diff --git a/client/coral-framework/actions/auth.js b/client/coral-framework/actions/auth.js index 20aa4ce57..bf7964cf9 100644 --- a/client/coral-framework/actions/auth.js +++ b/client/coral-framework/actions/auth.js @@ -1,10 +1,5 @@ import * as actions from '../constants/auth'; -import jwtDecode from 'jwt-decode'; - -function cleanAuthData(localStorage) { - localStorage.removeItem('token'); - localStorage.removeItem('exp'); -} +import { setStorageAuthToken, clearStorageAuthToken } from '../services/auth'; export const checkLogin = () => ( dispatch, @@ -15,7 +10,7 @@ export const checkLogin = () => ( rest('/auth') .then(result => { if (!result.user) { - cleanAuthData(localStorage); + clearStorageAuthToken(localStorage); dispatch(checkLoginSuccess(null)); client.resetWebsocket(); return; @@ -32,7 +27,7 @@ export const checkLogin = () => ( .catch(error => { if (error.status && error.status === 401 && localStorage) { // Unauthorized. - cleanAuthData(localStorage); + clearStorageAuthToken(localStorage); client.resetWebsocket(); } else { console.error(error); @@ -58,8 +53,7 @@ export const setAuthToken = token => ( _, { localStorage, client } ) => { - localStorage.setItem('exp', jwtDecode(token).exp); - localStorage.setItem('token', token); + setStorageAuthToken(localStorage, token); // Dispatch the set auth token action. For some browsers and situations, we // may not be able to persist the auth token any other way. Keep it in redux! @@ -76,9 +70,7 @@ export const handleSuccessfulLogin = (user, token) => ( _, { client, localStorage, postMessage } ) => { - const { exp } = jwtDecode(token); - localStorage.setItem('exp', exp); - localStorage.setItem('token', token); + setStorageAuthToken(localStorage, token); // Send the message via the messages service to the window.opener if it // exists. @@ -117,7 +109,7 @@ export const logout = () => async ( } // Clear the auth data persisted to localStorage. - cleanAuthData(localStorage); + clearStorageAuthToken(localStorage); // Reset the websocket. client.resetWebsocket(); diff --git a/client/coral-framework/services/auth.js b/client/coral-framework/services/auth.js new file mode 100644 index 000000000..a23a6dd0d --- /dev/null +++ b/client/coral-framework/services/auth.js @@ -0,0 +1,11 @@ +import jwtDecode from 'jwt-decode'; + +export const setStorageAuthToken = (storage, token) => { + storage.setItem('exp', jwtDecode(token).exp); + storage.setItem('token', token); +}; + +export const clearStorageAuthToken = storage => { + storage.removeItem('token'); + storage.removeItem('exp'); +}; diff --git a/client/coral-framework/services/bootstrap.js b/client/coral-framework/services/bootstrap.js index c96893d4e..300cd3e70 100644 --- a/client/coral-framework/services/bootstrap.js +++ b/client/coral-framework/services/bootstrap.js @@ -22,6 +22,7 @@ import { } from 'coral-framework/services/storage'; import { createHistory } from 'coral-framework/services/history'; import { createIntrospection } from 'coral-framework/services/introspection'; +import { setStorageAuthToken } from 'coral-framework/services/auth'; import introspectionData from 'coral-framework/graphql/introspection.json'; import coreReducers from '../reducers'; import { checkLogin as checkLoginAction } from '../actions/auth'; @@ -46,7 +47,30 @@ const getAuthToken = (store, storage) => { // capable of storing the token in localStorage, then we would have // persisted it to the redux state. return state.config.auth_token || state.auth.token; - } else if (!bowser.safari && !bowser.ios && storage) { + } else if (location.hash && location.hash.startsWith('#access_token=')) { + // Check to see if the access token is living in the URL as a hash. + const token = location.hash.substring(14); + + history.replaceState( + {}, + document.title, + window.location.pathname + window.location.search + ); + + // Once we clear the hash above, this login method will not persist across + // refreshes. We will need to persist the token to storage if it's + // available. + if (storage) { + setStorageAuthToken(storage, token); + } + + return token; + } else if ( + !bowser.safari && + !bowser.ios && + storage && + storage.getItem('token') + ) { // Use local storage auth tokens where there's a stable api. return storage.getItem('token'); } diff --git a/plugins/talk-plugin-toxic-comments/server/perspective.js b/plugins/talk-plugin-toxic-comments/server/perspective.js index 424543b2b..7966d3b36 100644 --- a/plugins/talk-plugin-toxic-comments/server/perspective.js +++ b/plugins/talk-plugin-toxic-comments/server/perspective.js @@ -10,7 +10,8 @@ const debug = require('debug')('talk:plugin:toxic-comments'); /** * Get scores from the perspective api - * @param {string} text text to be anaylized + * + * @param {string} text text to be analyzed * @return {object} object containing toxicity scores */ async function getScores(text) { @@ -43,13 +44,13 @@ async function getScores(text) { // If we get an error, just say it's not a toxic comment. if (data.error) { - debug('Recieved Error when submitting: %o', data.error); + debug('Received Error when submitting: %o', data.error); return { TOXICITY: { - summaryScore: 0.0, + summaryScore: null, }, SEVERE_TOXICITY: { - summaryScore: 0.0, + summaryScore: null, }, }; } @@ -66,6 +67,7 @@ async function getScores(text) { /** * Get toxicity probability + * * @param {object} scores scores as returned by `getScores` * @return {number} toxicity probability from 0 - 1.0 */ @@ -74,7 +76,9 @@ function getProbability(scores) { } /** - * isToxic determines if given probabilty or scores meets the toxicity threshold. + * isToxic determines if given probability or scores meets the toxicity + * threshold. + * * @param {object|number} scoresOrProbability scores or probability * @return {boolean} */ @@ -89,6 +93,7 @@ function isToxic(scoresOrProbability) { /** * maskKeyInError is a decorator that calls fn and masks the * API_KEY in errors before throwing. + * * @param {function} fn Function that returns a Promise * @return {function} decorated function */ diff --git a/services/moderation/phases/links.js b/services/moderation/phases/links.js index ec05834b6..c31cf0c13 100644 --- a/services/moderation/phases/links.js +++ b/services/moderation/phases/links.js @@ -11,7 +11,7 @@ module.exports = ( }, } ) => { - if (premodLinksEnable && linkify.test(comment.body)) { + if (premodLinksEnable && linkify.test(comment.body.replace(/\xAD/g, ''))) { // Add the flag related to Trust to the comment. return { status: 'SYSTEM_WITHHELD', diff --git a/views/account/password/reset.njk b/views/account/password/reset.njk index 6eee12dd0..bede0b9fc 100644 --- a/views/account/password/reset.njk +++ b/views/account/password/reset.njk @@ -8,7 +8,7 @@
{{ t('password_reset.change_password_help') }}