mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-31 19:15:58 +01:00
more auth tests
This commit is contained in:
Barış Soner Uşaklı
@@ -52,19 +52,7 @@ authenticationController.register = function (req, res) {
|
||||
user.isPasswordValid(userData.password, next);
|
||||
},
|
||||
function (next) {
|
||||
if (registrationType === 'normal' || registrationType === 'invite-only' || registrationType === 'admin-invite-only') {
|
||||
next(null, false);
|
||||
} else if (registrationType === 'admin-approval') {
|
||||
next(null, true);
|
||||
} else if (registrationType === 'admin-approval-ip') {
|
||||
db.sortedSetCard('ip:' + req.ip + ':uid', function (err, count) {
|
||||
if (err) {
|
||||
next(err);
|
||||
} else {
|
||||
next(null, !!count);
|
||||
}
|
||||
});
|
||||
}
|
||||
user.shouldQueueUser(req.ip, next);
|
||||
},
|
||||
function (queue, next) {
|
||||
res.locals.processLogin = true; // set it to false in plugin if you wish to just register only
|
||||
@@ -200,13 +188,15 @@ authenticationController.login = function (req, res, next) {
|
||||
var loginWith = meta.config.allowLoginWith || 'username-email';
|
||||
|
||||
if (req.body.username && utils.isEmailValid(req.body.username) && loginWith.indexOf('email') !== -1) {
|
||||
user.getUsernameByEmail(req.body.username, function (err, username) {
|
||||
if (err) {
|
||||
return next(err);
|
||||
}
|
||||
req.body.username = username || req.body.username;
|
||||
continueLogin(req, res, next);
|
||||
});
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.getUsernameByEmail(req.body.username, next);
|
||||
},
|
||||
function (username, next) {
|
||||
req.body.username = username || req.body.username;
|
||||
continueLogin(req, res, next);
|
||||
},
|
||||
], next);
|
||||
} else if (loginWith.indexOf('username') !== -1 && !validator.isEmail(req.body.username)) {
|
||||
continueLogin(req, res, next);
|
||||
} else {
|
||||
@@ -375,7 +365,7 @@ authenticationController.localLogin = function (req, username, password, next) {
|
||||
}
|
||||
|
||||
if (result.banned) {
|
||||
return banUser(uid, next);
|
||||
return getBanInfo(uid, next);
|
||||
}
|
||||
|
||||
user.auth.logAttempt(uid, req.ip, next);
|
||||
@@ -394,48 +384,57 @@ authenticationController.localLogin = function (req, username, password, next) {
|
||||
};
|
||||
|
||||
authenticationController.logout = function (req, res, next) {
|
||||
if (req.user && parseInt(req.user.uid, 10) > 0 && req.sessionID) {
|
||||
var uid = parseInt(req.user.uid, 10);
|
||||
var sessionID = req.sessionID;
|
||||
if (!req.uid || !req.sessionID) {
|
||||
return res.status(200).send('not-logged-in');
|
||||
}
|
||||
|
||||
user.auth.revokeSession(sessionID, uid, function (err) {
|
||||
if (err) {
|
||||
return next(err);
|
||||
}
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.auth.revokeSession(req.sessionID, req.uid, next);
|
||||
},
|
||||
function (next) {
|
||||
req.logout();
|
||||
req.session.destroy();
|
||||
|
||||
user.setUserField(uid, 'lastonline', Date.now() - 300000);
|
||||
|
||||
plugins.fireHook('static:user.loggedOut', { req: req, res: res, uid: uid }, function () {
|
||||
res.status(200).send('');
|
||||
|
||||
// Force session check for all connected socket.io clients with the same session id
|
||||
sockets.in('sess_' + sessionID).emit('checkSession', 0);
|
||||
});
|
||||
});
|
||||
} else {
|
||||
res.status(200).send('');
|
||||
}
|
||||
user.setUserField(req.uid, 'lastonline', Date.now() - 300000, next);
|
||||
},
|
||||
function (next) {
|
||||
plugins.fireHook('static:user.loggedOut', { req: req, res: res, uid: req.uid }, next);
|
||||
},
|
||||
function () {
|
||||
// Force session check for all connected socket.io clients with the same session id
|
||||
sockets.in('sess_' + req.sessionID).emit('checkSession', 0);
|
||||
res.status(200).send('');
|
||||
},
|
||||
], next);
|
||||
};
|
||||
|
||||
function banUser(uid, next) {
|
||||
user.getLatestBanInfo(uid, function (err, banInfo) {
|
||||
if (err) {
|
||||
if (err.message === 'no-ban-info') {
|
||||
return next(new Error('[[error:user-banned]]'));
|
||||
function getBanInfo(uid, callback) {
|
||||
var banInfo;
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.getLatestBanInfo(uid, next);
|
||||
},
|
||||
function (_banInfo, next) {
|
||||
banInfo = _banInfo;
|
||||
if (banInfo.reason) {
|
||||
return next();
|
||||
}
|
||||
|
||||
return next(err);
|
||||
}
|
||||
|
||||
if (!banInfo.reason) {
|
||||
translator.translate('[[user:info.banned-no-reason]]', function (translated) {
|
||||
banInfo.reason = translated;
|
||||
next(new Error(banInfo.expiry ? '[[error:user-banned-reason-until, ' + banInfo.expiry_readable + ', ' + banInfo.reason + ']]' : '[[error:user-banned-reason, ' + banInfo.reason + ']]'));
|
||||
next();
|
||||
});
|
||||
} else {
|
||||
},
|
||||
function (next) {
|
||||
next(new Error(banInfo.expiry ? '[[error:user-banned-reason-until, ' + banInfo.expiry_readable + ', ' + banInfo.reason + ']]' : '[[error:user-banned-reason, ' + banInfo.reason + ']]'));
|
||||
},
|
||||
], function (err) {
|
||||
if (err) {
|
||||
if (err.message === 'no-ban-info') {
|
||||
err.message = '[[error:user-banned]]';
|
||||
}
|
||||
}
|
||||
callback(err);
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user