From 506c34a84dc5753dc663fa46ffbb563a7a9dce34 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 22 Oct 2021 15:56:31 -0400 Subject: [PATCH] refactor: simplified utilities API > login rout Removed continueLogin override in favour of a simpler `redirectAfterLogin` override Use passport to authenticate username and password instead of duplicated logic. --- src/controllers/authentication.js | 24 +++++++++++++----------- src/controllers/write/utilities.js | 29 +++-------------------------- 2 files changed, 16 insertions(+), 37 deletions(-) diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js index d0c066056d..e970f895cd 100644 --- a/src/controllers/authentication.js +++ b/src/controllers/authentication.js @@ -259,7 +259,7 @@ authenticationController.login = async (req, res, next) => { } } if (isEmailLogin || isUsernameLogin) { - (res.locals.continueLogin || continueLogin)(strategy, req, res, next); + continueLogin(strategy, req, res, next); } else { errorHandler(req, res, `[[error:wrong-login-type-${loginWith}]]`, 400); } @@ -303,9 +303,7 @@ function continueLogin(strategy, req, res, next) { req.session.passwordExpired = true; const code = await user.reset.generate(userData.uid); - res.status(200).send({ - next: `${nconf.get('relative_path')}/reset/${code}`, - }); + (res.locals.redirectAfterLogin || redirectAfterLogin)(req, res, `${nconf.get('relative_path')}/reset/${code}`); } else { delete req.query.lang; await authenticationController.doLogin(req, userData.uid); @@ -319,17 +317,21 @@ function continueLogin(strategy, req, res, next) { destination = `${nconf.get('relative_path')}/`; } - if (req.body.noscript === 'true') { - res.redirect(`${destination}?loggedin`); - } else { - res.status(200).send({ - next: destination, - }); - } + (res.locals.redirectAfterLogin || redirectAfterLogin)(req, res, destination); } })(req, res, next); } +function redirectAfterLogin(req, res, destination) { + if (req.body.noscript === 'true') { + res.redirect(`${destination}?loggedin`); + } else { + res.status(200).send({ + next: destination, + }); + } +} + authenticationController.doLogin = async function (req, uid) { if (!uid) { return; diff --git a/src/controllers/write/utilities.js b/src/controllers/write/utilities.js index 5e5326c8a7..27df1b2ad7 100644 --- a/src/controllers/write/utilities.js +++ b/src/controllers/write/utilities.js @@ -2,7 +2,6 @@ const user = require('../../user'); const authenticationController = require('../authentication'); -const slugify = require('../../slugify'); const helpers = require('../helpers'); const Utilities = module.exports; @@ -22,31 +21,9 @@ Utilities.ping.post = (req, res) => { }; Utilities.login = (req, res) => { - res.locals.continueLogin = async (strategy, req, res) => { - const { username, password, session } = req.body; - - const userslug = slugify(username); - const uid = await user.getUidByUserslug(userslug); - let ok = false; - try { - ok = await user.isPasswordCorrect(uid, password, req.ip); - } catch (err) { - if (err.message === '[[error:account-locked]]') { - return helpers.formatApiResponse(429, res, err); - } - } - - if (ok) { - const userData = (await user.getUsers([uid], uid)).pop(); - - if (parseInt(session, 10) === 1) { - await authenticationController.doLogin(req, userData.uid); - } - - helpers.formatApiResponse(200, res, userData); - } else { - helpers.formatApiResponse(403, res); - } + res.locals.redirectAfterLogin = async (req, res) => { + const userData = (await user.getUsers([req.uid], req.uid)).pop(); + helpers.formatApiResponse(200, res, userData); }; res.locals.noScriptErrors = (req, res, err, statusCode) => { helpers.formatApiResponse(statusCode, res, new Error(err));