From bab35e7bca49db0202e88268544caad21376c549 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Sun, 3 Mar 2024 16:34:01 -0800
Subject: [PATCH] Removed Reddit auth strategy since it never worked well.

---
 meshcentral-config-schema.json | 35 --------------------------
 meshcentral.js                 |  1 -
 sample-config-advanced.json    |  7 ------
 views/default.handlebars       |  1 -
 views/login-mobile.handlebars  |  8 +++---
 views/login.handlebars         |  2 --
 views/login2.handlebars        |  2 --
 webserver.js                   | 46 +---------------------------------
 8 files changed, 4 insertions(+), 98 deletions(-)

diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json
index 3a8f4f34..731827ae 100644
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -2860,41 +2860,6 @@
                   "clientsecret"
                 ]
               },
-              "reddit": {
-                "type": "object",
-                "properties": {
-                  "callbackurl": {
-                    "type": "string",
-                    "format": "uri"
-                  },
-                  "newAccounts": {
-                    "type": "boolean",
-                    "default": false
-                  },
-                  "newAccountsUserGroups": {
-                    "type": "array",
-                    "uniqueItems": true,
-                    "items": {
-                      "type": "string"
-                    }
-                  },
-                  "clientid": {
-                    "type": "string"
-                  },
-                  "clientsecret": {
-                    "type": "string"
-                  },
-                  "logouturl": {
-                    "type": "string",
-                    "format": "uri",
-                    "description": "Then set, the user will be redirected to this URL when hitting the logout link."
-                  }
-                },
-                "required": [
-                  "clientid",
-                  "clientsecret"
-                ]
-              },
               "azure": {
                 "type": "object",
                 "properties": {
diff --git a/meshcentral.js b/meshcentral.js
index 9369410a..a37c6bf5 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -4005,7 +4005,6 @@ function mainStart() {
                 if ((typeof config.domains[i].authstrategies.twitter == 'object') && (typeof config.domains[i].authstrategies.twitter.clientid == 'string') && (typeof config.domains[i].authstrategies.twitter.clientsecret == 'string') && (passport.indexOf('passport-twitter') == -1)) { passport.push('passport-twitter'); }
                 if ((typeof config.domains[i].authstrategies.google == 'object') && (typeof config.domains[i].authstrategies.google.clientid == 'string') && (typeof config.domains[i].authstrategies.google.clientsecret == 'string') && (passport.indexOf('passport-google-oauth20') == -1)) { passport.push('passport-google-oauth20'); }
                 if ((typeof config.domains[i].authstrategies.github == 'object') && (typeof config.domains[i].authstrategies.github.clientid == 'string') && (typeof config.domains[i].authstrategies.github.clientsecret == 'string') && (passport.indexOf('passport-github2') == -1)) { passport.push('passport-github2'); }
-                if ((typeof config.domains[i].authstrategies.reddit == 'object') && (typeof config.domains[i].authstrategies.reddit.clientid == 'string') && (typeof config.domains[i].authstrategies.reddit.clientsecret == 'string') && (passport.indexOf('passport-reddit') == -1)) { passport.push('passport-reddit'); }
                 if ((typeof config.domains[i].authstrategies.azure == 'object') && (typeof config.domains[i].authstrategies.azure.clientid == 'string') && (typeof config.domains[i].authstrategies.azure.clientsecret == 'string') && (typeof config.domains[i].authstrategies.azure.tenantid == 'string') && (passport.indexOf('passport-azure-oauth2') == -1)) { passport.push('passport-azure-oauth2'); passport.push('jwt-simple'); }
                 if ((typeof config.domains[i].authstrategies.oidc == 'object') && (passport.indexOf('openid-client') == -1)) {
                     if ((nodeVersion >= 17) 
diff --git a/sample-config-advanced.json b/sample-config-advanced.json
index ef1eb0d5..3a8362a4 100644
--- a/sample-config-advanced.json
+++ b/sample-config-advanced.json
@@ -485,13 +485,6 @@
           "clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
           "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
         },
-        "reddit": {
-          "_callbackurl": "https://server/auth-reddit-callback",
-          "newAccounts": true,
-          "_newAccountsUserGroups": [ "ugrp//xxxxxxxxxxxxxxxxx" ],
-          "clientid": "xxxxxxxxxxxxxxxxxxxxxxx",
-          "clientsecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-        },
         "azure": {
           "_callbackurl": "https://server/auth-azure-callback",
           "newAccounts": true,
diff --git a/views/default.handlebars b/views/default.handlebars
index 22b82864..36be8d4d 100644
--- a/views/default.handlebars
+++ b/views/default.handlebars
@@ -16295,7 +16295,6 @@
             if (shortuserid.startsWith('~twitter:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/twitter64.png'; }
             else if (shortuserid.startsWith('~google:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/google64.png'; }
             else if (shortuserid.startsWith('~github:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/github64.png'; }
-            else if (shortuserid.startsWith('~reddit:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/reddit64.png'; }
             else if (shortuserid.startsWith('~azure:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/azure64.png'; }
             else if (shortuserid.startsWith('~oidc:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/oidc64.png'; }
             else if (shortuserid.startsWith('~jumpcloud:')) { QV('p30userAuthServiceLogo', true); Q('p30userAuthServiceLogo').src = 'images/login/jumpcloud64.png'; }
diff --git a/views/login-mobile.handlebars b/views/login-mobile.handlebars
index 5ce60acf..959847b6 100644
--- a/views/login-mobile.handlebars
+++ b/views/login-mobile.handlebars
@@ -88,11 +88,10 @@
                                         <a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
                                         <a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
                                         <a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
-                                        <a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
                                         <a id="auth-azure" href="auth-azure" style="display:none"><img src="images/login/azure32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Azure" /></a>
-                                    <a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
-                                    <a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
-                                    <a id="auth-oidc-google" href="auth-oidc" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Google using OpenID Connect" /></a>
+                                        <a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
+                                        <a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
+                                        <a id="auth-oidc-google" href="auth-oidc" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Google using OpenID Connect" /></a>
                                         <a id="auth-jumpcloud" href="auth-jumpcloud" style="display:none"><img src="images/login/jumpcloud32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using JumpCloud" /></a>
                                         <a id="auth-intel" href="auth-intel" style="display:none"><img src="images/login/intel32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Intel" /></a>
                                         <a id="auth-saml" href="auth-saml" style="display:none"><img src="images/login/generic32.png" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Single Sign-in" /></a>
@@ -399,7 +398,6 @@
                 if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
                 if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
                 if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
-                if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
                 if (authStrategies.indexOf('azure') >= 0) { QV('auth-azure', true); }
                 if (authStrategies.indexOf('oidc') >= 0) { QV('auth-oidc', true); }
                 if (authStrategies.indexOf('oidc-azure') >= 0) { QV('auth-oidc-azure', true); }
diff --git a/views/login.handlebars b/views/login.handlebars
index bff9fcc6..5b935038 100644
--- a/views/login.handlebars
+++ b/views/login.handlebars
@@ -81,7 +81,6 @@
                                     <a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" srcset="images/login/twitter64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
                                     <a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
                                     <a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" srcset="images/login/github64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
-                                    <a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" srcset="images/login/reddit64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
                                     <a id="auth-azure" href="auth-azure" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Azure" /></a>
                                     <a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
                                     <a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
@@ -424,7 +423,6 @@
                 if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
                 if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
                 if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
-                if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
                 if (authStrategies.indexOf('azure') >= 0) { QV('auth-azure', true); }
                 if (authStrategies.indexOf('oidc') >= 0) { QV('auth-oidc', true); }
                 if (authStrategies.indexOf('oidc-azure') >= 0) { QV('auth-oidc-azure', true); }
diff --git a/views/login2.handlebars b/views/login2.handlebars
index 9d87d174..8b06003d 100644
--- a/views/login2.handlebars
+++ b/views/login2.handlebars
@@ -104,7 +104,6 @@
                             <a id="auth-twitter" href="auth-twitter" style="display:none"><img src="images/login/twitter32.png" srcset="images/login/twitter64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Twitter" /></a>
                             <a id="auth-google" href="auth-google" style="display:none"><img src="images/login/google32.png" srcset="images/login/google64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Google" /></a>
                             <a id="auth-github" href="auth-github" style="display:none"><img src="images/login/github32.png" srcset="images/login/github64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using GitHub" /></a>
-                            <a id="auth-reddit" href="auth-reddit" style="display:none"><img src="images/login/reddit32.png" srcset="images/login/reddit64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Reddit" /></a>
                             <a id="auth-azure" href="auth-azure" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using Azure" /></a>
                             <a id="auth-oidc" href="auth-oidc" style="display:none"><img src="images/login/oidc32.png" srcset="images/login/oidc64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in using OpenID Connect" /></a>
                             <a id="auth-oidc-azure" href="auth-oidc" style="display:none"><img src="images/login/azure32.png" srcset="images/login/azure64.png 2x" loading="lazy" width="32" height="32" style="margin-left:3px;margin-right:3px;border-radius:3px;box-shadow:2px 2px 5px black;cursor:pointer" title="Sign-in with Azure using OpenID Connect" /></a>
@@ -508,7 +507,6 @@
                 if (authStrategies.indexOf('twitter') >= 0) { QV('auth-twitter', true); }
                 if (authStrategies.indexOf('google') >= 0) { QV('auth-google', true); }
                 if (authStrategies.indexOf('github') >= 0) { QV('auth-github', true); }
-                if (authStrategies.indexOf('reddit') >= 0) { QV('auth-reddit', true); }
                 if (authStrategies.indexOf('azure') >= 0) { QV('auth-azure', true); }
                 if (authStrategies.indexOf('oidc') >= 0) { QV('auth-oidc', true); }
                 if (authStrategies.indexOf('oidc-azure') >= 0) { QV('auth-oidc-azure', true); }
diff --git a/webserver.js b/webserver.js
index 09f019bd..c06cdb7b 100644
--- a/webserver.js
+++ b/webserver.js
@@ -3308,7 +3308,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
             if (typeof domain.authstrategies.twitter == 'object') { authStrategies.push('twitter'); }
             if (typeof domain.authstrategies.google == 'object') { authStrategies.push('google'); }
             if (typeof domain.authstrategies.github == 'object') { authStrategies.push('github'); }
-            if (typeof domain.authstrategies.reddit == 'object') { authStrategies.push('reddit'); }
             if (typeof domain.authstrategies.azure == 'object') { authStrategies.push('azure'); }
             if (typeof domain.authstrategies.oidc == 'object') {
                 if (obj.common.validateObject(domain.authstrategies.oidc.custom) && obj.common.validateString(domain.authstrategies.oidc.custom.preset)) {
@@ -6661,32 +6660,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                         }, handleStrategyLogin);
                     }
 
-                    // Reddit
-                    if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.reddit) != 0) {
-                        obj.app.get(url + 'auth-reddit', function (req, res, next) {
-                            var domain = getDomain(req);
-                            if (domain.passport == null) { next(); return; }
-                            domain.passport.authenticate('reddit-' + domain.id, { state: obj.parent.encodeCookie({ 'p': 'reddit' }, obj.parent.loginCookieEncryptionKey), duration: 'permanent' })(req, res, next);
-                        });
-                        obj.app.get(url + 'auth-reddit-callback', function (req, res, next) {
-                            var domain = getDomain(req);
-                            if (domain.passport == null) { next(); return; }
-                            if ((Object.keys(req.session).length == 0) && (req.query.nmr == null)) {
-                                // This is an empty session likely due to the 302 redirection, redirect again (this is a bit of a hack).
-                                var url = req.url;
-                                if (url.indexOf('?') >= 0) { url += '&nmr=1'; } else { url += '?nmr=1'; } // Add this to the URL to prevent redirect loop.
-                                res.set('Content-Type', 'text/html');
-                                res.end('<html><head><meta http-equiv="refresh" content=0;url="' + url + '"></head><body></body></html>');
-                            } else {
-                                if (req.query.state != null) {
-                                    var c = obj.parent.decodeCookie(req.query.state, obj.parent.loginCookieEncryptionKey, 10); // 10 minute timeout
-                                    if ((c != null) && (c.p == 'reddit')) { domain.passport.authenticate('reddit-' + domain.id, { failureRedirect: '/' })(req, res, next); return; }
-                                }
-                                next();
-                            }
-                        }, handleStrategyLogin);
-                    }
-
                     // Azure
                     if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.azure) != 0) {
                         obj.app.get(url + 'auth-azure', function (req, res, next) {
@@ -7089,7 +7062,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
         twitter: 1,
         google: 2,
         github: 3,
-        reddit: 8,
+        reddit: 8, // Deprecated
         azure: 16,
         oidc: 32,
         saml: 64,
@@ -7162,23 +7135,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
             authStrategyFlags |= domainAuthStrategyConsts.github;
         }
 
-        // Reddit
-        if ((typeof domain.authstrategies.reddit == 'object') && (typeof domain.authstrategies.reddit.clientid == 'string') && (typeof domain.authstrategies.reddit.clientsecret == 'string')) {
-            const RedditStrategy = require('passport-reddit');
-            let options = { clientID: domain.authstrategies.reddit.clientid, clientSecret: domain.authstrategies.reddit.clientsecret };
-            if (typeof domain.authstrategies.reddit.callbackurl == 'string') { options.callbackURL = domain.authstrategies.reddit.callbackurl; } else { options.callbackURL = url + 'auth-reddit-callback'; }
-            parent.authLog('setupDomainAuthStrategy', 'Adding Reddit SSO with options: ' + JSON.stringify(options));
-            passport.use('reddit-' + domain.id, new RedditStrategy.Strategy(options,
-                function (token, tokenSecret, profile, cb) {
-                    parent.authLog('setupDomainAuthStrategy', 'Reddit profile: ' + JSON.stringify(profile));
-                    var user = { sid: '~reddit:' + profile.id, name: profile.name, strategy: 'reddit' };
-                    if ((typeof profile.emails == 'object') && (profile.emails[0] != null) && (typeof profile.emails[0].value == 'string')) { user.email = profile.emails[0].value; }
-                    return cb(null, user);
-                }
-            ));
-            authStrategyFlags |= domainAuthStrategyConsts.reddit;
-        }
-
         // Azure
         if ((typeof domain.authstrategies.azure == 'object') && (typeof domain.authstrategies.azure.clientid == 'string') && (typeof domain.authstrategies.azure.clientsecret == 'string')) {
             const AzureOAuth2Strategy = require('passport-azure-oauth2');