Remove google-oauth passport strategy

2025-10-27 11:18:14 +01:00 · 2023-11-11 11:29:59 -06:00 · 2023-11-11 11:29:59 -06:00 · 1ad6722e6d
commit 1ad6722e6d
parent 557ef2ef79
6 changed files with 25 additions and 162 deletions
--- a/client/assets/app.css
+++ b/client/assets/app.css
@ -259,3 +259,23 @@ Bookshelf Label
 .no-bars .Vue-Toastification__container.top-right {
  padding-top: 8px;
 }
+
+.abs-btn::before {
+  content: '';
+  position: absolute;
+  border-radius: 6px;
+  top: 0;
+  left: 0;
+  width: 100%;
+  height: 100%;
+  background-color: rgba(255, 255, 255, 0);
+  transition: all 0.1s ease-in-out;
+}
+
+.abs-btn:hover:not(:disabled)::before {
+  background-color: rgba(255, 255, 255, 0.1);
+}
+
+.abs-btn:disabled::before {
+  background-color: rgba(0, 0, 0, 0.2);
+}
--- a/client/components/ui/Btn.vue
+++ b/client/components/ui/Btn.vue
@ -1,5 +1,5 @@
 <template>
-  <nuxt-link v-if="to" :to="to" class="btn outline-none rounded-md shadow-md relative border border-gray-600 text-center" :disabled="disabled || loading" :class="classList">
+  <nuxt-link v-if="to" :to="to" class="abs-btn outline-none rounded-md shadow-md relative border border-gray-600 text-center" :disabled="disabled || loading" :class="classList">
    <slot />
    <div v-if="loading" class="text-white absolute top-0 left-0 w-full h-full flex items-center justify-center text-opacity-100">
      <svg class="animate-spin" style="width: 24px; height: 24px" viewBox="0 0 24 24">
@ -7,7 +7,7 @@
      </svg>
    </div>
  </nuxt-link>
-  <button v-else class="btn outline-none rounded-md shadow-md relative border border-gray-600" :disabled="disabled || loading" :type="type" :class="classList" @mousedown.prevent @click="click">
+  <button v-else class="abs-btn outline-none rounded-md shadow-md relative border border-gray-600" :disabled="disabled || loading" :type="type" :class="classList" @mousedown.prevent @click="click">
    <slot />
    <div v-if="loading" class="text-white absolute top-0 left-0 w-full h-full flex items-center justify-center text-opacity-100">
      <svg class="animate-spin" style="width: 24px; height: 24px" viewBox="0 0 24 24">
@ -72,23 +72,3 @@ export default {
  mounted() {}
 }
 </script>
-
-<style scoped>
-.btn::before {
-  content: '';
-  position: absolute;
-  border-radius: 6px;
-  top: 0;
-  left: 0;
-  width: 100%;
-  height: 100%;
-  background-color: rgba(255, 255, 255, 0);
-  transition: all 0.1s ease-in-out;
-}
-.btn:hover:not(:disabled)::before {
-  background-color: rgba(255, 255, 255, 0.1);
-}
-button:disabled::before {
-  background-color: rgba(0, 0, 0, 0.2);
-}
-</style>
--- a/client/pages/login.vue
+++ b/client/pages/login.vue
@ -41,14 +41,11 @@
          </div>
        </form>

-        <div v-if="login_local && (login_google_oauth20 || login_openid)" class="w-full h-px bg-white bg-opacity-10 my-4" />
+        <div v-if="login_local && login_openid" class="w-full h-px bg-white bg-opacity-10 my-4" />

        <div class="w-full flex py-3">
-          <a v-show="login_google_oauth20" :href="googleAuthUri">
-            <ui-btn color="primary" class="leading-none">Login with Google</ui-btn>
-          </a>
-          <a v-show="login_openid" :href="openidAuthUri">
-            <ui-btn color="primary" class="leading-none">{{ openIDButtonText }}</ui-btn>
+          <a v-if="login_openid" :href="openidAuthUri" class="w-full abs-btn outline-none rounded-md shadow-md relative border border-gray-600 text-center bg-primary text-white px-8 py-2 leading-none">
+            {{ openIDButtonText }}
          </a>
        </div>
      </div>
@ -76,7 +73,6 @@ export default {
      ConfigPath: '',
      MetadataPath: '',
      login_local: true,
-      login_google_oauth20: false,
      login_openid: false,
      authFormData: null
    }
@ -112,9 +108,6 @@ export default {
    user() {
      return this.$store.state.user.user
    },
-    googleAuthUri() {
-      return `${process.env.serverUrl}/auth/google?callback=${location.toString()}`
-    },
    openidAuthUri() {
      return `${process.env.serverUrl}/auth/openid?callback=${location.toString()}`
    },
@ -251,12 +244,6 @@ export default {
        this.login_local = false
      }

-      if (authMethods.includes('google-oauth20')) {
-        this.login_google_oauth20 = true
-      } else {
-        this.login_google_oauth20 = false
-      }
-
      if (authMethods.includes('openid')) {
        // Auto redirect unless query string ?autoLaunch=0
        if (this.authFormData?.authOpenIDAutoLaunch && this.$route.query?.autoLaunch !== '0') {
--- a/package-lock.json
+++ b/package-lock.json
@ -19,7 +19,6 @@
        "nodemailer": "^6.9.2",
        "openid-client": "^5.6.1",
        "passport": "^0.6.0",
-        "passport-google-oauth20": "^2.0.0",
        "passport-jwt": "^4.0.1",
        "sequelize": "^6.32.1",
        "socket.io": "^4.5.4",
@ -320,14 +319,6 @@
        "node": "^4.5.0 || >= 5.9"
      }
    },
-    "node_modules/base64url": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz",
-      "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==",
-      "engines": {
-        "node": ">=6.0.0"
-      }
-    },
    "node_modules/binary-extensions": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
@ -1878,11 +1869,6 @@
        "set-blocking": "^2.0.0"
      }
    },
-    "node_modules/oauth": {
-      "version": "0.9.15",
-      "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.9.15.tgz",
-      "integrity": "sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA=="
-    },
    "node_modules/object-assign": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
@ -1996,17 +1982,6 @@
        "url": "https://github.com/sponsors/jaredhanson"
      }
    },
-    "node_modules/passport-google-oauth20": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/passport-google-oauth20/-/passport-google-oauth20-2.0.0.tgz",
-      "integrity": "sha512-KSk6IJ15RoxuGq7D1UKK/8qKhNfzbLeLrG3gkLZ7p4A6DBCcv7xpyQwuXtWdpyR0+E0mwkpjY1VfPOhxQrKzdQ==",
-      "dependencies": {
-        "passport-oauth2": "1.x.x"
-      },
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
    "node_modules/passport-jwt": {
      "version": "4.0.1",
      "resolved": "https://registry.npmjs.org/passport-jwt/-/passport-jwt-4.0.1.tgz",
@ -2016,25 +1991,6 @@
        "passport-strategy": "^1.0.0"
      }
    },
-    "node_modules/passport-oauth2": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/passport-oauth2/-/passport-oauth2-1.7.0.tgz",
-      "integrity": "sha512-j2gf34szdTF2Onw3+76alNnaAExlUmHvkc7cL+cmaS5NzHzDP/BvFHJruueQ9XAeNOdpI+CH+PWid8RA7KCwAQ==",
-      "dependencies": {
-        "base64url": "3.x.x",
-        "oauth": "0.9.x",
-        "passport-strategy": "1.x.x",
-        "uid2": "0.0.x",
-        "utils-merge": "1.x.x"
-      },
-      "engines": {
-        "node": ">= 0.4.0"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/jaredhanson"
-      }
-    },
    "node_modules/passport-strategy": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
@ -2772,11 +2728,6 @@
        "node": ">= 0.8"
      }
    },
-    "node_modules/uid2": {
-      "version": "0.0.4",
-      "resolved": "https://registry.npmjs.org/uid2/-/uid2-0.0.4.tgz",
-      "integrity": "sha512-IevTus0SbGwQzYh3+fRsAMTVVPOoIVufzacXcHPmdlle1jUpq7BRL+mw3dgeLanvGZdwwbWhRV6XrcFNdBmjWA=="
-    },
    "node_modules/undefsafe": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
@ -3175,11 +3126,6 @@
      "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz",
      "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog=="
    },
-    "base64url": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz",
-      "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A=="
-    },
    "binary-extensions": {
      "version": "2.2.0",
      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
@ -4347,11 +4293,6 @@
        "set-blocking": "^2.0.0"
      }
    },
-    "oauth": {
-      "version": "0.9.15",
-      "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.9.15.tgz",
-      "integrity": "sha512-a5ERWK1kh38ExDEfoO6qUHJb32rd7aYmPHuyCu3Fta/cnICvYmgd2uhuKXvPD+PXB+gCEYYEaQdIRAjCOwAKNA=="
-    },
    "object-assign": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
@ -4428,14 +4369,6 @@
        "utils-merge": "^1.0.1"
      }
    },
-    "passport-google-oauth20": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/passport-google-oauth20/-/passport-google-oauth20-2.0.0.tgz",
-      "integrity": "sha512-KSk6IJ15RoxuGq7D1UKK/8qKhNfzbLeLrG3gkLZ7p4A6DBCcv7xpyQwuXtWdpyR0+E0mwkpjY1VfPOhxQrKzdQ==",
-      "requires": {
-        "passport-oauth2": "1.x.x"
-      }
-    },
    "passport-jwt": {
      "version": "4.0.1",
      "resolved": "https://registry.npmjs.org/passport-jwt/-/passport-jwt-4.0.1.tgz",
@ -4445,18 +4378,6 @@
        "passport-strategy": "^1.0.0"
      }
    },
-    "passport-oauth2": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/passport-oauth2/-/passport-oauth2-1.7.0.tgz",
-      "integrity": "sha512-j2gf34szdTF2Onw3+76alNnaAExlUmHvkc7cL+cmaS5NzHzDP/BvFHJruueQ9XAeNOdpI+CH+PWid8RA7KCwAQ==",
-      "requires": {
-        "base64url": "3.x.x",
-        "oauth": "0.9.x",
-        "passport-strategy": "1.x.x",
-        "uid2": "0.0.x",
-        "utils-merge": "1.x.x"
-      }
-    },
    "passport-strategy": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
@ -4984,11 +4905,6 @@
        "random-bytes": "~1.0.0"
      }
    },
-    "uid2": {
-      "version": "0.0.4",
-      "resolved": "https://registry.npmjs.org/uid2/-/uid2-0.0.4.tgz",
-      "integrity": "sha512-IevTus0SbGwQzYh3+fRsAMTVVPOoIVufzacXcHPmdlle1jUpq7BRL+mw3dgeLanvGZdwwbWhRV6XrcFNdBmjWA=="
-    },
    "undefsafe": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
--- a/package.json
+++ b/package.json
@ -41,7 +41,6 @@
    "nodemailer": "^6.9.2",
    "openid-client": "^5.6.1",
    "passport": "^0.6.0",
-    "passport-google-oauth20": "^2.0.0",
    "passport-jwt": "^4.0.1",
    "sequelize": "^6.32.1",
    "socket.io": "^4.5.4",
--- a/server/Auth.js
+++ b/server/Auth.js
@ -5,7 +5,6 @@ const jwt = require('./libs/jsonwebtoken')
 const LocalStrategy = require('./libs/passportLocal')
 const JwtStrategy = require('passport-jwt').Strategy
 const ExtractJwt = require('passport-jwt').ExtractJwt
-const GoogleStrategy = require('passport-google-oauth20').Strategy
 const OpenIDClient = require('openid-client')
 const Database = require('./Database')
 const Logger = require('./Logger')
@ -44,29 +43,6 @@ class Auth {
      this.initAuthStrategyOpenID()
    }

-    // Check if we should load the google-oauth20 strategy
-    if (global.ServerSettings.authActiveAuthMethods.includes("google-oauth20")) {
-      passport.use(new GoogleStrategy({
-        clientID: global.ServerSettings.authGoogleOauth20ClientID,
-        clientSecret: global.ServerSettings.authGoogleOauth20ClientSecret,
-        callbackURL: global.ServerSettings.authGoogleOauth20CallbackURL
-      }, (async function (accessToken, refreshToken, profile, done) {
-        // TODO: do we want to create the users which does not exist?
-
-        // get user by email
-        const user = await Database.userModel.getUserByEmail(profile.emails[0].value.toLowerCase())
-
-        if (!user || !user.isActive) {
-          // deny login
-          done(null, null)
-          return
-        }
-
-        // permit login
-        return done(null, user)
-      }).bind(this)))
-    }
-
    // Load the JwtStrategy (always) -> for bearer token auth 
    passport.use(new JwtStrategy({
      jwtFromRequest: ExtractJwt.fromExtractors([ExtractJwt.fromAuthHeaderAsBearerToken(), ExtractJwt.fromUrlQueryParameter('token')]),
@ -289,21 +265,6 @@ class Auth {
      res.json(await this.getUserLoginResponsePayload(req.user))
    })

-    // google-oauth20 strategy login route (this redirects to the google login)
-    router.get('/auth/google', (req, res, next) => {
-      const auth_func = passport.authenticate('google', { scope: ['email'] })
-      // params (isRest, callback) to a cookie that will be send to the client
-      this.paramsToCookies(req, res)
-      auth_func(req, res, next)
-    })
-
-    // google-oauth20 strategy callback route (this receives the token from google)
-    router.get('/auth/google/callback',
-      passport.authenticate('google'),
-      // on a successfull login: read the cookies and react like the client requested (callback or json)
-      this.handleLoginSuccessBasedOnCookie.bind(this)
-    )
-
    // openid strategy login route (this redirects to the configured openid login provider)
    router.get('/auth/openid', (req, res, next) => {
      try {