Back-out most of #564

* This ends our migration of OpenID 2.0 to OAuth 2.0 which google ended quite a while ago
* This also uses OAuth 2.0 exclusively ... same token returned on tested existing and new account

Closes #889

Author: Martii

README.md

@@ -45,7 +45,6 @@ Repository | Reference | Recent Version
 [jquery][jQueryGHUrl] | [Documentation][jQueryDOCUrl] | [![NPM version][jQueryNPMVersionImage]][jQueryNPMUrl]
 [js-beautify][js-beautifyGHUrl] | [Documentation][js-beautifyDOCUrl] | [![NPM version][js-beautifyNPMVersionImage]][js-beautifyNPMUrl]
 [jsdom][jsdomGHUrl] | [Documentation][jsdomDOCUrl] | [![NPM version][jsdomNPMVersionImage]][jsdomNPMUrl]
-[jwt-simple][jwt-simpleGHUrl] | [Documentation][jwt-simpleDOCUrl] | [![NPM version][jwt-simpleNPMVersionImage]][jwt-simpleNPMUrl]
 [kerberos][kerberosGHUrl] | [Documentation][kerberosDOCUrl] | [![NPM version][kerberosNPMVersionImage]][kerberosNPMUrl]
 [less-middleware][less-middlewareGHUrl] [¹][lessGHUrl] | [Documentation][less-middlewareDOCUrl] [¹][lessDOCUrl] | [![NPM version][less-middlewareNPMVersionImage]][less-middlewareNPMUrl]
 [marked][markedGHUrl] | [Documentation][markedDOCUrl] | [![NPM version][markedNPMVersionImage]][markedNPMUrl]
@@ -63,7 +62,7 @@ Repository | Reference | Recent Version
 [passport-facebook][passport-facebookGHUrl] | [Documentation][passport-facebookDOCUrl] | [![NPM version][passport-facebookNPMVersionImage]][passport-facebookNPMUrl] ![OAuth2][oauth2Logo]
 [passport-github][passport-githubGHUrl] | [Documentation][passport-githubDOCUrl] | [![NPM version][passport-githubNPMVersionImage]][passport-githubNPMUrl] ![OAuth2][oauth2Logo]
 [passport-gitlab2][passport-gitlab2GHUrl] | [Documentation][passport-gitlab2DOCUrl] | [![NPM version][passport-gitlab2NPMVersionImage]][passport-gitlab2NPMUrl] ![OAuth2][oauth2Logo]
-[passport-google-oauth][passport-google-oauthGHUrl] | [Documentation][passport-google-oauthDOCUrl] | [![NPM version][passport-google-oauthNPMVersionImage]][passport-google-oauthNPMUrl] ![oauth1][oauth1Logo] ![OAuth2][oauth2Logo]
+[passport-google-oauth2][passport-google-oauth2GHUrl] | [Documentation][passport-google-oauth2DOCUrl] | [![NPM version][passport-google-oauth2NPMVersionImage]][passport-google-oauth2NPMUrl] ![OAuth2][oauth2Logo]
 [passport-imgur][passport-imgurGHUrl] | [Documentation][passport-imgurDOCUrl] | [![NPM version][passport-imgurNPMVersionImage]][passport-imgurNPMUrl] ![oauth][oauthLogo]
 [passport-reddit][passport-redditGHUrl] | [Documentation][passport-redditDOCUrl] | [![NPM version][passport-redditNPMVersionImage]][passport-redditNPMUrl] ![OAuth2][oauth2Logo]
 [passport-steam][passport-steamGHUrl] <br />&#x22D4; [`OpenID2`][passport-steamGHOpenIDUrl]  | [Documentation][passport-steamDOCUrl] | [![NPM version][passport-steamNPMVersionImage]][passport-steamNPMUrl] ![OpenID][openidLogo] [&#x22D4;][passport-openid]
@@ -257,11 +256,6 @@ Outdated dependencies list can also be achieved with `$ npm --depth 0 outdated`
 [jsdomGHUrl]: https://github.com/tmpvar/jsdom
 [jsdomDOCUrl]: https://github.com/tmpvar/jsdom/blob/master/README.md
 
-[jwt-simpleNPMUrl]: https://www.npmjs.com/package/jwt-simple
-[jwt-simpleNPMVersionImage]: https://img.shields.io/npm/v/jwt-simple.svg?style=flat
-[jwt-simpleGHUrl]: https://github.com/hokaccha/node-jwt-simple
-[jwt-simpleDOCUrl]: https://github.com/hokaccha/node-jwt-simple/blob/master/README.md
-
 [kerberosNPMUrl]: https://www.npmjs.com/package/kerberos
 [kerberosNPMVersionImage]: https://img.shields.io/npm/v/kerberos.svg?style=flat
 [kerberosGHUrl]: https://github.com/christkv/kerberos
@@ -352,10 +346,10 @@ Outdated dependencies list can also be achieved with `$ npm --depth 0 outdated`
 [passport-gitlab2NPMUrl]: https://www.npmjs.com/package/passport-gitlab2
 [passport-gitlab2NPMVersionImage]: https://img.shields.io/npm/v/passport-gitlab2.svg?style=flat
 
-[passport-google-oauthGHUrl]: https://github.com/jaredhanson/passport-google-oauth
-[passport-google-oauthDOCUrl]: https://github.com/jaredhanson/passport-google-oauth/blob/master/README.md
-[passport-google-oauthNPMUrl]: https://www.npmjs.com/package/passport-google-oauth
-[passport-google-oauthNPMVersionImage]: https://img.shields.io/npm/v/passport-google-oauth.svg?style=flat
+[passport-google-oauth2GHUrl]: https://github.com/jaredhanson/passport-google-oauth2
+[passport-google-oauth2DOCUrl]: https://github.com/jaredhanson/passport-google-oauth2/blob/master/README.md
+[passport-google-oauth2NPMUrl]: https://www.npmjs.com/package/passport-google-oauth20
+[passport-google-oauth2NPMVersionImage]: https://img.shields.io/npm/v/passport-google-oauth20.svg?style=flat
 
 [passport-imgurGHUrl]: https://github.com/mindfreakthemon/passport-imgur
 [passport-imgurDOCUrl]: https://github.com/mindfreakthemon/passport-imgur/blob/master/README.md

controllers/auth.js

@@ -9,7 +9,6 @@ var isDbg = require('../libs/debug').isDbg;
 
 //--- Dependency inclusions
 var passport = require('passport');
-var jwt = require('jwt-simple');
 var url = require('url');
 var colors = require('ansi-colors');
 
@@ -229,14 +228,6 @@ exports.callback = function (aReq, aRes, aNext) {
         verifyPassport(aId, strategy, username, aReq.session.user, aDone);
       };
     }
-  } else if (strategy === 'google') { // OpenID to OAuth2 migration
-    strategyInstance._verify =
-      function(aAccessToken, aRefreshToken, aParams, aProfile, aDone) {
-        var openIdId = jwt.decode(aParams.id_token, null, true).openid_id;
-        var oAuthId = aProfile.id;
-
-        verifyPassport([openIdId, oAuthId], strategy, username, aReq.session.user, aDone);
-      };
   } else {
     strategyInstance._verify =
       function (aToken, aRefreshOrSecretToken, aProfile, aDone) {

libs/passportLoader.js

@@ -22,9 +22,8 @@ exports.strategyInstances = nil();
 // Notice it is general so it can load any passport strategy
 exports.loadPassport = function (aStrategy) {
   var requireStr = 'passport-' + aStrategy.name
-    + (aStrategy.name === 'google' ? '-oauth' : (aStrategy.name === 'gitlab' ? '2' : ''));
-  var PassportStrategy = require(requireStr)[
-    aStrategy.name === 'google' ? 'OAuth2Strategy' : 'Strategy'];
+    + (aStrategy.name === 'google' ? '-oauth20' : (aStrategy.name === 'gitlab' ? '2' : ''));
+  var PassportStrategy = require(requireStr).Strategy;
   var instance = null;
   var authParams = null;
 
@@ -53,15 +52,6 @@ exports.loadPassport = function (aStrategy) {
     );
   }
 
-  if (aStrategy.name === 'google') {
-    authParams = instance.authorizationParams;
-    instance.authorizationParams = function() {
-      var val = authParams.apply(this, arguments);
-      val['openid.realm'] = AUTH_CALLBACK_BASE_URL + '/';
-      return val;
-    };
-  }
-
   exports.strategyInstances[aStrategy.name] = instance;
   passport.use(instance);
 };

libs/passportVerify.js

@@ -19,17 +19,8 @@ var allStrategies = require('../controllers/strategies.json');
 exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
   var shasum = crypto.createHash('sha256');
   var digest = null;
-  var query = {};
-  var ids = [];
 
-  if (aId instanceof Array) {
-    ids = aId.map(function (aId) {
-      var shasum = crypto.createHash('sha256');
-      shasum.update(String(aId));
-      return shasum.digest('hex');
-    });
-    query.auths = { '$in': ids };
-  } else if (aStrategy === 'github') {
+  if (aStrategy === 'github') {
     // We only keep plaintext ids for GH since that's all we need
     digest = aId;
   } else if (aStrategy === 'steam') {
@@ -44,14 +35,9 @@ exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
     digest = shasum.digest('hex');
   }
 
-  if (!query.auths) {
-    query.auths = digest;
-  }
-
-  findDeadorAlive(User, query, true,
+  findDeadorAlive(User, { 'auths': digest }, true,
     function (aAlive, aUser, aRemoved) {
       var pos = aUser ? aUser.auths.indexOf(digest) : -1;
-      var openIdIdPos = -1;
       if (aRemoved) {
         aDone(null, false, 'User was removed');
 
@@ -61,15 +47,6 @@ exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
         }
       }
 
-      // Set up for OpenId to OAuth Migration
-      if (!digest && ids.length > 0) {
-        digest = ids[1];
-        if (aUser) {
-          pos = aUser.auths.indexOf(digest);
-          openIdIdPos = aUser.auths.indexOf(ids[0]);
-        }
-      }
-
       if (!aUser) {
         User.findOne({ 'name': aUsername }, function (aErr, aUser) {
           // WARNING: No err handling
@@ -122,16 +99,6 @@ exports.verify = function (aId, aStrategy, aUsername, aLoggedIn, aDone) {
         aUser.auths.push(digest);
 
         aUser.markModified('strategies');
-        aUser.markModified('auths');
-        aUser.save(function (aErr, aUser) {
-          aDone(aErr, aUser);
-          return;
-        });
-      } else if (openIdIdPos > 0) {
-        // The user was authenticated however...
-        // Migrate from OpenID to OAuth
-        aUser.auths[openIdIdPos] = digest;
-
         aUser.markModified('auths');
         aUser.save(function (aErr, aUser) {
           aDone(aErr, aUser);

package.json

@@ -30,7 +30,6 @@
     "jquery": "3.3.1",
     "js-beautify": "1.9.0",
     "jsdom": "14.0.0",
-    "jwt-simple": "0.5.5",
     "less-middleware": "3.1.0",
     "marked": "0.6.1",
     "media-type": "0.3.1",
@@ -47,7 +46,7 @@
     "passport-facebook": "3.0.0",
     "passport-github": "1.1.0",
     "passport-gitlab2": "5.0.0",
-    "passport-google-oauth": "2.0.0",
+    "passport-google-oauth20": "2.0.0",
     "passport-imgur": "0.0.3",
     "passport-reddit": "0.2.4",
     "passport-steam": "1.0.10",