1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | 1× 1× 1× 1× 1× 1× 1× 39× 39× 39× 12× 3× 3× 3× 3× 9× 9× 9× 7× 2× 5× 9× 24× 24× 1× 5× 5× 5× 5× 5× 5× 20× 5× 5× 24× 24× 19× 18× 18× 1× 1× 4× | 'use strict'; var _ = require('lodash'); var extend = require('deep-extend'); var url = require('url'); var forms = require('../forms'); var helpers = require('../helpers'); var oauth = require('../oauth'); /** * This controller logs in an existing user. If there are any errors, an * error page is rendered. If the process succeeds, the user will be logged in * and redirected. * * @method * * @param {Object} req - The HTTP request. * @param {Object} res - The HTTP response. * @param {function} next - The next function. */ module.exports = function (req, res, next) { var config = req.app.get('stormpathConfig'); res.locals.status = req.query.status; helpers.handleAcceptRequest(req, res, { 'application/json': function () { switch (req.method) { case 'GET': helpers.getFormViewModel('login', config, function (err, viewModel) { Iif (err) { return helpers.writeJsonError(res, err); } res.json(viewModel); }); break; case 'POST': Iif (!req.body) { return helpers.writeJsonError(res, new Error('Request requires that there is a body.')); } // Social login Iif (req.body.providerData) { return helpers.loginWithOAuthProvider(req.body, req, res); } helpers.authenticate(req.body, req, res, function (err) { if (err) { return helpers.writeJsonError(res, err); } helpers.loginResponder(req, res); }); break; default: next(); } }, 'text/html': function () { var nextUri = url.parse(req.query.next || '').path; Iif (req.user && config.web.login.enabled) { var nextUrl = nextUri || config.web.login.nextUri; return res.redirect(302, nextUrl); } function renderForm(form, options) { Eif (options === undefined) { options = {}; } var view = config.web.login.view; var oauthStateToken = oauth.common.resolveStateToken(req, res); var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + nextUri) : '')); var hasSocialProviders = _.some(config.web.social, function (socialProvider) { return socialProvider.enabled; }); extend(options, { form: form, formActionUri: formActionUri, oauthStateToken: oauthStateToken, hasSocialProviders: hasSocialProviders }); helpers.render(req, res, view, options); } helpers.setTempCookie(res, 'oauthRedirectUri', req.originalUrl); forms.loginForm.handle(req, { // If we get here, it means the user is submitting a login request, so we // should attempt to log the user into their account. success: function (form) { helpers.authenticate(form.data, req, res, function (err) { Iif (err) { return renderForm(form, { error: err.userMessage || err.message }); } helpers.loginResponder(req, res); }); }, // If we get here, it means the user didn't supply required form fields. error: function (form) { // Special case: if the user is being redirected to this page for the // first time, don't display any error. Eif (form.data && !form.data.login && !form.data.password) { return renderForm(form); } renderForm(form, { formErrors: helpers.collectFormErrors(form) }); }, // If we get here, it means the user is doing a simple GET request, so we // should just render the login template. empty: function (form) { renderForm(form); } }); } }, next); }; |