2020-04-05 16:39:22 -07:00
|
|
|
import {
|
|
|
|
|
AUTH_APP_CREATED,
|
|
|
|
|
AUTH_LOGGED_IN,
|
|
|
|
|
AUTH_APP_AUTHORIZED,
|
2020-04-11 12:41:13 -07:00
|
|
|
AUTH_LOGGED_OUT,
|
2021-03-23 17:06:55 -07:00
|
|
|
SWITCH_ACCOUNT,
|
2021-03-23 22:05:06 -07:00
|
|
|
VERIFY_CREDENTIALS_SUCCESS,
|
2021-03-24 12:15:36 -07:00
|
|
|
VERIFY_CREDENTIALS_FAIL,
|
2020-04-05 16:39:22 -07:00
|
|
|
} from '../actions/auth';
|
2021-07-09 12:58:49 -07:00
|
|
|
import { ME_FETCH_SKIP } from '../actions/me';
|
2021-07-09 13:54:32 -07:00
|
|
|
import { Map as ImmutableMap, List as ImmutableList, fromJS } from 'immutable';
|
2020-04-05 14:54:51 -07:00
|
|
|
|
2021-03-23 19:52:08 -07:00
|
|
|
const defaultState = ImmutableMap({
|
|
|
|
|
app: ImmutableMap(),
|
2021-03-24 13:01:10 -07:00
|
|
|
users: ImmutableMap(),
|
2021-03-23 22:05:06 -07:00
|
|
|
tokens: ImmutableMap(),
|
2021-03-23 19:52:08 -07:00
|
|
|
me: null,
|
2020-04-05 14:54:51 -07:00
|
|
|
});
|
|
|
|
|
|
2021-07-09 13:54:32 -07:00
|
|
|
const validId = id => typeof id === 'string' && id !== 'null' && id !== 'undefined';
|
|
|
|
|
|
2021-04-10 15:15:52 -07:00
|
|
|
const getSessionUser = () => {
|
|
|
|
|
const id = sessionStorage.getItem('soapbox:auth:me');
|
2021-07-09 13:54:32 -07:00
|
|
|
return validId(id) ? id : undefined;
|
2021-04-10 15:15:52 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const sessionUser = getSessionUser();
|
2021-03-23 19:52:08 -07:00
|
|
|
const localState = fromJS(JSON.parse(localStorage.getItem('soapbox:auth')));
|
2021-03-23 22:05:06 -07:00
|
|
|
|
2021-07-09 13:54:32 -07:00
|
|
|
// Checks if the user has an ID and access token
|
|
|
|
|
const validUser = user => {
|
|
|
|
|
try {
|
|
|
|
|
return validId(user.get('id')) && validId(user.get('access_token'));
|
|
|
|
|
} catch(e) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Finds the first valid user in the state
|
|
|
|
|
const firstValidUser = state => state.get('users', ImmutableMap()).find(validUser);
|
|
|
|
|
|
2021-03-24 12:15:36 -07:00
|
|
|
// If `me` doesn't match an existing user, attempt to shift it.
|
|
|
|
|
const maybeShiftMe = state => {
|
|
|
|
|
const users = state.get('users', ImmutableMap());
|
|
|
|
|
const me = state.get('me');
|
|
|
|
|
|
2021-07-09 13:54:32 -07:00
|
|
|
if (!validUser(users.get(me))) {
|
|
|
|
|
const nextUser = firstValidUser(state);
|
|
|
|
|
return state.set('me', nextUser ? nextUser.get('id') : null);
|
2021-03-24 12:15:36 -07:00
|
|
|
} else {
|
|
|
|
|
return state;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-09 13:54:32 -07:00
|
|
|
// Set the user from the session or localStorage, whichever is valid first
|
|
|
|
|
const setSessionUser = state => state.update('me', null, me => {
|
|
|
|
|
const user = ImmutableList([
|
|
|
|
|
state.getIn(['users', sessionUser]),
|
|
|
|
|
state.getIn(['users', me]),
|
|
|
|
|
]).find(validUser);
|
|
|
|
|
|
|
|
|
|
return user ? user.get('id') : null;
|
|
|
|
|
});
|
2021-03-25 13:15:37 -07:00
|
|
|
|
2021-03-24 14:18:14 -07:00
|
|
|
// Upgrade the initial state
|
|
|
|
|
const migrateLegacy = state => {
|
|
|
|
|
if (localState) return state;
|
|
|
|
|
return state.withMutations(state => {
|
|
|
|
|
const app = fromJS(JSON.parse(localStorage.getItem('soapbox:auth:app')));
|
|
|
|
|
const user = fromJS(JSON.parse(localStorage.getItem('soapbox:auth:user')));
|
2021-03-25 15:12:31 -07:00
|
|
|
if (!user) return;
|
2021-03-24 14:18:14 -07:00
|
|
|
state.set('me', '_legacy'); // Placeholder account ID
|
|
|
|
|
state.set('app', app);
|
|
|
|
|
state.set('tokens', ImmutableMap({
|
|
|
|
|
[user.get('access_token')]: user.set('account', '_legacy'),
|
|
|
|
|
}));
|
|
|
|
|
state.set('users', ImmutableMap({
|
|
|
|
|
'_legacy': ImmutableMap({
|
|
|
|
|
id: '_legacy',
|
|
|
|
|
access_token: user.get('access_token'),
|
|
|
|
|
}),
|
|
|
|
|
}));
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-09 14:24:18 -07:00
|
|
|
// Checks the state and makes it valid
|
|
|
|
|
const sanitizeState = state => {
|
|
|
|
|
return state.withMutations(state => {
|
|
|
|
|
// Remove invalid users, ensure ID match
|
|
|
|
|
state.update('users', ImmutableMap(), users => (
|
|
|
|
|
users.filter((user, id) => (
|
|
|
|
|
validUser(user) && user.get('id') === id
|
|
|
|
|
))
|
|
|
|
|
));
|
|
|
|
|
// Remove mismatched tokens
|
|
|
|
|
state.update('tokens', ImmutableMap(), tokens => (
|
|
|
|
|
tokens.filter((token, id) => (
|
|
|
|
|
validId(id) && token.get('access_token') === id
|
|
|
|
|
))
|
|
|
|
|
));
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-29 21:22:54 -07:00
|
|
|
const persistAuth = state => localStorage.setItem('soapbox:auth', JSON.stringify(state.toJS()));
|
2021-04-10 15:15:52 -07:00
|
|
|
|
|
|
|
|
const persistSession = state => {
|
|
|
|
|
const me = state.get('me');
|
|
|
|
|
if (me && typeof me === 'string') {
|
|
|
|
|
sessionStorage.setItem('soapbox:auth:me', me);
|
|
|
|
|
}
|
|
|
|
|
};
|
2021-03-29 21:22:54 -07:00
|
|
|
|
2021-03-29 18:03:27 -07:00
|
|
|
const persistState = state => {
|
2021-03-29 21:22:54 -07:00
|
|
|
persistAuth(state);
|
|
|
|
|
persistSession(state);
|
2021-03-29 18:03:27 -07:00
|
|
|
};
|
|
|
|
|
|
2021-03-29 17:42:14 -07:00
|
|
|
const initialize = state => {
|
|
|
|
|
return state.withMutations(state => {
|
|
|
|
|
maybeShiftMe(state);
|
|
|
|
|
setSessionUser(state);
|
|
|
|
|
migrateLegacy(state);
|
2021-07-09 14:24:18 -07:00
|
|
|
sanitizeState(state);
|
2021-03-29 18:03:27 -07:00
|
|
|
persistState(state);
|
2021-03-29 17:42:14 -07:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-29 18:03:27 -07:00
|
|
|
const initialState = initialize(defaultState.merge(localState));
|
2021-03-29 17:42:14 -07:00
|
|
|
|
|
|
|
|
const importToken = (state, token) => {
|
|
|
|
|
return state.setIn(['tokens', token.access_token], fromJS(token));
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-24 14:18:14 -07:00
|
|
|
// Upgrade the `_legacy` placeholder ID with a real account
|
|
|
|
|
const upgradeLegacyId = (state, account) => {
|
|
|
|
|
if (localState) return state;
|
|
|
|
|
return state.withMutations(state => {
|
|
|
|
|
state.update('me', null, me => me === '_legacy' ? account.id : me);
|
|
|
|
|
state.deleteIn(['users', '_legacy']);
|
|
|
|
|
});
|
|
|
|
|
// TODO: Delete `soapbox:auth:app` and `soapbox:auth:user` localStorage?
|
|
|
|
|
// By this point it's probably safe, but we'll leave it just in case.
|
|
|
|
|
};
|
|
|
|
|
|
2021-04-13 10:03:46 -07:00
|
|
|
// Returns a predicate function for filtering a mismatched user/token
|
|
|
|
|
const userMismatch = (token, account) => {
|
|
|
|
|
return (user, id) => {
|
|
|
|
|
const sameToken = user.get('access_token') === token;
|
|
|
|
|
const differentId = id !== account.id || user.get('id') !== account.id;
|
|
|
|
|
|
|
|
|
|
return sameToken && differentId;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-29 17:42:14 -07:00
|
|
|
const importCredentials = (state, token, account) => {
|
|
|
|
|
return state.withMutations(state => {
|
|
|
|
|
state.setIn(['users', account.id], ImmutableMap({
|
|
|
|
|
id: account.id,
|
|
|
|
|
access_token: token,
|
|
|
|
|
}));
|
|
|
|
|
state.setIn(['tokens', token, 'account'], account.id);
|
2021-04-13 10:03:46 -07:00
|
|
|
state.update('users', ImmutableMap(), users => users.filterNot(userMismatch(token, account)));
|
2021-03-29 17:42:14 -07:00
|
|
|
state.update('me', null, me => me || account.id);
|
|
|
|
|
upgradeLegacyId(state, account);
|
|
|
|
|
});
|
2021-03-29 11:02:11 -07:00
|
|
|
};
|
|
|
|
|
|
2021-03-29 17:42:14 -07:00
|
|
|
const deleteToken = (state, token) => {
|
2021-03-24 14:18:14 -07:00
|
|
|
return state.withMutations(state => {
|
2021-03-29 17:42:14 -07:00
|
|
|
state.update('tokens', ImmutableMap(), tokens => tokens.delete(token));
|
|
|
|
|
state.update('users', ImmutableMap(), users => users.filterNot(user => user.get('access_token') === token));
|
|
|
|
|
maybeShiftMe(state);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const deleteUser = (state, accountId) => {
|
|
|
|
|
return state.withMutations(state => {
|
|
|
|
|
state.update('users', ImmutableMap(), users => users.delete(accountId));
|
|
|
|
|
state.update('tokens', ImmutableMap(), tokens => tokens.filterNot(token => token.get('account') === accountId));
|
2021-03-24 14:18:14 -07:00
|
|
|
maybeShiftMe(state);
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-23 19:52:08 -07:00
|
|
|
const reducer = (state, action) => {
|
2020-04-05 14:54:51 -07:00
|
|
|
switch(action.type) {
|
|
|
|
|
case AUTH_APP_CREATED:
|
2021-03-23 19:52:08 -07:00
|
|
|
return state.set('app', fromJS(action.app));
|
2020-04-05 16:39:22 -07:00
|
|
|
case AUTH_APP_AUTHORIZED:
|
2021-03-23 19:52:08 -07:00
|
|
|
return state.update('app', ImmutableMap(), app => app.merge(fromJS(action.app)));
|
2020-04-05 14:54:51 -07:00
|
|
|
case AUTH_LOGGED_IN:
|
2021-03-23 22:05:06 -07:00
|
|
|
return importToken(state, action.token);
|
2020-04-11 12:41:13 -07:00
|
|
|
case AUTH_LOGGED_OUT:
|
2021-03-25 13:15:37 -07:00
|
|
|
return deleteUser(state, action.accountId);
|
2021-03-23 22:05:06 -07:00
|
|
|
case VERIFY_CREDENTIALS_SUCCESS:
|
|
|
|
|
return importCredentials(state, action.token, action.account);
|
2021-03-24 12:15:36 -07:00
|
|
|
case VERIFY_CREDENTIALS_FAIL:
|
2021-05-07 19:46:08 -07:00
|
|
|
return action.error.response.status === 403 ? deleteToken(state, action.token) : state;
|
2021-03-23 17:06:55 -07:00
|
|
|
case SWITCH_ACCOUNT:
|
2021-03-23 19:52:08 -07:00
|
|
|
return state.set('me', action.accountId);
|
2021-07-09 12:58:49 -07:00
|
|
|
case ME_FETCH_SKIP:
|
|
|
|
|
return state.set('me', null);
|
2020-04-05 14:54:51 -07:00
|
|
|
default:
|
|
|
|
|
return state;
|
|
|
|
|
}
|
|
|
|
|
};
|
2021-03-23 19:52:08 -07:00
|
|
|
|
2021-03-27 12:37:17 -07:00
|
|
|
const reload = () => location.replace('/');
|
2021-03-24 14:49:24 -07:00
|
|
|
|
2021-03-25 21:03:58 -07:00
|
|
|
// `me` is a user ID string
|
|
|
|
|
const validMe = state => {
|
|
|
|
|
const me = state.get('me');
|
|
|
|
|
return typeof me === 'string' && me !== '_legacy';
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-25 13:59:09 -07:00
|
|
|
// `me` has changed from one valid ID to another
|
|
|
|
|
const userSwitched = (oldState, state) => {
|
|
|
|
|
const stillValid = validMe(oldState) && validMe(state);
|
|
|
|
|
const didChange = oldState.get('me') !== state.get('me');
|
|
|
|
|
|
|
|
|
|
return stillValid && didChange;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const maybeReload = (oldState, state, action) => {
|
|
|
|
|
if (userSwitched(oldState, state)) {
|
|
|
|
|
reload(state);
|
2021-03-24 14:49:24 -07:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-24 12:15:36 -07:00
|
|
|
export default function auth(oldState = initialState, action) {
|
|
|
|
|
const state = reducer(oldState, action);
|
2021-03-24 14:49:24 -07:00
|
|
|
|
2021-03-25 18:32:40 -07:00
|
|
|
if (!state.equals(oldState)) {
|
2021-03-29 21:22:54 -07:00
|
|
|
// Persist the state in localStorage
|
|
|
|
|
persistAuth(state);
|
|
|
|
|
|
2021-03-29 22:45:23 -07:00
|
|
|
// When middle-clicking a profile, we want to save the
|
|
|
|
|
// user in localStorage, but not update the reducer
|
|
|
|
|
if (action.background === true) {
|
2021-03-29 22:35:27 -07:00
|
|
|
return oldState;
|
2021-03-29 21:22:54 -07:00
|
|
|
}
|
2021-03-23 19:52:08 -07:00
|
|
|
|
2021-03-29 22:35:27 -07:00
|
|
|
// Persist the session
|
|
|
|
|
persistSession(state);
|
|
|
|
|
|
2021-03-25 18:32:40 -07:00
|
|
|
// Reload the page under some conditions
|
|
|
|
|
maybeReload(oldState, state, action);
|
|
|
|
|
}
|
2021-03-23 19:52:08 -07:00
|
|
|
|
|
|
|
|
return state;
|
2021-08-03 12:22:51 -07:00
|
|
|
}
|
