Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
});
}
}
);
});
}
)
);
// =========================================================================
// LOCAL SIGNUP ============================================================
// =========================================================================
passport.use(
"local-signup",
new LocalStrategy(
{
// override with email instead of email instead of userame
usernameField: "email",
passwordField: "password",
passReqToCallback: true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne(
{
"email": email
},
// Middlewares
const tokenMiddleware = require('./middlewares/token')
app.use('/token', tokenMiddleware)
// Normal Routes
app.use('/', api)
app.use('/auth', apiAuth)
app.use('/api/accounts', apiAccounts)
app.use('/api/books', apiBooks)
// -----------------------------------------------------------------------------
// PASSPORT
// -----------------------------------------------------------------------------
// Local
passport.use(new LocalStrategy(Account.authenticate()))
// GitHub
passport.use(new GitHubStrategy({
clientID: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
callbackURL: process.env.GITHUB_CALLBACK,
passReqToCallback: true
},
providers.github))
// Facebook
passport.use(new FacebookStrategy({
clientID: process.env.FACEBOOK_APP_ID,
clientSecret: process.env.FACEBOOK_APP_SECRET,
callbackURL: process.env.FACEBOOK_CALLBACK,
profileFields: ['id', 'displayName', 'photos', 'email'],
module.exports = function initLocalStrategy(we) {
// - Local
passport.use(new LocalStrategy(
we.config.passport.strategies.local
, function findUserAndValidPassword(email, password, done) {
// build the find user query
var query = { where: {}};
query.where[we.config.passport.strategies.local.usernameField] = email;
// find user in DB
we.db.models.user.find(query).then (function (user) {
if (!user) {
return done(null, false, { message: 'auth.login.wrong.email.or.password' });
}
// get the user password
user.getPassword().then(function (passwordObj) {
if (!passwordObj) return done(null, false, { message: 'auth.login.user.dont.have.password' });
passwordObj.validatePassword(password, function (err, isValid) {
if (err) return done(err);
});
//Flow (III)
var comparePassword = function(candidatePassword,hash,callback) {
bcrypt.compare(candidatePassword,hash,function(err, isMatch) {
if(err) return callback(err);
callback(null,isMatch);
});
}
//Flow (II)
passport.use(new localStrategy(
function(username, password, done) {
User.find({username : username}, function(err,user) {
if(err) throw err;
if(user.length == 0) {
console.log('Unknown User');
return done(null,false,{message: 'Unknown User'});
}
comparePassword(password,user[0].password, function(err,isMatch) {
if(err) throw err;
if(isMatch) {
return done(null, user);
res.redirect('/');
} else {
console.log('Invalid Password');
* Module dependencies.
*/
var passport = require('passport')
, LocalStrategy = require('passport-local').Strategy
, BasicStrategy = require('passport-http').BasicStrategy
, ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy
, BearerStrategy = require('passport-http-bearer').Strategy
, db = require('./db').db()
, bcrypt = require('bcrypt')
, crypto = require('crypto')
/**
* LocalStrategy
*/
passport.use(new LocalStrategy(
function(username, password, done) {
db.collection('users').findOne({username: username}, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
bcrypt.compare(password, user.password, function (err, res) {
if (!res) return done(null, false)
return done(null, user)
})
})
}
))
passport.serializeUser(function(user, done) {
done(null, user.username);
})
module.exports = function() {
passport.use(
new LocalStrategy(function(username, password, done) {
User.User.findOne({
where: {
username: username,
},
}).then(function(user) {
if (user == null) {
return done(null, false, { message: "Incorrect credentials." });
}
var hashedPassword = bcrypt.hashSync(password, user.salt);
if (user.password === hashedPassword) {
return done(null, user);
}
return done(null, false, { message: "Incorrect credentials." });
local: {
email,
salt,
hashedPassword: generateHashedPassword(salt, password)
}
});
await user.save();
done(null, user);
} catch (error) {
done(error, false);
}
}));
use('local-signin', new Strategy({
usernameField: 'email',
passwordField: 'password'
}, async (email: string, password: string, done: Function) => {
try {
const user: IUser = await this.userModel.findOne({ 'local.email': email });
if (!user) {
return done(new UnauthorizedException(MESSAGES.UNAUTHORIZED_INVALID_EMAIL), false);
}
if (generateHashedPassword(user.local.salt, password) !== user.local.hashedPassword) {
return done(new UnauthorizedException(MESSAGES.UNAUTHORIZED_INVALID_PASSWORD), false);
}
done(null, user);
} catch (error) {
module.exports = function initAuthMiddleware(app) {
passport.use(
new LocalStrategy(async (username, password, done) => {
const user = await getUserForLoginData(username, password);
if (!user) {
return done(null, false);
}
return done(null, user);
})
);
passport.serializeUser((user, done) => done(null, user.id));
passport.deserializeUser(async (id, done) => {
const user = await getUserById(id);
if (!user) {
return done(`Could not deserialize user with id ${id}`);
}
return done(null, user);
done(err);
}
return done(null, newUser);
})
})
}
})
}
})
})
}));
passport.use('local-login', new LocalStrategy({
passReqToCallback: true
}, function (req, username, password, done) {
User.findOne({
'username': username
}, function (err, user) {
if (err) return done(err);
if (!user || user.length == 0) return done('No user found', false);
if (!user.validPassword(password)) return done('Oops! Wrong password.', false);
User.findOneAndUpdate({
'username': username
}, {