Sign upLogin

18F/federalist

View on GitHub
Star
api/admin/passport.js

Summary

Maintainability
A
25 mins
Test Coverage
C
75%
const Passport = require('passport');
const GitHubStrategy = require('passport-github').Strategy;
const config = require('../../config');
const env = require('../../services/environment')();
const { User } = require('../models');
const { createUAAStrategy, verifyUAAUser } = require('../services/uaaStrategy');
const GitHub = require('../services/GitHub');
const Features = require('../features');

const passport = new Passport.Passport();

passport.serializeUser((user, next) => {
  next(null, user.id);
});

passport.deserializeUser((id, next) => {
  User.findByPk(id).then((user) => {
    next(null, user);
  });
});

/**
 * Github Auth
 */
const githubOptions = config.passport.github.authorizationOptions;
githubOptions.callbackURL = `${env.APP_HOSTNAME}/admin/auth/github2/callback`;

async function verifyGithub(accessToken, _refreshToken, profile, callback) {
  const { id, username } = profile;

  try {
    await GitHub.ensureFederalistAdmin(accessToken, username.toLowerCase());

    const user = await User.findOne({ where: { githubUserId: id } });

    return callback(null, user);
  } catch (err) {
    return callback(err);
  }
}

passport.use('github', new GitHubStrategy(githubOptions, verifyGithub));

/**
 * UAA Auth
 */
if (Features.enabled(Features.Flags.FEATURE_AUTH_UAA)) {
  const uaaOptions = {
    ...config.passport.uaa.options,
    callbackURL: `${config.app.hostname}/admin/auth/uaa/callback`,
    logoutCallbackURL: `${config.app.hostname}/admin/auth/uaa/logout`,
    passReqToCallback: true,
  };

  const verify = async (req, accessToken, refreshToken, profile, callback) => {
    try {
      const supportUser = await verifyUAAUser(accessToken, refreshToken, profile, ['pages.support']);
      if (supportUser) {
        req.session.role = 'pages.support';
        return callback(null, supportUser);
      }

      const adminUser = await verifyUAAUser(accessToken, refreshToken, profile, ['pages.admin']);
      if (adminUser) {
        req.session.role = 'pages.admin';
        return callback(null, adminUser);
      }

      return callback(null, false);
    } catch (err) {
      return callback(err);
    }
  };

  const uaaStrategy = createUAAStrategy(uaaOptions, verify);

  passport.use('uaa', uaaStrategy);

  passport.logout = (req, res) => {
    req.logout();
    res.redirect(uaaStrategy.logoutRedirectURL);
  };
}

module.exports = passport;