User.authenticate(emailAddress, password, function(error, user){ if (error) { log.error('|auth.verifyCredentials.authenticate| Unknown -> ' + error, widget); return callback(error); } if (!user) { log.error('|auth.verifyCredentials.authenticate| User not found or password incorrect -> ' + emailAddress, widget); return callback(null, false); } log.info('|auth.verifyCredentials.authenticate| User credentials verified -> ' + emailAddress, widget); var userSession = { firstName: user.firstName, lastName: user.lastName, emailAddress: user.emailAddress, id: user.id, role: user.role, org: user._org, number: user.number, newUser: user.newUser, phone: user.phone }; return callback(null, userSession); });
exports.resetPasswordRequest = function(req, res) { try { var newPassword = req.body.newPassword; var token = req.body.token; var errors = {}; if (validator.checkNull(newPassword)) { errors.newPassword = '******'; } if (validator.checkNull(token)) { errors.token = 'Reset Password Token is Null' } if (!validator.checkEmptyObject(errors)) { log.error('|auth.resetPasswordRequest| ' + JSON.stringify(errors), widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } var passwordComplexityResult = validator.checkPasswordComplexity(newPassword); for (var option in passwordComplexityResult) { if (!passwordComplexityResult[option]) { log.error('|auth.resetPasswordRequest| Password complexity check failed: ' + JSON.stringify(passwordComplexityResult), widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } } log.info('|auth.resetPasswordRequest| Token -> ' + token, widget); User.resetPassword(token, newPassword, function(error, user) { if (error) { log.error('|auth.resetPasswordRequest.resetPassword| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } if (!user.emailAddress) { log.error('|auth.resetPasswordRequest.resetPassword| User not found for token -> ' + token, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } else { mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); } }); return res.send(JSON.stringify({result: true})); }); } catch (error) { log.error('|auth.resetPasswordRequest| Unknown -> ' + error, widget); utility.errorResponseJSON(res, 'Error while resetting password'); } };
createOrg(req.body.orgName, function (error, orgId) { if (error) { log.error('|auth.createOrg| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error occurred creating org'); } else { createUser(req, orgId, function (error, user) { if (error) { log.error('|auth.createUser| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error occurred creating user'); } else { NotificationTemplate.findOne({name: cfg.mailer.signupTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.signupRequest.NotificationTemplate| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while retrieving signup template'); } else { notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.tokenPlaceholder, user.verifyToken); notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.hostNamePlaceholder, cfg.hostname); mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); return res.send(JSON.stringify({result: true})); } }); } }); } });
exports.verifyCredentials = function(emailAddress, password, callback) { try { var errors = {}; if (validator.checkNull(emailAddress)) { errors.emailAddress = 'Email Address is Null'; } else if (!validator.checkEmail(emailAddress)) { errors.emailAddress = 'Email Address is not valid: ' + emailAddress; } if (validator.checkNull(password)) { errors.password = '******'; } if (!validator.checkEmptyObject(errors)) { log.error('|auth.verifyCredentials.authenticate| ' + JSON.stringify(errors), widget); return callback('Error while verifying credentials'); } log.info('|auth.verifyCredentials| Email -> ' + emailAddress, widget); User.authenticate(emailAddress, password, function(error, user){ if (error) { log.error('|auth.verifyCredentials.authenticate| Unknown -> ' + error, widget); return callback(error); } if (!user) { log.error('|auth.verifyCredentials.authenticate| User not found or password incorrect -> ' + emailAddress, widget); return callback(null, false); } log.info('|auth.verifyCredentials.authenticate| User credentials verified -> ' + emailAddress, widget); var userSession = { firstName: user.firstName, lastName: user.lastName, emailAddress: user.emailAddress, id: user.id, role: user.role, org: user._org, number: user.number, newUser: user.newUser, phone: user.phone }; return callback(null, userSession); }); } catch (error) { log.error('|auth.verifyCredentials| Unknown -> ' + error, widget); return callback(error); } };
(function startup() { try { log.info('| ################## Auth Startup ################## |', widget); // 1. Initialize mongoose initializeMongoose(); // 2. Initialize express var app = initializeAuth(); // 3. Start app app.listen(process.env.PORT || cfg.auth.port); } catch (error) { log.error('| ################## Auth Startup Error ################## | -> ' + error, widget); } })();
NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } else { mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); } });
exports.forgotPasswordRequest = function(req, res) { try { var emailAddress = req.body.emailAddress; var error = null; if (validator.checkNull(emailAddress)) { error = 'Email Address is Null'; } else if (!validator.checkEmail(emailAddress)) { error = 'Email Address is not valid: ' + emailAddress; } if (error) { log.error('|auth.forgotPasswordRequest| ' + error, widget); return utility.errorResponseJSON(res, 'Error while processing forgot password request'); } log.info('|auth.forgotPasswordRequest| Email -> ' + emailAddress, widget); User.forgotPassword(emailAddress, function (error, user, token){ if (error) { log.error('|auth.forgotPasswordRequest.forgetPassword| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while processing forgot password request'); } if (!user.emailAddress) { log.error('|auth.forgotPasswordRequest.forgetPassword| User not found -> ' + emailAddress, widget); return res.send(JSON.stringify({result: false})); } NotificationTemplate.findOne({name: cfg.mailer.forgotPasswordTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.forgotPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while processing forgot password request'); } else { notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.tokenPlaceholder, token); notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.hostNamePlaceholder, cfg.hostname); mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); } }); return res.send(JSON.stringify({result: true})); }); } catch (error) { log.error('|auth.forgotPasswordRequest| Unknown -> ' + error, widget); utility.errorResponseJSON(res, 'Error while processing forgot password request'); } };
exports.verifyRequest = function(req, res) { try { var token = req.body.token; var error = null; if (validator.checkNull(token)) { error = 'Verify Token is Null'; } if (error) { log.error('|auth.verifyRequest| ' + error, widget); return utility.errorResponseJSON(res, 'Error while verifying user'); } log.info('|auth.verifyRequest| Token -> ' + token, widget); User.verify(token, function(error, user) { if (error) { log.error('|auth.verifyRequest.verify| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while verifying user'); } if (!user.emailAddress) { log.error('|auth.verifyRequest.verify| User not found for token -> ' + token, widget); return utility.errorResponseJSON(res, 'Error while verifying user'); } // TO DO: Welcome email?? /* NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget); utility.errorResponseJSON(res, 'Error while resetting password'); } else { mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); } }); */ return res.send(JSON.stringify({result: true})); }); } catch (error) { log.error('|auth.verifyRequest| Unknown -> ' + error, widget); utility.errorResponseJSON(res, 'Error while verifying user'); } };
NotificationTemplate.findOne({name: cfg.mailer.forgotPasswordTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.forgotPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while processing forgot password request'); } else { notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.tokenPlaceholder, token); notificationTemplate.html = notificationTemplate.html.replace(cfg.mailer.hostNamePlaceholder, cfg.hostname); mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); } });
User.resetPassword(token, newPassword, function(error, user) { if (error) { log.error('|auth.resetPasswordRequest.resetPassword| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } if (!user.emailAddress) { log.error('|auth.resetPasswordRequest.resetPassword| User not found for token -> ' + token, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } NotificationTemplate.findOne({name: cfg.mailer.resetPasswordTemplate}, function (error, notificationTemplate) { if (error) { log.error('|auth.resetPasswordRequest.NotificationTemplate| Unknown -> ' + error, widget); return utility.errorResponseJSON(res, 'Error while resetting password'); } else { mailer.sendMail(notificationTemplate, {to: user.emailAddress}, user._id); } }); return res.send(JSON.stringify({result: true})); });
}).post(function(req, res, next) { log.info('|login|', widget); passport.authenticate('basic', function(error, user, info) { if (error) { return next(error); } if (!user) { return res.sendStatus(401); } req.logIn(user, function(error) { if (error) { return next(error); } req.session.userprofile = user; return res.send(JSON.stringify(user)); }); })(req, res, next); });
function initializeMongoose() { try { log.info('|initializeMongoose|', widget); // TODO: Setup more options var options = { server: { poolSize: cfg.mongo.poolSize, socketOptions: cfg.mongo.keepAlive } } mongoose.connect(cfg.mongo.uri, options); var db = mongoose.connection; db.on('error', console.error.bind(console, 'connection error:')); db.once('open', function() { log.info('|initializeMongoose| -> Successful connection made to mongoDB', widget); }); } catch (e) { log.error('|initializeMongoose| Unknown -> ' + error, widget); process.exit(0); } }
function initializeAuth() { try { log.info('|initializeAuth|', widget); var app = express(); app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); // Session setup app.use(session({ name: cfg.session.name, secret: cfg.session.secret, cookie: cfg.session.cookie, resave: false, saveUninitialized: false, store: new MongoStore({ mongooseConnection: mongoose.connection, /* Reuse our mongoose connection pool */ ttl: cfg.session.store.ttl, autoRemove: cfg.session.store.autoRemove, touchAfter: cfg.session.store.touchAfter }) })); // Passport setup app.use(passport.initialize()); app.use(passport.session()); passport.use(new BasicStrategy(auth.verifyCredentials)); passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { done(null, user.id); }); /* * These headers are for allowing Cross-Origin Resource Sharing (CORS). * This enables the angular front-end, which resides in the WorkWoo * Platform app, to make requests to the WorkWoo Auth app. */ app.use(function (req, res, next) { res.set({ 'Access-Control-Allow-Headers': 'Content-Type, Authorization', 'Access-Control-Allow-Methods': 'POST', 'Access-Control-Allow-Origin' : req.headers.origin, 'Access-Control-Allow-Credentials': true }); next(); }); // Express routes app.route('/login').get(function(req, res) { log.info('|login| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(function(req, res, next) { log.info('|login|', widget); passport.authenticate('basic', function(error, user, info) { if (error) { return next(error); } if (!user) { return res.sendStatus(401); } req.logIn(user, function(error) { if (error) { return next(error); } req.session.userprofile = user; return res.send(JSON.stringify(user)); }); })(req, res, next); }); app.route('/signup').get(function(req, res) { log.info('|signup| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.signupRequest); app.route('/forgotPwd').get(function(req, res) { log.info('|forgotPwd| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.forgotPasswordRequest); app.route('/resetPwd').get(function(req, res) { log.info('|resetPwd| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.resetPasswordRequest); app.route('/verify').get(function(req, res) { log.info('|verify| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.verifyRequest); return app; } catch (e) { log.error('|initializeAuth| Unknown -> ' + error, widget); process.exit(0); } }
app.route('/signup').get(function(req, res) { log.info('|signup| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.signupRequest);
app.route('/resetPwd').get(function(req, res) { log.info('|resetPwd| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.resetPasswordRequest);
app.route('/verify').get(function(req, res) { log.info('|verify| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(auth.verifyRequest);
db.once('open', function() { log.info('|initializeMongoose| -> Successful connection made to mongoDB', widget); });
var crypto = require('crypto'); // Mongoose var User = require('workwoo-utils').user; var Org = require('workwoo-utils').org; var Counter = require('workwoo-utils').counter; var NotificationTemplate = require('workwoo-utils').notificationTemplate; // Custom modules var mailer = require('workwoo-utils').mailer; var utility = require('workwoo-utils').utility; var validator = require('workwoo-utils').validator; var log = require('workwoo-utils').logger; var widget = 'auth'; log.registerWidget(widget); exports.verifyCredentials = function(emailAddress, password, callback) { try { var errors = {}; if (validator.checkNull(emailAddress)) { errors.emailAddress = 'Email Address is Null'; } else if (!validator.checkEmail(emailAddress)) { errors.emailAddress = 'Email Address is not valid: ' + emailAddress; } if (validator.checkNull(password)) { errors.password = '******'; } if (!validator.checkEmptyObject(errors)) { log.error('|auth.verifyCredentials.authenticate| ' + JSON.stringify(errors), widget); return callback('Error while verifying credentials'); } log.info('|auth.verifyCredentials| Email -> ' + emailAddress, widget);
app.route('/login').get(function(req, res) { log.info('|login| Incorrect GET instead of POST', widget); req.logout(); res.sendStatus(401); }).post(function(req, res, next) {