wikijs-fork/server/controllers/auth.js

/* global WIKI */

const Promise = require('bluebird')
const express = require('express')
const router = express.Router()
const ExpressBrute = require('express-brute')
const ExpressBruteRedisStore = require('express-brute-redis')
const moment = require('moment')
const _ = require('lodash')

/**
 * Setup Express-Brute
 */
const EBstore = new ExpressBruteRedisStore({
  client: WIKI.redis
})
const bruteforce = new ExpressBrute(EBstore, {
  freeRetries: 5,
  minWait: 60 * 1000,
  maxWait: 5 * 60 * 1000,
  refreshTimeoutOnRequest: false,
  failCallback (req, res, next, nextValidRequestDate) {
    req.flash('alert', {
      class: 'error',
      title: WIKI.lang.t('auth:errors.toomanyattempts'),
      message: WIKI.lang.t('auth:errors.toomanyattemptsmsg', { time: moment(nextValidRequestDate).fromNow() }),
      iconClass: 'fa-times'
    })
    res.redirect('/login')
  }
})

/**
 * Login form
 */
router.get('/login', function (req, res, next) {
  res.render('main/login')
})

router.post('/login', bruteforce.prevent, function (req, res, next) {
  new Promise((resolve, reject) => {
    // [1] LOCAL AUTHENTICATION
    WIKI.auth.passport.authenticate('local', function (err, user, info) {
      if (err) { return reject(err) }
      if (!user) { return reject(new Error('INVALID_LOGIN')) }
      resolve(user)
    })(req, res, next)
  }).catch({ message: 'INVALID_LOGIN' }, err => {
    if (_.has(WIKI.config.auth.strategy, 'ldap')) {
      // [2] LDAP AUTHENTICATION
      return new Promise((resolve, reject) => {
        WIKI.auth.passport.authenticate('ldapauth', function (err, user, info) {
          if (err) { return reject(err) }
          if (info && info.message) { return reject(new Error(info.message)) }
          if (!user) { return reject(new Error('INVALID_LOGIN')) }
          resolve(user)
        })(req, res, next)
      })
    } else {
      throw err
    }
  }).then((user) => {
    // LOGIN SUCCESS
    return req.logIn(user, function (err) {
      if (err) { return next(err) }
      req.brute.reset(function () {
        return res.redirect('/')
      })
    }) || true
  }).catch(err => {
    // LOGIN FAIL
    if (err.message === 'INVALID_LOGIN') {
      req.flash('alert', {
        title: WIKI.lang.t('auth:errors.invalidlogin'),
        message: WIKI.lang.t('auth:errors.invalidloginmsg')
      })
      return res.redirect('/login')
    } else {
      req.flash('alert', {
        title: WIKI.lang.t('auth:errors.loginerror'),
        message: err.message
      })
      return res.redirect('/login')
    }
  })
})

/**
 * Social Login
 */

router.get('/login/ms', WIKI.auth.passport.authenticate('windowslive', { scope: ['wl.signin', 'wl.basic', 'wl.emails'] }))
router.get('/login/google', WIKI.auth.passport.authenticate('google', { scope: ['profile', 'email'] }))
router.get('/login/facebook', WIKI.auth.passport.authenticate('facebook', { scope: ['public_profile', 'email'] }))
router.get('/login/github', WIKI.auth.passport.authenticate('github', { scope: ['user:email'] }))
router.get('/login/slack', WIKI.auth.passport.authenticate('slack', { scope: ['identity.basic', 'identity.email'] }))
router.get('/login/azure', WIKI.auth.passport.authenticate('azure_ad_oauth2'))

router.get('/login/ms/callback', WIKI.auth.passport.authenticate('windowslive', { failureRedirect: '/login', successRedirect: '/' }))
router.get('/login/google/callback', WIKI.auth.passport.authenticate('google', { failureRedirect: '/login', successRedirect: '/' }))
router.get('/login/facebook/callback', WIKI.auth.passport.authenticate('facebook', { failureRedirect: '/login', successRedirect: '/' }))
router.get('/login/github/callback', WIKI.auth.passport.authenticate('github', { failureRedirect: '/login', successRedirect: '/' }))
router.get('/login/slack/callback', WIKI.auth.passport.authenticate('slack', { failureRedirect: '/login', successRedirect: '/' }))
router.get('/login/azure/callback', WIKI.auth.passport.authenticate('azure_ad_oauth2', { failureRedirect: '/login', successRedirect: '/' }))

/**
 * Logout
 */
router.get('/logout', function (req, res) {
  req.logout()
  res.redirect('/')
})

module.exports = router
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`/* global WIKI */`
chore: removed global eslint references 2017-05-13 19:29:00 +00:00
LDAP authentication 2017-03-12 04:38:47 +00:00			`const Promise = require('bluebird')`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`const express = require('express')`
			`const router = express.Router()`
			`const ExpressBrute = require('express-brute')`
refactor: migrate to PostgreSQL + Sequelize 2017-07-23 03:56:46 +00:00			`const ExpressBruteRedisStore = require('express-brute-redis')`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`const moment = require('moment')`
fix: login ldap detection 2017-09-12 01:52:10 +00:00			`const _ = require('lodash')`
Base server logic 2016-08-17 03:56:08 +00:00
			`/**`
			`* Setup Express-Brute`
			`*/`
refactor: migrate to PostgreSQL + Sequelize 2017-07-23 03:56:46 +00:00			`const EBstore = new ExpressBruteRedisStore({`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`client: WIKI.redis`
refactor: migrate to PostgreSQL + Sequelize 2017-07-23 03:56:46 +00:00			`})`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`const bruteforce = new ExpressBrute(EBstore, {`
			`freeRetries: 5,`
			`minWait: 60 * 1000,`
			`maxWait: 5 * 60 * 1000,`
			`refreshTimeoutOnRequest: false,`
			`failCallback (req, res, next, nextValidRequestDate) {`
			`req.flash('alert', {`
			`class: 'error',`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`title: WIKI.lang.t('auth:errors.toomanyattempts'),`
			`message: WIKI.lang.t('auth:errors.toomanyattemptsmsg', { time: moment(nextValidRequestDate).fromNow() }),`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`iconClass: 'fa-times'`
			`})`
			`res.redirect('/login')`
			`}`
			`})`
Base server logic 2016-08-17 03:56:08 +00:00
			`/**`
			`* Login form`
			`*/`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`router.get('/login', function (req, res, next) {`
refactor: project cleanup + onboarding page 2018-02-04 05:53:13 +00:00			`res.render('main/login')`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`})`
Base server logic 2016-08-17 03:56:08 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`router.post('/login', bruteforce.prevent, function (req, res, next) {`
LDAP authentication 2017-03-12 04:38:47 +00:00			`new Promise((resolve, reject) => {`
			`// [1] LOCAL AUTHENTICATION`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`WIKI.auth.passport.authenticate('local', function (err, user, info) {`
LDAP authentication 2017-03-12 04:38:47 +00:00			`if (err) { return reject(err) }`
			`if (!user) { return reject(new Error('INVALID_LOGIN')) }`
			`resolve(user)`
			`})(req, res, next)`
			`}).catch({ message: 'INVALID_LOGIN' }, err => {`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`if (_.has(WIKI.config.auth.strategy, 'ldap')) {`
LDAP authentication 2017-03-12 04:38:47 +00:00			`// [2] LDAP AUTHENTICATION`
			`return new Promise((resolve, reject) => {`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`WIKI.auth.passport.authenticate('ldapauth', function (err, user, info) {`
LDAP authentication 2017-03-12 04:38:47 +00:00			`if (err) { return reject(err) }`
			`if (info && info.message) { return reject(new Error(info.message)) }`
			`if (!user) { return reject(new Error('INVALID_LOGIN')) }`
			`resolve(user)`
			`})(req, res, next)`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`})`
LDAP authentication 2017-03-12 04:38:47 +00:00			`} else {`
			`throw err`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`}`
LDAP authentication 2017-03-12 04:38:47 +00:00			`}).then((user) => {`
			`// LOGIN SUCCESS`
			`return req.logIn(user, function (err) {`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`if (err) { return next(err) }`
Local authentication 2016-10-31 03:03:36 +00:00			`req.brute.reset(function () {`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`return res.redirect('/')`
			`})`
Refactored install + handle long code lines + fuse skip ace 2017-04-08 20:16:13 +00:00			`}) \|\| true`
LDAP authentication 2017-03-12 04:38:47 +00:00			`}).catch(err => {`
			`// LOGIN FAIL`
			`if (err.message === 'INVALID_LOGIN') {`
			`req.flash('alert', {`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`title: WIKI.lang.t('auth:errors.invalidlogin'),`
			`message: WIKI.lang.t('auth:errors.invalidloginmsg')`
LDAP authentication 2017-03-12 04:38:47 +00:00			`})`
			`return res.redirect('/login')`
			`} else {`
			`req.flash('alert', {`
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`title: WIKI.lang.t('auth:errors.loginerror'),`
LDAP authentication 2017-03-12 04:38:47 +00:00			`message: err.message`
			`})`
			`return res.redirect('/login')`
			`}`
			`})`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`})`
Base server logic 2016-08-17 03:56:08 +00:00
Added Social Authentication + fixed Agent Cron 2016-10-30 22:41:10 +00:00			`/**`
			`* Social Login`
			`*/`

refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`router.get('/login/ms', WIKI.auth.passport.authenticate('windowslive', { scope: ['wl.signin', 'wl.basic', 'wl.emails'] }))`
			`router.get('/login/google', WIKI.auth.passport.authenticate('google', { scope: ['profile', 'email'] }))`
			`router.get('/login/facebook', WIKI.auth.passport.authenticate('facebook', { scope: ['public_profile', 'email'] }))`
			`router.get('/login/github', WIKI.auth.passport.authenticate('github', { scope: ['user:email'] }))`
			`router.get('/login/slack', WIKI.auth.passport.authenticate('slack', { scope: ['identity.basic', 'identity.email'] }))`
			`router.get('/login/azure', WIKI.auth.passport.authenticate('azure_ad_oauth2'))`
Added Social Authentication + fixed Agent Cron 2016-10-30 22:41:10 +00:00
refactor: global namespace + admin pages UI 2018-03-05 20:49:36 +00:00			`router.get('/login/ms/callback', WIKI.auth.passport.authenticate('windowslive', { failureRedirect: '/login', successRedirect: '/' }))`
			`router.get('/login/google/callback', WIKI.auth.passport.authenticate('google', { failureRedirect: '/login', successRedirect: '/' }))`
			`router.get('/login/facebook/callback', WIKI.auth.passport.authenticate('facebook', { failureRedirect: '/login', successRedirect: '/' }))`
			`router.get('/login/github/callback', WIKI.auth.passport.authenticate('github', { failureRedirect: '/login', successRedirect: '/' }))`
			`router.get('/login/slack/callback', WIKI.auth.passport.authenticate('slack', { failureRedirect: '/login', successRedirect: '/' }))`
			`router.get('/login/azure/callback', WIKI.auth.passport.authenticate('azure_ad_oauth2', { failureRedirect: '/login', successRedirect: '/' }))`
Added Social Authentication + fixed Agent Cron 2016-10-30 22:41:10 +00:00
Base server logic 2016-08-17 03:56:08 +00:00			`/**`
			`* Logout`
			`*/`
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`router.get('/logout', function (req, res) {`
			`req.logout()`
			`res.redirect('/')`
			`})`
Base server logic 2016-08-17 03:56:08 +00:00
Standard JS code conversion + fixes 2017-02-09 01:52:37 +00:00			`module.exports = router`