| 1 | var router = require("express").Router(),
|
| 2 | app = require("../lib/app").getInstance(),
|
| 3 | _ = require('lodash'),
|
| 4 | passportLocal = require('passport-local'),
|
| 5 | passportGoogle = require('passport-google-oauth'),
|
| 6 | passportGithub = require('passport-github').Strategy,
|
| 7 | tools = require("../lib/tools");
|
| 8 |
|
| 9 | var auth = app.locals.config.get("authentication");
|
| 10 | var passport = app.locals.passport;
|
| 11 |
|
| 12 | router.get("/login", _getLogin);
|
| 13 | router.get("/logout", _getLogout);
|
| 14 | router.post("/login", passport.authenticate('local', { successRedirect: '/auth/done', failureRedirect: '/login', failureFlash: true }));
|
| 15 | router.get("/auth/done", _getAuthDone);
|
| 16 |
|
| 17 | router.get("/auth/google", passport.authenticate('google', {
|
| 18 | scope: ['https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile' ] }
|
| 19 | ));
|
| 20 | router.get("/oauth2callback", passport.authenticate('google', {
|
| 21 | successRedirect: '/auth/done',
|
| 22 | failureRedirect: '/login'
|
| 23 | }));
|
| 24 |
|
| 25 | router.get("/auth/github", passport.authenticate('github'));
|
| 26 | router.get("/auth/github/callback", passport.authenticate('github', {
|
| 27 | successRedirect: '/auth/done',
|
| 28 | failureRedirect: '/login'
|
| 29 | }));
|
| 30 |
|
| 31 | if (auth.google.enabled) {
|
| 32 | passport.use(new passportGoogle.OAuth2Strategy({
|
| 33 | clientID: auth.google.clientId,
|
| 34 | clientSecret: auth.google.clientSecret,
|
| 35 |
|
| 36 |
|
| 37 | callbackURL: app.locals.baseUrl + '/oauth2callback'
|
| 38 | },
|
| 39 |
|
| 40 | function(accessToken, refreshToken, profile, done) {
|
| 41 | usedAuthentication("google");
|
| 42 | done(null, profile);
|
| 43 | }
|
| 44 | ));
|
| 45 | }
|
| 46 |
|
| 47 | if (auth.github.enabled) {
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 | passport.use(new passportGithub({
|
| 52 | clientID: auth.github.clientId,
|
| 53 | clientSecret: auth.github.clientSecret,
|
| 54 | callbackURL: app.locals.baseUrl + '/auth/github/callback'
|
| 55 | },
|
| 56 | function(accessToken, refreshToken, profile, done) {
|
| 57 | usedAuthentication("github");
|
| 58 | done(null, profile);
|
| 59 | }
|
| 60 | ));
|
| 61 | }
|
| 62 |
|
| 63 | if (auth.alone.enabled) {
|
| 64 |
|
| 65 | passport.use(new passportLocal.Strategy(
|
| 66 |
|
| 67 | function(username, password, done) {
|
| 68 |
|
| 69 | var user = {
|
| 70 | displayName: auth.alone.username,
|
| 71 | email: auth.alone.email || ""
|
| 72 | };
|
| 73 |
|
| 74 | if (username.toLowerCase() != auth.alone.username.toLowerCase() || tools.hashify(password) != auth.alone.passwordHash) {
|
| 75 | return done(null, false, { message: 'Incorrect username or password' });
|
| 76 | }
|
| 77 |
|
| 78 | usedAuthentication("alone");
|
| 79 |
|
| 80 | return done(null, user);
|
| 81 | }
|
| 82 | ));
|
| 83 | }
|
| 84 |
|
| 85 | if (auth.local.enabled) {
|
| 86 |
|
| 87 | passport.use(new passportLocal.Strategy(
|
| 88 |
|
| 89 | function(username, password, done) {
|
| 90 |
|
| 91 | var wantedUsername = username.toLowerCase();
|
| 92 | var wantedPasswordHash = tools.hashify(password);
|
| 93 |
|
| 94 | var foundUser = _.find(auth.local.accounts, function (account) {
|
| 95 | return account.username.toLowerCase() === wantedUsername &&
|
| 96 | account.passwordHash === wantedPasswordHash;
|
| 97 | });
|
| 98 |
|
| 99 | if (!foundUser) {
|
| 100 | return done(null, false, { message: 'Incorrect username or password' });
|
| 101 | }
|
| 102 |
|
| 103 | usedAuthentication("local");
|
| 104 |
|
| 105 | return done(null, {
|
| 106 | displayName: foundUser.username,
|
| 107 | email: foundUser.email || ""
|
| 108 | });
|
| 109 | }
|
| 110 | ));
|
| 111 | }
|
| 112 |
|
| 113 | function usedAuthentication(name) {
|
| 114 | for (var a in auth) {
|
| 115 | auth[a].used = (a == name);
|
| 116 | }
|
| 117 | }
|
| 118 |
|
| 119 | passport.serializeUser(function(user, done) {
|
| 120 | done(null, user);
|
| 121 | });
|
| 122 |
|
| 123 | passport.deserializeUser(function(user, done) {
|
| 124 |
|
| 125 | if (user.emails && user.emails.length > 0) {
|
| 126 | user.email = user.emails[0].value;
|
| 127 | delete user.emails;
|
| 128 | }
|
| 129 |
|
| 130 | if (!user.displayName && user.username) {
|
| 131 | user.displayName = user.username;
|
| 132 | }
|
| 133 |
|
| 134 | if (!user.email) {
|
| 135 | user.email = 'jingouser';
|
| 136 | }
|
| 137 |
|
| 138 | user.asGitAuthor = user.displayName + " <" + user.email + ">";
|
| 139 | done(undefined, user);
|
| 140 | });
|
| 141 |
|
| 142 | function _getLogout(req, res) {
|
| 143 | req.logout();
|
| 144 | req.session = null;
|
| 145 | res.redirect('/');
|
| 146 | }
|
| 147 |
|
| 148 | function _getAuthDone(req, res) {
|
| 149 |
|
| 150 | if (!res.locals.user) {
|
| 151 | res.redirect("/");
|
| 152 | return;
|
| 153 | }
|
| 154 |
|
| 155 | res.locals.user.email = 'jingouser';
|
| 156 |
|
| 157 | if (!auth.alone.used &&
|
| 158 | !auth.local.used &&
|
| 159 | !tools.isAuthorized(res.locals.user.email,
|
| 160 | app.locals.config.get("authorization").validMatches,
|
| 161 | app.locals.config.get("authorization").emptyEmailMatches)) {
|
| 162 | req.logout();
|
| 163 | req.session = null;
|
| 164 | res.statusCode = 403;
|
| 165 | res.end('<h1>Forbidden</h1>');
|
| 166 | } else {
|
| 167 | var dst = req.session.destination || "/";
|
| 168 | delete req.session.destination;
|
| 169 | res.redirect(dst);
|
| 170 | }
|
| 171 | }
|
| 172 |
|
| 173 | function _getLogin(req, res) {
|
| 174 |
|
| 175 | req.session.destination = req.query.destination;
|
| 176 |
|
| 177 | if (req.session.destination == '/login') {
|
| 178 | req.session.destination = '/';
|
| 179 | }
|
| 180 |
|
| 181 | res.locals.errors = req.flash();
|
| 182 |
|
| 183 | res.render('login', {
|
| 184 | title: app.locals.config.get("application").title,
|
| 185 | auth: auth
|
| 186 | });
|
| 187 | }
|
| 188 |
|
| 189 | module.exports = router;
|