From 5cb053412f219e2d195dfd2cc013366b4c730a1c Mon Sep 17 00:00:00 2001 From: Fabien O'Carroll Date: Tue, 11 Dec 2018 19:45:03 +0700 Subject: [PATCH] Updated member lib/auth service to use origin of site url (#10271) no-issue --- core/server/services/auth/members/index.js | 7 +++++-- core/server/services/members/api.js | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/core/server/services/auth/members/index.js b/core/server/services/auth/members/index.js index 5afcf95d6f04..28702ae120f1 100644 --- a/core/server/services/auth/members/index.js +++ b/core/server/services/auth/members/index.js @@ -1,8 +1,11 @@ +const URL = require('url').URL; const jwt = require('express-jwt'); const membersService = require('../../members'); const labs = require('../../labs'); const config = require('../../../config'); +const siteOrigin = new URL(config.get('url')).origin; + let UNO_MEMBERINO; module.exports = { @@ -16,8 +19,8 @@ module.exports = { UNO_MEMBERINO = jwt({ credentialsRequired: false, requestProperty: 'member', - audience: config.get('url'), - issuer: config.get('url'), + audience: siteOrigin, + issuer: siteOrigin, algorithm: 'RS512', secret: membersService.api.publicKey, getToken(req) { diff --git a/core/server/services/members/api.js b/core/server/services/members/api.js index 1d004010b34a..8c8429d09b86 100644 --- a/core/server/services/members/api.js +++ b/core/server/services/members/api.js @@ -60,8 +60,11 @@ const publicKey = settingsCache.get('members_public_key'); const privateKey = settingsCache.get('members_private_key'); const sessionSecret = settingsCache.get('members_session_secret'); const passwordResetUrl = config.get('url'); -const issuer = config.get('url'); -const ssoOrigin = new URL(config.get('url')).origin; + +const siteOrigin = new URL(config.get('url')).origin; + +const issuer = siteOrigin; +const ssoOrigin = siteOrigin; let mailer; function sendEmail(member, {token}) {