Merge pull request #19 from tpcofficial/dev

v0.1.50 - Fix Google OAuth2 flow + code improvements
tpcofficial · Jan 12, 2021 · f06727e · f06727e
2 parents b56ff00 + 138d99b
commit f06727e
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 22 deletions.
diff --git a/.deepsource.toml b/.deepsource.toml
@@ -0,0 +1,8 @@
+version = 1
+
+[[analyzers]]
+name = "javascript"
+enabled = true
+
+  [analyzers.meta]
+  environment = ["nodejs"]
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -6,7 +6,25 @@ provider:
   - any: ['providers/**/*.js']
 
 provider-loader:
-  - any: ['index.js']
+  - index.js
+
+provider-google:
+  - providers/google.js
+
+provider-discord:
+  - providers/discord.js
+
+provider-aad:
+  - providers/microsoft-enterprise.js
+
+provider-microsoft:
+  - providers/microsoft.js
+
+provider-github:
+  - providers/github.js
+
+provider-generic:
+  - providers/generic.js
 
 documentation:
   - any: ['README.md','**/*.md','docs/**/*']

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@tpcofficial/big-oauth2",
-  "version": "0.1.43",
+  "version": "0.1.50",
   "description": "A OAuth2 module to easily allow you to integrate your applications authentication with 3rd party IdPs. Returns user data with minimal code to help you create and manage users in your databases!",
   "main": "index.js",
   "scripts": {

diff --git a/providers/discord.js b/providers/discord.js
@@ -6,9 +6,6 @@
  * 3. Send the access token to an API
  * 
  */
-const fetch = require('node-fetch');
-const log = require('../lib/logging-debug');
-
 class DiscordHandler {
     constructor(configobj,extraOptions = {}) {
         if (!configobj)

diff --git a/providers/google.js b/providers/google.js
@@ -6,9 +6,6 @@
          * 3. Send the access token to an API
          * 
          */
-const fetch = require('node-fetch');
-const log = require('../lib/logging-debug');
-
 class GoogleHandler {
 
     constructor(configobj,extraOptions = {}) {
@@ -18,6 +15,7 @@ class GoogleHandler {
         this.client_id = configobj.client_id;
         this.client_secret = configobj.client_secret;
 
+        this.response_type = configobj.response_type.length >=1 ? configobj.response_type : 'code';
         this.redirect_uri = configobj.redirect_uri; //We recommend setting this to something like https://example.org/api/oauth2/google
         this.scope = configobj.scope >= 1 ? configobj.scope : "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile";//Default to profile scope if no scope is defined    -  && configobj.isArray()
         this.auth_base_url = "https://accounts.google.com/o/oauth2/v2/auth"
@@ -31,28 +29,33 @@ class GoogleHandler {
     startFlow() {//Should return a uri to begin the OAuth2 flow and gain user consent
         this.libs.log.info('Start of OAuth2 flow, generating redirect uri to gain user consent');
         try {
-            return `${this.auth_base_url}?client_id=${this.client_id}&response_type=token&scope=${this.scope}&redirect_uri=${this.redirect_uri}/callback`;
+            return `${this.auth_base_url}?client_id=${this.client_id}&response_type=${this.response_type}&scope=${this.scope}&redirect_uri=${this.redirect_uri}/callback`;
         } catch (e) {
             this.libs.log.error("Failed to start OAuth2 flow: Couldn't generate (and/or) return the consent uri");
             throw "Failed to generate consent uri";
         }
     }
 
     async stopFlow(flowResponse) {//Should receive the token, automatically and prepare it for the user - the token is not stored and this should return USER DATA only
-        if (!flowResponse || (!flowResponse.code || !flowResponse.access_token))
-            return false
-
-        if (flowResponse.accces_token && flowResponse.token_type == 'Bearer') {
-            await this.libs.fetch(`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${json.accces_token}`)
-                .this(json => {return json})
+        if (flowResponse.code || flowResponse.access_token) {
+            if (flowResponse.access_token && flowResponse.token_type == 'Bearer') {
+                this.libs.log.info('access_token spotted, using this to get data');
+                await this.libs.fetch(`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${json.access_token}`)
+                    .this(json => {return json})
+            } else if (flowResponse.code) {
+                this.libs.log.info('code spotted, exchanging');
+                await this.libs.fetch(`${this.token_url}?code=${flowResponse.code}`, {method:'POST'})// Get user code from query data -> ${flowResponse.code}
+                    .this(res => res.json())
+                    .this(async json => {
+                        await this.libs.fetch(`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${json.access_token}`)
+                            .this(json => {return json})
+                    })// Get user token -> function fetch ...
+            }
         } else {
-            await this.libs.fetch(`${this.token_url}?code=${flowResponse.code}`, {method:'POST'})// Get user code from query data -> ${flowResponse.code}
-                .this(res => res.json())
-                .this(async json => {
-                    await this.libs.fetch(`https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=${json.accces_token}`)
-                        .this(json => {return json})
-                })// Get user token -> function fetch ...
+            this.libs.log.error('Google did not give us valid data\n'+String(flowResponse));
+            throw "[Google] API did not respond with a valid authentication code or token"
         }
+
         // Get user data (email, name)
     }