(function(Auth) { "use strict"; var passport = require('passport'), passportLocal = require('passport-local').Strategy, nconf = require('nconf'), Password = require('../password'), winston = require('winston'), async = require('async'), express = require('express'), meta = require('../meta'), user = require('../user'), plugins = require('../plugins'), db = require('../database'), hotswap = require('../hotswap'), utils = require('../../public/src/utils'), loginStrategies = []; Auth.initialize = function(app, middleware) { app.use(passport.initialize()); app.use(passport.session()); Auth.app = app; Auth.middleware = middleware; }; Auth.getLoginStrategies = function() { return loginStrategies; }; Auth.reloadRoutes = function(callback) { var router = express.Router(); router.hotswapId = 'auth'; plugins.ready(function() { loginStrategies.length = 0; plugins.fireHook('filter:auth.init', loginStrategies, function(err) { if (err) { winston.error('filter:auth.init - plugin failure'); return callback(err); } loginStrategies.forEach(function(strategy) { if (strategy.url) { router.get(strategy.url, passport.authenticate(strategy.name, { scope: strategy.scope })); } router.get(strategy.callbackURL, passport.authenticate(strategy.name, { successReturnToOrRedirect: nconf.get('relative_path') + '/', failureRedirect: nconf.get('relative_path') + '/login' })); }); router.post('/logout', logout); router.post('/register', Auth.middleware.applyCSRF, register); router.post('/login', Auth.middleware.applyCSRF, login); hotswap.replace('auth', router); if (typeof callback === 'function') { callback(); } }); }); }; Auth.login = function(username, password, next) { if (!username || !password) { return next(new Error('[[error:invalid-password]]')); } var userslug = utils.slugify(username); var uid; async.waterfall([ function(next) { user.getUidByUserslug(userslug, next); }, function(_uid, next) { if (!_uid) { return next(null, false, '[[error:no-user]]'); } uid = _uid; user.auth.logAttempt(uid, next); }, function(next) { db.getObjectFields('user:' + uid, ['password', 'banned'], next); }, function(userData, next) { if (!userData || !userData.password) { return next(new Error('[[error:invalid-user-data]]')); } if (userData.banned && parseInt(userData.banned, 10) === 1) { return next(null, false, '[[error:user-banned]]'); } Password.compare(password, userData.password, next); }, function(passwordMatch, next) { if (!passwordMatch) { return next(null, false, '[[error:invalid-password]]'); } user.auth.clearLoginAttempts(uid); next(null, {uid: uid}, '[[success:authentication-successful]]'); } ], next); }; passport.use(new passportLocal(Auth.login)); passport.serializeUser(function(user, done) { done(null, user.uid); }); passport.deserializeUser(function(uid, done) { done(null, { uid: uid }); }); function login(req, res, next) { if (parseInt(meta.config.allowLocalLogin, 10) === 0) { return res.status(404).send(''); } // Handle returnTo data if (req.body.hasOwnProperty('returnTo') && !req.session.returnTo) { req.session.returnTo = req.body.returnTo; } if (req.body.username && utils.isEmailValid(req.body.username)) { user.getUsernameByEmail(req.body.username, function(err, username) { if (err) { return next(err); } req.body.username = username ? username : req.body.username; continueLogin(req, res, next); }); } else { continueLogin(req, res, next); } } function continueLogin(req, res, next) { passport.authenticate('local', function(err, userData, info) { if (err) { req.flash('error', info); return res.redirect(nconf.get('relative_path') + '/login'); } if (!userData) { if (typeof info === 'object') { info = '[[error:invalid-username-or-password]]'; } req.flash('error', info); return res.redirect(nconf.get('relative_path') + '/login'); } // Alter user cookie depending on passed-in option if (req.body.remember === 'on') { var duration = 1000*60*60*24*parseInt(meta.config.loginDays || 14, 10); req.session.cookie.maxAge = duration; req.session.cookie.expires = new Date(Date.now() + duration); } else { req.session.cookie.maxAge = false; req.session.cookie.expires = false; } req.login({ uid: userData.uid }, function(err) { if (err) { req.flash('error', err.message); return res.redirect(nconf.get('relative_path') + '/login'); } if (userData.uid) { user.logIP(userData.uid, req.ip); plugins.fireHook('action:user.loggedIn', userData.uid); } if (!req.session.returnTo) { res.redirect(nconf.get('relative_path') + '/'); } else { var next = req.session.returnTo; delete req.session.returnTo; res.redirect(nconf.get('relative_path') + next); } }); })(req, res, next); } function register(req, res) { if (parseInt(meta.config.allowRegistration, 10) === 0) { return res.status(403).send(''); } var userData = {}; for (var key in req.body) { if (req.body.hasOwnProperty(key)) { userData[key] = req.body[key]; } } if (!userData.username || userData.username.length < meta.config.minimumUsernameLength) { return res.redirect(nconf.get('relative_path') + '/register?error=[[error:username-too-short]]'); } else if (!userData.username || userData.username.length > meta.config.maximumUsernameLength) { return res.redirect(nconf.get('relative_path') + '/register?error=[[error:username-too-long]]'); } var uid; async.waterfall([ function(next) { plugins.fireHook('filter:register.check', {req: req, res: res, userData: userData}, next); }, function(data, next) { user.create(data.userData, next); }, function(_uid, next) { uid = _uid; req.login({uid: uid}, next); }, function(next) { user.logIP(uid, req.ip); require('../socket.io').emitUserCount(); user.notifications.sendWelcomeNotification(uid); plugins.fireHook('filter:register.complete', {uid: uid, referrer: req.body.referrer}, next); } ], function(err, data) { if (err) { return res.redirect(nconf.get('relative_path') + '/register?error=' + err.message); } res.redirect(nconf.get('relative_path') + (data.referrer ? data.referrer : '/')); }); } function logout(req, res) { if (req.user && parseInt(req.user.uid, 10) > 0) { require('../socket.io').logoutUser(req.user.uid); req.logout(); } res.status(200).send(''); } }(exports));