modules/users/server/controllers/users/users.authentication.server.controller.js

'use strict';

/**
 * Module dependencies.
 */
var path = require('path'),
	errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')),
	mongoose = require('mongoose'),
	passport = require('passport'),
	User = mongoose.model('User');

// URLs for which user can't be redirected on signin
var noReturnUrls = [
	'/authentication/signin',
	'/authentication/signup'
];

/**
 * Signup
 */
exports.signup = function (req, res) {
	// For security measurement we remove the roles from the req.body object
	delete req.body.roles;

	// Init Variables
	var user = new User(req.body);
	var message = null;

	// Add missing user fields
	user.provider = 'local';
	user.displayName = user.firstName + ' ' + user.lastName;

	// Then save the user
	user.save(function (err) {
		if (err) {
			return res.status(400).send({
				message: errorHandler.getErrorMessage(err)
			});
		} else {
			// Remove sensitive data before login
			user.password = undefined;
			user.salt = undefined;

			req.login(user, function (err) {
				if (err) {
					res.status(400).send(err);
				} else {
					res.json(user);
				}
			});
		}
	});
};

/**
 * Signin after passport authentication
 */
exports.signin = function (req, res, next) {
	passport.authenticate('local', function (err, user, info) {
		if (err || !user) {
			res.status(400).send(info);
		} else {
			// Remove sensitive data before login
			user.password = undefined;
			user.salt = undefined;

			req.login(user, function (err) {
				if (err) {
					res.status(400).send(err);
				} else {
					res.json(user);
				}
			});
		}
	})(req, res, next);
};

/**
 * Signout
 */
exports.signout = function (req, res) {
	req.logout();
	res.redirect('/');
};

/**
 * OAuth provider call
 */
exports.oauthCall = function(strategy, scope) {
	return function(req, res, next) {
		// Set redirection path on session.
		// Do not redirect to a signin or signup page
		if (noReturnUrls.indexOf(req.query.redirect_to) === -1) {
			req.session.redirect_to = req.query.redirect_to;
		}
		// Authenticate
		passport.authenticate(strategy, scope)(req, res, next);
	};
};

/**
 * OAuth callback
 */
exports.oauthCallback = function (strategy) {
	return function (req, res, next) {
		// Pop redirect URL from session
		var sessionRedirectURL = req.session.redirect_to;
		delete req.session.redirect_to;

		passport.authenticate(strategy, function (err, user, redirectURL) {
			if (err) {
				return res.redirect('/authentication/signin?err=' + encodeURIComponent(errorHandler.getErrorMessage(err)));
			}
			if (!user) {
				return res.redirect('/authentication/signin');
			}
			req.login(user, function (err) {
				if (err) {
					return res.redirect('/authentication/signin');
				}

				return res.redirect(redirectURL || sessionRedirectURL || '/');
			});
		})(req, res, next);
	};
};

/**
 * Helper function to save or update a OAuth user profile
 */
exports.saveOAuthUserProfile = function (req, providerUserProfile, done) {
	if (!req.user) {
		// Define a search query fields
		var searchMainProviderIdentifierField = 'providerData.' + providerUserProfile.providerIdentifierField;
		var searchAdditionalProviderIdentifierField = 'additionalProvidersData.' + providerUserProfile.provider + '.' + providerUserProfile.providerIdentifierField;

		// Define main provider search query
		var mainProviderSearchQuery = {};
		mainProviderSearchQuery.provider = providerUserProfile.provider;
		mainProviderSearchQuery[searchMainProviderIdentifierField] = providerUserProfile.providerData[providerUserProfile.providerIdentifierField];

		// Define additional provider search query
		var additionalProviderSearchQuery = {};
		additionalProviderSearchQuery[searchAdditionalProviderIdentifierField] = providerUserProfile.providerData[providerUserProfile.providerIdentifierField];

		// Define a search query to find existing user with current provider profile
		var searchQuery = {
			$or: [mainProviderSearchQuery, additionalProviderSearchQuery]
		};

		User.findOne(searchQuery, function (err, user) {
			if (err) {
				return done(err);
			} else {
				if (!user) {
					var possibleUsername = providerUserProfile.username || ((providerUserProfile.email) ? providerUserProfile.email.split('@')[0] : '');

					User.findUniqueUsername(possibleUsername, null, function (availableUsername) {
						user = new User({
							firstName: providerUserProfile.firstName,
							lastName: providerUserProfile.lastName,
							username: availableUsername,
							displayName: providerUserProfile.displayName,
							email: providerUserProfile.email,
							profileImageURL: providerUserProfile.profileImageURL,
							provider: providerUserProfile.provider,
							providerData: providerUserProfile.providerData
						});

						// And save the user
						user.save(function (err) {
							return done(err, user);
						});
					});
				} else {
					return done(err, user);
				}
			}
		});
	} else {
		// User is already logged in, join the provider data to the existing user
		var user = req.user;

		// Check if user exists, is not signed in using this provider, and doesn't have that provider data already configured
		if (user.provider !== providerUserProfile.provider && (!user.additionalProvidersData || !user.additionalProvidersData[providerUserProfile.provider])) {
			// Add the provider data to the additional provider data field
			if (!user.additionalProvidersData) user.additionalProvidersData = {};
			user.additionalProvidersData[providerUserProfile.provider] = providerUserProfile.providerData;

			// Then tell mongoose that we've updated the additionalProvidersData field
			user.markModified('additionalProvidersData');

			// And save the user
			user.save(function (err) {
				return done(err, user, '/settings/accounts');
			});
		} else {
			return done(new Error('User is already connected using this provider'), user);
		}
	}
};

/**
 * Remove OAuth provider
 */
exports.removeOAuthProvider = function (req, res, next) {
	var user = req.user;
	var provider = req.query.provider;

	if (!user) {
		return res.status(401).json({
			message: 'User is not authenticated'
		});
	} else if (!provider) {
		return res.status(400).send();
	}

	// Delete the additional provider
	if (user.additionalProvidersData[provider]) {
		delete user.additionalProvidersData[provider];

		// Then tell mongoose that we've updated the additionalProvidersData field
		user.markModified('additionalProvidersData');
	}

	user.save(function (err) {
		if (err) {
			return res.status(400).send({
				message: errorHandler.getErrorMessage(err)
			});
		} else {
			req.login(user, function (err) {
				if (err) {
					return res.status(400).send(err);
				} else {
					return res.json(user);
				}
			});
		}
	});
};
Adding Password Reset 2014-07-31 11:27:14 +03:00			`'use strict';`

			`/**`
			`* Module dependencies.`
			`*/`
Remove more unused requires 2015-04-23 17:51:58 +01:00			`var path = require('path'),`
New 0.4 version 2014-11-10 23:12:33 +02:00			`errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')),`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`mongoose = require('mongoose'),`
			`passport = require('passport'),`
			`User = mongoose.model('User');`

Enable redirection to previous page after login Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user. 2015-03-22 11:47:14 -03:00			`// URLs for which user can't be redirected on signin`
			`var noReturnUrls = [`
			`'/authentication/signin',`
			`'/authentication/signup'`
			`];`

Adding Password Reset 2014-07-31 11:27:14 +03:00			`/**`
			`* Signup`
			`*/`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`exports.signup = function (req, res) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`// For security measurement we remove the roles from the req.body object`
			`delete req.body.roles;`

			`// Init Variables`
			`var user = new User(req.body);`
			`var message = null;`

			`// Add missing user fields`
			`user.provider = 'local';`
			`user.displayName = user.firstName + ' ' + user.lastName;`

Add newlines to ends of files 2015-02-07 12:31:07 -08:00			`// Then save the user`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`user.save(function (err) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`if (err) {`
Update 0.3.2 2014-08-02 21:29:38 +03:00			`return res.status(400).send({`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`message: errorHandler.getErrorMessage(err)`
			`});`
			`} else {`
			`// Remove sensitive data before login`
			`user.password = undefined;`
			`user.salt = undefined;`

bug: remove social account. 2015-07-09 13:49:48 -04:00			`req.login(user, function (err) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`if (err) {`
Update 0.3.2 2014-08-02 21:29:38 +03:00			`res.status(400).send(err);`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`} else {`
disabling JSONP from controllers and commenting out from expressjs configuration, allowing users to enable if they need to 2014-10-14 20:24:28 +03:00			`res.json(user);`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`}`
			`});`
			`}`
			`});`
			`};`

			`/**`
			`* Signin after passport authentication`
			`*/`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`exports.signin = function (req, res, next) {`
			`passport.authenticate('local', function (err, user, info) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`if (err \|\| !user) {`
Update 0.3.2 2014-08-02 21:29:38 +03:00			`res.status(400).send(info);`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`} else {`
			`// Remove sensitive data before login`
			`user.password = undefined;`
			`user.salt = undefined;`

bug: remove social account. 2015-07-09 13:49:48 -04:00			`req.login(user, function (err) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`if (err) {`
Update 0.3.2 2014-08-02 21:29:38 +03:00			`res.status(400).send(err);`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`} else {`
disabling JSONP from controllers and commenting out from expressjs configuration, allowing users to enable if they need to 2014-10-14 20:24:28 +03:00			`res.json(user);`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`}`
			`});`
			`}`
			`})(req, res, next);`
			`};`

			`/**`
			`* Signout`
			`*/`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`exports.signout = function (req, res) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`req.logout();`
			`res.redirect('/');`
			`};`

Enable redirection to previous page after login Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user. 2015-03-22 11:47:14 -03:00			`/**`
			`* OAuth provider call`
			`*/`
			`exports.oauthCall = function(strategy, scope) {`
			`return function(req, res, next) {`
			`// Set redirection path on session.`
			`// Do not redirect to a signin or signup page`
			`if (noReturnUrls.indexOf(req.query.redirect_to) === -1) {`
			`req.session.redirect_to = req.query.redirect_to;`
			`}`
			`// Authenticate`
			`passport.authenticate(strategy, scope)(req, res, next);`
			`};`
			`};`

Adding Password Reset 2014-07-31 11:27:14 +03:00			`/**`
			`* OAuth callback`
			`*/`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`exports.oauthCallback = function (strategy) {`
			`return function (req, res, next) {`
Enable redirection to previous page after login Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user. 2015-03-22 11:47:14 -03:00			`// Pop redirect URL from session`
			`var sessionRedirectURL = req.session.redirect_to;`
			`delete req.session.redirect_to;`

bug: remove social account. 2015-07-09 13:49:48 -04:00			`passport.authenticate(strategy, function (err, user, redirectURL) {`
Make emails unique Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter. 2015-02-28 19:09:12 -03:00			`if (err) {`
			`return res.redirect('/authentication/signin?err=' + encodeURIComponent(errorHandler.getErrorMessage(err)));`
			`}`
			`if (!user) {`
			`return res.redirect('/authentication/signin');`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`}`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`req.login(user, function (err) {`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`if (err) {`
Make emails unique Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter. 2015-02-28 19:09:12 -03:00			`return res.redirect('/authentication/signin');`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`}`

Enable redirection to previous page after login Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user. 2015-03-22 11:47:14 -03:00			`return res.redirect(redirectURL \|\| sessionRedirectURL \|\| '/');`
Adding Password Reset 2014-07-31 11:27:14 +03:00			`});`
			`})(req, res, next);`
			`};`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`};`

			`/**`
			`* Helper function to save or update a OAuth user profile`
			`*/`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`exports.saveOAuthUserProfile = function (req, providerUserProfile, done) {`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`if (!req.user) {`
			`// Define a search query fields`
			`var searchMainProviderIdentifierField = 'providerData.' + providerUserProfile.providerIdentifierField;`
			`var searchAdditionalProviderIdentifierField = 'additionalProvidersData.' + providerUserProfile.provider + '.' + providerUserProfile.providerIdentifierField;`

			`// Define main provider search query`
			`var mainProviderSearchQuery = {};`
			`mainProviderSearchQuery.provider = providerUserProfile.provider;`
			`mainProviderSearchQuery[searchMainProviderIdentifierField] = providerUserProfile.providerData[providerUserProfile.providerIdentifierField];`

			`// Define additional provider search query`
			`var additionalProviderSearchQuery = {};`
			`additionalProviderSearchQuery[searchAdditionalProviderIdentifierField] = providerUserProfile.providerData[providerUserProfile.providerIdentifierField];`

			`// Define a search query to find existing user with current provider profile`
			`var searchQuery = {`
			`$or: [mainProviderSearchQuery, additionalProviderSearchQuery]`
			`};`

bug: remove social account. 2015-07-09 13:49:48 -04:00			`User.findOne(searchQuery, function (err, user) {`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`if (err) {`
			`return done(err);`
			`} else {`
			`if (!user) {`
			`var possibleUsername = providerUserProfile.username \|\| ((providerUserProfile.email) ? providerUserProfile.email.split('@')[0] : '');`

bug: remove social account. 2015-07-09 13:49:48 -04:00			`User.findUniqueUsername(possibleUsername, null, function (availableUsername) {`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`user = new User({`
			`firstName: providerUserProfile.firstName,`
			`lastName: providerUserProfile.lastName,`
			`username: availableUsername,`
			`displayName: providerUserProfile.displayName,`
			`email: providerUserProfile.email,`
New 0.4 version 2014-11-10 23:12:33 +02:00			`profileImageURL: providerUserProfile.profileImageURL,`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`provider: providerUserProfile.provider,`
			`providerData: providerUserProfile.providerData`
			`});`

			`// And save the user`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`user.save(function (err) {`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`return done(err, user);`
			`});`
			`});`
			`} else {`
			`return done(err, user);`
			`}`
			`}`
			`});`
			`} else {`
			`// User is already logged in, join the provider data to the existing user`
			`var user = req.user;`

			`// Check if user exists, is not signed in using this provider, and doesn't have that provider data already configured`
			`if (user.provider !== providerUserProfile.provider && (!user.additionalProvidersData \|\| !user.additionalProvidersData[providerUserProfile.provider])) {`
			`// Add the provider data to the additional provider data field`
			`if (!user.additionalProvidersData) user.additionalProvidersData = {};`
			`user.additionalProvidersData[providerUserProfile.provider] = providerUserProfile.providerData;`

			`// Then tell mongoose that we've updated the additionalProvidersData field`
			`user.markModified('additionalProvidersData');`

			`// And save the user`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`user.save(function (err) {`
removed /#! in user controllers Resolved 0.4.0 related conflicts: modules/users/server/controllers/users/users.authentication.server.controller.js 2015-07-25 00:39:12 +03:00			`return done(err, user, '/settings/accounts');`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`});`
			`} else {`
			`return done(new Error('User is already connected using this provider'), user);`
			`}`
			`}`
			`};`

			`/**`
			`* Remove OAuth provider`
			`*/`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`exports.removeOAuthProvider = function (req, res, next) {`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`var user = req.user;`
bug: remove social account. 2015-07-09 13:49:48 -04:00			`var provider = req.query.provider;`
Fix menu service defaults 2014-08-05 15:35:49 +03:00
bug: remove social account. 2015-07-09 13:49:48 -04:00			`if (!user) {`
			`return res.status(401).json({`
			`message: 'User is not authenticated'`
			`});`
			`} else if (!provider) {`
			`return res.status(400).send();`
			`}`
Fix menu service defaults 2014-08-05 15:35:49 +03:00
bug: remove social account. 2015-07-09 13:49:48 -04:00			`// Delete the additional provider`
			`if (user.additionalProvidersData[provider]) {`
			`delete user.additionalProvidersData[provider];`
Fix menu service defaults 2014-08-05 15:35:49 +03:00
bug: remove social account. 2015-07-09 13:49:48 -04:00			`// Then tell mongoose that we've updated the additionalProvidersData field`
			`user.markModified('additionalProvidersData');`
Fix menu service defaults 2014-08-05 15:35:49 +03:00			`}`
bug: remove social account. 2015-07-09 13:49:48 -04:00
			`user.save(function (err) {`
			`if (err) {`
			`return res.status(400).send({`
			`message: errorHandler.getErrorMessage(err)`
			`});`
			`} else {`
			`req.login(user, function (err) {`
			`if (err) {`
			`return res.status(400).send(err);`
			`} else {`
			`return res.json(user);`
			`}`
			`});`
			`}`
			`});`
Update users.authentication.server.controller.js 2015-07-09 15:44:38 -04:00			`};`