539: removed AUTH0_LOGIN_CALLBACK and AUTH0_LOGOUT_CALLBACK env varia…

…bles. using BASE_URL instead

.env.example

@@ -20,8 +20,6 @@ DB_MAX_POOL=10
 DB_USE_SSL=false
 WEBPACK_HOST=localhost
 WEBPACK_PORT=3000
-AUTH0_LOGIN_CALLBACK=http://localhost:3000/login-callback
-AUTH0_LOGOUT_CALLBACK=http://localhost:3000/logout-callback
 AUTH0_DOMAIN=XXXX.auth0.com
 AUTH0_CLIENT_ID=
 AUTH0_CLIENT_SECRET=

.gitignore

@@ -13,3 +13,4 @@ test.sqlite
 *~
 *#
 coverage/
+.idea/

README.md

@@ -35,42 +35,38 @@ Please let us know if you deployed by filling out this form [here](https://act.m
     - Create the spokedev database:  `psql -c "create database spokedev;"`
 7. Create an [Auth0](https://auth0.com) account. In your Auth0 account, go to Settings -> Clients -> and then grab your Client ID, Client Secret, and your Auth0 domain (should look like xxx.auth0.com). Add those inside your `.env` file (AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, AUTH0_DOMAIN respectively).
 8. Run `npm run dev` to create and populate the tables.
-9. Add the login callback and logout callback URL in `.env` (default `http://localhost:3000/login-callback` and `http://localhost:3000/logout-callback`) to your Auth0 app settings under "Allowed Callback URLs" and "Allowed Logout URLs" respectively. (If you get an error when logging in later about "OIDC", go to Advanced Settings section, and then OAuth, and turn off 'OIDC Conformant')
-10. Add the domain name for your app to "Allowed Web Origins" in the Auth0 Settings. It should be the same as the login/logout callback URLs without the callback path. So for localhost it would look like "http://localhost:3000"
-11. Add a new [rule](https://manage.auth0.com/#/rules/create) in Auth0:
+9. In your Auth0 app settings, add `http://localhost:3000/login-callback` , `http://localhost:3000` and `http://localhost:3000/logout-callback` to "Allowed Callback URLs", "Allowed Web Origins" and  "Allowed Logout URLs" respectively. (If you get an error when logging in later about "OIDC", go to Advanced Settings section, and then OAuth, and turn off 'OIDC Conformant')
+10. Add a new [rule](https://manage.auth0.com/#/rules/create) in Auth0:
 ```javascript
 function (user, context, callback) {
 context.idToken["https://spoke/user_metadata"] = user.user_metadata;
 callback(null, user, context);
 }
 ```
-12. Run `npm run dev` to start the app. Wait until you see both "Node app is running ..." and "webpack: Compiled successfully." before attempting to connect. (make sure environment variable `JOBS_SAME_PROCESS=1`)
-13. Go to `http://localhost:3000` to load the app.
-14. As long as you leave `SUPPRESS_SELF_INVITE=` blank and unset in your `.env` you should be able to invite yourself from the homepage.
+11. Run `npm run dev` to start the app. Wait until you see both "Node app is running ..." and "webpack: Compiled successfully." before attempting to connect. (make sure environment variable `JOBS_SAME_PROCESS=1`)
+12. Go to `http://localhost:3000` to load the app.
+13. As long as you leave `SUPPRESS_SELF_INVITE=` blank and unset in your `.env` you should be able to invite yourself from the homepage.
     - If you DO set that variable, then spoke will be invite-only and you'll need to generate an invite. Run:
 ```
 echo "INSERT INTO invite (hash,is_valid) VALUES ('abc', 1);" |sqlite3 mydb.sqlite
 # Note: When doing this with PostgreSQL, you would replace the `1` with `true`
 ```
   - Then use the generated key to visit an invite link, e.g.: http://localhost:3000/invite/abc. This should redirect you to the login screen. Use the "Sign Up" option to create your account.
 
-15. You should then be prompted to create an organization. Create it.
+14. You should then be prompted to create an organization. Create it.
 
 If you want to create an invite via the home page "Login and get started" link, make sure your `SUPPRESS_SELF_INVITE` variable is not set.
 
 ## Running Tests
 
 See https://github.com/MoveOnOrg/Spoke/blob/main/docs/HOWTO-run_tests.md
 
-
 ## Helpful Dev Tips
 * Run `sqlite3 mydb.sqlite` to connect to a SQL shell for the dev database
 * [Set up an ESLint plugin in your code editor so that you catch coding errors and follow code style guidelines more easily!](https://medium.com/planet-arkency/catch-mistakes-before-you-run-you-javascript-code-6e524c36f0c8#.oboqsse48)
 * [Install the redux-devtools-extension](https://github.com/zalmoxisus/redux-devtools-extension) in Chrome to get advanced Redux debugging features.
 * Right now there is a bug in Apollo (https://github.com/apollostack/react-apollo/issues/57) that means in one particular case, errors get swallowed.  If you end up with an app that is silently breaking, console.log(this.props.data) and check the errors property.
 
-
-
 ## Testing Twilio
 
 If you need to use Twilio in development but with live keys, click [here](https://github.com/MoveOnOrg/Spoke/blob/main/docs/HOWTO_INTEGRATE_TWILIO.md) for instructions.

app.json

@@ -13,18 +13,6 @@
       "value": ""
     },
 
-    "AUTH0_LOGIN_CALLBACK": {
-      "description": "auth0 login callback url --> this should be filled with your app name and match your auth0 configuration",
-      "required": true,
-      "value": "https://<changeme>.herokuapp.com/login-callback"
-    },
-
-    "AUTH0_LOGOUT_CALLBACK": {
-      "description": "auth0 logout callback url",
-      "required": true,
-      "value": "https://<changeme>.herokuapp.com/logout-callback"
-    },
-
     "AUTH0_DOMAIN": {
       "description": "auth0 domain attached to auth0 account",
       "required": true,

deploy/lambda-env.json

@@ -20,8 +20,6 @@
   "DB_PASSWORD": "XXXXXXXXXXXXXXXXX",
   "DB_TYPE": "pg",
   "DB_KEY": "",
-  "AUTH0_LOGIN_CALLBACK": "https://spoke.example.com/login-callback",
-  "AUTH0_LOGOUT_CALLBACK": "https://spoke.example.com/logout-callback",
   "AUTH0_DOMAIN": "spokeexamplecomXXXXX.auth0.com",
   "AUTH0_CLIENT_ID": "XXXXXXXXXXXXXXXXXXXXXXXXXXX",
   "AUTH0_CLIENT_SECRET": "XXXXXXXXXXXXXXXXXXXXXXXXX",

deploy/spoke-pm2.config.js.template

@@ -25,12 +25,9 @@ const env_production = {
   JOB_DB_PORT:6379,
   BASE_URL:'https://spoke.example.com',
   PRIVACY_URL:'https://www.example.com/privacy',
-  AUTH0_LOGIN_CALLBACK:'https://example.com:8090/login-callback',
-  AUTH0_LOGOUT_CALLBACK:'http://example.com:8090/logout-callback',
   AUTH0_DOMAIN:'example.auth0.com',
   AUTH0_CLIENT_ID:'',
   AUTH0_CLIENT_SECRET:'',
-  AUTH0_LOGOUT_CALLBACK:'',
   SESSION_SECRET:'',
   NEXMO_API_KEY:'',
   NEXMO_API_SECRET:'',

docs/HOWTO_HEROKU_DEPLOY.md

@@ -24,10 +24,7 @@
 
 - Scroll to `Allowed Logout URLs` section and update it with (your HEROKU_APP_URL):
   - `https://<YOUR_HEROKU_APP_URL>/logout-callback, http://<YOUR_HEROKU_APP_URL>/logout-callback`
-
-- Notice that:
-  - `AUTH0_LOGIN_CALLBACK` in your config variables is the same as `https://<YOUR_HEROKU_APP_URL>/login-callback`
-  - `AUTH0_LOGOUT_CALLBACK` in your config variables is the same as `https://<YOUR_HEROKU_APP_URL>/logout-callback`
+
 - Scroll to `Allowed Origin (CORS)` add:
   - `http://*.<YOUR_HEROKU_APP_URL>.com`, ` https://*.<YOUR_HEROKU_APP_URL>.com`
 - Scroll to `Allowed Web Origins` add:

docs/REFERENCE-environment_variables.md

@@ -3,8 +3,6 @@ Variable                          | Purpose
 APOLLO_OPTICS_KEY                 | A key for Apollo tracer.
 ASSETS_DIR                        | Directory path where front-end packaged JavaScript is saved and loaded. _Required_.
 ASSETS_MAP_FILE                   | File name of map file, within ASSETS_DIR, containing map of general file names to unique build-specific file names.
-AUTH0_LOGIN_CALLBACK              | URL Auth0 service should redirect to after login. Should end with `/login-callback`, e.g. `https://example.org/login-callback` _Required_.
-AUTH0_LOGOUT_CALLBACK             | URL Auth0 service should redirect to after logout. Should end with `/logout-callback`, e.g. `https://example.org/logout-callback`. _Required_.
 AUTH0_DOMAIN                      | Domain name on Auth0 account, should end in `.auth0.com`, e.g. `example.auth0.com`. _Required_.
 AUTH0_CLIENT_ID                   | Client ID from Auth0 app. _Required_.
 AUTH0_CLIENT_SECRET               | Client secret from Auth0 app. _Required_.

src/client/auth-service.js

@@ -3,7 +3,7 @@ import theme from '../styles/theme'
 export function logout() {
   const lock = new window.Auth0Lock(window.AUTH0_CLIENT_ID, window.AUTH0_DOMAIN)
   lock.logout({
-    returnTo: window.AUTH0_LOGOUT_CALLBACK,
+    returnTo: `${window.BASE_URL}/logout-callback`,
     client_id: window.AUTH0_CLIENT_ID
   })
 }
@@ -12,7 +12,7 @@ export function login(nextUrl) {
   const lock = new window.Auth0Lock(window.AUTH0_CLIENT_ID, window.AUTH0_DOMAIN, {
     auth: {
       redirect: true,
-      redirectUrl: window.AUTH0_LOGIN_CALLBACK,
+      redirectUrl: `${window.BASE_URL}/login-callback`,
       responseType: 'code',
       params: {
         state: nextUrl || '/',

src/server/auth-passport.js

@@ -10,7 +10,7 @@ export function setupAuth0Passport() {
     domain: process.env.AUTH0_DOMAIN,
     clientID: process.env.AUTH0_CLIENT_ID,
     clientSecret: process.env.AUTH0_CLIENT_SECRET,
-    callbackURL: process.env.AUTH0_LOGIN_CALLBACK
+    callbackURL: `${process.env.BASE_URL}/login-callback`
   }, (accessToken, refreshToken, extraParams, profile, done) => done(null, profile)
   )
 

src/server/middleware/render-index.js

@@ -63,10 +63,9 @@ export default function renderIndex(html, css, assetMap, store) {
       window.RENDERED_CLASS_NAMES=${JSON.stringify(css.renderedClassNames)}
       window.AUTH0_CLIENT_ID="${process.env.AUTH0_CLIENT_ID}"
       window.AUTH0_DOMAIN="${process.env.AUTH0_DOMAIN}"
-      window.AUTH0_LOGIN_CALLBACK="${process.env.AUTH0_LOGIN_CALLBACK}"
-      window.AUTH0_LOGOUT_CALLBACK="${process.env.AUTH0_LOGOUT_CALLBACK || ''}"
       window.SUPPRESS_SELF_INVITE="${process.env.SUPPRESS_SELF_INVITE || ''}"
       window.PRIVACY_URL="${process.env.PRIVACY_URL || ''}"
+      window.BASE_URL="${process.env.BASE_URL || ''}"
       window.NOT_IN_USA=${process.env.NOT_IN_USA || 0}
       window.ALLOW_SEND_ALL=${process.env.ALLOW_SEND_ALL || 0}
       window.BULK_SEND_CHUNK_SIZE=${process.env.BULK_SEND_CHUNK_SIZE || 0}