google · google-oss-robot · Oct 29, 2020 · Oct 22, 2020
@@ -23,7 +23,7 @@
   </style>
 </head>
 
-<body class="tab-content">
+<body id="home" class="tab-content">
   {{template "navbar" .}}
 
   <main role="main" class="container">

@@ -7,7 +7,7 @@
   {{template "firebase" .}}
 </head>
 
-<body class="tab-content">
+<body id="login" class="tab-content">
   {{if .currentUser}}
   {{template "navbar" .}}
   {{end}}

@@ -10,7 +10,7 @@
   {{template "firebase" .}}
 </head>
 
-<body class="tab-content">
+<body id="login-register-phone" class="tab-content">
   {{template "navbar" .}}
   <main role="main" class="container">
     {{template "flash" .}}

@@ -14,6 +14,8 @@ require (
 	github.com/Azure/azure-sdk-for-go v46.4.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.8 // indirect
 	github.com/aws/aws-sdk-go v1.35.3 // indirect
+	github.com/chromedp/cdproto v0.0.0-20201009231348-1c6a710e77de
+	github.com/chromedp/chromedp v0.5.3
 	github.com/client9/misspell v0.3.4
 	github.com/containerd/continuity v0.0.0-20200928162600-f2cc35102c2a // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
@@ -22,12 +24,13 @@ require (
 	github.com/gonum/internal v0.0.0-20181124074243-f884aa714029 // indirect
 	github.com/gonum/lapack v0.0.0-20181123203213-e4cdc5a0bff9 // indirect
 	github.com/gonum/matrix v0.0.0-20181209220409-c518dec07be9
-	github.com/google/exposure-notifications-server v0.14.0
+	github.com/google/exposure-notifications-server v0.14.1-0.20201029142042-d22c576d1701
 	github.com/google/go-cmp v0.5.2
 	github.com/gorilla/csrf v1.7.0
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/schema v1.2.0
+	github.com/gorilla/securecookie v1.1.1
 	github.com/gorilla/sessions v1.2.1
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.0

@@ -242,6 +242,13 @@ github.com/chris-ramon/douceur v0.2.0 h1:IDMEdxlEUUBYBKE4z/mJnFyVXox+MjuEVDJNN27
 github.com/chris-ramon/douceur v0.2.0/go.mod h1:wDW5xjJdeoMm1mRt4sD4c/LbF/mWdEpRXQKjTR8nIBE=
 github.com/chrismalek/oktasdk-go v0.0.0-20181212195951-3430665dfaa0 h1:CWU8piLyqoi9qXEUwzOh5KFKGgmSU5ZhktJyYcq6ryQ=
 github.com/chrismalek/oktasdk-go v0.0.0-20181212195951-3430665dfaa0/go.mod h1:5d8DqS60xkj9k3aXfL3+mXBH0DPYO0FQjcKosxl+b/Q=
+github.com/chromedp/cdproto v0.0.0-20200116234248-4da64dd111ac/go.mod h1:PfAWWKJqjlGFYJEidUM6aVIWPr0EpobeyVWEEmplX7g=
+github.com/chromedp/cdproto v0.0.0-20201009231348-1c6a710e77de h1:cuPPanKjAp5XBwrD1RkeN4ILGRSffUhS69LKkFqKtIA=
+github.com/chromedp/cdproto v0.0.0-20201009231348-1c6a710e77de/go.mod h1:zx0YH7hi8sqkYXAa0LZZxpQLDsU8/a2jzbYbK79dQO8=
+github.com/chromedp/chromedp v0.5.3 h1:F9LafxmYpsQhWQBdCs+6Sret1zzeeFyHS5LkRF//Ffg=
+github.com/chromedp/chromedp v0.5.3/go.mod h1:YLdPtndaHQ4rCpSpBG+IPpy9JvX0VD+7aaLxYgYj28w=
+github.com/chromedp/sysutil v0.0.0-20201009230539-dc95e7e83e8a h1:31c/rx2f48S4oFimjMnIJNEutSwrWoASeUiGzPV5joA=
+github.com/chromedp/sysutil v0.0.0-20201009230539-dc95e7e83e8a/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -411,6 +418,12 @@ github.com/go-test/deep v1.0.6/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V
 github.com/go-yaml/yaml v2.1.0+incompatible h1:RYi2hDdss1u4YE7GwixGzWwVo47T8UQwnTLB6vQiq+o=
 github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
 github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
+github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
+github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/gocql/gocql v0.0.0-20190301043612-f6df8288f9b4/go.mod h1:4Fw1eo5iaEhDUs8XyuhSVCVy52Jq3L+/3GJgYkwc+/0=
 github.com/gocql/gocql v0.0.0-20190402132108-0e1d5de854df h1:fwXmhM0OqixzJDOGgTSyNH9eEDij9uGTXwsyWXvyR0A=
 github.com/gocql/gocql v0.0.0-20190402132108-0e1d5de854df/go.mod h1:4Fw1eo5iaEhDUs8XyuhSVCVy52Jq3L+/3GJgYkwc+/0=
@@ -475,8 +488,8 @@ github.com/gonum/matrix v0.0.0-20181209220409-c518dec07be9/go.mod h1:0EXg4mc1CNP
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/exposure-notifications-server v0.14.0 h1:p/wwaKswPvlz4wWLYwWJQ56j3Vm/PznRt06NIPnzC/I=
-github.com/google/exposure-notifications-server v0.14.0/go.mod h1:oyS7traveoREo37z0irHi0zN304YjD9esDZ4eL3Jtqo=
+github.com/google/exposure-notifications-server v0.14.1-0.20201029142042-d22c576d1701 h1:kuyJFaSRGgveKzgH4xwld3j2TZfu8wFHK4uhZmazY1c=
+github.com/google/exposure-notifications-server v0.14.1-0.20201029142042-d22c576d1701/go.mod h1:oyS7traveoREo37z0irHi0zN304YjD9esDZ4eL3Jtqo=
 github.com/google/flatbuffers v1.11.0/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -847,6 +860,7 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
+github.com/knq/sysutil v0.0.0-20191005231841-15668db23d08/go.mod h1:dFWs1zEqDjFtnBXsd1vPOZaLsESovai349994nHx3e0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -874,6 +888,9 @@ github.com/lstoll/awskms v0.0.0-20200603175638-a388516467f1/go.mod h1:HysB/5CMc0
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
+github.com/mailru/easyjson v0.7.1 h1:mdxE1MF9o53iCb2Ghj1VfWvh7ZOwHpnVG/xwXrV90U8=
+github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/markbates/pkger v0.15.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI=
 github.com/martini-contrib/render v0.0.0-20150707142108-ec18f8345a11 h1:YFh+sjyJTMQSYjKwM4dFKhJPJC/wfo98tPUc17HdoYw=
 github.com/martini-contrib/render v0.0.0-20150707142108-ec18f8345a11/go.mod h1:Ah2dBMoxZEqk118as2T4u4fjfXarE0pPnMJaArZQZsI=

@@ -24,7 +24,8 @@ import (
 )
 
 var (
-	ErrSessionMissing = fmt.Errorf("session is missing")
+	ErrSessionMissing     = fmt.Errorf("session is missing")
+	ErrSessionInfoMissing = fmt.Errorf("session info is missing")
 )
 
 // InviteUserEmailFunc sends email with the given inviteLink.
@@ -85,8 +86,9 @@ type Provider interface {
 // SessionInfo is a generic struct used to store session information. Not all
 // providers use all fields.
 type SessionInfo struct {
-	// IDToken is a unique string or ID. It is usually a JWT token.
-	IDToken string
+	// Data is provider-specific information. The schema is determined by the
+	// provider.
+	Data map[string]interface{}
 
 	// TTL is the session duration.
 	TTL time.Duration

@@ -81,8 +81,19 @@ func (f *firebaseAuth) CheckRevoked(ctx context.Context, session *sessions.Sessi
 
 // StoreSession stores information about the session.
 func (f *firebaseAuth) StoreSession(ctx context.Context, session *sessions.Session, i *SessionInfo) error {
+	if i == nil || i.Data == nil {
+		f.ClearSession(ctx, session)
+		return ErrSessionInfoMissing
+	}
+
+	idToken, ok := i.Data["id_token"].(string)
+	if !ok {
+		f.ClearSession(ctx, session)
+		return fmt.Errorf("missing id_token: %w", ErrSessionInfoMissing)
+	}
+
 	// Convert ID token to long-lived cookie
-	cookie, err := f.firebaseAuth.SessionCookie(ctx, i.IDToken, i.TTL)
+	cookie, err := f.firebaseAuth.SessionCookie(ctx, idToken, i.TTL)
 	if err != nil {
 		f.ClearSession(ctx, session)
 		return err
@@ -152,15 +163,6 @@ func (f *firebaseAuth) CreateUser(ctx context.Context, name, email, pass string,
 	return true, nil
 }
 
-// IDToken extracts the users IDtoken from the session.
-func (f *firebaseAuth) IDToken(ctx context.Context, session *sessions.Session) (string, error) {
-	data, err := f.loadCookie(ctx, session)
-	if err != nil {
-		return "", err
-	}
-	return data.IDToken, nil
-}
-
 // EmailAddress extracts the users email from the session.
 func (f *firebaseAuth) EmailAddress(ctx context.Context, session *sessions.Session) (string, error) {
 	data, err := f.loadCookie(ctx, session)
@@ -286,16 +288,15 @@ func (f *firebaseAuth) emailVerificationLink(ctx context.Context, email string)
 	return verify, nil
 }
 
-type cookieData struct {
-	IDToken       string
+type firebaseCookieData struct {
 	Email         string
 	EmailVerified bool
 	MFAEnabled    bool
 }
 
 // dataFromCookie extracts the information from the provided firebase cookie, if
 // it exists.
-func (f *firebaseAuth) dataFromCookie(ctx context.Context, cookie string) (*cookieData, error) {
+func (f *firebaseAuth) dataFromCookie(ctx context.Context, cookie string) (*firebaseCookieData, error) {
 	token, err := f.firebaseAuth.VerifySessionCookie(ctx, cookie)
 	if err != nil {
 		return nil, fmt.Errorf("failed to verify firebase cookie: %w", err)
@@ -305,12 +306,6 @@ func (f *firebaseAuth) dataFromCookie(ctx context.Context, cookie string) (*cook
 		return nil, fmt.Errorf("token claims are empty")
 	}
 
-	// IDToken
-	idToken, ok := token.Claims["user_id"].(string)
-	if !ok {
-		return nil, fmt.Errorf("token claims for id are not a string")
-	}
-
 	// Email
 	email, ok := token.Claims["email"].(string)
 	if !ok {
@@ -330,16 +325,15 @@ func (f *firebaseAuth) dataFromCookie(ctx context.Context, cookie string) (*cook
 	}
 	_, mfaEnabled := firebase["sign_in_second_factor"]
 
-	return &cookieData{
-		IDToken:       idToken,
+	return &firebaseCookieData{
 		Email:         email,
 		EmailVerified: emailVerified,
 		MFAEnabled:    mfaEnabled,
 	}, nil
 }
 
 // loadCookie loads and parses the firebase cookie from the session.
-func (f *firebaseAuth) loadCookie(ctx context.Context, session *sessions.Session) (*cookieData, error) {
+func (f *firebaseAuth) loadCookie(ctx context.Context, session *sessions.Session) (*firebaseCookieData, error) {
 	raw, err := sessionGet(session, sessionKeyFirebaseCookie)
 	if err != nil {
 		f.ClearSession(ctx, session)