var passport = require('passport'); var LocalStrategy = require('passport-local').Strategy; var encrypt = require('../encrypt'); var models = require('../models'); var User = models.User; var userSafeParams = ['id', 'name', 'username', 'bio', 'twitter_handle', 'site']; // Since we're using sequelize, we need to specify how passport (the auth library) // serializes and deserializes users. In this case we just save the user.id at the // serialize step and make a query using that id in the deserialize step to retrieve // the user object. passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { User.find({where: {id: id}, attributes: userSafeParams}).success(function(user) { done(null, user); }).error(function(err) { done(err, null); }); }); // Define a local authentication strategy used to authenticate a sequelize user passport.use(new LocalStrategy( function(username, password, done) { // get the user from the database User.find({ where: { username: username }}).success(function(user) { var encryptedPassword = encrypt.encryptPassword(password).encryptedPassword if (!user) { // return known user if the user was not found done(null, false, { message: 'Unknown user' }); } else if (encryptedPassword != user.password) { // test that the password is valid done(null, false, { message: 'Invalid password'}); } else { // return the user if all the validations pass done(null, user); } }).error(function(err) { done(err); }); } )); module.exports = function(app) { app.get('/sign_in', function(req, res) { res.render('session/sign_in', {}); }); app.get('/sign_up', function(req, res) { res.render('session/sign_up', {}); }); // Invoking logout() will remove the req.user property and clear the login session (if any). // Restfully, this is wrong, this should be a delete request to /session, but for ease of use // a lot of people will make this exception. It's much easier for sign out links as a get app.get('/sign_out', function(req, res) { req.logout(); res.redirect('/'); }); // The verify callback for local authentication accepts // username and password arguments, which are submitted // to the application via a login form. app.post('/session', passport.authenticate('local', { successRedirect: '/', failureRedirect: '/sign_in' })); // End point for returning json data for the session user app.get('/session', function(req, res) { res.json(req.user); }); // Create a new user from the sign_up page app.post('/registration', function(req, res) { var password = req.param('password'); if(password === req.param('password_confirm')) { // Encrypt password var encryptedPassword = encrypt.encryptPassword(password).encryptedPassword; // create and login newly created user User.findOrCreate({name: req.param('name'), username: req.param('username'), password: encryptedPassword}).success(function(user) { req.login(user, function(err) { return res.redirect('/'); }); }); } else { res.redirect('/sign_up'); } }); };