(function () {
"use strict";
-
- var recoverEmailText = "Follow this secure link to reset your password: " +
- "https://%@/%@/recover/reset/%@/%@";
- var systemErrorMessage = "A system error occurred. I'm very sorry about this, but I can't give " +
- "you any more details because I'm very cautious about security and this is a sensitive topic.";
-
/**
@name Auth
@class Auth
*/
var passport = require('passport'),
- url = require('url'),
- utils = require('../oauth2/utils');
+ url = require('url');
/**
Receives user authentication credentials and have passport do the authentication.
//passport.authenticate('local', { successReturnToOrRedirect: '/login/scope', failureRedirect: '/', failureFlash: 'Invalid username or password.' }),
passport.authenticate('local', { failureRedirect: '/?login=fail' }),
function (req, res, next) {
-
+ var pathName = "/app";
if (req && req.session && !req.session.oauth2 && req.session.passport && req.session.passport.user && req.session.passport.user.organization) {
- res.redirect("/" + req.session.passport.user.organization + '/app');
+ if (req.body.extensions) {
+ pathName = pathName + "?extensions=" + req.body.extensions;
+ }
+ if (req.body.hash && req.body.hash.charAt(0) === "#") {
+ pathName = pathName + req.body.hash;
+ }
+ res.redirect("/" + req.session.passport.user.organization + pathName);
//next();
} else {
exports.scopeForm(req, res, next);
res.render('login', { message: message, databases: X.options.datasource.databases });
};
- exports.forgotPasswordForm = function (req, res) {
- res.render('forgot_password', { message: [], databases: X.options.datasource.databases });
- };
-
- exports.recoverPassword = function (req, res) {
- var userCollection = new SYS.UserCollection(),
- email = req.body.email,
- database = req.body.database,
- errorMessage = "Cannot find email address",
- successMessage = "An email has been sent with password recovery instructions";
-
- if (!database || X.options.datasource.databases.indexOf(database) < 0) {
- // don't give away that this database exists (or not) to prying eyes
- res.render('forgot_password', { message: [errorMessage], databases: X.options.datasource.databases });
- return;
- }
-
- userCollection.fetch({
- query: {
- parameters: [{
- attribute: "email",
- value: email
- }]
- },
- database: database,
- username: X.options.databaseServer.user,
- success: function (collection, results, options) {
- var recoverModel,
- setRecovery,
- username;
-
- if (results.length === 0) {
- res.render('forgot_password', { message: [errorMessage], databases: X.options.datasource.databases });
- return;
- } else if (results.length > 1) {
- // quite a quandary
- // errorMessage = "Wasn't expecting to see multiple users with this email address";
- res.render('forgot_password', { message: [systemErrorMessage], databases: X.options.datasource.databases });
- return;
- }
- username = results[0].username;
- setRecovery = function () {
- //
- // We've initialized our recovery model. Now set and save it.
- //
- var uuid = utils.generateUUID(),
- salt = '$2a$10$' + (username.replace(/[^a-zA-Z0-9]/g, "") + "00000000000000000000000").substring(0, 22),
- uuidHash = X.bcrypt.hashSync(uuid, salt),
- now = new Date(),
- tomorrow = new Date(now.getTime() + 1000 * 60 * 60 * 24),
- attributes = {
- recoverUsername: username,
- hashedToken: uuidHash,
- accessed: false,
- reset: false,
- createdTimestamp: now,
- expiresTimestamp: tomorrow
- },
- saveSuccess = function () {
- //
- // We've saved our recovery model. Now send out an email.
- //
- var mailContent = {
- from: "no-reply@xtuple.com",
- to: email,
- subject: "xTuple password reset instructions",
- text: recoverEmailText.f(req.headers.host, database, username, uuid)
- };
- X.smtpTransport.sendMail(mailContent, function (err) {
- //
- // We've sent out the email. Now return to the user
- //
- if (err) {
- res.render('forgot_password', { message: [systemErrorMessage],
- databases: X.options.datasource.databases });
- return;
- }
- res.render('forgot_password', { message: [successMessage],
- databases: X.options.datasource.databases });
- });
- },
- saveError = function () {
- res.render('forgot_password', { message: [errorMessage], databases: X.options.datasource.databases });
- };
-
- recoverModel.set(attributes);
- recoverModel.save(null, {
- database: database,
- username: X.options.databaseServer.user,
- success: saveSuccess,
- error: saveError
- });
- };
- recoverModel = new SYS.Recover();
- recoverModel.on('change:id', setRecovery);
- recoverModel.initialize(null, {isNew: true, database: database});
- },
- error: function () {
- res.render('forgot_password', { message: [errorMessage], databases: X.options.datasource.databases });
- }
- });
- };
-
- exports.verifyRecoverPassword = function (req, res) {
- var username = req.params.username,
- uuid = req.params.token,
- database = req.params.org,
- coll = new SYS.RecoverCollection();
-
- coll.fetch({
- query: {
- parameters: [{
- attribute: "recoverUsername",
- value: username
- }]
- },
- database: req.params.org,
- username: X.options.databaseServer.user,
- success: function (collection, results, options) {
- var match;
-
- results.map(function (result) {
- var salt = '$2a$10$' + (username.replace(/[^a-zA-Z0-9]/g, "") + "00000000000000000000000").substring(0, 22),
- uuidHash = X.bcrypt.hashSync(uuid, salt);
-
- //var compare = X.bcrypt.compareSync(result.hashedToken, uuidHash); XXX why doesn't this work?
- if (result.hashedToken === uuidHash &&
- !result.accessed &&
- !result.reset &&
- new Date().getTime() < result.expiresTimestamp.getTime()) {
- match = result;
- }
- });
-
- if (!match) {
- // TODO: get the paths straight
- res.render('forgot_password', { message: [systemErrorMessage], databases: X.options.datasource.databases });
- return;
- }
-
- console.log(match);
-
- },
- error: function () {
- res.render('forgot_password', { message: [systemErrorMessage], databases: X.options.datasource.databases });
- }
- });
- };
/**
Logs out user by removing the session and sending the user to the login screen.
*/