Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix no session on social Logins #1164

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Fix no session on social Logins
Because social tokens are constructed via await access.grantAccess(user, req, user.passwordHash), and password_hash was missing session could not be established.
MassivDash authored Nov 13, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 352b05d6b7adc39d73a9eb615df266bc4b9d03e4
6 changes: 5 additions & 1 deletion modules/user/server-ts/social/shared.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { access } from '@gqlapp/authentication-server-ts';
import bcrypt from 'bcryptjs';
import User from '../sql';

export async function onAuthenticationSuccess(req, res) {
@@ -14,10 +15,13 @@ export async function onAuthenticationSuccess(req, res) {
}

export const registerUser = async ({ id, username, displayName, emails: [{ value }] }) => {
const passwordHash = await bcrypt.hash(id || username || displayName, 12);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we use id or username or displayName as a password? Why do we use 12 as a salt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have replicated the brcypt password hash creation from the access modules, it had 12 as salt. Since social user passport strategy has no user password filed, we need to create whatever password in order for the social tokens to be created. I thought might as well create the password from user outside id, like it was before but if Is is missing the create one from display name. My assumption is that either user will continue to login through social or he will request forgot password.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need a password at all for social users, because this field is not used as a password. I think the better approach is to handle the case elsewhere in the code that password might be actually missing: #1165

return User.register({
username: username || displayName,
email: value,
password: id,
isActive: true
});
},
passwordHash
);
};