Getting landing page for email verification working

Author: Lan2u

src/authentication/create-signed-token.ts

@@ -1,15 +1,13 @@
 import {pipe} from 'fp-ts/lib/function';
 import * as E from 'fp-ts/Either';
 import * as t from 'io-ts';
-import {failure} from '../../types';
 import {Strategy as CustomStrategy} from 'passport-custom';
-import jwt from 'jsonwebtoken';
 import {Config} from '../../configuration';
 import {Dependencies} from '../../dependencies';
 import {User} from '../../types/user';
 import {logPassThru} from '../../util';
 import {Logger} from 'pino';
-import {createSignedToken} from '../create-signed-token';
+import {createSignedToken, verifyToken} from '../signed-token';
 
 const createMagicLink = (conf: Config) => (user: User) =>
   pipe(
@@ -22,12 +20,6 @@ const MagicLinkQuery = t.strict({
   token: t.string,
 });
 
-const verifyToken = (token: string, secret: Config['TOKEN_SECRET']) =>
-  E.tryCatch(
-    () => jwt.verify(token, secret),
-    failure('Could not verify token')
-  );
-
 const decodeMagicLinkFromQuery =
   (logger: Logger, conf: Config) => (input: unknown) =>
     pipe(

src/authentication/login/magic-link.ts

@@ -0,0 +1,15 @@
+import jwt from 'jsonwebtoken';
+import * as E from 'fp-ts/Either';
+import {Config} from '../configuration';
+import { failure } from '../types/failure';
+
+export const createSignedToken =
+  (conf: Config) =>
+  (payload: object): string =>
+    jwt.sign(payload, conf.TOKEN_SECRET, {expiresIn: '10m'});
+
+export const verifyToken = (token: string, secret: Config['TOKEN_SECRET']) =>
+  E.tryCatch(
+    () => jwt.verify(token, secret),
+    failure('Could not verify token')
+  );

src/authentication/signed-token.ts

@@ -4,7 +4,9 @@ import * as t from 'io-ts';
 import {Config} from '../../configuration';
 import {EmailAddressCodec} from '../../types';
 import {Logger} from 'pino';
-import { createSignedToken } from '../create-signed-token';
+import { createSignedToken, verifyToken } from '../signed-token';
+import {Request} from 'express'; 
+import { logPassThru } from '../../util';
 
 const VerifyEmailTokenPayload = t.strict({
   memberNumber: t.number,
@@ -13,24 +15,27 @@ const VerifyEmailTokenPayload = t.strict({
 
 type VerifyEmailTokenPayload = t.TypeOf<typeof VerifyEmailTokenPayload>;
 
-const createEmailVerificationLink =
+export const createEmailVerificationLink =
   (conf: Config) => (payload: VerifyEmailTokenPayload) =>
     pipe(
       VerifyEmailTokenPayload.encode(payload),
       createSignedToken(conf),
       token => `${conf.PUBLIC_URL}/auth/verify-email/landing?token=${token}`
     );
 
-const decodeEmailVerificationFromQuery =
-  (logger: Logger, conf: Config) => (input: unknown) =>
+const EmailVerificationQuery = t.strict({
+  token: t.string,
+});
+
+export const decodeEmailVerificationLink =
+  (logger: Logger, conf: Config) => (req: Request) =>
+    // We don't use passport because there is currently only 1 way to encode/decode an email verification link
+    // so there is no value in adding further abstraction behind passport.
     pipe(
-      input,
-      decodeTokenFromQuery(logger, conf),
+      req.query,
+      logPassThru(logger, 'Attempting to decode email verification link from query'), // Logging is required as a basic form of auth enumeration detection.
+      EmailVerificationQuery.decode,
+      E.chainW(({token}) => verifyToken(token, conf.TOKEN_SECRET)),
       E.chainW(VerifyEmailTokenPayload.decode)
     );
 
-export const emailVerificationLink = {
-  create: createEmailVerificationLink,
-  decodeFromQuery: decodeEmailVerificationFromQuery,
-};
-

src/authentication/verify-email/email-verification-link.ts

@@ -1,5 +1,5 @@
 import {Request, Response} from 'express';
-import {isolatedPageTemplate} from '../../templates';
+import {isolatedPageTemplate, oopsPage} from '../../templates';
 import {StatusCodes} from 'http-status-codes';
 import {
   html,
@@ -9,29 +9,44 @@ import {
 } from '../../types/html';
 import { Dependencies } from '../../dependencies';
 import { Config } from '../../configuration';
+import { decodeEmailVerificationLink } from './email-verification-link';
+import { pipe } from 'fp-ts/lib/function';
+import * as E from 'fp-ts/Either';
+import { verifyEmail } from '../../commands/members/verify-email';
+
+const invalidLink = () => oopsPage(
+  html`The link you have used is (no longer) valid. Go back to your
+    <a href=/me>homepage</a>.`
+);
 
 export const landing = 
     (deps: Dependencies, conf: Config) =>
     (req: Request, res: Response<CompleteHtmlDocument>) => {
-        req.query
-
+      pipe(
+        req,
+        decodeEmailVerificationLink(deps.logger, conf),
+        E.match(
+          error => {
+            deps.logger.error(
+              {error},
+              'Failed to decode verification link'
+            );
+            return invalidLink()
+          },
+          decoded => {
+            verifyEmail.process({
+              command: {
+                
+              }
+            })
+          }
+        )
+      );
 
-  const index = req.originalUrl.indexOf('?');
-  const suffix = index === -1 ? '' : req.originalUrl.slice(index);
-  const url = '/auth/callback' + suffix;
-  res.status(StatusCodes.OK).send(
-    isolatedPageTemplate(sanitizeString('Redirecting...'))(html`
-      <!doctype html>
-      <html>
-        <head>
-          <meta http-equiv="refresh" content="0; url='${safe(url)}'" />
-        </head>
-        <body></body>
-      </html>
-    `)
-  );
 };
 
+// TODO - Combine these.
+
 export const verifyEmailCallback =
   (deps: Dependencies, conf: Config, invalidLinkPath: string): RequestHandler =>
   (req, res) => {

src/authentication/verify-email/invalid-link.ts

@@ -3,17 +3,14 @@ import {Config} from '../../configuration';
 import {Safe, safe} from '../../types/html';
 import {Route, get} from '../../types/route';
 import {landing } from './landing-page';
-import { invalidLink } from './invalid-link';
 
 export const logInPath: Safe = safe('/log-in');
-const invalidVerificationLinkPath = '/auth/invalid-email-verification-link';
 
 export const routes = (
   deps: Dependencies,
   conf: Config
 ): ReadonlyArray<Route> => {
   return [
     get('/auth/verify-email/landing', landing(deps, conf)),
-    get(invalidVerificationLinkPath, invalidLink),
   ];
 };

src/authentication/verify-email/landing-page.ts

@@ -53,7 +53,6 @@ export const sendEmailVerification = (
 ) => (memberNumber: number, emailAddress: EmailAddress): TE.TaskEither<Failure, string> => {
   const email = toEmail(emailAddress)(
     emailVerificationLink.create(conf)({
-      purpose: 'verify-email',
       memberNumber,
       emailAddress,
     })