const mongoose = require("mongoose"); const User = mongoose.model("User"); passport.use(new LocalStrategy({ usernameField: "email", session: false }, (email, password, done) => { User.findOne({ email }, (err, user) => { if (err) { return done(err); } if (!user) { return done(null, false, { message: "No matching user" }); } user.checkPassword(password, (checkErr, isValid) => { if (checkErr) { return done(err); } if (!isValid) { return done(null, false, { message: "Invalid password" }); } done(null, user); }); }); }));
exports.configure = function(){ passport.use(new LocalStrategy({passReqToCallback: true}, function(req, username, password, done) { config.user.findOne(username, function(err, data) { if (err) { return done(err); } if (!data) { return done(null, false, { message: 'Incorrect username.' }); } if (!config.user.validPassword(username, password)) { return done(null, false, { message: 'Incorrect password.' }); } var user = { 'username': username, 'password': data.password, 'isAdmin' : data.isAdmin, 'created_at': data.created_at } // success ! the usert that did the request is registered in the database. // check if the user can take the control of the tool. if(userToKickout && userToKickout.username === username){ // the freshly kicked out user is doing a request. //no boy. you can't do that anymore. req.logout(); // remove his session information. userToKickout=undefined; //console.log("current user have been kicked out"); return done(null, false, { message: 'you have been kicked by user '+currentUser.username+'.'}); } if(currentUser && currentUser.username !== username){ // a user is already connected if(req.params.kickout!==true){ // there is no request to kick the current user out. //console.log("there is already a user using the tool"); return done(null, false, { message: 'The user '+currentUser.username+' is already controlling the tool', userAlreadyLogedIn:true}); } /****************************** Check the kickoutability of the user already connected ****************/ if(!user.isAdmin){ // the user that wants to connect is not admin if(currentUser.isAdmin){ //you can't kick out an admin if your a simple user return done(null, false, { message: 'The user '+currentUser.username+' is an admin.'}); } if(!isCurrentUserKickeable){ //you can't kick out a user that is actively using the tool. //console.log("current user is active"); return done(null, false, { message: 'The user '+currentUser.username+' is still active.'}); } if(machine.machine.status.state === 'running') { //you can't kick a user that is running a file. //console.log("current user is running a file"); return done(null, false, { message: 'The user '+currentUser.username+' is running a file.'}); } } userToKickout = currentUser; eventEmitter.emit("user_kickout",currentUser); currentUser = user; isCurrentUserKickeable = false; startUserTimer(); return done(null, user); /*****************************r*************************************************************************/ } if(!currentUser){ // first authentication //We can login the user ! currentUser = user; isCurrentUserKickeable = false; startUserTimer(); } return done(null, user); }); } )); };