Change relative urls to absolute (#18)

* add logging in code

* debugging, add logging

* temporarily disable allowed domains check for debugging

* add logging in /dialog/authorize route middleware

* debugging remove res.locals in logging

* add url met domain

* debugging add APP_URL to urls

* set appUrl in layout

* set complete URL for several autorizeUrls

* add complete URL to checkRequiredUserFields redirect

* set full URL at template POST button

* add logging for debugging check2FA function

* fix defaultValue for twoFactorRoles in client model

* add logging for debugging allowedDomains

* change regex in seeds script, so also the path is removed from an URL (for allowed domains)

* add debugging code

* fix redirects to correctpath

* fix redirect with APP_URL

* added a lot of APP_URL env to redirects

* use force flag for db syncing

* add directConnection paramater to mongo connection string

* remove directConnection parameter from mongo connection string

* add appUrl to views via controllers

* remove logging triggering an error

* cleanup

Author: IanR01

config/auth.js

@@ -2,15 +2,15 @@ const memberRoleId  = process.env.MEMBER_ROLE_ID ? process.env.MEMBER_ROLE_ID :
 const anonymousRoleId = process.env.ANONYMOUS_ROLE_ID ? process.env.ANONYMOUS_ROLE_ID : 3;
 
 const formatLoginUrl = (slug) => {
-  return `/auth/${slug}/login`;
+  return `${process.env.APP_URL}/auth/${slug}/login`;
 }
 
 const formatRegisterUrl = (slug) => {
-  return `/auth/${slug}/register`;
+  return `${process.env.APP_URL}/auth/${slug}/register`;
 }
 
 const formatSMSCodeUrl = (slug) => {
-  return `/auth/${slug}/sms-code`;
+  return `${process.env.APP_URL}/auth/${slug}/sms-code`;
 }
 
 const types = [

controllers/admin/client.js

@@ -12,7 +12,8 @@ const authTypes = require('../../config/auth').types;
  */
 exports.all = (req, res, next) => {
   res.render('admin/client/all', {
-    clients: req.clients
+    clients: req.clients,
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -28,6 +29,7 @@ exports.new = (req, res, next) => {
     requiredUserFields: userFields,
     exposedUserFields: userFields,
     authTypes: authTypes,
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -46,7 +48,8 @@ exports.edit = (req, res, next) => {
     clientExposedUserFields: clientExposedUserFields,
     clientRequiredUserFields: clientRequiredUserFields,
     roles: req.roles,
-    clients: req.clients
+    clients: req.clients,
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -75,7 +78,7 @@ exports.create = (req, res, next) => {
     .create(values)
     .then((response) => {
       req.flash('success', { msg: 'Succesfully created '});
-      res.redirect('/admin/client/' + response.id  || '/');
+      res.redirect(process.env.APP_URL + '/admin/client/' + response.id  || '/');
     })
     .catch((err) => { next(err); });
 }
@@ -95,7 +98,7 @@ exports.update = (req, res, next) => {
     })
     .then((response) => {
       req.flash('success', { msg: 'Updated client!'});
-      res.redirect('/admin/client/' + response.get('id')  || '/');
+      res.redirect(process.env.APP_URL + '/admin/client/' + response.get('id')  || '/');
     })
     .catch((err) => { next(err); })
 }

controllers/admin/code.js

@@ -5,19 +5,22 @@ const csv           = require('fast-csv');
 
 exports.all = (req, res, next) => {
   res.render('admin/code/all', {
-    codes: req.codes
+    codes: req.codes,
+    appUrl: process.env.APP_URL
   });
 }
 
 exports.new = (req, res, next) => {
   res.render('admin/code/new', {
-    clients: req.clients
+    clients: req.clients,
+    appUrl: process.env.APP_URL
   });
 }
 
 exports.bulk = (req, res, next) => {
   res.render('admin/code/bulk', {
-    clients: req.clients
+    clients: req.clients,
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -111,7 +114,7 @@ exports.postBulk = (req, res, next) => {
        req.flash('success', {msg: `All codes succesfully created!` });
      }
 
-     res.redirect(req.header('Referer') || '/admin/code/bulk');
+     res.redirect(req.header('Referer') || `${process.env.APP_URL}/admin/code/bulk`);
    }
 
    /**
@@ -141,13 +144,13 @@ exports.create = (req, res, next) => {
     .create({ code, clientId })
     .then((response) => {
       req.flash('success', { msg: 'Succesfully created '});
-      res.redirect('/admin/codes' || '/');
+      res.redirect(`${process.env.APP_URL}/admin/codes`);
     })
     .catch((err) => { next(err); });
 }
 
 exports.destroy = (req, res) => {
   req.body.code.destroy();
   req.flash('success', { msg: 'Succesfully removed'});
-  res.redirect('/admin/codes');
+  res.redirect(process.env.APP_URL + '/admin/codes');
 }

controllers/admin/role.js

@@ -3,17 +3,21 @@ const db = require('../../db');
 
 exports.all = (req, res, next) => {
   res.render('admin/role/all', {
-    roles: req.roles
+    roles: req.roles,
+    appUrl: process.env.APP_URL
   });
 }
 
 exports.new = (req, res, next) => {
-  res.render('admin/role/new');
+  res.render('admin/role/new', {
+    appUrl: process.env.APP_URL
+  });
 }
 
 exports.edit = (req, res, next) => {
   res.render('admin/role/edit', {
-    role: req.role
+    role: req.role,
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -27,7 +31,7 @@ exports.create = (req, res, next) => {
     .create({ name })
     .then((response) => {
       req.flash('success', { msg: 'Succesfully created '});
-      res.redirect('/admin/roles' || '/');
+      res.redirect(`${process.env.APP_URL}/admin/roles`);
     })
     .catch((err) => { next(err); });
 }
@@ -39,7 +43,7 @@ exports.update = (req, res, next) => {
     .update({name})
     .then((response) => {
       req.flash('success', { msg: 'Updated role!'});
-      res.redirect('/admin/role/' + response.get('id')  || '/');
+      res.redirect(`${process.env.APP_URL}/admin/role/` + response.get('id')  || process.env.APP_URL);
     })
     .catch((err) => { next(err); })
 }

controllers/admin/user.js

@@ -21,14 +21,16 @@ exports.edit = (req, res) => {
     user: req.userObject,
     roles: req.roles,
     clients: userClients,
-    userRoles: userRoles
+    userRoles: userRoles,
+    appUrl: process.env.APP_URL
   });
 }
 
 exports.new = (req, res) => {
   res.render('admin/user/new',  {
     roles: req.roles,
-    clients: req.clients
+    clients: req.clients,
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -58,7 +60,7 @@ exports.create = (req, res, next) => {
     })
     .then((response) => {
       req.flash('success', { msg: 'Succesfully created '});
-      res.redirect('/admin/user/' + response.id );
+      res.redirect(`${process.env.APP_URL}/admin/user/` + response.id );
     })
     .catch((err) => {
       next(err);
@@ -105,11 +107,11 @@ exports.update = (req, res, next) => {
   })
   .then(() => {
     req.flash('success', { msg: 'Updated user!' });
-    res.redirect('/admin/user/' + req.userObject.id);
+    res.redirect(`${process.env.APP_URL}/admin/user/` + req.userObject.id);
   })
   .catch((err) => {
     req.flash('error', { msg: 'Error!' });
-    res.redirect('/admin/user/' + req.userObject.id);
+    res.redirect(`${process.env.APP_URL}/admin/user/` + req.userObject.id);
   })
 
 }

controllers/auth/anonymous.js

@@ -20,21 +20,21 @@ exports.login  = (req, res, next) => {
 
 	// catch users that have cookies turned off
 	req.session.createAnonymousUser = true;
-	res.redirect('/auth/anonymous/register?' + queryString)
+	res.redirect(`${process.env.APP_URL}/auth/anonymous/register?` + queryString)
 
 };
 
 exports.register  = (req, res, next) => {
 
   if (req.client && req.client.config.users && req.client.config.users && req.client.config.users.canCreateNewUsers === false) {
 		req.flash('error', {msg: 'Cannot create new users'});
-		return res.redirect(`/auth/anonymous/info?clientId=${req.client.clientId}&redirect_uri=${req.query.redirect_uri}`);
+		return res.redirect(`${process.env.APP_URL}/auth/anonymous/info?clientId=${req.client.clientId}&redirect_uri=${req.query.redirect_uri}`);
   }
 
   if (!req.session.createAnonymousUser) {
 
 		req.flash('error', {msg: 'Cookies zijn onmisbaar op deze site'});
-		return res.redirect(`/auth/anonymous/info?clientId=${req.client.clientId}&redirect_uri=${req.query.redirect_uri}`);
+		return res.redirect(`${process.env.APP_URL}/auth/anonymous/info?clientId=${req.client.clientId}&redirect_uri=${req.query.redirect_uri}`);
 
 	} else {
 
@@ -46,7 +46,7 @@ exports.register  = (req, res, next) => {
 
 				if (!user) {
 					req.flash('error', {msg: authAnonymousConfig.errorMessage});
-					return res.redirect(`/auth/anonymous/info?clientId=${req.client.clientId}&redirect_uri=${req.query.redirect_uri}`);
+					return res.redirect(`${process.env.APP_URL}/auth/anonymous/info?clientId=${req.client.clientId}&redirect_uri=${req.query.redirect_uri}`);
 				}
 
 				req.user = user;
@@ -65,8 +65,8 @@ exports.register  = (req, res, next) => {
 						ip: ip
 					}
 
-					const authorizeUrl = `/dialog/authorize?redirect_uri=${encodeURIComponent(req.query.redirect_uri)}&response_type=code&client_id=${req.client.clientId}&scope=offline`;
-
+					const authorizeUrl = `${process.env.APP_URL}/dialog/authorize?redirect_uri=${encodeURIComponent(req.query.redirect_uri)}&response_type=code&client_id=${req.client.clientId}&scope=offline`;
+					
 					try {
 						db.ActionLog
 							.create(values)
@@ -91,7 +91,7 @@ exports.register  = (req, res, next) => {
 			.catch((err) => {
 				console.log('===> err', err);
 				req.flash('error', {msg: 'Inloggen is niet gelukt'});
-				return res.redirect(`/auth/anonymous/info?clientId=${req.client.clientId}`);
+				return res.redirect(`${process.env.APP_URL}/auth/anonymous/info?clientId=${req.client.clientId}`);
 			});
 
 	}
@@ -103,5 +103,6 @@ exports.info  = (req, res, next) => {
     loginUrl: authAnonymousConfig.loginUrl,
     clientId: req.client.clientId,
     client: req.client,
+	appUrl: process.env.APP_URL
   });
 }

controllers/auth/choose.js

@@ -30,15 +30,16 @@ const configAuthTypes = require('../../config/auth.js').types;
      if (req.query.redirect_uri) {
        url =  url + '&redirect_uri=' + encodeURIComponent(req.query.redirect_uri);
      }
-
+      
      res.redirect(url);
    } else {
      res.render('auth/choose', {
         authTypes: availableAuthTypes,
         isPriviligedRoute: isPriviligedRoute,
         clientId: req.client.clientId,
         client: req.client,
-        redirect_uri: encodeURIComponent(req.query.redirect_uri)
+        redirect_uri: encodeURIComponent(req.query.redirect_uri),
+        appUrl: process.env.APP_URL
      })
    }
  };

controllers/auth/code.js

@@ -25,7 +25,8 @@ exports.login = (req, res, next) => {
     buttonText: configAuthType.buttonText ? configAuthType.buttonText : authCodeConfig.buttonText,
     displaySidebar: configAuthType.displaySidebar ? configAuthType.displaySidebar : authCodeConfig.displaySidebar,
     backUrl: authCodeConfig.displayBackbutton ? backUrl : false,
-    redirect_uri: encodeURIComponent(req.query.redirect_uri)
+    redirect_uri: encodeURIComponent(req.query.redirect_uri),
+    appUrl: process.env.APP_URL
   });
 }
 
@@ -46,7 +47,7 @@ exports.postLogin = (req, res, next) => {
         req.brute.resetKey(req.bruteKey);
         const redirectUrl = req.query.redirect_uri ? req.query.redirect_uri : req.client.redirectUrl;
         // Redirect if it succeeds to authorize screen
-        const authorizeUrl = `/dialog/authorize?redirect_uri=${encodeURIComponent(redirectUrl)}&response_type=code&client_id=${req.client.clientId}&scope=offline`;
+        const authorizeUrl = `${process.env.APP_URL}/dialog/authorize?redirect_uri=${encodeURIComponent(redirectUrl)}&response_type=code&client_id=${req.client.clientId}&scope=offline`;
         return res.redirect(authorizeUrl);
       }
 

controllers/auth/forgot.js

@@ -29,6 +29,7 @@ exports.forgot = (req, res) => {
         clientId: req.client.clientId,
         client: req.client,
         redirectUrl: encodeURIComponent(req.query.redirect_uri),
+        appUrl: process.env.APP_URL
     });
 };
 
@@ -48,6 +49,7 @@ exports.reset = (req, res) => {
         clientId: req.client.clientId,
         client: req.client,
         redirectUrl: encodeURIComponent(req.query.redirect_uri),
+        appUrl: process.env.APP_URL
     });
 };
 
@@ -92,7 +94,7 @@ exports.postForgot = (req, res, next) => {
         .then((user) => {
             if (!user) {
                 req.flash('error', {msg: 'Het is niet gelukt om de e-mail te versturen!'});
-                res.redirect('/auth/local/forgot' + '?clientId=' + req.client.clientId + `&redirect_uri=${encodeURIComponent(req.query.redirect_uri)}`);
+                res.redirect(`${process.env.APP_URL}/auth/local/forgot` + '?clientId=' + req.client.clientId + `&redirect_uri=${encodeURIComponent(req.query.redirect_uri)}`);
             }
 
             req.user = user;
@@ -107,12 +109,12 @@ exports.postForgot = (req, res, next) => {
         })
         .then(() => {
             req.flash('success', {msg: 'We hebben een e-mail naar je verstuurd'});
-            res.redirect('/auth/local/forgot?clientId=' + req.client.clientId + `&redirect_uri=${encodeURIComponent(req.query.redirect_uri)}`);
+            res.redirect(`${process.env.APP_URL}/auth/local/forgot?clientId=` + req.client.clientId + `&redirect_uri=${encodeURIComponent(req.query.redirect_uri)}`);
         })
         .catch((err) => {
             console.log('ererer', err)
             req.flash('error', {msg: 'E-mail adres is niet bekend bij ons.'});
-            res.redirect('/auth/local/forgot?clientId=' + req.client.clientId + `&redirect_uri=${encodeURIComponent(req.query.redirect_uri)}`);
+            res.redirect(`${process.env.APP_URL}/auth/local/forgot?clientId=` + req.client.clientId + `&redirect_uri=${encodeURIComponent(req.query.redirect_uri)}`);
         });
 
     /**

controllers/auth/local.js

@@ -23,9 +23,9 @@
   */
  exports.index = (req, res) => {
    if (req.user) {
-     res.redirect('/account');
+     res.redirect(process.env.APP_URL + '/account');
    } else {
-     res.redirect('/login');
+     res.redirect(process.env.APP_URL + '/login');
    }
  };
 
@@ -51,6 +51,7 @@ exports.login = (req, res) => {
     helpText: configAuthType.helpText ? configAuthType.helpText : authLocalConfig.helpText,
     buttonText: configAuthType.buttonText ? configAuthType.buttonText : authLocalConfig.buttonText,
     forgotPasswordText: configAuthType.forgotPasswordText ? configAuthType.forgotPasswordText : authLocalConfig.forgotPasswordText,
+    appUrl: process.env.APP_URL
   });
 };
 
@@ -62,7 +63,8 @@ exports.login = (req, res) => {
  */
 exports.register = (req, res) => {
   res.render('auth/local/register', {
-    clientId: req.client.clientId
+    clientId: req.client.clientId,
+    appUrl: process.env.APP_URL
   });
 };
 
@@ -80,7 +82,7 @@ exports.postRegister = (req, res, next) => {
       .catch((err) => { next(err) });
   } else {
     req.flash('error', { errors });
-    res.redirect('/register');
+    res.redirect(process.env.APP_URL + '/register');
   }
 }
 
@@ -102,7 +104,7 @@ exports.postLogin = (req, res, next) => {
     req.logIn(user, function(err) {
       if (err) { return next(err); }
       const redirectUrl = req.query.redirect_uri ? encodeURIComponent(req.query.redirect_uri) : req.client.redirectUrl;
-      const authorizeUrl = `/dialog/authorize?redirect_uri=${redirectUrl}&response_type=code&client_id=${req.client.clientId}&scope=offline`;
+      const authorizeUrl = `${process.env.APP_URL}/dialog/authorize?redirect_uri=${redirectUrl}&response_type=code&client_id=${req.client.clientId}&scope=offline`;
 
   //    const redirectTo = req.session.returnTo ? req.session.returnTo : req.client.redirectUrl;
 
@@ -129,7 +131,7 @@ exports.logout = async (req, res) => {
   let redirectURL = req.query.redirectUrl;
   try {
     const redirectUrlHost = redirectURL ? new URL(redirectURL).hostname : false;
-    redirectURL           = redirectUrlHost && allowedDomains && allowedDomains.indexOf(redirectUrlHost) !== -1 ? redirectURL : false;
+    redirectURL = redirectUrlHost && allowedDomains && allowedDomains.indexOf(redirectUrlHost) !== -1 ? redirectURL : false;
   } catch (e) {
     redirectURL = null;
   }