hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
isekai-main
v1.18.x
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b24ce97602'
${ noResults }
nodebb/src/user/auth.js

149 lines
4.5 KiB
JavaScript
Raw Normal View History Unescape Escape

closes #1911
11 years ago
'use strict';
closes #4507
9 years ago
var async = require('async');
var winston = require('winston');
dont allow login with invalid ip, escape ip display on user/info page
7 years ago
var validator = require('validator');
feat: #7743, user/approval, user/auth
6 years ago
const util = require('util');
const _ = require('lodash');
closes #4507
9 years ago
var db = require('../database');
var meta = require('../meta');
var events = require('../events');
closes #4544
8 years ago
var batch = require('../batch');
proof of concept for #5740
8 years ago
var utils = require('../utils');
closed #1453
11 years ago
Fix space-before-function-paren linter rule
9 years ago
module.exports = function (User) {
closed #1453
11 years ago
User.auth = {};
feat: #7743, user/approval, user/auth
6 years ago
User.auth.logAttempt = async function (uid, ip) {
fix: logAttempt conditional
6 years ago
if (!(parseInt(uid, 10) > 0)) {
feat: #7743, user/approval, user/auth
6 years ago
return;
on login display invalid-login-credentials
8 years ago
}
feat: #7743, user/approval, user/auth
6 years ago
const exists = await db.exists('lockout:' + uid);
if (exists) {
throw new Error('[[error:account-locked]]');
}
const attempts = await db.increment('loginAttempts:' + uid);
if (attempts <= meta.config.loginAttempts) {
return await db.pexpire('loginAttempts:' + uid, 1000 * 60 * 60);
}
// Lock out the account
await db.set('lockout:' + uid, '');
var duration = 1000 * 60 * meta.config.lockoutDuration;
await db.delete('loginAttempts:' + uid);
await db.pexpire('lockout:' + uid, duration);
events.log({
type: 'account-locked',
uid: uid,
ip: ip,
});
throw new Error('[[error:account-locked]]');
closed #1453
11 years ago
};
feat: #7743, user/approval, user/auth
6 years ago
User.auth.getFeedToken = async function (uid) {
if (!(parseInt(uid, 10) > 0)) {
return;
}
var _token = await db.getObjectField('user:' + uid, 'rss_token');
const token = _token || utils.generateUUID();
if (!_token) {
await User.setUserField(uid, 'rss_token', token);
proof of concept for #5740
8 years ago
}
feat: #7743, user/approval, user/auth
6 years ago
return token;
proof of concept for #5740
8 years ago
};
feat: #7743, user/approval, user/auth
6 years ago
User.auth.clearLoginAttempts = async function (uid) {
await db.delete('loginAttempts:' + uid);
closed #1453
11 years ago
};
closes #1971
11 years ago
feat: #7743, user/approval, user/auth
6 years ago
User.auth.resetLockout = async function (uid) {
await db.deleteAll([
'loginAttempts:' + uid,
'lockout:' + uid,
]);
all your semi-colons are belongs to me
11 years ago
};
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <[email protected]> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <[email protected]> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <[email protected]> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
9 years ago
feat: #7743, user/approval, user/auth
6 years ago
User.auth.getSessions = async function (uid, curSessionId) {
const sids = await db.getSortedSetRevRange('uid:' + uid + ':sessions', 0, 19);
let sessions = await async.map(sids, db.sessionStore.get.bind(db.sessionStore));
sessions.forEach(function (sessionObj, idx) {
if (sessionObj && sessionObj.meta) {
sessionObj.meta.current = curSessionId === sids[idx];
}
});
// Revoke any sessions that have expired, return filtered list
var expiredSids = [];
var expired;
sessions = sessions.filter(function (sessionObj, idx) {
expired = !sessionObj || !sessionObj.hasOwnProperty('passport') ||
!sessionObj.passport.hasOwnProperty('user') ||
parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);
if (expired) {
expiredSids.push(sids[idx]);
}
return !expired;
});
await Promise.all(expiredSids.map(s => User.auth.revokeSession(s, uid)));
sessions = sessions.map(function (sessObj) {
if (sessObj.meta) {
sessObj.meta.datetimeISO = new Date(sessObj.meta.datetime).toISOString();
sessObj.meta.ip = validator.escape(String(sessObj.meta.ip));
}
return sessObj.meta;
}).filter(Boolean);
return sessions;
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <[email protected]> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <[email protected]> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <[email protected]> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
9 years ago
};
feat: #7743, user/approval, user/auth
6 years ago
User.auth.addSession = async function (uid, sessionId) {
fix: dont save data for non-positive uids
6 years ago
if (!(parseInt(uid, 10) > 0)) {
feat: #7743, user/approval, user/auth
6 years ago
return;
fix: dont save data for non-positive uids
6 years ago
}
feat: #7743, user/approval, user/auth
6 years ago
await db.sortedSetAdd('uid:' + uid + ':sessions', Date.now(), sessionId);
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <[email protected]> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <[email protected]> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <[email protected]> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
9 years ago
};
feat: #7743, user/approval, user/auth
6 years ago
const getSessionFromStore = util.promisify(function (sessionId, callback) {
db.sessionStore.get(sessionId, function (err, sessionObj) {
callback(err, sessionObj || null);
});
});
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <[email protected]> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <[email protected]> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <[email protected]> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
9 years ago
feat: #7743, user/approval, user/auth
6 years ago
User.auth.revokeSession = async function (sessionId, uid) {
winston.verbose('[user.auth] Revoking session ' + sessionId + ' for user ' + uid);
const sessionObj = await getSessionFromStore(sessionId);
if (sessionObj && sessionObj.meta && sessionObj.meta.uuid) {
await db.deleteObjectField('uid:' + uid + ':sessionUUID:sessionId', sessionObj.meta.uuid);
}
await async.parallel([
async.apply(db.sortedSetRemove, 'uid:' + uid + ':sessions', sessionId),
async.apply(db.sessionStore.destroy.bind(db.sessionStore), sessionId),
]);
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <[email protected]> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <[email protected]> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <[email protected]> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
9 years ago
};
feat: #7743, user/approval, user/auth
6 years ago
User.auth.revokeAllSessions = async function (uid) {
const sids = await db.getSortedSetRange('uid:' + uid + ':sessions', 0, -1);
const promises = sids.map(s => User.auth.revokeSession(s, uid));
await Promise.all(promises);
closes #3989 Squashed commit of the following: commit 23de0708708ed190eafbcd6ea93d43333cb87aa3 Author: Julian Lam <[email protected]> Date: Wed Dec 23 10:48:16 2015 -0500 wired up session revocation, #3989 commit 45a3f18321b74a9b6893d404b6c870f1ec4d95cd Author: Julian Lam <[email protected]> Date: Wed Dec 23 09:49:27 2015 -0500 session deletion via session uuid commit 2bf87338cf9bfa2df0b299639421d8da7553c69a Author: Julian Lam <[email protected]> Date: Tue Dec 22 13:53:35 2015 -0500 WIP #3989 commit 623f45c3fa8b96f8b6eec0613eb7f9463348ab93 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:22:24 2015 -0500 saving more metadata and displaying sessions in UCP #3989 commit d0567ed7cc33a1aea66e921b657f782038f32191 Author: Julian Lam <[email protected]> Date: Tue Dec 22 10:21:38 2015 -0500 updated fontawesome to v4.5.0 commit 7131c97fe8ab42838eb2915a04e74f80f3d9a133 Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:39:16 2015 -0500 saving user-agent metadata into user session #3989 commit 661b7e6dba774b80b5dc6d04f89a79f809ff791e Author: Julian Lam <[email protected]> Date: Tue Dec 22 09:23:24 2015 -0500 New user auth methods to add/revoke sessions, #3989
9 years ago
};
closes #4544
8 years ago
feat: #7743, user/approval, user/auth
6 years ago
User.auth.deleteAllSessions = async function () {
await batch.processSortedSet('users:joindate', async function (uids) {
const sessionKeys = uids.map(uid => 'uid:' + uid + ':sessions');
const sessionUUIDKeys = uids.map(uid => 'uid:' + uid + ':sessionUUID:sessionId');
const sids = _.flatten(await db.getSortedSetRange(sessionKeys, 0, -1));
await async.parallel([
async.apply(db.deleteAll, sessionKeys.concat(sessionUUIDKeys)),
closes #4544
8 years ago
function (next) {
feat: #7743, user/approval, user/auth
6 years ago
async.each(sids, function (sid, next) {
db.sessionStore.destroy(sid, next);
}, next);
ESlint comma-dangle
8 years ago
},
feat: #7743, user/approval, user/auth
6 years ago
]);
}, { batch: 1000 });
closes #4544
8 years ago
};
ESlint eol-last
8 years ago
};