[next] Auth (coralproject#2257)

* feat: improved auth features + performance

* fix: auth check logic

* fix: tests

.dockerignore

@@ -1,30 +1,30 @@
-# excluded because we'll likely need to rebuild this.
-node_modules
-
-# static assets are rebuild in the docker container.
-dist
-
 # tests are not run in the docker container.
 __tests__
+coverage
 
 # we won't use the .git folder in production.
 .git
 
-# hide the environment config.
-.env
+# don't include the dependancies
+node_modules
 
-# don't include logs.
+# don't include any logs
 npm-debug.log*
+
+# don't include any yarn files
 yarn-error.log
+yarn.lock
 
-# hide OS specific files.
+# don't include any OS/editor files
+.env
 .idea/
 .vs
 .docz
 *.swp
 *.DS_STORE
 
-# hide generated files.
+# don't include any generated files
+dist
 *.css.d.ts
 __generated__
-
+README.md.orig

.gitignore

@@ -1,17 +1,23 @@
+# don't include the dependancies
 node_modules
-dist
-.env
+
+# don't include any logs
 npm-debug.log*
+
+# don't include any yarn files
 yarn-error.log
 yarn.lock
-coverage
 
+# don't include any OS/editor files
+.env
 .idea/
 .vs
 .docz
 *.swp
 *.DS_STORE
 
+# don't include any generated files
+dist
 *.css.d.ts
 __generated__
 README.md.orig

src/core/client/admin/containers/AuthCheckContainer.tsx

@@ -52,10 +52,7 @@ class AuthCheckContainer extends React.Component<Props> {
   }
 
   private hasAccess(props: Props = this.props) {
-    const {
-      viewer,
-      settings: { auth },
-    } = props.data!;
+    const { viewer } = props.data!;
     if (viewer) {
       if (
         viewer.role === GQLUSER_ROLE.COMMENTER ||
@@ -66,15 +63,6 @@ class AuthCheckContainer extends React.Component<Props> {
           !can(viewer, props.data.route.data))
       ) {
         return false;
-      } else if (
-        !viewer.email ||
-        !viewer.username ||
-        (!viewer.profiles.some(p => p.__typename === "LocalProfile") &&
-          auth.integrations.local.enabled &&
-          (auth.integrations.local.targetFilter.admin ||
-            auth.integrations.local.targetFilter.stream))
-      ) {
-        return false;
       }
       return true;
     }

src/core/client/admin/test/auth/restricted.spec.tsx

@@ -59,21 +59,6 @@ it("show restricted screen for commenters and staff", async () => {
   }
 });
 
-it("show restricted screen when email is not set", async () => {
-  const { testRenderer } = createTestRenderer({ email: "" });
-  await waitForElement(() => within(testRenderer.root).getByTestID("authBox"));
-});
-
-it("show restricted screen when username is not set", async () => {
-  const { testRenderer } = createTestRenderer({ username: "" });
-  await waitForElement(() => within(testRenderer.root).getByTestID("authBox"));
-});
-
-it("show restricted screen local was not set (password)", async () => {
-  const { testRenderer } = createTestRenderer({ profiles: [] });
-  await waitForElement(() => within(testRenderer.root).getByTestID("authBox"));
-});
-
 it("sign out when clicking on sign in as", async () => {
   const { context, testRenderer } = createTestRenderer({
     role: GQLUSER_ROLE.COMMENTER,

src/core/client/ui/components/CallOut/CallOut.css

@@ -8,6 +8,7 @@
   box-sizing: border-box;
   border-width: 1px;
   border-style: solid;
+  word-break: break-word;
 }
 
 .colorRegular {

src/core/server/app/handlers/api/auth/local.ts

@@ -9,7 +9,7 @@ import {
 import { validate } from "talk-server/app/request/body";
 import { GQLUSER_ROLE } from "talk-server/graph/tenant/schema/__generated__/types";
 import { LocalProfile } from "talk-server/models/user";
-import { upsert } from "talk-server/services/users";
+import { insert } from "talk-server/services/users";
 import { Request } from "talk-server/types/express";
 
 export interface SignupBody {
@@ -65,7 +65,7 @@ export const signupHandler = ({
     };
 
     // Create the new user.
-    const user = await upsert(mongo, tenant, {
+    const user = await insert(mongo, tenant, {
       email,
       username,
       profiles: [profile],

src/core/server/app/handlers/api/install.ts

@@ -10,14 +10,14 @@ import { TenantInstalledAlreadyError } from "talk-server/errors";
 import { GQLUSER_ROLE } from "talk-server/graph/tenant/schema/__generated__/types";
 import { LocalProfile } from "talk-server/models/user";
 import { install, InstallTenant } from "talk-server/services/tenant";
-import { upsert, UpsertUser } from "talk-server/services/users";
+import { insert, InsertUser } from "talk-server/services/users";
 import { RequestHandler } from "talk-server/types/express";
 
 export interface TenantInstallBody {
   tenant: Omit<InstallTenant, "domain" | "locale"> & {
     locale: LanguageCode | null;
   };
-  user: Required<Pick<UpsertUser, "username" | "email"> & { password: string }>;
+  user: Required<Pick<InsertUser, "username" | "email"> & { password: string }>;
 }
 
 const TenantInstallBodySchema = Joi.object().keys({
@@ -113,7 +113,7 @@ export const installHandler = ({
     };
 
     // Create the first admin user.
-    await upsert(mongo, tenant, {
+    await insert(mongo, tenant, {
       email,
       username,
       profiles: [profile],

src/core/server/app/middleware/passport/strategies/facebook.ts

@@ -14,7 +14,7 @@ import {
   FacebookProfile,
   retrieveUserWithProfile,
 } from "talk-server/models/user";
-import { upsert } from "talk-server/services/users";
+import { insert } from "talk-server/services/users";
 
 export type FacebookStrategyOptions = OAuth2StrategyOptions;
 
@@ -71,7 +71,7 @@ export default class FacebookStrategy extends OAuth2Strategy<
         emailVerified = false;
       }
 
-      user = await upsert(this.mongo, tenant, {
+      user = await insert(this.mongo, tenant, {
         username: displayName,
         role: GQLUSER_ROLE.COMMENTER,
         email,

src/core/server/app/middleware/passport/strategies/google.ts

@@ -14,7 +14,7 @@ import {
   GoogleProfile,
   retrieveUserWithProfile,
 } from "talk-server/models/user";
-import { upsert } from "talk-server/services/users";
+import { insert } from "talk-server/services/users";
 
 export type GoogleStrategyOptions = OAuth2StrategyOptions;
 
@@ -70,7 +70,7 @@ export default class GoogleStrategy extends OAuth2Strategy<
         emailVerified = false;
       }
 
-      user = await upsert(this.mongo, tenant, {
+      user = await insert(this.mongo, tenant, {
         username: displayName,
         role: GQLUSER_ROLE.COMMENTER,
         email,