Purge Facebook (#13696)

* Don't sign in user when trying to connect a social account that was already created * Log social users into matching local auth accounts If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account * If possible set local authentication email for social users * Allow password reset emails to be sent to social login users * lint fixes * Fix issues and tests * fix tests * Fix lint error. * purge Facebook. Only keep it in some select places to allow for some compatablilty. * Fix error * fix error * Let settings handle it when you don't have a password set but an email * fix error * Fix boolean logic * fix json conversion * . * fix password reset for old social accounts * Don't sign in user when trying to connect a social account that was already created * Log social users into matching local auth accounts If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account * If possible set local authentication email for social users * Allow password reset emails to be sent to social login users * lint fixes * Fix issues and tests * fix tests * Fix lint error. * purge Facebook. Only keep it in some select places to allow for some compatablilty. * Fix error * fix error * Let settings handle it when you don't have a password set but an email * fix error * Fix boolean logic * fix json conversion * fix password reset for old social accounts * Revert "lint fixes" This reverts commit c244b1651c. # Conflicts: # website/client/src/components/auth/registerLoginReset.vue # website/client/src/components/static/contact.vue * Revert "fix password reset for old social accounts" This reverts commit 7e0069a80f. * fix duplicate code * chore(misc): remove irrelevant changes * chore(privacy): update policy page with note about FB Co-authored-by: SabreCat <sabe@habitica.com>
2025-12-15 05:37:22 +01:00 · 2022-09-16 01:22:52 +02:00
parent 10f5011781
commit 24841346dc
15 changed files with 29 additions and 324 deletions
--- a/test/api/v3/integration/user/auth/POST-user_auth_social.test.js
+++ b/test/api/v3/integration/user/auth/POST-user_auth_social.test.js
@@ -12,7 +12,6 @@ describe('POST /user/auth/social', () => {
  let user;
  const endpoint = '/user/auth/social';
  let randomAccessToken = '123456';
-  let randomFacebookId = 'facebookId';
  let randomGoogleId = 'googleId';
  let network = 'NoNetwork';

@@ -33,146 +32,6 @@ describe('POST /user/auth/social', () => {
    });
  });

-  describe('facebook', () => {
-    beforeEach(async () => {
-      randomFacebookId = generateUUID();
-      const expectedResult = {
-        id: randomFacebookId,
-        displayName: 'a facebook user',
-        emails: [
-          { value: `${user.auth.local.username}+facebook@example.com` },
-        ],
-      };
-      sandbox.stub(passport._strategies.facebook, 'userProfile').yields(null, expectedResult);
-      network = 'facebook';
-    });
-
-    afterEach(async () => {
-      passport._strategies.facebook.userProfile.restore();
-    });
-
-    it('registers a new user', async () => {
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      expect(response.apiToken).to.exist;
-      expect(response.id).to.exist;
-      expect(response.newUser).to.be.true;
-      expect(response.username).to.exist;
-
-      await expect(getProperty('users', response.id, 'profile.name')).to.eventually.equal('a facebook user');
-      await expect(getProperty('users', response.id, 'auth.local.lowerCaseUsername')).to.exist;
-      await expect(getProperty('users', response.id, 'auth.local.email')).to.eventually.equal(`${user.auth.local.username}+facebook@example.com`);
-      await expect(getProperty('users', response.id, 'auth.facebook.id')).to.eventually.equal(randomFacebookId);
-    });
-
-    it('logs an existing user in', async () => {
-      const registerResponse = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      expect(response.apiToken).to.eql(registerResponse.apiToken);
-      expect(response.id).to.eql(registerResponse.id);
-      expect(response.newUser).to.be.false;
-      expect(registerResponse.newUser).to.be.true;
-    });
-
-    it('logs an existing user in if they have local auth with matching email', async () => {
-      passport._strategies.facebook.userProfile.restore();
-      const expectedResult = {
-        id: randomFacebookId,
-        displayName: 'a facebook user',
-        emails: [
-          { value: user.auth.local.email },
-        ],
-      };
-      sandbox.stub(passport._strategies.facebook, 'userProfile').yields(null, expectedResult);
-
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      expect(response.apiToken).to.eql(user.apiToken);
-      expect(response.id).to.eql(user._id);
-      expect(response.newUser).to.be.false;
-    });
-
-    it('logs an existing user into their social account if they have local auth with matching email', async () => {
-      const registerResponse = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-      expect(registerResponse.newUser).to.be.true;
-      // This is important for existing accounts before the new social handling
-      passport._strategies.facebook.userProfile.restore();
-      const expectedResult = {
-        id: randomFacebookId,
-        displayName: 'a facebook user',
-        emails: [
-          { value: user.auth.local.email },
-        ],
-      };
-      sandbox.stub(passport._strategies.facebook, 'userProfile').yields(null, expectedResult);
-
-      const response = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      expect(response.apiToken).to.eql(registerResponse.apiToken);
-      expect(response.id).to.eql(registerResponse.id);
-      expect(response.apiToken).not.to.eql(user.apiToken);
-      expect(response.id).not.to.eql(user._id);
-      expect(response.newUser).to.be.false;
-    });
-
-    it('add social auth to an existing user', async () => {
-      const response = await user.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      expect(response.apiToken).to.eql(user.apiToken);
-      expect(response.id).to.eql(user._id);
-      expect(response.newUser).to.be.false;
-    });
-
-    it('does not log into other account if social auth already exists', async () => {
-      const registerResponse = await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-      expect(registerResponse.newUser).to.be.true;
-
-      await expect(user.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      })).to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('socialAlreadyExists'),
-      });
-    });
-
-    xit('enrolls a new user in an A/B test', async () => {
-      await api.post(endpoint, {
-        authResponse: { access_token: randomAccessToken }, // eslint-disable-line camelcase
-        network,
-      });
-
-      await expect(getProperty('users', user._id, '_ABtests')).to.eventually.be.a('object');
-    });
-  });
-
  describe('google', () => {
    beforeEach(async () => {
      randomGoogleId = generateUUID();