session.js 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. var passport = require('passport');
  2. var LocalStrategy = require('passport-local').Strategy;
  3. var encrypt = require('../encrypt');
  4. var models = require('../models');
  5. var User = models.User;
  6. var userSafeParams = ['id', 'name', 'username', 'bio', 'twitter_handle', 'site'];
  7. // Since we're using sequelize, we need to specify how passport (the auth library)
  8. // serializes and deserializes users. In this case we just save the user.id at the
  9. // serialize step and make a query using that id in the deserialize step to retrieve
  10. // the user object.
  11. passport.serializeUser(function(user, done) {
  12. done(null, user.id);
  13. });
  14. passport.deserializeUser(function(id, done) {
  15. User.find({where: {id: id}, attributes: userSafeParams}).success(function(user) {
  16. done(null, user);
  17. }).error(function(err) {
  18. done(err, null);
  19. });
  20. });
  21. // Define a local authentication strategy used to authenticate a sequelize user
  22. passport.use(new LocalStrategy(
  23. function(username, password, done) {
  24. // get the user from the database
  25. User.find({ where: { username: username }}).success(function(user) {
  26. var encryptedPassword = encrypt.encryptPassword(password).encryptedPassword
  27. if (!user) { // return known user if the user was not found
  28. done(null, false, { message: 'Unknown user' });
  29. } else if (encryptedPassword != user.password) { // test that the password is valid
  30. done(null, false, { message: 'Invalid password'});
  31. } else { // return the user if all the validations pass
  32. done(null, user);
  33. }
  34. }).error(function(err) {
  35. done(err);
  36. });
  37. }
  38. ));
  39. module.exports = function(app) {
  40. app.get('/sign_in', function(req, res) {
  41. res.render('session/sign_in', {});
  42. });
  43. app.get('/sign_up', function(req, res) {
  44. res.render('session/sign_up', {});
  45. });
  46. // Invoking logout() will remove the req.user property and clear the login session (if any).
  47. // Restfully, this is wrong, this should be a delete request to /session, but for ease of use
  48. // a lot of people will make this exception. It's much easier for sign out links as a get
  49. app.get('/sign_out', function(req, res) {
  50. req.logout();
  51. res.redirect('/');
  52. });
  53. // The verify callback for local authentication accepts
  54. // username and password arguments, which are submitted
  55. // to the application via a login form.
  56. app.post('/session', passport.authenticate('local', {
  57. successRedirect: '/',
  58. failureRedirect: '/sign_in'
  59. }));
  60. // End point for returning json data for the session user
  61. app.get('/session', function(req, res) {
  62. res.json(req.user);
  63. });
  64. // Create a new user from the sign_up page
  65. app.post('/registration', function(req, res) {
  66. var password = req.param('password');
  67. if(password === req.param('password_confirm')) {
  68. // Encrypt password
  69. var encryptedPassword = encrypt.encryptPassword(password).encryptedPassword;
  70. // create and login newly created user
  71. User.findOrCreate({name: req.param('name'), username: req.param('username'), password: encryptedPassword}).success(function(user) {
  72. req.login(user, function(err) {
  73. return res.redirect('/');
  74. });
  75. });
  76. } else {
  77. res.redirect('/sign_up');
  78. }
  79. });
  80. };