function(err) { debugger; if (err) { return reply(err); } request.auth.session.set({ sid: uuid }); Utils.serverLog(["auth"], "session data was set in catbox: \n key: " + uuid + " \n value: " + JSON.stringify(credentials)); return reply.redirect("/" + request.params.lang + "/dashboard"); }
handler: function(request, reply) { Utils.logCallsite(Hoek.callStack()[0]); if(!request.auth.isAuthenticated){ Utils.serverLog(["auth"], "requested " + request.path + " but authentication failed - will now redirect to /{lang}/login"); return reply.redirect("/" + request.params.lang + "/login"); } var context = { texts: _.indexBy(request.pre.texts, "id"), textsArray: request.pre.texts, auth: request.auth, urlParam1: "dashboard", showEnglish: request.pre.showEnglish }; return reply.view('dashboard', { ctx: context }); },
request.server.seneca.act({role: "users", cmd: "read", emails: emails, raw: true}, function(err, data){ // status 3 - the provided username (email) does not exist in the "users" table if(err && err.isBoom && err.output.statusCode === 404){ statusCode = 3; // "username does not exist" return reply.redirect("/" + request.params.lang + "/login?lfr=" + statusCode); } var passwordIsCorrect = Bcrypt.compareSync(password, data[0]["pw_hash"]); // status 4 - the provided password is incorrect (for the corresponding provided username) if(!passwordIsCorrect){ statusCode = 4; // "wrong password" return reply.redirect("/" + request.params.lang + "/login?lfr=" + statusCode); } // if we arrive here, the username and password match Utils.serverLog(["auth"], "password is correct for user " + data[0]["email"]); var isAdmin = Utils.isAdmin(request.pre.usersGroups, data[0]["id"]); var canEditTexts = Utils.canEditTexts(request.pre.usersGroups, data[0]["id"]); var canDeleteTexts = Utils.canDeleteTexts(request.pre.usersGroups, data[0]["id"]); var canEditMaps = Utils.canEditMaps(request.pre.usersGroups, data[0]["id"]); var canDeleteMaps = Utils.canDeleteMaps(request.pre.usersGroups, data[0]["id"]); var canEditFiles = Utils.canEditFiles(request.pre.usersGroups, data[0]["id"]); var canDeleteFiles = Utils.canDeleteFiles(request.pre.usersGroups, data[0]["id"]); //console.log("data[0]", data[0]); var usersGroups = data[0]["user_groups"]; var credentials = { id: data[0]["id"], firstName: data[0]["first_name"], lastName: data[0]["last_name"], email: data[0]["email"], // will be true if the user belongs to the group "admin" //isAdmin: !! _.findWhere(usersGroups, {code: 99}), // will be true if the user belongs to some group that has the // canEditTexts permission //canEditTexts: !! _.chain(usersGroups).pluck("permissions").findWhere({canEditTexts: true}).value() isAdmin: isAdmin, canEditTexts: canEditTexts, canDeleteTexts: canDeleteTexts, canEditMaps: canEditMaps, canDeleteMaps: canDeleteMaps, canEditFiles: canEditFiles, canDeleteFiles: canDeleteFiles }; // a user in the admin group can always edit texts (force the property to be always true) if(credentials.isAdmin){ credentials.canEditTexts = true; } console.log("credentials: ", credentials); // set the session in the internal cache (Catbox with memory adapter) var uuid = UUID.v4(); request.server.app.cache.set( uuid, { //account: credentials sessionData: credentials }, 0, function(err) { debugger; if (err) { return reply(err); } request.auth.session.set({ sid: uuid }); Utils.serverLog(["auth"], "session data was set in catbox: \n key: " + uuid + " \n value: " + JSON.stringify(credentials)); return reply.redirect("/" + request.params.lang + "/dashboard"); } ); });