Skip to content

Commit

Permalink
Make Magic Login case insensitive
Browse files Browse the repository at this point in the history 
Fixes #88
  • Loading branch information
@david-loe
david-loe committed Sep 7, 2024
1 parent 2190721 commit de8af5b
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 4 deletions.
5 changes: 3 additions & 2 deletions backend/authStrategies/magiclogin.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { default as MagicLoginStrategy } from 'passport-magic-login'
import { escapeRegExp } from '../../common/scripts.js'
import { NotAllowedError } from '../controller/error.js'
import i18n from '../i18n.js'
import { sendMail } from '../mail/mail.js'
Expand All @@ -8,7 +9,7 @@ const magicLogin = new MagicLoginStrategy.default({
secret: process.env.MAGIC_LOGIN_SECRET,
callbackUrl: process.env.VITE_BACKEND_URL + '/auth/magiclogin/callback',
sendMagicLink: async (destination, href) => {
var user = await User.findOne({ 'fk.magiclogin': destination }).lean()
var user = await User.findOne({ 'fk.magiclogin': { $regex: new RegExp('^' + escapeRegExp(destination) + '$', 'i') } }).lean()
if (user) {
sendMail(
[user],
Expand All @@ -22,7 +23,7 @@ const magicLogin = new MagicLoginStrategy.default({
}
},
verify: async function (payload, callback) {
var user = await User.findOne({ 'fk.magiclogin': payload.destination }).lean()
var user = await User.findOne({ 'fk.magiclogin': { $regex: new RegExp('^' + escapeRegExp(payload.destination) + '$', 'i') } }).lean()
if (user) {
callback(null, user, { redirect: payload.redirect })
} else {
Expand Down
4 changes: 2 additions & 2 deletions backend/controller/authController.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { Request as ExRequest, Response as ExResponse, NextFunction } from 'express'
import passport from 'passport'
import { Body, Controller, Delete, Get, Middlewares, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags } from 'tsoa'
import { Base64 } from '../../common/scripts.js'
import { Base64, escapeRegExp } from '../../common/scripts.js'
import magiclogin from '../authStrategies/magiclogin.js'
import User from '../models/user.js'
import { NotAllowedError, NotImplementedError } from './error.js'
Expand Down Expand Up @@ -29,7 +29,7 @@ const microsoftCallbackHandler = useMicrosoft ? passport.authenticate('microsoft

const magicloginHandler = useMagicLogin
? async (req: ExRequest, res: ExResponse, next: NextFunction) => {
var user = await User.findOne({ 'fk.magiclogin': req.body.destination })
var user = await User.findOne({ 'fk.magiclogin': { $regex: new RegExp('^' + escapeRegExp(req.body.destination) + '$', 'i') } })
if (user && (await user.isActive())) {
magiclogin.send(req, res)
} else {
Expand Down
4 changes: 4 additions & 0 deletions common/scripts.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -485,3 +485,7 @@ export function download(file: File) {
document.body.removeChild(link)
window.URL.revokeObjectURL(url)
}

export function escapeRegExp(str: string) {
return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') // $& means the whole matched string
}

0 comments on commit de8af5b

Please sign in to comment.