microsoft · mateja176 · Oct 12, 2019 · Oct 12, 2019 · peterblazejewicz · Oct 13, 2019
diff --git a/src/config/passport.ts b/src/config/passport.ts
@@ -2,15 +2,15 @@ import passport from "passport";
 import passportLocal from "passport-local";
 import passportFacebook from "passport-facebook";
 import _ from "lodash";
-
+import { Req } from "../interfaces/req";
 // import { User, UserType } from '../models/User';
 import { User, UserDocument } from "../models/User";
 import { Request, Response, NextFunction } from "express";
 
 const LocalStrategy = passportLocal.Strategy;
 const FacebookStrategy = passportFacebook.Strategy;
 
-passport.serializeUser<any, any>((user, done) => {
+passport.serializeUser<UserDocument, UserDocument["id"]>((user, done) => {
  done(undefined, user.id);
 });
 
@@ -66,15 +66,15 @@ passport.use(new FacebookStrategy({
  callbackURL: "/auth/facebook/callback",
  profileFields: ["name", "email", "link", "locale", "timezone"],
  passReqToCallback: true
-}, (req: any, accessToken, refreshToken, profile, done) => {
+}, (req: Req, accessToken, refreshToken, profile, done) => {
  if (req.user) {
  User.findOne({ facebook: profile.id }, (err, existingUser) => {
  if (err) { return done(err); }
  if (existingUser) {
  req.flash("errors", { msg: "There is already a Facebook account that belongs to you. Sign in with that account or delete it, then link it with your current account." });
  done(err);
  } else {
- User.findById(req.user.id, (err, user: any) => {
+ User.findById(req.user.id, (err, user: UserDocument) => {
  if (err) { return done(err); }
  user.facebook = profile.id;
  user.tokens.push({ kind: "facebook", accessToken });
@@ -100,7 +100,7 @@ passport.use(new FacebookStrategy({
  req.flash("errors", { msg: "There is already an account using this email address. Sign in to that account and link it with Facebook manually from Account Settings." });
  done(err);
  } else {
- const user: any = new User();
+ const user = new User();
  user.email = profile._json.email;
  user.facebook = profile.id;
  user.tokens.push({ kind: "facebook", accessToken });
@@ -130,10 +130,10 @@ export const isAuthenticated = (req: Request, res: Response, next: NextFunction)
 /**
  * Authorization Required middleware.
  */
-export const isAuthorized = (req: Request, res: Response, next: NextFunction) => {
+export const isAuthorized = (req: Req, res: Response, next: NextFunction) => {
  const provider = req.path.split("/").slice(-1)[0];
 
- const user = req.user as UserDocument;
+ const user = req.user;
  if (_.find(user.tokens, { kind: provider })) {
  next();
  } else {

diff --git a/src/controllers/api.ts b/src/controllers/api.ts
@@ -1,8 +1,8 @@
 "use strict";
 
 import graph from "fbgraph";
-import { Response, Request, NextFunction } from "express";
-import { UserDocument } from "../models/User";
+import { NextFunction, Request, Response } from "express";
+import { Req } from "../interfaces/req";
 
 
 /**
@@ -19,9 +19,9 @@ export const getApi = (req: Request, res: Response) => {
  * GET /api/facebook
  * Facebook API example.
  */
-export const getFacebook = (req: Request, res: Response, next: NextFunction) => {
- const user = req.user as UserDocument;
- const token = user.tokens.find((token: any) => token.kind === "facebook");
+export const getFacebook = (req: Req, res: Response, next: NextFunction) => {
+ const user = req.user;
+ const token = user.tokens.find((token) => token.kind === "facebook");
  graph.setAccessToken(token.accessToken);
  graph.get(`${user.facebook}?fields=id,name,email,first_name,last_name,gender,link,locale,timezone`, (err: Error, results: graph.FacebookUser) => {
  if (err) { return next(err); }

diff --git a/src/controllers/user.ts b/src/controllers/user.ts
@@ -8,6 +8,8 @@ import { IVerifyOptions } from "passport-local";
 import { WriteError } from "mongodb";
 import { check, sanitize, validationResult } from "express-validator";
 import "../config/passport";
+import { isKnownProvider } from "../interfaces/providers";
+import { Req } from "../interfaces/req";
 
 /**
  * GET /login
@@ -130,7 +132,7 @@ export const getAccount = (req: Request, res: Response) => {
  * POST /account/profile
  * Update profile information.
  */
-export const postUpdateProfile = (req: Request, res: Response, next: NextFunction) => {
+export const postUpdateProfile = (req: Req, res: Response, next: NextFunction) => {
  check("email", "Please enter a valid email address.").isEmail();
  // eslint-disable-next-line @typescript-eslint/camelcase
  sanitize("email").normalizeEmail({ gmail_remove_dots: false });
@@ -142,7 +144,7 @@ export const postUpdateProfile = (req: Request, res: Response, next: NextFunctio
  return res.redirect("/account");
  }
 
- const user = req.user as UserDocument;
+ const user = req.user;
  User.findById(user.id, (err, user: UserDocument) => {
  if (err) { return next(err); }
  user.email = req.body.email || "";
@@ -168,7 +170,7 @@ export const postUpdateProfile = (req: Request, res: Response, next: NextFunctio
  * POST /account/password
  * Update current password.
  */
-export const postUpdatePassword = (req: Request, res: Response, next: NextFunction) => {
+export const postUpdatePassword = (req: Req, res: Response, next: NextFunction) => {
  check("password", "Password must be at least 4 characters long").isLength({ min: 4 });
  check("confirmPassword", "Passwords do not match").equals(req.body.password);
 
@@ -179,7 +181,7 @@ export const postUpdatePassword = (req: Request, res: Response, next: NextFuncti
  return res.redirect("/account");
  }
 
- const user = req.user as UserDocument;
+ const user = req.user;
  User.findById(user.id, (err, user: UserDocument) => {
  if (err) { return next(err); }
  user.password = req.body.password;
@@ -195,8 +197,8 @@ export const postUpdatePassword = (req: Request, res: Response, next: NextFuncti
  * POST /account/delete
  * Delete user account.
  */
-export const postDeleteAccount = (req: Request, res: Response, next: NextFunction) => {
- const user = req.user as UserDocument;
+export const postDeleteAccount = (req: Req, res: Response, next: NextFunction) => {
+ const user = req.user;
  User.remove({ _id: user.id }, (err) => {
  if (err) { return next(err); }
  req.logout();
@@ -209,10 +211,13 @@ export const postDeleteAccount = (req: Request, res: Response, next: NextFunctio
  * GET /account/unlink/:provider
  * Unlink OAuth provider.
  */
-export const getOauthUnlink = (req: Request, res: Response, next: NextFunction) => {
+export const getOauthUnlink = (req: Req, res: Response, next: NextFunction) => {
  const provider = req.params.provider;
- const user = req.user as UserDocument;
- User.findById(user.id, (err, user: any) => {
+ if (!isKnownProvider(provider)) {
+ return next(`Unrecognized provider '${provider}'`);
+ }
+ const user = req.user;
+ User.findById(user.id, (err, user) => {
  if (err) { return next(err); }
  user[provider] = undefined;
  user.tokens = user.tokens.filter((token: AuthToken) => token.kind !== provider);
@@ -267,7 +272,7 @@ export const postReset = (req: Request, res: Response, next: NextFunction) => {
  User
  .findOne({ passwordResetToken: req.params.token })
  .where("passwordResetExpires").gt(Date.now())
- .exec((err, user: any) => {
+ .exec((err, user) => {
  if (err) { return next(err); }
  if (!user) {
  req.flash("errors", { msg: "Password reset token is invalid or has expired." });
@@ -346,14 +351,14 @@ export const postForgot = (req: Request, res: Response, next: NextFunction) => {
  });
  },
  function setRandomToken(token: AuthToken, done: Function) {
- User.findOne({ email: req.body.email }, (err, user: any) => {
+ User.findOne({ email: req.body.email }, (err, user) => {
  if (err) { return done(err); }
  if (!user) {
  req.flash("errors", { msg: "Account with that email address does not exist." });
  return res.redirect("/forgot");
  }
- user.passwordResetToken = token;
- user.passwordResetExpires = Date.now() + 3600000; // 1 hour
+ user.passwordResetToken = token.toString();
+ user.passwordResetExpires = new Date(Date.now() + 3600000); // 1 hour
  user.save((err: WriteError) => {
  done(err, token, user);
  });

diff --git a/src/interfaces/providers.ts b/src/interfaces/providers.ts
@@ -0,0 +1,5 @@
+export const knownProviders = ["facebook"] as const;
+
+export type KnownProvider = typeof knownProviders[number];
+
+export const isKnownProvider = (provider: string): provider is KnownProvider => (knownProviders as readonly string[]).includes(provider);
diff --git a/src/interfaces/req.ts b/src/interfaces/req.ts
@@ -0,0 +1,6 @@
+import { Request } from "express";
+import { UserDocument } from "../models/User";
+
+export interface Req extends Request {
+ user: UserDocument;
+}