src/middleware/user.js

'use strict';

var async = require('async');
var nconf = require('nconf');
var winston = require('winston');

var meta = require('../meta');
var user = require('../user');
var privileges = require('../privileges');
var plugins = require('../plugins');

var auth = require('../routes/authentication');

var controllers = {
	helpers: require('../controllers/helpers'),
};

module.exports = function (middleware) {
	function authenticate(req, res, next, callback) {
		if (req.loggedIn) {
			return next();
		}
		if (plugins.hasListeners('response:middleware.authenticate')) {
			return plugins.fireHook('response:middleware.authenticate', {
				req: req,
				res: res,
				next: function (err) {
					if (err) {
						return next(err);
					}

					auth.setAuthVars(req, res, function () {
						if (req.loggedIn && req.user && req.user.uid) {
							return next();
						}

						callback();
					});
				},
			});
		}

		callback();
	}

	middleware.authenticate = function middlewareAuthenticate(req, res, next) {
		authenticate(req, res, next, function () {
			controllers.helpers.notAllowed(req, res, next);
		});
	};

	middleware.authenticateOrGuest = function authenticateOrGuest(req, res, next) {
		authenticate(req, res, next, next);
	};

	middleware.ensureSelfOrGlobalPrivilege = function ensureSelfOrGlobalPrivilege(req, res, next) {
		ensureSelfOrMethod(user.isAdminOrGlobalMod, req, res, next);
	};

	middleware.ensureSelfOrPrivileged = function ensureSelfOrPrivileged(req, res, next) {
		ensureSelfOrMethod(user.isPrivileged, req, res, next);
	};

	function ensureSelfOrMethod(method, req, res, next) {
		/*
			The "self" part of this middleware hinges on you having used
			middleware.exposeUid prior to invoking this middleware.
		*/
		async.waterfall([
			function (next) {
				if (!req.loggedIn) {
					return setImmediate(next, null, false);
				}

				if (req.uid === parseInt(res.locals.uid, 10)) {
					return setImmediate(next, null, true);
				}

				method(req.uid, next);
			},
			function (allowed, next) {
				if (!allowed) {
					return controllers.helpers.notAllowed(req, res);
				}
				next();
			},
		], next);
	}

	middleware.checkGlobalPrivacySettings = function checkGlobalPrivacySettings(req, res, next) {
		winston.warn('[middleware], checkGlobalPrivacySettings deprecated, use canViewUsers or canViewGroups');
		middleware.canViewUsers(req, res, next);
	};

	middleware.canViewUsers = function canViewUsers(req, res, next) {
		privileges.global.can('view:users', req.uid, function (err, canView) {
			if (err || canView) {
				return next(err);
			}
			controllers.helpers.notAllowed(req, res);
		});
	};

	middleware.canViewGroups = function canViewGroups(req, res, next) {
		privileges.global.can('view:groups', req.uid, function (err, canView) {
			if (err || canView) {
				return next(err);
			}
			controllers.helpers.notAllowed(req, res);
		});
	};

	middleware.checkAccountPermissions = function checkAccountPermissions(req, res, next) {
		// This middleware ensures that only the requested user and admins can pass
		async.waterfall([
			function (next) {
				middleware.authenticate(req, res, next);
			},
			function (next) {
				user.getUidByUserslug(req.params.userslug, next);
			},
			function (uid, next) {
				privileges.users.canEdit(req.uid, uid, next);
			},
			function (allowed, next) {
				if (allowed) {
					return next(null, allowed);
				}

				// For the account/info page only, allow plain moderators through
				if (/user\/.+\/info$/.test(req.path)) {
					user.isModeratorOfAnyCategory(req.uid, next);
				} else {
					next(null, false);
				}
			},
			function (allowed) {
				if (allowed) {
					return next();
				}
				controllers.helpers.notAllowed(req, res);
			},
		], next);
	};

	middleware.redirectToAccountIfLoggedIn = function redirectToAccountIfLoggedIn(req, res, next) {
		if (req.session.forceLogin || req.uid <= 0) {
			return next();
		}

		async.waterfall([
			function (next) {
				user.getUserField(req.uid, 'userslug', next);
			},
			function (userslug) {
				controllers.helpers.redirect(res, '/user/' + userslug);
			},
		], next);
	};

	middleware.redirectUidToUserslug = function redirectUidToUserslug(req, res, next) {
		var uid = parseInt(req.params.uid, 10);
		if (uid <= 0) {
			return next();
		}
		async.waterfall([
			function (next) {
				user.getUserField(uid, 'userslug', next);
			},
			function (userslug) {
				if (!userslug) {
					return next();
				}
				var path = req.path.replace(/^\/api/, '')
					.replace('uid', 'user')
					.replace(uid, function () { return userslug; });
				controllers.helpers.redirect(res, path);
			},
		], next);
	};

	middleware.redirectMeToUserslug = function redirectMeToUserslug(req, res, next) {
		var uid = req.uid;
		async.waterfall([
			function (next) {
				user.getUserField(uid, 'userslug', next);
			},
			function (userslug) {
				if (!userslug) {
					return controllers.helpers.notAllowed(req, res);
				}
				var path = req.path.replace(/^(\/api)?\/me/, '/user/' + userslug);
				controllers.helpers.redirect(res, path);
			},
		], next);
	};

	middleware.isAdmin = function isAdmin(req, res, next) {
		async.waterfall([
			function (next) {
				user.isAdministrator(req.uid, next);
			},
			function (isAdmin, next) {
				if (!isAdmin) {
					return controllers.helpers.notAllowed(req, res);
				}
				user.hasPassword(req.uid, next);
			},
			function (hasPassword, next) {
				if (!hasPassword) {
					return next();
				}

				var loginTime = req.session.meta ? req.session.meta.datetime : 0;
				var adminReloginDuration = meta.config.adminReloginDuration * 60000;
				var disabled = meta.config.adminReloginDuration === 0;
				if (disabled || (loginTime && parseInt(loginTime, 10) > Date.now() - adminReloginDuration)) {
					var timeLeft = parseInt(loginTime, 10) - (Date.now() - adminReloginDuration);
					if (req.session.meta && timeLeft < Math.min(300000, adminReloginDuration)) {
						req.session.meta.datetime += Math.min(300000, adminReloginDuration);
					}

					return next();
				}

				var returnTo = req.path;
				if (nconf.get('relative_path')) {
					returnTo = req.path.replace(new RegExp('^' + nconf.get('relative_path')), '');
				}
				returnTo = returnTo.replace(/^\/api/, '');

				req.session.returnTo = returnTo;
				req.session.forceLogin = 1;
				if (res.locals.isAPI) {
					res.status(401).json({});
				} else {
					res.redirect(nconf.get('relative_path') + '/login');
				}
			},
		], next);
	};

	middleware.requireUser = function (req, res, next) {
		if (req.loggedIn) {
			return next();
		}

		res.status(403).render('403', { title: '[[global:403.title]]' });
	};

	middleware.registrationComplete = function registrationComplete(req, res, next) {
		// If the user's session contains registration data, redirect the user to complete registration
		if (!req.session.hasOwnProperty('registration')) {
			return setImmediate(next);
		}
		if (!req.path.endsWith('/register/complete')) {
			// Append user data if present
			req.session.registration.uid = req.uid;

			controllers.helpers.redirect(res, '/register/complete');
		} else {
			setImmediate(next);
		}
	};
};
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`'use strict';`

			`var async = require('async');`
ESlint keyword-spacing, no-multi-spaces 2017-02-18 01:52:56 -07:00			`var nconf = require('nconf');`
fix: #6806 3 new global privileges view:users view:tags view:groups 2019-02-05 12:08:18 -05:00			`var winston = require('winston');`
closes #5202 2016-11-15 12:45:00 +03:00
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`var meta = require('../meta');`
			`var user = require('../user');`
closes #5202 2016-11-15 12:45:00 +03:00			`var privileges = require('../privileges');`
more tests 2017-05-12 17:53:23 -04:00			`var plugins = require('../plugins');`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00
DRY req props that depend on auth (fix #6727) (#6731) * DRY req props that depend on auth (fix #6727) authentication leads to req.loggedIn and req.uid being set. However, a later authentication event might outdate them. Here, I create one function for setting those properties, and make sure it also is called on the `action:middleware.authenticate` hook, which would be such an authentication event. If there are other places, those should be added as well. * fix lint errors * fix lint error * change exports 2018-09-04 15:43:33 +02:00			`var auth = require('../routes/authentication');`

organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`var controllers = {`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`helpers: require('../controllers/helpers'),`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`module.exports = function (middleware) {`
feat: added new middleware authenticateOrGuest 2018-12-07 13:31:31 -05:00			`function authenticate(req, res, next, callback) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (req.loggedIn) {`
more tests 2017-05-12 17:53:23 -04:00			`return next();`
			`}`
feat: new hook type: `response` Used in authentication middleware. Instead of firing an action hook, it now fires a response hook. Response hooks are invoked serially, and if headers are sent from one of the hook listeners, all subsequent hook methods are not called. Response hooks should only be used in situations where res.send (or other like methods) are invoked. Existing plugin hooks that pass in res purely for data retrieval purposes have not changed). fixes nodebb/nodebb-plugin-write-api#101 2019-01-19 14:49:22 -05:00			`if (plugins.hasListeners('response:middleware.authenticate')) {`
			`return plugins.fireHook('response:middleware.authenticate', {`
more tests 2017-05-12 17:53:23 -04:00			`req: req,`
			`res: res,`
DRY req props that depend on auth (fix #6727) (#6731) * DRY req props that depend on auth (fix #6727) authentication leads to req.loggedIn and req.uid being set. However, a later authentication event might outdate them. Here, I create one function for setting those properties, and make sure it also is called on the `action:middleware.authenticate` hook, which would be such an authentication event. If there are other places, those should be added as well. * fix lint errors * fix lint error * change exports 2018-09-04 15:43:33 +02:00			`next: function (err) {`
if authenticate middleware is overridden by plugin, check for req.user and return notAllowed helper otherwise /cc @LudwikJaniuk 2018-09-27 13:45:49 -04:00			`if (err) {`
			`return next(err);`
			`}`

			`auth.setAuthVars(req, res, function () {`
			`if (req.loggedIn && req.user && req.user.uid) {`
			`return next();`
			`}`

feat: added new middleware authenticateOrGuest 2018-12-07 13:31:31 -05:00			`callback();`
if authenticate middleware is overridden by plugin, check for req.user and return notAllowed helper otherwise /cc @LudwikJaniuk 2018-09-27 13:45:49 -04:00			`});`
DRY req props that depend on auth (fix #6727) (#6731) * DRY req props that depend on auth (fix #6727) authentication leads to req.loggedIn and req.uid being set. However, a later authentication event might outdate them. Here, I create one function for setting those properties, and make sure it also is called on the `action:middleware.authenticate` hook, which would be such an authentication event. If there are other places, those should be added as well. * fix lint errors * fix lint error * change exports 2018-09-04 15:43:33 +02:00			`},`
more tests 2017-05-12 17:53:23 -04:00			`});`
			`}`

feat: added new middleware authenticateOrGuest 2018-12-07 13:31:31 -05:00			`callback();`
			`}`

fix: loop 2018-12-17 16:59:45 -05:00			`middleware.authenticate = function middlewareAuthenticate(req, res, next) {`
feat: added new middleware authenticateOrGuest 2018-12-07 13:31:31 -05:00			`authenticate(req, res, next, function () {`
			`controllers.helpers.notAllowed(req, res, next);`
			`});`
			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.authenticateOrGuest = function authenticateOrGuest(req, res, next) {`
feat: added new middleware authenticateOrGuest 2018-12-07 13:31:31 -05:00			`authenticate(req, res, next, next);`
more tests 2017-05-12 17:53:23 -04:00			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.ensureSelfOrGlobalPrivilege = function ensureSelfOrGlobalPrivilege(req, res, next) {`
more tests 2017-05-12 17:53:23 -04:00			`ensureSelfOrMethod(user.isAdminOrGlobalMod, req, res, next);`
			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.ensureSelfOrPrivileged = function ensureSelfOrPrivileged(req, res, next) {`
more tests 2017-05-12 17:53:23 -04:00			`ensureSelfOrMethod(user.isPrivileged, req, res, next);`
			`};`

			`function ensureSelfOrMethod(method, req, res, next) {`
			`/*`
			`The "self" part of this middleware hinges on you having used`
			`middleware.exposeUid prior to invoking this middleware.`
			`*/`
			`async.waterfall([`
			`function (next) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (!req.loggedIn) {`
more tests 2017-05-12 17:53:23 -04:00			`return setImmediate(next, null, false);`
			`}`

			`if (req.uid === parseInt(res.locals.uid, 10)) {`
			`return setImmediate(next, null, true);`
			`}`

			`method(req.uid, next);`
			`},`
			`function (allowed, next) {`
			`if (!allowed) {`
			`return controllers.helpers.notAllowed(req, res);`
			`}`
			`next();`
			`},`
			`], next);`
			`}`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.checkGlobalPrivacySettings = function checkGlobalPrivacySettings(req, res, next) {`
fix: #6806 3 new global privileges view:users view:tags view:groups 2019-02-05 12:08:18 -05:00			`winston.warn('[middleware], checkGlobalPrivacySettings deprecated, use canViewUsers or canViewGroups');`
			`middleware.canViewUsers(req, res, next);`
			`};`

			`middleware.canViewUsers = function canViewUsers(req, res, next) {`
			`privileges.global.can('view:users', req.uid, function (err, canView) {`
			`if (err \|\| canView) {`
			`return next(err);`
			`}`
			`controllers.helpers.notAllowed(req, res);`
			`});`
			`};`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00
fix: #6806 3 new global privileges view:users view:tags view:groups 2019-02-05 12:08:18 -05:00			`middleware.canViewGroups = function canViewGroups(req, res, next) {`
			`privileges.global.can('view:groups', req.uid, function (err, canView) {`
			`if (err \|\| canView) {`
			`return next(err);`
			`}`
			`controllers.helpers.notAllowed(req, res);`
			`});`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.checkAccountPermissions = function checkAccountPermissions(req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`// This middleware ensures that only the requested user and admins can pass`
			`async.waterfall([`
			`function (next) {`
			`middleware.authenticate(req, res, next);`
			`},`
			`function (next) {`
			`user.getUidByUserslug(req.params.userslug, next);`
			`},`
			`function (uid, next) {`
closes #5202 2016-11-15 12:45:00 +03:00			`privileges.users.canEdit(req.uid, uid, next);`
allowing moderators access to the account info page 2016-10-24 15:58:57 -04:00			`},`
fix style 2016-10-25 12:53:43 +03:00			`function (allowed, next) {`
allowing moderators access to the account info page 2016-10-24 15:58:57 -04:00			`if (allowed) {`
			`return next(null, allowed);`
			`}`

			`// For the account/info page only, allow plain moderators through`
			`if (/user\/.+\/info$/.test(req.path)) {`
			`user.isModeratorOfAnyCategory(req.uid, next);`
			`} else {`
			`next(null, false);`
			`}`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`},`
more tests 2017-05-12 17:53:23 -04:00			`function (allowed) {`
			`if (allowed) {`
			`return next();`
			`}`
			`controllers.helpers.notAllowed(req, res);`
			`},`
			`], next);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.redirectToAccountIfLoggedIn = function redirectToAccountIfLoggedIn(req, res, next) {`
feat: give names to middlewares 2018-12-17 16:03:01 -05:00			`if (req.session.forceLogin \|\| req.uid <= 0) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`return next();`
			`}`

more tests 2017-05-12 17:53:23 -04:00			`async.waterfall([`
			`function (next) {`
			`user.getUserField(req.uid, 'userslug', next);`
			`},`
			`function (userslug) {`
			`controllers.helpers.redirect(res, '/user/' + userslug);`
			`},`
			`], next);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.redirectUidToUserslug = function redirectUidToUserslug(req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`var uid = parseInt(req.params.uid, 10);`
uid fixes 2018-11-17 22:31:39 -05:00			`if (uid <= 0) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`return next();`
			`}`
more tests 2017-05-12 17:53:23 -04:00			`async.waterfall([`
			`function (next) {`
			`user.getUserField(uid, 'userslug', next);`
			`},`
			`function (userslug) {`
			`if (!userslug) {`
			`return next();`
			`}`
			`var path = req.path.replace(/^\/api/, '')`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`.replace('uid', 'user')`
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`.replace(uid, function () { return userslug; });`
more tests 2017-05-12 17:53:23 -04:00			`controllers.helpers.redirect(res, path);`
			`},`
			`], next);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.redirectMeToUserslug = function redirectMeToUserslug(req, res, next) {`
Add `/me` route which redirects to `/user/[userslug]` (#6063) * Add `/me` route which redirects to the current user's information - `/me` -> `/user/[usertslug]` - `/me/bookmarks` -> `/user/[userslug]/bookmarks` - `/me/settings` -> `/user/[userslug]/settings` etc Add tests for `/me/*` 2017-11-16 15:38:26 -07:00			`var uid = req.uid;`
			`async.waterfall([`
			`function (next) {`
			`user.getUserField(uid, 'userslug', next);`
			`},`
			`function (userslug) {`
			`if (!userslug) {`
use helper 2017-12-09 12:25:27 -05:00			`return controllers.helpers.notAllowed(req, res);`
Add `/me` route which redirects to `/user/[userslug]` (#6063) * Add `/me` route which redirects to the current user's information - `/me` -> `/user/[usertslug]` - `/me/bookmarks` -> `/user/[userslug]/bookmarks` - `/me/settings` -> `/user/[userslug]/settings` etc Add tests for `/me/*` 2017-11-16 15:38:26 -07:00			`}`
			`var path = req.path.replace(/^(\/api)?\/me/, '/user/' + userslug);`
			`controllers.helpers.redirect(res, path);`
			`},`
			`], next);`
			`};`

feat: give the rest of the middlewares names 2018-12-17 16:36:43 -05:00			`middleware.isAdmin = function isAdmin(req, res, next) {`
more tests 2017-05-12 17:53:23 -04:00			`async.waterfall([`
			`function (next) {`
			`user.isAdministrator(req.uid, next);`
			`},`
			`function (isAdmin, next) {`
			`if (!isAdmin) {`
			`return controllers.helpers.notAllowed(req, res);`
			`}`
			`user.hasPassword(req.uid, next);`
			`},`
			`function (hasPassword, next) {`
			`if (!hasPassword) {`
			`return next();`
			`}`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00
more tests 2017-05-12 17:53:23 -04:00			`var loginTime = req.session.meta ? req.session.meta.datetime : 0;`
Parse int (#6853) * Store config fields as JSON in the db Fewer parseInts * Remove unnecessary parseInts * remove some dupe code add tests * remove console.log * remove more parseInts * WIP: read meta.configs defaults from defaults.json remove more parseInts * more work * add log for failing test * update admin pwd * fix tests, dont require posts/cache before configs are initialized * handle saves * Test boolean conditions * remove more parseInts * Fix boolean values * remove lots more parseInts * removed json parsing * renamed var to number * categories dont have timestamp 2018-10-21 16:47:51 -04:00			`var adminReloginDuration = meta.config.adminReloginDuration * 60000;`
			`var disabled = meta.config.adminReloginDuration === 0;`
closes #6037 2017-11-17 15:26:36 -05:00			`if (disabled \|\| (loginTime && parseInt(loginTime, 10) > Date.now() - adminReloginDuration)) {`
			`var timeLeft = parseInt(loginTime, 10) - (Date.now() - adminReloginDuration);`
fix lint 2018-01-25 12:31:43 -05:00			`if (req.session.meta && timeLeft < Math.min(300000, adminReloginDuration)) {`
closes #6037 2017-11-17 15:26:36 -05:00			`req.session.meta.datetime += Math.min(300000, adminReloginDuration);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`}`

more tests 2017-05-12 17:53:23 -04:00			`return next();`
			`}`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00
closes #5847 2017-08-01 13:17:03 -04:00			`var returnTo = req.path;`
			`if (nconf.get('relative_path')) {`
			`returnTo = req.path.replace(new RegExp('^' + nconf.get('relative_path')), '');`
			`}`
			`returnTo = returnTo.replace(/^\/api/, '');`

fix: no relative path needed in req.session.returnTo re: julianlam/nodebb-plugin-session-sharing#73 2019-02-15 16:41:49 -05:00			`req.session.returnTo = returnTo;`
more tests 2017-05-12 17:53:23 -04:00			`req.session.forceLogin = 1;`
			`if (res.locals.isAPI) {`
			`res.status(401).json({});`
			`} else {`
			`res.redirect(nconf.get('relative_path') + '/login');`
			`}`
			`},`
			`], next);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`middleware.requireUser = function (req, res, next) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (req.loggedIn) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`return next();`
			`}`

ESlint object-curly-spacing 2017-02-18 12:30:49 -07:00			`res.status(403).render('403', { title: '[[global:403.title]]' });`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`};`

feat: give names to middlewares 2018-12-17 16:03:01 -05:00			`middleware.registrationComplete = function registrationComplete(req, res, next) {`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`// If the user's session contains registration data, redirect the user to complete registration`
			`if (!req.session.hasOwnProperty('registration')) {`
misc fixes handle spider uids properly 2018-11-12 00:20:44 -05:00			`return setImmediate(next);`
ESlint no-useless-escape, no-else-return 2017-02-18 14:27:26 -07:00			`}`
			`if (!req.path.endsWith('/register/complete')) {`
closes #6483 2018-05-02 13:02:07 -04:00			`// Append user data if present`
			`req.session.registration.uid = req.uid;`

ESlint no-useless-escape, no-else-return 2017-02-18 14:27:26 -07:00			`controllers.helpers.redirect(res, '/register/complete');`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`} else {`
feat: give names to middlewares 2018-12-17 16:03:01 -05:00			`setImmediate(next);`
organize middlewares removed app.locals.middleware middlewares can be required anywhere, ie in controllers 2016-08-26 18:50:37 +03:00			`}`
			`};`
			`};`