shoo shoo oauth

Author: tonyqiu123

backend/typescript/rest/authRoutes.ts

@@ -34,18 +34,16 @@ const cookieOptions: CookieOptions = {
 /* Returns access token and user info in response body and sets refreshToken as an httpOnly cookie */
 authRouter.post("/login", loginRequestValidator, async (req, res) => {
   try {
-    const authDTO = req.body.idToken
-      ? // OAuth
-        await authService.generateTokenOAuth(req.body.idToken)
-      : await authService.generateToken(req.body.email, req.body.password);
+    const authDTO = req.body.idToken;
+    await authService.generateToken(req.body.email, req.body.password);
 
     const { refreshToken, ...rest } = authDTO;
 
     res
       .cookie("refreshToken", refreshToken, cookieOptions)
       .status(200)
       .json(rest);
-  } catch (error: unknown) {
+  } catch (error) {
     res.status(500).json({ error: getErrorMessage(error) });
   }
 });
@@ -57,29 +55,22 @@ authRouter.post(
   async (req, res) => {
     try {
       if (isAuthorizedByEmail(req.body.email)) {
-        const user = await userService.getUserByEmail(req.body.email);
+        const userDTO = await userService.getUserByEmail(req.body.email);
+        const rest = { ...{ accessToken: req.body.accessToken }, ...userDTO };
 
-        const activatedUser = user;
-        activatedUser.status = UserStatus.ACTIVE;
-        await userService.updateUserById(user.id, activatedUser);
-
-        const rest = {
-          ...{ accessToken: req.body.accessToken },
-          ...activatedUser,
-        };
         res
           .cookie("refreshToken", req.body.refreshToken, cookieOptions)
           .status(200)
           .json(rest);
       }
-    } catch (error: unknown) {
+    } catch (error) {
       if (error instanceof NotFoundError) {
         res.status(404).send(getErrorMessage(error));
       } else {
         res.status(500).json({ error: getErrorMessage(error) });
       }
     }
-  },
+  }
 );
 
 /* Returns access token in response body and sets refreshToken as an httpOnly cookie */
@@ -91,7 +82,7 @@ authRouter.post("/refresh", async (req, res) => {
       .cookie("refreshToken", token.refreshToken, cookieOptions)
       .status(200)
       .json({ accessToken: token.accessToken });
-  } catch (error: unknown) {
+  } catch (error) {
     res.status(500).json({ error: getErrorMessage(error) });
   }
 });
@@ -104,10 +95,10 @@ authRouter.post(
     try {
       await authService.revokeTokens(req.params.userId);
       res.status(204).send();
-    } catch (error: unknown) {
+    } catch (error) {
       res.status(500).json({ error: getErrorMessage(error) });
     }
-  },
+  }
 );
 
 /* Emails a password reset link to the user with the specified email */
@@ -118,10 +109,10 @@ authRouter.post(
     try {
       await authService.resetPassword(req.params.email);
       res.status(204).send();
-    } catch (error: unknown) {
+    } catch (error) {
       res.status(500).json({ error: getErrorMessage(error) });
     }
-  },
+  }
 );
 
 // updates user password and updates status
@@ -132,7 +123,7 @@ authRouter.post(
     try {
       const responseSuccess = await authService.setPassword(
         req.params.email,
-        req.body.newPassword,
+        req.body.newPassword
       );
       if (responseSuccess.success) {
         const user = await userService.getUserByEmail(req.params.email);
@@ -149,15 +140,15 @@ authRouter.post(
     } catch (error) {
       res.status(500).json({ error: getErrorMessage(error) });
     }
-  },
+  }
 );
 
 /* Invite a user */
 authRouter.post("/invite-user", inviteUserDtoValidator, async (req, res) => {
   try {
     if (
       !isAuthorizedByRole(
-        new Set([Role.ADMINISTRATOR, Role.ANIMAL_BEHAVIOURIST]),
+        new Set([Role.ADMINISTRATOR, Role.ANIMAL_BEHAVIOURIST])
       )
     ) {
       res
@@ -184,7 +175,7 @@ authRouter.post("/invite-user", inviteUserDtoValidator, async (req, res) => {
     await userService.updateUserById(user.id, invitedUser);
 
     res.status(204).send();
-  } catch (error: unknown) {
+  } catch (error) {
     if (error instanceof NotFoundError) {
       res.status(404).send(getErrorMessage(error));
     } else {

backend/typescript/services/implementations/authService.ts

@@ -38,40 +38,6 @@ class AuthService implements IAuthService {
     }
   }
 
-  /* eslint-disable class-methods-use-this */
-  async generateTokenOAuth(idToken: string): Promise<AuthDTO> {
-    try {
-      const googleUser = await FirebaseRestClient.signInWithGoogleOAuth(
-        idToken,
-      );
-      // googleUser.idToken refers to the Firebase Auth access token for the user
-      const token = {
-        accessToken: googleUser.idToken,
-        refreshToken: googleUser.refreshToken,
-      };
-      // If user already has a login with this email, just return the token
-      try {
-        // Note: an error message will be logged from UserService if this lookup fails.
-        // You may want to silence the logger for this special OAuth user lookup case
-        const user = await this.userService.getUserByEmail(googleUser.email);
-        return { ...token, ...user };
-        /* eslint-disable-next-line no-empty */
-      } catch (error) {}
-
-      const user = await this.userService.createUser({
-        firstName: googleUser.firstName,
-        lastName: googleUser.lastName,
-        email: googleUser.email,
-        role: Role.STAFF,
-      });
-
-      return { ...token, ...user };
-    } catch (error) {
-      Logger.error(`Failed to generate token for user with OAuth ID token`);
-      throw error;
-    }
-  }
-
   async revokeTokens(userId: string): Promise<void> {
     try {
       const authId = await this.userService.getAuthIdById(userId);

backend/typescript/services/interfaces/authService.ts

@@ -11,15 +11,6 @@ interface IAuthService {
    */
   generateToken(email: string, password: string): Promise<AuthDTO>;
 
-  /**
-   * Generate a short-lived JWT access token and a long-lived refresh token
-   * when supplied OAuth ID token
-   * @param idToken user's ID token
-   * @returns AuthDTO object containing the access token, refresh token, and user info
-   * @throws Error if token generation fails
-   */
-  generateTokenOAuth(idToken: string): Promise<AuthDTO>;
-
   /**
    * Revoke all refresh tokens of a user
    * @param userId userId of user whose refresh tokens are to be revoked

backend/typescript/utilities/firebaseRestClient.ts

@@ -9,8 +9,6 @@ const FIREBASE_SIGN_IN_URL =
   "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword";
 const FIREBASE_REFRESH_TOKEN_URL =
   "https://securetoken.googleapis.com/v1/token";
-const FIREBASE_OAUTH_SIGN_IN_URL =
-  "https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp";
 
 type PasswordSignInResponse = {
   idToken: string;
@@ -21,26 +19,6 @@ type PasswordSignInResponse = {
   registered: boolean;
 };
 
-type OAuthSignInResponse = {
-  federatedId: string;
-  providerId: string;
-  localId: string;
-  emailVerified: boolean;
-  email: string;
-  oauthIdToken: string;
-  oauthAccessToken: string;
-  oauthTokenSecret: string;
-  rawUserInfo: string;
-  firstName: string;
-  lastName: string;
-  fullName: string;
-  displayName: string;
-  photoUrl: string;
-  idToken: string;
-  refreshToken: string;
-  expiresIn: string;
-  needConfirmation: boolean;
-};
 
 type RefreshTokenResponse = {
   expires_in: string;
@@ -103,45 +81,6 @@ const FirebaseRestClient = {
     };
   },
 
-  // Docs: https://firebase.google.com/docs/reference/rest/auth/#section-sign-in-with-oauth-credential
-  signInWithGoogleOAuth: async (
-    idToken: string,
-  ): Promise<OAuthSignInResponse> => {
-    const response: Response = await fetch(
-      `${FIREBASE_OAUTH_SIGN_IN_URL}?key=${process.env.FIREBASE_WEB_API_KEY}`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          postBody: `id_token=${idToken}&providerId=google.com`,
-          requestUri: process.env.FIREBASE_REQUEST_URI,
-          returnIdpCredential: true,
-          returnSecureToken: true,
-        }),
-      },
-    );
-
-    const responseJson:
-      | OAuthSignInResponse
-      | RequestError = await response.json();
-
-    if (!response.ok) {
-      const errorMessage = [
-        "Failed to sign-in via Firebase REST API with OAuth, status code =",
-        `${response.status},`,
-        "error message =",
-        (responseJson as RequestError).error.message,
-      ];
-      Logger.error(errorMessage.join(" "));
-
-      throw new Error("Failed to sign-in via Firebase REST API");
-    }
-
-    return responseJson as OAuthSignInResponse;
-  },
-
   // Docs: https://firebase.google.com/docs/reference/rest/auth/#section-refresh-token
   refreshToken: async (refreshToken: string): Promise<Token> => {
     const response: Response = await fetch(