User.authenticate(emailAddress, password, function(error, user){
if (error) {
log.error('|auth.verifyCredentials.authenticate| Unknown -> ' + error, widget);
return callback(error);
}
if (!user) {
log.error('|auth.verifyCredentials.authenticate| User not found or password incorrect -> ' + emailAddress, widget);
return callback(null, false);
}
log.info('|auth.verifyCredentials.authenticate| User credentials verified -> ' + emailAddress, widget);
var userSession = {
firstName: user.firstName,
lastName: user.lastName,
emailAddress: user.emailAddress,
id: user.id,
role: user.role,
org: user._org,
number: user.number,
newUser: user.newUser,
phone: user.phone
};
return callback(null, userSession);
});
exports.resetPasswordRequest = function(req, res) {
try {
var newPassword = req.body.newPassword;
var token = req.body.token;
var errors = {};
if (validator.checkNull(newPassword)) { errors.newPassword = '******'; }
if (validator.checkNull(token)) { errors.token = 'Reset Password Token is Null' }
if (!validator.checkEmptyObject(errors)) {
log.error('|auth.resetPasswordRequest| ' + JSON.stringify(errors), widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
}
var passwordComplexityResult = validator.checkPasswordComplexity(newPassword);
for (var option in passwordComplexityResult) {
if (!passwordComplexityResult[option]) {
log.error('|auth.resetPasswordRequest| Password complexity check failed: ' + JSON.stringify(passwordComplexityResult), widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
}
}
log.info('|auth.resetPasswordRequest| Token -> ' + token, widget);
User.resetPassword(token, newPassword, function(error, user) {
if (error) {
log.error('|auth.resetPasswordRequest.resetPassword| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
}
if (!user.emailAddress) {
log.error('|auth.resetPasswordRequest.resetPassword| User not found for token -> ' + token, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
}
NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
} else {
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
}
});
return res.send(JSON.stringify({result: true}));
});
} catch (error) {
log.error('|auth.resetPasswordRequest| Unknown -> ' + error, widget);
utility.errorResponseJSON(res, 'Error while resetting password');
}
};
createOrg(req.body.orgName, function (error, orgId) {
if (error) {
log.error('|auth.createOrg| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error occurred creating org');
} else {
createUser(req, orgId, function (error, user) {
if (error) {
log.error('|auth.createUser| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error occurred creating user');
} else {
NotificationTemplate.findOne({name: cfg.mailer.signupTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.signupRequest.NotificationTemplate| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while retrieving signup template');
} else {
notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.tokenPlaceholder, user.verifyToken);
notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.hostNamePlaceholder, cfg.hostname);
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
return res.send(JSON.stringify({result: true}));
}
});
}
});
}
});
exports.verifyCredentials = function(emailAddress, password, callback) {
try {
var errors = {};
if (validator.checkNull(emailAddress)) { errors.emailAddress = 'Email Address is Null'; }
else if (!validator.checkEmail(emailAddress)) { errors.emailAddress = 'Email Address is not valid: ' + emailAddress; }
if (validator.checkNull(password)) { errors.password = '******'; }
if (!validator.checkEmptyObject(errors)) {
log.error('|auth.verifyCredentials.authenticate| ' + JSON.stringify(errors), widget);
return callback('Error while verifying credentials');
}
log.info('|auth.verifyCredentials| Email -> ' + emailAddress, widget);
User.authenticate(emailAddress, password, function(error, user){
if (error) {
log.error('|auth.verifyCredentials.authenticate| Unknown -> ' + error, widget);
return callback(error);
}
if (!user) {
log.error('|auth.verifyCredentials.authenticate| User not found or password incorrect -> ' + emailAddress, widget);
return callback(null, false);
}
log.info('|auth.verifyCredentials.authenticate| User credentials verified -> ' + emailAddress, widget);
var userSession = {
firstName: user.firstName,
lastName: user.lastName,
emailAddress: user.emailAddress,
id: user.id,
role: user.role,
org: user._org,
number: user.number,
newUser: user.newUser,
phone: user.phone
};
return callback(null, userSession);
});
} catch (error) {
log.error('|auth.verifyCredentials| Unknown -> ' + error, widget);
return callback(error);
}
};
(function startup() {
try {
log.info('| ################## Auth Startup ################## |', widget);
// 1. Initialize mongoose
initializeMongoose();
// 2. Initialize express
var app = initializeAuth();
// 3. Start app
app.listen(process.env.PORT || cfg.auth.port);
} catch (error) {
log.error('| ################## Auth Startup Error ################## | -> ' + error, widget);
}
})();
NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
} else {
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
}
});
exports.forgotPasswordRequest = function(req, res) {
try {
var emailAddress = req.body.emailAddress;
var error = null;
if (validator.checkNull(emailAddress)) { error = 'Email Address is Null'; }
else if (!validator.checkEmail(emailAddress)) { error = 'Email Address is not valid: ' + emailAddress; }
if (error) {
log.error('|auth.forgotPasswordRequest| ' + error, widget);
return utility.errorResponseJSON(res, 'Error while processing forgot password request');
}
log.info('|auth.forgotPasswordRequest| Email -> ' + emailAddress, widget);
User.forgotPassword(emailAddress, function (error, user, token){
if (error) {
log.error('|auth.forgotPasswordRequest.forgetPassword| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while processing forgot password request');
}
if (!user.emailAddress) {
log.error('|auth.forgotPasswordRequest.forgetPassword| User not found -> ' + emailAddress, widget);
return res.send(JSON.stringify({result: false}));
}
NotificationTemplate.findOne({name: cfg.mailer.forgotPasswordTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.forgotPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while processing forgot password request');
} else {
notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.tokenPlaceholder, token);
notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.hostNamePlaceholder, cfg.hostname);
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
}
});
return res.send(JSON.stringify({result: true}));
});
} catch (error) {
log.error('|auth.forgotPasswordRequest| Unknown -> ' + error, widget);
utility.errorResponseJSON(res, 'Error while processing forgot password request');
}
};
exports.verifyRequest = function(req, res) {
try {
var token = req.body.token;
var error = null;
if (validator.checkNull(token)) { error = 'Verify Token is Null'; }
if (error) {
log.error('|auth.verifyRequest| ' + error, widget);
return utility.errorResponseJSON(res, 'Error while verifying user');
}
log.info('|auth.verifyRequest| Token -> ' + token, widget);
User.verify(token, function(error, user) {
if (error) {
log.error('|auth.verifyRequest.verify| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while verifying user');
}
if (!user.emailAddress) {
log.error('|auth.verifyRequest.verify| User not found for token -> ' + token, widget);
return utility.errorResponseJSON(res, 'Error while verifying user');
}
// TO DO: Welcome email??
/*
NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget);
utility.errorResponseJSON(res, 'Error while resetting password');
} else {
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
}
});
*/
return res.send(JSON.stringify({result: true}));
});
} catch (error) {
log.error('|auth.verifyRequest| Unknown -> ' + error, widget);
utility.errorResponseJSON(res, 'Error while verifying user');
}
};
NotificationTemplate.findOne({name: cfg.mailer.forgotPasswordTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.forgotPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while processing forgot password request');
} else {
notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.tokenPlaceholder, token);
notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.hostNamePlaceholder, cfg.hostname);
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
}
});
User.resetPassword(token, newPassword, function(error, user) {
if (error) {
log.error('|auth.resetPasswordRequest.resetPassword| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
}
if (!user.emailAddress) {
log.error('|auth.resetPasswordRequest.resetPassword| User not found for token -> ' + token, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
}
NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) {
if (error) {
log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget);
return utility.errorResponseJSON(res, 'Error while resetting password');
} else {
mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id);
}
});
return res.send(JSON.stringify({result: true}));
});
}).post(function(req, res, next) {
log.info('|login|', widget);
passport.authenticate('basic', function(error, user, info) {
if (error) { return next(error); }
if (!user) { return res.sendStatus(401); }
req.logIn(user, function(error) {
if (error) { return next(error); }
req.session.userprofile = user;
return res.send(JSON.stringify(user));
});
})(req, res, next);
});
function initializeMongoose() {
try {
log.info('|initializeMongoose|', widget);
// TODO: Setup more options
var options = {
server: { poolSize: cfg.mongo.poolSize, socketOptions: cfg.mongo.keepAlive }
}
mongoose.connect(cfg.mongo.uri, options);
var db = mongoose.connection;
db.on('error', console.error.bind(console, 'connection error:'));
db.once('open', function() {
log.info('|initializeMongoose| -> Successful connection made to mongoDB', widget);
});
} catch (e) {
log.error('|initializeMongoose| Unknown -> ' + error, widget);
process.exit(0);
}
}
function initializeAuth() {
try {
log.info('|initializeAuth|', widget);
var app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
// Session setup
app.use(session({
name: cfg.session.name,
secret: cfg.session.secret,
cookie: cfg.session.cookie,
resave: false,
saveUninitialized: false,
store: new MongoStore({
mongooseConnection: mongoose.connection, /* Reuse our mongoose connection pool */
ttl: cfg.session.store.ttl,
autoRemove: cfg.session.store.autoRemove,
touchAfter: cfg.session.store.touchAfter
})
}));
// Passport setup
app.use(passport.initialize());
app.use(passport.session());
passport.use(new BasicStrategy(auth.verifyCredentials));
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
done(null, user.id);
});
/*
* These headers are for allowing Cross-Origin Resource Sharing (CORS).
* This enables the angular front-end, which resides in the WorkWoo
* Platform app, to make requests to the WorkWoo Auth app.
*/
app.use(function (req, res, next) {
res.set({
'Access-Control-Allow-Headers': 'Content-Type, Authorization',
'Access-Control-Allow-Methods': 'POST',
'Access-Control-Allow-Origin' : req.headers.origin,
'Access-Control-Allow-Credentials': true
});
next();
});
// Express routes
app.route('/login').get(function(req, res) {
log.info('|login| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(function(req, res, next) {
log.info('|login|', widget);
passport.authenticate('basic', function(error, user, info) {
if (error) { return next(error); }
if (!user) { return res.sendStatus(401); }
req.logIn(user, function(error) {
if (error) { return next(error); }
req.session.userprofile = user;
return res.send(JSON.stringify(user));
});
})(req, res, next);
});
app.route('/signup').get(function(req, res) {
log.info('|signup| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.signupRequest);
app.route('/forgotPwd').get(function(req, res) {
log.info('|forgotPwd| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.forgotPasswordRequest);
app.route('/resetPwd').get(function(req, res) {
log.info('|resetPwd| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.resetPasswordRequest);
app.route('/verify').get(function(req, res) {
log.info('|verify| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.verifyRequest);
return app;
} catch (e) {
log.error('|initializeAuth| Unknown -> ' + error, widget);
process.exit(0);
}
}
app.route('/signup').get(function(req, res) {
log.info('|signup| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.signupRequest);
app.route('/resetPwd').get(function(req, res) {
log.info('|resetPwd| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.resetPasswordRequest);
app.route('/verify').get(function(req, res) {
log.info('|verify| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(auth.verifyRequest);
db.once('open', function() {
log.info('|initializeMongoose| -> Successful connection made to mongoDB', widget);
});
var crypto = require('crypto');
// Mongoose
var User = require('workwoo-utils').user;
var Org = require('workwoo-utils').org;
var Counter = require('workwoo-utils').counter;
var NotificationTemplate = require('workwoo-utils').notificationTemplate;
// Custom modules
var mailer = require('workwoo-utils').mailer;
var utility = require('workwoo-utils').utility;
var validator = require('workwoo-utils').validator;
var log = require('workwoo-utils').logger;
var widget = 'auth';
log.registerWidget(widget);
exports.verifyCredentials = function(emailAddress, password, callback) {
try {
var errors = {};
if (validator.checkNull(emailAddress)) { errors.emailAddress = 'Email Address is Null'; }
else if (!validator.checkEmail(emailAddress)) { errors.emailAddress = 'Email Address is not valid: ' + emailAddress; }
if (validator.checkNull(password)) { errors.password = '******'; }
if (!validator.checkEmptyObject(errors)) {
log.error('|auth.verifyCredentials.authenticate| ' + JSON.stringify(errors), widget);
return callback('Error while verifying credentials');
}
log.info('|auth.verifyCredentials| Email -> ' + emailAddress, widget);
app.route('/login').get(function(req, res) {
log.info('|login| Incorrect GET instead of POST', widget);
req.logout();
res.sendStatus(401);
}).post(function(req, res, next) {