Merge pull request #1059 from filecoin-project/@aminejv/auth-fix

Fix twitter auth in safari
This commit is contained in:
martinalong 2022-01-26 11:51:26 -08:00 committed by GitHub
commit 20d17b1881
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 0 additions and 25 deletions

View File

@ -1,5 +1,4 @@
import * as Environment from "~/node_common/environment";
import * as Utilities from "~/node_common/utilities";
import * as Data from "~/node_common/data";
import * as Strings from "~/common/strings";
import * as Logging from "~/common/logging";
@ -8,8 +7,6 @@ import JWT from "jsonwebtoken";
import { createOAuthProvider } from "~/node_common/managers/twitter";
const COOKIE_NAME = "oauth_token";
export default async (req, res) => {
if (!Strings.isEmpty(Environment.ALLOWED_HOST) && req.headers.host !== Environment.ALLOWED_HOST) {
return res.status(403).send({ decorator: "SERVER_TWITTER_OAUTH_NOT_ALLOWED", error: true });
@ -26,12 +23,6 @@ export default async (req, res) => {
}
const { authToken, authVerifier } = req.body.data;
const storedAuthToken = req.cookies[COOKIE_NAME];
// NOTE(amine): additional security check
if (authToken !== storedAuthToken) {
return res.status(403).send({ decorator: "SERVER_TWITTER_OAUTH_INVALID_TOKEN", error: true });
}
let twitterUser;
try {

View File

@ -14,13 +14,6 @@ export default async (req, res) => {
const { getOAuthRequestToken } = createOAuthProvider();
const { authToken, authSecretToken } = await getOAuthRequestToken();
// NOTE(amine): additional security check
res.cookie("oauth_token", authToken, {
maxAge: 15 * 60 * 1000, // 15 minutes
secure: true,
httpOnly: true,
sameSite: true,
});
await Data.createTwitterToken({ token: authToken, tokenSecret: authSecretToken });
res.json({ authToken });
} catch (e) {

View File

@ -7,8 +7,6 @@ import * as Validations from "~/common/validations";
import SearchManager from "~/node_common/managers/search";
import JWT from "jsonwebtoken";
const COOKIE_NAME = "oauth_token";
export default async (req, res) => {
const { authToken, email, username } = req.body.data;
@ -31,13 +29,6 @@ export default async (req, res) => {
const newUsername = Strings.createUsername(username);
const newEmail = email.toLowerCase();
const storedAuthToken = req.cookies[COOKIE_NAME];
// NOTE(amine): additional security check
if (authToken !== storedAuthToken) {
return res.status(403).send({ decorator: "SERVER_CREATE_USER_FAILED", error: true });
}
const twitterUser = await Data.getTwitterToken({ token: authToken });
if (!twitterUser) {
return res.status(401).send({ decorator: "SERVER_CREATE_USER_FAILED", error: true });