Merge branch 'main' into prod-business

GenerateNU · Jun 18, 2024 · c5c68ee · c5c68ee
2 parents 0fb3f96 + d3e4997
commit c5c68ee
Show file tree

Hide file tree

Showing 105 changed files with 360 additions and 681 deletions.
diff --git a/backend/config/oauth_microsoft.go b/backend/config/oauth_microsoft.go
@@ -13,8 +13,7 @@ type MicrosoftOAuthSettings struct {
 }
 
 type intermediateMicrosoftOAuthSetting struct {
-	Key    string `env:"KEY"`
-	Secret string `env:"SECRET"`
+	Key string `env:"KEY"`
 }
 
 func (i *intermediateMicrosoftOAuthSetting) into() (*MicrosoftOAuthSettings, error) {
@@ -23,14 +22,8 @@ func (i *intermediateMicrosoftOAuthSetting) into() (*MicrosoftOAuthSettings, err
 		return nil, err
 	}
 
-	secretSecret, err := m.NewSecret(i.Secret)
-	if err != nil {
-		return nil, err
-	}
-
 	return &MicrosoftOAuthSettings{
 		Key:    secretKey,
-		Secret: secretSecret,
 		Tenant: tenantID,
 	}, nil
 }
diff --git a/backend/entities/auth/base/handlers.go b/backend/entities/auth/base/handlers.go
@@ -89,7 +89,7 @@ func (h *Handler) ProviderCallback(c *fiber.Ctx) error {
 		return err
 	}
 
-	return c.SendStatus(http.StatusOK)
+	return c.Status(http.StatusOK).JSON(user)
 }
 
 func (h *Handler) ProviderLogout(c *fiber.Ctx) error {

diff --git a/backend/integrations/oauth/crypt/crypt.go b/backend/integrations/oauth/crypt/crypt.go
@@ -17,7 +17,7 @@ func Encrypt(data string, passphrase string) (string, error) {
 	}
 
 	plaintext := []byte(data)
-	if len(plaintext) > 1028 {
+	if len(plaintext) > 4096 {
 		return "", fmt.Errorf("plaintext too long")
 	}
 

diff --git a/backend/integrations/oauth/soth/msft/msft.go b/backend/integrations/oauth/soth/msft/msft.go
@@ -31,10 +31,9 @@ var defaultScopes = []string{"openid", "offline_access", "user.read", "calendars
 // New creates a new microsoftonline Provider, and sets up important connection details.
 // You should always call `msft.New` to get a new Provider. Never try to create
 // one manually.
-func New(clientKey *m.Secret[string], secret *m.Secret[string], callbackURL string, tenant string, scopes ...string) *Provider {
+func New(clientKey *m.Secret[string], callbackURL string, tenant string, scopes ...string) *Provider {
 	p := &Provider{
 		ClientKey:    clientKey,
-		Secret:       secret,
 		CallbackURL:  callbackURL,
 		ProviderName: "microsoftonline",
 		tenant:       tenant,
@@ -47,7 +46,6 @@ func New(clientKey *m.Secret[string], secret *m.Secret[string], callbackURL stri
 // Provider is the implementation of `soth.Provider` for accessing microsoftonline.
 type Provider struct {
 	ClientKey    *m.Secret[string]
-	Secret       *m.Secret[string]
 	CallbackURL  string
 	config       *oauth2.Config
 	ProviderName string
@@ -138,9 +136,8 @@ func newConfig(provider *Provider, scopes []string) *oauth2.Config {
 	}
 
 	c := &oauth2.Config{
-		ClientID:     provider.ClientKey.Expose(),
-		ClientSecret: provider.Secret.Expose(),
-		RedirectURL:  provider.CallbackURL,
+		ClientID:    provider.ClientKey.Expose(),
+		RedirectURL: provider.CallbackURL,
 		Endpoint: oauth2.Endpoint{
 			AuthURL:  authURL,
 			TokenURL: tokenURL,

diff --git a/backend/integrations/oauth/soth/sothic/sothic.go b/backend/integrations/oauth/soth/sothic/sothic.go
@@ -210,6 +210,7 @@ func CompleteUserAuth(c *fiber.Ctx) (soth.User, error) {
 	}
 
 	gu, err := provider.FetchUser(sess)
+
 	return gu, err
 }
 
@@ -227,6 +228,7 @@ func validateState(c *fiber.Ctx, sess soth.Session) error {
 	}
 
 	originalState := authURL.Query().Get("state")
+
 	if originalState != "" && (originalState != c.Query("state")) {
 		return errors.New("state token mismatch")
 	}
@@ -357,13 +359,10 @@ func updateSessionValue(session *session.Session, key, value string) error {
 	if err := gz.Close(); err != nil {
 		return err
 	}
-
 	encrypted, err := encrypter(b.String())
 	if err != nil {
 		return err
 	}
-
 	session.Set(key, encrypted)
-
 	return nil
 }
diff --git a/backend/middleware/auth/user.go b/backend/middleware/auth/user.go
@@ -17,10 +17,10 @@ func (m *AuthMiddlewareHandler) UserAuthorizeById(c *fiber.Ctx) error {
 		return c.SendStatus(http.StatusUnauthorized)
 	}
 
-	user := models.UnmarshalUser(strUser)
+	user := *models.UnmarshalUser(strUser)
 
 	if user.Role == models.Super {
-		locals.SetUser(c, user)
+		locals.SetUser(c, &user)
 		return c.Next()
 	}
 
@@ -29,8 +29,8 @@ func (m *AuthMiddlewareHandler) UserAuthorizeById(c *fiber.Ctx) error {
 		return err
 	}
 
-	if idAsUUID == &user.ID {
-		locals.SetUser(c, user)
+	if *idAsUUID == user.ID {
+		locals.SetUser(c, &user)
 		return c.Next()
 	}
 

diff --git a/config/.env.template b/config/.env.template
@@ -46,6 +46,5 @@ SAC_GOOGLE_OAUTH_SECRET=GOOGLE_OAUTH_CLIENT_SECRET
 SAC_GOOGLE_API_KEY=GOOGLE_API_KEY
 
 SAC_MICROSOFT_OAUTH_KEY=test
-SAC_MICROSOFT_OAUTH_SECRET=test
 
 SAC_SEARCH_URI="http://127.0.0.1:9200"
diff --git a/frontend/lib/package.json b/frontend/lib/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@generatesac/lib",
-  "version": "0.0.171",
+  "version": "0.0.179",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

diff --git a/frontend/lib/src/api/authApi.ts b/frontend/lib/src/api/authApi.ts
@@ -1,69 +1,42 @@
-import { LoginRequestBody, RefreshTokenRequestBody } from "../types/auth";
-import { User, userSchema } from "../types/user";
-import {
-  EmailRequestBody,
-  VerifyEmailRequestBody,
-  VerifyPasswordResetTokenRequestBody,
-} from "../types/verification";
-import { baseApi } from "./base";
+import { User, userSchema } from "../types";
+import { LoginResponse, OAuthCallbackRequestQueryParams } from "../types/auth";
+import { baseApi, handleQueryParams } from "./base";
 
 const AUTH_API_BASE_URL = "/auth";
+const PROVIDER = "microsoftonline";
 
 export const authApi = baseApi.injectEndpoints({
   endpoints: (builder) => ({
-    login: builder.mutation<User, LoginRequestBody>({
-      query: (body) => ({
+    login: builder.query<LoginResponse, void>({
+      query: () => ({
         url: `${AUTH_API_BASE_URL}/login`,
-        method: "POST",
-        body,
+        method: "GET",
+        responseHandler: 'text',
       }),
-      transformResponse: (response: User) => {
-        return userSchema.parse(response);
+      transformResponse: async (_, meta) => {
+        const redirectUri = meta?.response?.headers.get("Redirect") as string;
+        const sac_session = meta?.response?.headers.get("_sac_session") as string;
+
+        return {
+          redirect_uri: redirectUri,
+          sac_session,
+        }
       },
     }),
-    logout: builder.mutation<void, void>({
+    logout: builder.query<void, void>({
       query: () => ({
         url: `${AUTH_API_BASE_URL}/logout`,
-        method: "POST",
-      }),
-    }),
-    refresh: builder.mutation<void, RefreshTokenRequestBody>({
-      query: (body) => ({
-        url: "refresh",
-        method: "POST",
-        body,
-      }),
-    }),
-    forgotPassword: builder.mutation<void, EmailRequestBody>({
-      query: (body) => ({
-        url: `${AUTH_API_BASE_URL}/forgot-password`,
-        method: "POST",
-        body,
-      }),
-    }),
-    verifyPasswordResetToken: builder.mutation<
-      void,
-      VerifyPasswordResetTokenRequestBody
-    >({
-      query: (body) => ({
-        url: `${AUTH_API_BASE_URL}/verify-reset`,
-        method: "POST",
-        body,
+        method: "GET",
       }),
     }),
-    sendCode: builder.mutation<void, EmailRequestBody>({
-      query: (body) => ({
-        url: `${AUTH_API_BASE_URL}/send-code`,
-        method: "POST",
-        body,
-      }),
-    }),
-    verifyEmail: builder.mutation<void, VerifyEmailRequestBody>({
-      query: (body) => ({
-        url: `${AUTH_API_BASE_URL}/verify-email`,
-        method: "POST",
-        body,
+    callback: builder.query<User, OAuthCallbackRequestQueryParams>({
+      query: (params) => ({
+        url: handleQueryParams(`${AUTH_API_BASE_URL}/${PROVIDER}/callback`, params),
+        method: "GET",
       }),
+      transformResponse: (response) => {
+        return userSchema.parse(response);
+      }
     }),
   }),
 });
diff --git a/frontend/lib/src/api/base.ts b/frontend/lib/src/api/base.ts
@@ -11,7 +11,7 @@ export const baseApi = createApi({
       // User slice existing must exist in all dependent apps:
       const token = (getState() as { user: { accessToken: string } })?.user?.accessToken;
       if (token) {
-        headers.set("Authorization", `Bearer ${token}`);
+        headers.set("_sac_session", token);
       }
       return headers;
     },

diff --git a/frontend/lib/src/api/userApi.ts b/frontend/lib/src/api/userApi.ts
@@ -1,6 +1,5 @@
 import { z } from "zod";
 
-import { UpdatePasswordRequestBody } from "../types/auth";
 import { Club, clubSchema } from "../types/club";
 import { PaginationQueryParams } from "../types/root";
 import { Tag, tagSchema } from "../types/tag";
@@ -82,16 +81,6 @@ export const userApi = baseApi.injectEndpoints({
       }),
       invalidatesTags: (_result, _, id) => [{ type: "User", id }],
     }),
-    updatePassword: builder.mutation<
-      void,
-      { id: string; body: UpdatePasswordRequestBody }
-    >({
-      query: ({ id, body }) => ({
-        url: `${USER_API_BASE_URL}/${id}/password`,
-        method: "PATCH",
-        body,
-      }),
-    }),
     userFollowing: builder.query<Club[], string>({
       query: (id) => ({
         url: `${USER_API_BASE_URL}/${id}/follower/`,

diff --git a/frontend/lib/src/types/auth.ts b/frontend/lib/src/types/auth.ts
@@ -1,31 +1,16 @@
 import { z } from "zod";
 
-// Schemas:
-export const loginRequestBodySchema = z.object({
-  email: z.string().email(),
-  password: z.string().min(8),
+export const loginResponseSchema = z.object({
+  redirect_uri: z.string(),
+  sac_session: z.string(),
 });
 
-export const updatePasswordRequestBodySchema = z.object({
-  old_password: z.string().min(8),
-  new_password: z.string().min(8),
-});
-
-export const refreshTokenRequestBodySchema = z.object({
-  refresh_token: z.string(),
-});
-
-export const tokensSchema = z.object({
-  access_token: z.string(),
-  refresh_token: z.string(),
+export const oauthCallbackRequestQueryParams = z.object({
+  code: z.string(),
+  session_state: z.string(),
+  state: z.string(),
 });
 
 // Types:
-export type LoginRequestBody = z.infer<typeof loginRequestBodySchema>;
-export type UpdatePasswordRequestBody = z.infer<
-  typeof updatePasswordRequestBodySchema
->;
-export type RefreshTokenRequestBody = z.infer<
-  typeof refreshTokenRequestBodySchema
->;
-export type Tokens = z.infer<typeof tokensSchema>;
+export type LoginResponse = z.infer<typeof loginResponseSchema>;
+export type OAuthCallbackRequestQueryParams = z.infer<typeof oauthCallbackRequestQueryParams>;
diff --git a/frontend/lib/src/types/user.ts b/frontend/lib/src/types/user.ts
@@ -6,6 +6,7 @@ import { rootModelSchema } from "./root";
 export const userRoleEnum = z.enum(["super", "student"]);
 
 export const collegeEnum = z.enum([
+  "",
   "CAMD",
   "DMSB",
   "KCCS",
@@ -18,6 +19,7 @@ export const collegeEnum = z.enum([
 ]);
 
 export const majorEnum = z.enum([
+  "",
   "africanaStudies",
   "americanSignLanguage",
   "americanSignLanguage-EnglishInterpreting",
@@ -120,7 +122,7 @@ export const majorEnum = z.enum([
   "theatre",
 ]);
 
-export const graduationCycleEnum = z.enum(["december", "may"]);
+export const graduationCycleEnum = z.enum(["december", "may", ""]);
 
 export const yearEnum = z.enum(["1", "2", "3", "4", "5"]);
 
@@ -155,16 +157,14 @@ export const createUserTagsRequestBodySchema = z.object({
 
 const userSchemaIntermediate = z.object({
   role: userRoleEnum,
-  first_name: z.string().min(1),
-  last_name: z.string().min(1),
+  name: z.string().min(1),
   email: z.string().email(),
   major0: majorEnum.optional(),
   major1: majorEnum.optional(),
   major2: majorEnum.optional(),
   college: collegeEnum.optional(),
   graduation_cycle: graduationCycleEnum.optional(),
   graduation_year: z.number().optional(),
-  is_verified: z.boolean(),
 });
 
 export const userSchema = userSchemaIntermediate.merge(rootModelSchema);

diff --git a/frontend/mobile/package.json b/frontend/mobile/package.json
@@ -25,7 +25,7 @@
         "@fortawesome/free-solid-svg-icons": "^6.5.2",
         "@fortawesome/react-fontawesome": "^0.2.2",
         "@fortawesome/react-native-fontawesome": "^0.3.2",
-        "@generatesac/lib": "0.0.171",
+        "@generatesac/lib": "0.0.179",
         "@gorhom/bottom-sheet": "^4.6.3",
         "@hookform/resolvers": "^3.4.2",
         "@react-native-async-storage/async-storage": "^1.23.1",