auth: add adapter for Facebook accountkit login (#4434)

* Integrate auth adapter for Facebook accountkit login * Also verify Facebook app id associated with account kit login * Add appsecret_proof as extra graph request parameter * Specific error message for Account kit and more test coverage * One more test to cover when AppIds for Facebook account kit not configured properly
2018-02-23 22:37:55 +10:00
parent 55f4b0f7c5
commit 213801c4b1
3 changed files with 144 additions and 2 deletions
--- a/src/Adapters/Auth/facebookaccountkit.js
+++ b/src/Adapters/Auth/facebookaccountkit.js
@@ -0,0 +1,75 @@
+const crypto = require('crypto');
+const https = require('https');
+const Parse  = require('parse/node').Parse;
+
+const graphRequest = (path) => {
+  return new Promise((resolve, reject) => {
+    https.get(`https://graph.accountkit.com/v1.1/${path}`, (res) => {
+      var data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        try {
+          data = JSON.parse(data);
+          if (data.error) {
+            // when something wrong with fb graph request (token corrupted etc.)
+            // instead of network issue
+            reject(data.error);
+          } else {
+            resolve(data);
+          }
+        } catch (e) {
+          reject(e);
+        }
+      });
+    }).on('error', function () {
+      reject('Failed to validate this access token with Facebook Account Kit.');
+    });
+  });
+};
+
+function getRequestPath(authData, options) {
+  const access_token = authData.access_token, appSecret = options && options.appSecret;
+  if (appSecret) {
+    const appsecret_proof = crypto.createHmac("sha256", appSecret).update(access_token).digest('hex');
+    return `me?access_token=${access_token}&appsecret_proof=${appsecret_proof}`
+  }
+  return `me?access_token=${access_token}`;
+}
+
+function validateAppId(appIds, authData, options) {
+  if (!appIds.length) {
+    return Promise.reject(
+      new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Facebook app id for Account Kit is not configured.')
+    )
+  }
+  return graphRequest(getRequestPath(authData, options))
+    .then(data => {
+      if (data && data.application && appIds.indexOf(data.application.id) != -1) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Facebook app id for Account Kit is invalid for this user.');
+    })
+}
+
+function validateAuthData(authData, options) {
+  return graphRequest(getRequestPath(authData, options))
+    .then(data => {
+      if (data && data.id == authData.id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Facebook Account Kit auth is invalid for this user.');
+    })
+}
+
+module.exports = {
+  validateAppId,
+  validateAuthData
+};
--- a/src/Adapters/Auth/index.js
+++ b/src/Adapters/Auth/index.js
@@ -1,6 +1,7 @@
 import loadAdapter from '../AdapterLoader';

 const facebook = require('./facebook');
+const facebookaccountkit = require('./facebookaccountkit');
 const instagram = require("./instagram");
 const linkedin = require("./linkedin");
 const meetup = require("./meetup");
@@ -27,6 +28,7 @@ const anonymous = {

 const providers = {
  facebook,
+  facebookaccountkit,
  instagram,
  linkedin,
  meetup,
@@ -43,7 +45,6 @@ const providers = {
  wechat,
  weibo
 }
-
 function authDataValidator(adapter, appIds, options) {
  return function(authData) {
    return adapter.validateAuthData(authData, options).then(() => {