river-of-ebooks/config/protocols.js

// Passport protocol configurations
const crypto = require('crypto')
const base64URL = require('base64url')

module.exports.protocols = {
  local: {
    /**
     * Validate a login request
     *
     * Looks up a user using the supplied identifier (email or username) and then
     * attempts to find a local Passport associated with the user. If a Passport is
     * found, its password is checked against the password supplied in the form.
     *
     * @param {Object}   req
     * @param {string}   identifier
     * @param {string}   password
     * @param {Function} next
     */
    login: async function (req, identifier, password, next) {
      if (!validateEmail(identifier)) {
        return next(new Error('invalid email address'), false)
      }
      try {
        const user = await User.findOne({
          email: identifier
        })
        if (!user) throw new Error('an account with that email was not found')

        const passport = await Passport.findOne({
          protocol: 'local',
          user: user.id
        })
        if (passport) {
          const res = await Passport.validatePassword(password, passport)
          if (!res) throw new Error('incorrect password')
          return next(null, user)
        } else {
          throw new Error('that account does not have password login enabled')
        }
      } catch (e) {
        return next(e, false)
      }
    },
    register: async function (user, next) {
      try {
        const token = generateToken()
        const password = user.password
        if (!password.length) throw new Error('password cannot be blank')
        delete user.password

        const newUser = await User.create(user).fetch()
        try {
          await Passport.create({
            protocol: 'local',
            password,
            user: newUser.id,
            accesstoken: token
          })
          return next(null, token)
        } catch (e) {
          await User.destroy(newUser.id)
          throw e
        }
      } catch (e) {
        return next(e)
      }
    },
    update: async function (user, next) {
      try {
        const dbUser = await User.findOne({
          id: user.id
        })
        if (!dbUser) throw new Error('An account with that id was not found.')

        const passport = await Passport.findOne({
          protocol: 'local',
          user: user.id
        })
        if (!user.currentPassword && passport) throw new Error('Please enter your current password.')
        if (passport) {
          const res = await Passport.validatePassword(user.currentPassword, passport)
          if (!res) throw new Error('incorrect password')

          const otherUser = await User.findOne({ email: user.email })
          if (otherUser && otherUser.id !== dbUser.id) throw new Error('There is already an account with that email.')
          await User.update({ id: user.id }, {
            email: user.email
          })
          if (user.password && user.password.length) {
            await Passport.update({ id: passport.id }, {
              password: user.password
            })
          }
        } else { // no password yet, add one
          const otherUser = await User.findOne({ email: user.email })
          if (otherUser && otherUser.id !== dbUser.id) throw new Error('There is already an account with that email.')
          await User.update({ id: user.id }, {
            email: user.email
          })
          if (user.password && user.password.length) {
            const token = generateToken()
            await Passport.create({
              protocol: 'local',
              password: user.password,
              user: dbUser.id,
              accesstoken: token
            })
          }
        }
        delete dbUser.password
        next(null, dbUser)
      } catch (e) {
        return next(e)
      }
    },
    connect: async function (req, res, next) {
      try {
        const user = req.user
        const password = req.param('password')

        const pass = await Passport.findOne({
          protocol: 'local',
          user: user.id
        })
        if (!pass) {
          await Passport.create({
            protocol: 'local',
            password,
            user: user.id
          })
        } else {
          return next(null, user)
        }
      } catch (e) {
        return next(e)
      }
    }
  },
  oauth2: {
    login: async function (req, accessToken, refreshToken, profile, next) {
      try {
        const passportHelper = await sails.helpers.passport()
        await passportHelper.connect(req, {
          tokens: {
            accessToken,
            refreshToken
          },
          identifier: profile.id,
          protocol: 'oauth2'
        }, profile, next)
      } catch (e) {
        return next(e, false)
      }
    }
  }
}

const EMAIL_REGEX = /^(([^<>()[\].,;:\s@"]+(\.[^<>()[\].,;:\s@"]+)*)|(".+"))@(([^<>()[\].,;:\s@"]+\.)+[^<>()[\].,;:\s@"]{2,})$/i

function validateEmail (email) {
  return EMAIL_REGEX.test(email)
}

function generateToken () {
  return base64URL(crypto.randomBytes(48))
}
test 2018-11-02 00:21:36 +00:00			`// Passport protocol configurations`
standardify 2018-11-07 20:06:36 +00:00			`const crypto = require('crypto')`
			`const base64URL = require('base64url')`
test 2018-11-02 00:21:36 +00:00
			`module.exports.protocols = {`
			`local: {`
			`/**`
			`* Validate a login request`
			`*`
			`* Looks up a user using the supplied identifier (email or username) and then`
			`* attempts to find a local Passport associated with the user. If a Passport is`
			`* found, its password is checked against the password supplied in the form.`
			`*`
			`* @param {Object} req`
			`* @param {string} identifier`
			`* @param {string} password`
			`* @param {Function} next`
			`*/`
			`login: async function (req, identifier, password, next) {`
			`if (!validateEmail(identifier)) {`
standardify 2018-11-07 20:06:36 +00:00			`return next(new Error('invalid email address'), false)`
test 2018-11-02 00:21:36 +00:00			`}`
			`try {`
			`const user = await User.findOne({`
			`email: identifier`
standardify 2018-11-07 20:06:36 +00:00			`})`
Revert "merge #18, #19, #20, #23, #25" 2018-11-12 22:12:16 +00:00			`if (!user) throw new Error('an account with that email was not found')`
test 2018-11-02 00:21:36 +00:00
			`const passport = await Passport.findOne({`
			`protocol: 'local',`
			`user: user.id`
standardify 2018-11-07 20:06:36 +00:00			`})`
test 2018-11-02 00:21:36 +00:00			`if (passport) {`
standardify 2018-11-07 20:06:36 +00:00			`const res = await Passport.validatePassword(password, passport)`
Revert "merge #18, #19, #20, #23, #25" 2018-11-12 22:12:16 +00:00			`if (!res) throw new Error('incorrect password')`
standardify 2018-11-07 20:06:36 +00:00			`return next(null, user)`
test 2018-11-02 00:21:36 +00:00			`} else {`
standardify 2018-11-07 20:06:36 +00:00			`throw new Error('that account does not have password login enabled')`
test 2018-11-02 00:21:36 +00:00			`}`
			`} catch (e) {`
standardify 2018-11-07 20:06:36 +00:00			`return next(e, false)`
test 2018-11-02 00:21:36 +00:00			`}`
			`},`
			`register: async function (user, next) {`
			`try {`
standardify 2018-11-07 20:06:36 +00:00			`const token = generateToken()`
			`const password = user.password`
Revert "merge #18, #19, #20, #23, #25" 2018-11-12 22:12:16 +00:00			`if (!password.length) throw new Error('password cannot be blank')`
standardify 2018-11-07 20:06:36 +00:00			`delete user.password`
test 2018-11-02 00:21:36 +00:00
standardify 2018-11-07 20:06:36 +00:00			`const newUser = await User.create(user).fetch()`
test 2018-11-02 00:21:36 +00:00			`try {`
			`await Passport.create({`
			`protocol: 'local',`
			`password,`
			`user: newUser.id,`
models match db column name 2018-11-19 20:34:13 +00:00			`accesstoken: token`
standardify 2018-11-07 20:06:36 +00:00			`})`
			`return next(null, token)`
test 2018-11-02 00:21:36 +00:00			`} catch (e) {`
standardify 2018-11-07 20:06:36 +00:00			`await User.destroy(newUser.id)`
			`throw e`
test 2018-11-02 00:21:36 +00:00			`}`
			`} catch (e) {`
standardify 2018-11-07 20:06:36 +00:00			`return next(e)`
test 2018-11-02 00:21:36 +00:00			`}`
			`},`
			`update: async function (user, next) {`
add user settings page 2019-02-04 21:08:45 +00:00			`try {`
			`const dbUser = await User.findOne({`
			`id: user.id`
			`})`
allow github accounts with no email visible to sign up 2019-02-04 21:59:13 +00:00			`if (!dbUser) throw new Error('An account with that id was not found.')`
add user settings page 2019-02-04 21:08:45 +00:00
			`const passport = await Passport.findOne({`
			`protocol: 'local',`
			`user: user.id`
			`})`
allow github accounts with no email visible to sign up 2019-02-04 21:59:13 +00:00			`if (!user.currentPassword && passport) throw new Error('Please enter your current password.')`
add user settings page 2019-02-04 21:08:45 +00:00			`if (passport) {`
			`const res = await Passport.validatePassword(user.currentPassword, passport)`
			`if (!res) throw new Error('incorrect password')`

allow github accounts with no email visible to sign up 2019-02-04 21:59:13 +00:00			`const otherUser = await User.findOne({ email: user.email })`
			`if (otherUser && otherUser.id !== dbUser.id) throw new Error('There is already an account with that email.')`
add user settings page 2019-02-04 21:08:45 +00:00			`await User.update({ id: user.id }, {`
			`email: user.email`
			`})`
			`if (user.password && user.password.length) {`
			`await Passport.update({ id: passport.id }, {`
			`password: user.password`
			`})`
			`}`
			`} else { // no password yet, add one`
allow github accounts with no email visible to sign up 2019-02-04 21:59:13 +00:00			`const otherUser = await User.findOne({ email: user.email })`
			`if (otherUser && otherUser.id !== dbUser.id) throw new Error('There is already an account with that email.')`
add user settings page 2019-02-04 21:08:45 +00:00			`await User.update({ id: user.id }, {`
			`email: user.email`
			`})`
			`if (user.password && user.password.length) {`
			`const token = generateToken()`
			`await Passport.create({`
			`protocol: 'local',`
			`password: user.password,`
			`user: dbUser.id,`
			`accesstoken: token`
			`})`
			`}`
			`}`
			`delete dbUser.password`
			`next(null, dbUser)`
			`} catch (e) {`
			`return next(e)`
			`}`
test 2018-11-02 00:21:36 +00:00			`},`
			`connect: async function (req, res, next) {`
			`try {`
standardify 2018-11-07 20:06:36 +00:00			`const user = req.user`
			`const password = req.param('password')`
test 2018-11-02 00:21:36 +00:00
			`const pass = await Passport.findOne({`
			`protocol: 'local',`
			`user: user.id`
standardify 2018-11-07 20:06:36 +00:00			`})`
test 2018-11-02 00:21:36 +00:00			`if (!pass) {`
			`await Passport.create({`
			`protocol: 'local',`
			`password,`
			`user: user.id`
standardify 2018-11-07 20:06:36 +00:00			`})`
test 2018-11-02 00:21:36 +00:00			`} else {`
standardify 2018-11-07 20:06:36 +00:00			`return next(null, user)`
test 2018-11-02 00:21:36 +00:00			`}`
			`} catch (e) {`
standardify 2018-11-07 20:06:36 +00:00			`return next(e)`
test 2018-11-02 00:21:36 +00:00			`}`
			`}`
add google and github oauth2 login support 2019-01-31 21:52:18 +00:00			`},`
			`oauth2: {`
			`login: async function (req, accessToken, refreshToken, profile, next) {`
			`try {`
			`const passportHelper = await sails.helpers.passport()`
			`await passportHelper.connect(req, {`
			`tokens: {`
			`accessToken,`
			`refreshToken`
			`},`
			`identifier: profile.id,`
			`protocol: 'oauth2'`
			`}, profile, next)`
			`} catch (e) {`
			`return next(e, false)`
			`}`
			`}`
test 2018-11-02 00:21:36 +00:00			`}`
standardify 2018-11-07 20:06:36 +00:00			`}`
test 2018-11-02 00:21:36 +00:00
fix things I fixed before and that were overwritten 2018-11-20 00:22:41 +00:00			`const EMAIL_REGEX = /^(([^<>()[\].,;:\s@"]+(\.[^<>()[\].,;:\s@"]+)*)\|(".+"))@(([^<>()[\].,;:\s@"]+\.)+[^<>()[\].,;:\s@"]{2,})$/i`
test 2018-11-02 00:21:36 +00:00
			`function validateEmail (email) {`
standardify 2018-11-07 20:06:36 +00:00			`return EMAIL_REGEX.test(email)`
test 2018-11-02 00:21:36 +00:00			`}`

			`function generateToken () {`
standardify 2018-11-07 20:06:36 +00:00			`return base64URL(crypto.randomBytes(48))`
test 2018-11-02 00:21:36 +00:00			`}`