New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verification Server integration with cookie/session #307
Changes from all commits
d635c76
2ef08e3
0f5351a
e77dfe5
e7f1193
d9e057b
e2dd127
d1c87b9
2d1ce49
a19d5f3
efbf459
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,10 @@ import * as admin from 'firebase-admin'; | |
import * as functions from 'firebase-functions'; | ||
import * as sgMail from '@sendgrid/mail'; | ||
import { randomBytes } from 'crypto'; | ||
import axios from 'axios'; | ||
import axiosCookieJarSupport from 'axios-cookiejar-support'; | ||
import * as toughCookie from 'tough-cookie'; | ||
import * as queryString from 'query-string'; | ||
|
||
// Initialize firebse admin and get db instance | ||
admin.initializeApp(functions.config().firebase); | ||
|
@@ -440,3 +444,46 @@ export const initiatePasswordRecovery = functions.https.onCall((body) => { | |
}); | ||
}); | ||
}); | ||
|
||
export const getVerificationCode = functions.https.onCall(async () => { | ||
axiosCookieJarSupport(axios); | ||
|
||
const config = functions.config().verif_server; | ||
const url = config.url.slice(-1) === '/' ? config.url : config.url + '/'; | ||
|
||
const cookieJar = new toughCookie.CookieJar(); | ||
const instance = await axios.create({ | ||
jar: cookieJar, | ||
withCredentials: true, | ||
}); | ||
|
||
try { | ||
let response = await instance.post( | ||
'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=' + config.key, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Out of curiosity, where did you find this url? Do others do this non-firebase-client firebase auth login elsewhere (I imagine so)? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I got this from logging in to the Google Verif Server UI and looking at the network requests it made in the browser dev tools. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nice There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. FWIW here is the official documentation for this API endpoint |
||
{ email: config.email, password: config.password, returnSecureToken: true } | ||
); | ||
|
||
const form = { idToken: response.data.idToken }; | ||
|
||
// Get CSRF token | ||
response = await instance.get(url); | ||
|
||
response = await instance.post(url + 'session', queryString.stringify(form), { | ||
headers: { | ||
'Content-Type': 'application/x-www-form-urlencoded', | ||
'X-CSRF-Token': response.headers['x-csrf-token'], | ||
}, | ||
}); | ||
|
||
response = await instance.get(url + 'home/csrf'); | ||
response = await instance.post( | ||
url + 'home/issue', | ||
{ testType: 'confirmed' }, | ||
{ headers: { 'X-CSRF-TOKEN': response.data.csrftoken } } | ||
); | ||
return response.data.code; | ||
} catch (err) { | ||
console.error(err); | ||
throw err; | ||
} | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please apply
eslint
(frontend/.eslintrc.js
) andprettier
(frontend/.prettierrc
) to this file, there are a bunch of formatting discrepancies, several let's that should be const's, etc.