in json and some libs on platforms
-						thinx_json.THINX_AUTO_UPDATE = true; // device.autoUpdate
-						thinx_json.THINX_MQTT_PORT = app_config.mqtt.port;
-						thinx_json.THINX_API_PORT = app_config.port;
-						thinx_json.THINX_ENV_SSID = "";
-						thinx_json.THINX_ENV_PASS = "";
-
-						if (typeof (app_config.secure_port) !== "undefined") {
-							thinx_json.THINX_API_PORT_SECURE = app_config.secure_port;
-						}
-
-						thinx_json.THINX_AUTO_UPDATE = device.auto_update;
-						thinx_json.THINX_FORCED_UPDATE = false;
-
-						// <-- extract to here
+						let thinx_json = this.generate_thinx_json(api_envs, device, api_key, commit_id, git_tag, XBUILD_PATH);
 
 						console.log("[builder] Writing template to thinx_build.json...");
 
@@ -815,6 +800,26 @@ module.exports = class Builder {
 							return;
 						}
 
+						var header_file = null;
+						try {
+							console.log("Finding", HEADER_FILE_NAME, "in", XBUILD_PATH);
+							var h_file = finder.from(XBUILD_PATH).findFiles(HEADER_FILE_NAME);
+							if ((typeof (h_file) !== "undefined") && h_file !== null) {
+								header_file = h_file[0];
+							}
+							console.log("[builder] found header_file: " + header_file);
+						} catch (e) {
+							console.log("Exception while getting header, use FINDER!: " + e);
+							blog.state(build_id, owner, udid, "error");
+						}
+
+						if (header_file === null) {
+							header_file = XBUILD_PATH / HEADER_FILE_NAME;
+							console.log("header_file empty, assigning path:", header_file);
+						}
+
+						console.log("[builder] Final header_file:", header_file);
+
 						if ((platform != "mongoose") || (platform != "python") || (platform != "nodejs")) {
 							console.log("[builder] Generating C-headers from into", header_file);
 							if (fs.existsSync(header_file)) {
@@ -824,14 +829,14 @@ module.exports = class Builder {
 							}
 						}
 
-						// <--- cut until here as configureBuildForDevice(header_file, device, api_envs, api_key, git_tag, commit_id, REPO_NAME, udid, platform)
-
 						callback(true, {
 							response: "build_started",
 							build_id: build_id
 						}); // last callback before executing
 
-						// start the build in background
+						//
+						// start the build in background (device, br, udid, build_id, owner, ROOT, fcid, git, sanitized_branch, XBUILD_PATH, api_envs...)
+						//
 
 						var fcid = "000000";
 						if (typeof (device.fcid) !== "undefined") {