refactor: simplified utilities API > login rout

Removed continueLogin override in favour of a simpler `redirectAfterLogin` override Use passport to authenticate username and password instead of duplicated logic.
4 years ago · 506c34a84d
parent 6b4f35c2fa
commit 506c34a84d
2 changed files with 16 additions and 37 deletions
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@ -259,7 +259,7 @@ authenticationController.login = async (req, res, next) => {
 			}
 		}
 		if (isEmailLogin || isUsernameLogin) {
-			(res.locals.continueLogin || continueLogin)(strategy, req, res, next);
+			continueLogin(strategy, req, res, next);
 		} else {
 			errorHandler(req, res, `[[error:wrong-login-type-${loginWith}]]`, 400);
 		}
@ -303,9 +303,7 @@ function continueLogin(strategy, req, res, next) {
 			req.session.passwordExpired = true;
 			const code = await user.reset.generate(userData.uid);
-			res.status(200).send({
+			(res.locals.redirectAfterLogin || redirectAfterLogin)(req, res, `${nconf.get('relative_path')}/reset/${code}`);
 				next: `${nconf.get('relative_path')}/reset/${code}`,
 			});
 		} else {
 			delete req.query.lang;
 			await authenticationController.doLogin(req, userData.uid);
@ -319,17 +317,21 @@ function continueLogin(strategy, req, res, next) {
 				destination = `${nconf.get('relative_path')}/`;
 			}
-			if (req.body.noscript === 'true') {
+			(res.locals.redirectAfterLogin || redirectAfterLogin)(req, res, destination);
 				res.redirect(`${destination}?loggedin`);
 			} else {
 				res.status(200).send({
 					next: destination,
 				});
 			}
 		}
 	})(req, res, next);
 }
 function redirectAfterLogin(req, res, destination) {
 	if (req.body.noscript === 'true') {
 		res.redirect(`${destination}?loggedin`);
 	} else {
 		res.status(200).send({
 			next: destination,
 		});
 	}
 }
 authenticationController.doLogin = async function (req, uid) {
 	if (!uid) {
 		return;
--- a/src/controllers/write/utilities.js
+++ b/src/controllers/write/utilities.js
@ -2,7 +2,6 @@
 const user = require('../../user');
 const authenticationController = require('../authentication');
 const slugify = require('../../slugify');
 const helpers = require('../helpers');
 const Utilities = module.exports;
@ -22,31 +21,9 @@ Utilities.ping.post = (req, res) => {
 };
 Utilities.login = (req, res) => {
-	res.locals.continueLogin = async (strategy, req, res) => {
+	res.locals.redirectAfterLogin = async (req, res) => {
-		const { username, password, session } = req.body;
+		const userData = (await user.getUsers([req.uid], req.uid)).pop();
-
+		helpers.formatApiResponse(200, res, userData);
 		const userslug = slugify(username);
 		const uid = await user.getUidByUserslug(userslug);
 		let ok = false;
 		try {
 			ok = await user.isPasswordCorrect(uid, password, req.ip);
 		} catch (err) {
 			if (err.message === '[[error:account-locked]]') {
 				return helpers.formatApiResponse(429, res, err);
 			}
 		}
 		if (ok) {
 			const userData = (await user.getUsers([uid], uid)).pop();
 			if (parseInt(session, 10) === 1) {
 				await authenticationController.doLogin(req, userData.uid);
 			}
 			helpers.formatApiResponse(200, res, userData);
 		} else {
 			helpers.formatApiResponse(403, res);
 		}
 	};
 	res.locals.noScriptErrors = (req, res, err, statusCode) => {
 		helpers.formatApiResponse(statusCode, res, new Error(err));