From bf487cf624d0aa8a83cde8bb54b4ea65f0b73c14 Mon Sep 17 00:00:00 2001 From: Thomas Sibley Date: Wed, 7 Apr 2021 13:54:56 -0700 Subject: [PATCH] authn: Explicitly assign a unique id to the Passport strategy Passport implicitly defaults the id to each strategy's .name property, but then requires explicitly specifying those same names later in calls to passport.authenticate(). Make the link more obvious by assigning our own explicit ids, especially given anticipation of additional strategies for API authn. --- authn.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/authn.js b/authn.js index 3929eb45a..d96cb567b 100644 --- a/authn.js +++ b/authn.js @@ -39,8 +39,16 @@ const COGNITO_CLIENT_ID = PRODUCTION ? "rki99ml8g2jb9sm1qcq9oi5n" // prod client limited to nextstrain.org : "6q7cmj0ukti9d9kdkqi2dfvh7o"; // dev client limited to localhost and heroku dev instances +/* Arbitrary ids for the various strategies for Passport. Makes explicit the + * implicit defaults; uses constants instead of string literals for better + * grepping, linting, and less magic; would be an enum if JS had them (or we + * had TypeScript). + */ +const STRATEGY_OAUTH2 = "oauth2"; + function setup(app) { passport.use( + STRATEGY_OAUTH2, new OAuth2Strategy( { authorizationURL: `${COGNITO_BASE_URL}/oauth2/authorize`, @@ -177,12 +185,12 @@ function setup(app) { } next(); }, - passport.authenticate("oauth2") + passport.authenticate(STRATEGY_OAUTH2) ); // Verify IdP response on /logged-in app.route("/logged-in").get( - passport.authenticate("oauth2", { failureRedirect: "/login" }), + passport.authenticate(STRATEGY_OAUTH2, { failureRedirect: "/login" }), (req, res) => { // We can trust this value from the session because we are the only ones // in control of it.