fix: add session strategy

examples/access-control-migration/src/controllers/user.controller.ts

@@ -7,7 +7,7 @@
 
 import {TokenService, UserService} from '@loopback/authentication';
 import {inject} from '@loopback/context';
-import {post, requestBody, Response} from '@loopback/rest';
+import {post, requestBody} from '@loopback/rest';
 import {
   Credentials,
   TokenServiceBindings,

examples/passport-oauth2-login/cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlACCQDSmMwp5CM+CzANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQswCQYDVQQKDAJMQjEMMAoGA1UE
+CwwDTEI0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHjAcBgkqhkiG9w0BCQEWD2xiNEBl
+eGFtcGxlLmNvbTAeFw0xODA2MjgxNDMwNTdaFw0xOTA2MjgxNDMwNTdaMHYxCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxCzAJBgNVBAoMAkxC
+MQwwCgYDVQQLDANMQjQxEjAQBgNVBAMMCWxvY2FsaG9zdDEeMBwGCSqGSIb3DQEJ
+ARYPbGI0QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA3mV25nB7LprWwnw2esZbzuS9vG68Eqcjiu9K0ZO9Ym8al70Wz1Q7ytqfuP4c
+DEjEAngvbkrT3W1ZaXUOQz5vxAa5OaLpB7moOZ3cldVyDTwlExBvFrXB5Qqrh/7Y
+c7OVvtb3Dah1wzvRHEt8I0EXPnojjae2uxmTu3ThZqACcpZS5SQC3hA3VOmcRpMS
+xKd8tvbbYYb37aaldOJkxcKge0C5adpOB8MsDvWZagBDCWaN41Wc/mER71Q1UMrz
+BrGB0Let4IibvUcW5nlUlfzu9qjY6ZXdb4cTDA7q6xTHmaIwhLklsI/K2Mda1YC5
+aIu558Kxaq1e3RWb0Hl/RpEQSQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCSdHKL
+juogGyAvUH0cAOahhvuUOnfpjcOWscRa1VLpI8lR9hWX5CLt3IIqT3gVFTl8bQbq
+joOfUB+ArusERMtay8l/dI83l6BxOkjhz8IcKT89W5emsHPDk6l0DAMmcrZAgMM5
+Ow9Rt3M5dEJ7tY3xWS9WpM3WCSpou+4AZt9PLE/sCqSjkDCO0/+ao1Pr9HORP40n
+NOPjSqMjlesUVlfJQTi0Rscal3BQG4+2cNG+p8KzR6KLEJruORuHzRqLWh3jkUKU
+snB9FTDkj9kSq287SidEcF2tfi2X6ptAoxv/jdFx6unZ1q3wI0qSDZYaEAbwlO84
+q3Y/oEQkYu19Wzta
+-----END CERTIFICATE-----

examples/passport-oauth2-login/client/views/pages/login.jade

@@ -6,8 +6,8 @@ block content
       h1 Login:
       ul.list-inline.list-unstyled
         li
-          a.btn.btn-primary(href="/auth/thirdparty?service=facebook") Login with Facebook
+          a.btn.btn-primary(href="/api/auth/thirdparty") Login with Facebook
         li
-          a.btn.btn-primary(href="/auth/thirdparty?service=google") Login with Google
+          a.btn.btn-primary(href="/api/auth/thirdparty") Login with Google
         li
-          a.btn.btn-primary(href="/auth/thirdparty?service=twitter") Login with Twitter
+          a.btn.btn-primary(href="/api/auth/thirdparty") Login with Twitter

examples/passport-oauth2-login/client/views/partials/navigation.jade

@@ -11,6 +11,7 @@ nav.navbar.navbar-default.navbar-fixed-top(role='navigation')
         ul.nav.navbar-nav.navbar-right
           li(class=url=='/'?'active':undefined)
             a(href='/') Home
+          li(class=url=='/auth/account'?'active':undefined)
+            a(href='/auth/account') View Account
           li(class=url=='/login'?'active':undefined)
             a(href='/login') Log in
-

examples/passport-oauth2-login/client/web-app.js

@@ -0,0 +1,93 @@
+// Copyright IBM Corp. 2014,2015. All Rights Reserved.
+// Node module: loopback-example-passport
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+'use strict';
+
+const express = require('express');
+const session = require('client-sessions');
+const path = require('path');
+const app = (module.exports = express());
+
+
+/**
+ * This is a mock web app to show case local user sessions with third party oauth2 providers
+ * 
+ * This web app has required express middleware to enable user HTTP sessions,
+ * and endpoints to render pages
+ */
+
+/**
+ * we use jade templates
+ * 
+ * jade templates copied from loopback-example-passport
+ */
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'jade');
+
+/**
+ * we use 'client-sessions' to enable saving client side sessions
+ */
+app.use(
+  session({
+    cookieName: 'session',
+    secret: 'random_string_goes_here',
+    duration: 30 * 60 * 1000,
+    activeDuration: 5 * 60 * 1000,
+  }),
+);
+
+/**
+ * Middleware to look up user profile in the session
+ */
+app.use(function (req, res, next) {
+  if (req.session && req.session.user) {
+    req.user = req.session.user;
+    next();
+  } else {
+    next();
+  }
+});
+
+
+/**
+ * Middleware to enforce login
+ * @param {*} req 
+ * @param {*} res 
+ * @param {*} next 
+ */
+function requireLogin(req, res, next) {
+  if (!req.user) {
+    res.sendStatus(401);
+  } else {
+    next();
+  }
+}
+
+/**
+ * Render Index page
+ */
+app.get('/', function (req, res, next) {
+  res.render('pages/index', {user: req.user, url: req.url});
+});
+
+/**
+ * Render account profile
+ */
+app.get('/auth/account', requireLogin, function (req, res, next) {
+  res.render('pages/loginProfiles', {
+    user: req.user,
+    url: req.url,
+  });
+});
+
+/**
+ * render login page
+ */
+app.get('/login', function (req, res, next) {
+  res.render('pages/login', {
+    user: req.user,
+    url: req.url,
+  });
+});

examples/passport-oauth2-login/data/db.json

@@ -0,0 +1,10 @@
+{
+  "ids": {
+    "User": 1
+  },
+  "models": {
+    "User": {
+      "1": "{\"email\":\"[email protected]\",\"name\":{},\"id\":1}"
+    }
+  }
+}

examples/passport-oauth2-login/index.js

@@ -1,4 +1,6 @@
 const application = require('./dist');
+const path = require('path');
+const fs = require('fs');
 
 module.exports = application;
 
@@ -8,16 +10,16 @@ if (require.main === module) {
     rest: {
       port: +(process.env.PORT || 3000),
       host: process.env.HOST,
-      // The `gracePeriodForClose` provides a graceful close for http/https
-      // servers with keep-alive clients. The default value is `Infinity`
-      // (don't force-close). If you want to immediately destroy all sockets
-      // upon stop, set its value to `0`.
-      // See https://www.npmjs.com/package/stoppable
+      key: fs.readFileSync(path.join(__dirname, './key.pem')),
+      cert: fs.readFileSync(path.join(__dirname, './cert.pem')),
+      protocol: 'https',
       gracePeriodForClose: 5000, // 5 seconds
       openApiSpec: {
         // useful when used with OpenAPI-to-GraphQL to locate your application
         setServersFromRequest: true,
       },
+      // Use the LB4 application as a route. It should not be listening.
+      listenOnStart: false,
     },
   };
   application.main(config).catch((err) => {

examples/passport-oauth2-login/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeZXbmcHsumtbC
+fDZ6xlvO5L28brwSpyOK70rRk71ibxqXvRbPVDvK2p+4/hwMSMQCeC9uStPdbVlp
+dQ5DPm/EBrk5oukHuag5ndyV1XINPCUTEG8WtcHlCquH/thzs5W+1vcNqHXDO9Ec
+S3wjQRc+eiONp7a7GZO7dOFmoAJyllLlJALeEDdU6ZxGkxLEp3y29tthhvftpqV0
+4mTFwqB7QLlp2k4HwywO9ZlqAEMJZo3jVZz+YRHvVDVQyvMGsYHQt63giJu9Rxbm
+eVSV/O72qNjpld1vhxMMDurrFMeZojCEuSWwj8rYx1rVgLloi7nnwrFqrV7dFZvQ
+eX9GkRBJAgMBAAECggEABHSh8jH0tdVSUiks6j7JHhcFGh5Z1EHW+3SZ2iMMm0lA
+jiOyrkqwu/qvUoR8yV431xjTUnFbV0dWkD9RHtXEZXgBA/+YjZgRn73i6nmRRGSd
+FYmxwBG6Jb2V/C6F5aOGb4FdB8AFQ/kR0nBMt2QZdB38Ul020v7LL+lCjszL38HL
+qPuZLbvQi4Vs4J8JpO8k2ST3gQhaYWb36XOACaD20mL2xHNpOO5vyBJSnNVb6ueg
+jpy1QV/1JOEumYLXFGOudk2QRm/yN2ym4gwpqD3sWIM9iYZsc84K61oibhLRZFtO
+luUnuRLrNrzpZfZga2EqEPUEy0IHLij1S9+H2MQTFQKBgQD+A9fwVDnY//PdSDBp
++xlggP2N3RdINi1EStPiLsy//Ok7xSCTXgE09iouZsjaP9r6nSKlG3SO18Hvy4CI
+whRzu95Z2vZQLYHuCCwLnqIhpM7xnFL93ueud7ATiE3fGFhJNUMGTYTQ+ZmwFuFQ
+7eddWrqVOEqezy2btpnsIVkINwKBgQDgIl4sZ7fl98S64+K0fcB0rCnrciL7OBap
+aucHuzmjydaVWW5WkzUOMxh+er2Zeqt1+0cTjnV6J7DJ96d/R8eWkNjTVtULJezf
+z91titYbB3O6TwYLx4IzXoweHuC/uLhE27Jxnvgz2IZacK1fKvql1lM5MaP7GDZ8
+VPvmiUFrfwKBgEABs+4JKzJ0/Hwr7pcmALUCi+GtbmpxzGJDALUj2dAe6J55A8Ze
+j6tKxEJBACeOo5027z3vdyVvVJ0aCF9tmD25f0PhGuQFM5JJWN/sryoPH15eZ8M0
+4ehinGmvlP+8YLLBywvRiMAnxQRMH6aG7B/n9tAXCSaPSgzMrGiF1qttAoGBAJ51
+Dbk9FpFZ6tbqF7PdF7wkn3padgq/q53Y+z7HCcgXAUMTN+OzLRY933pD0ll4lVHS
+9XwJAlr7RoxzLxLYL23uN6yqPfIkvOO6dGRmfFodmZ7FEZQwV4dzt4Hv+JrywCvG
+WtDjP7x/vvSfpqKaoxute6b6xmDVzGd4OaLRtNOHAoGAUyockJhGQEkUG9A21DXv
+hqR343WeUne1tqwfxkg0DQIBAaaFgGkeL1DjdHhE5ZNz+F/t5LRcvMkZDShRK0u3
+Ytnw2XtSJYtCrPlnDrt1/59dBr7S1nbhStI5xfPojctd0DbVvhC5UfQMKSNHOLCs
+tUWwM07FtltvXMoC0xXf5sI=
+-----END PRIVATE KEY-----