all files / express-stormpath/lib/controllers/ login.js

84% Statements 42/50
59.38% Branches 19/32
100% Functions 11/11
84% Lines 42/50
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127                              39×   39×   39×   12×                                               24×   24×               20×                     24×   24×       19× 18×       18×                                      
'use strict';
 
var _ = require('lodash');
var extend = require('deep-extend');
var url = require('url');
 
var forms = require('../forms');
var helpers = require('../helpers');
var oauth = require('../oauth');
 
/**
 * This controller logs in an existing user.  If there are any errors, an
 * error page is rendered.  If the process succeeds, the user will be logged in
 * and redirected.
 *
 * @method
 *
 * @param {Object} req - The HTTP request.
 * @param {Object} res - The HTTP response.
 * @param {function} next - The next function.
 */
module.exports = function (req, res, next) {
  var config = req.app.get('stormpathConfig');
 
  res.locals.status = req.query.status;
 
  helpers.handleAcceptRequest(req, res, {
    'application/json': function () {
      switch (req.method) {
        case 'GET':
          helpers.getFormViewModel('login', config, function (err, viewModel) {
            Iif (err) {
              return helpers.writeJsonError(res, err);
            }
 
            res.json(viewModel);
          });
          break;
 
        case 'POST':
          Iif (!req.body) {
            return helpers.writeJsonError(res, new Error('Request requires that there is a body.'));
          }
 
          // Social login
          Iif (req.body.providerData) {
            return helpers.loginWithOAuthProvider(req.body, req, res);
          }
 
          helpers.authenticate(req.body, req, res, function (err) {
            if (err) {
              return helpers.writeJsonError(res, err);
            }
 
            helpers.loginResponder(req, res);
          });
          break;
 
        default:
          next();
      }
    },
    'text/html': function () {
      var nextUri = url.parse(req.query.next || '').path;
 
      Iif (req.user && config.web.login.enabled) {
        var nextUrl = nextUri || config.web.login.nextUri;
        return res.redirect(302, nextUrl);
      }
 
      function renderForm(form, options) {
        Eif (options === undefined) {
          options = {};
        }
 
        var view = config.web.login.view;
        var oauthStateToken = oauth.common.resolveStateToken(req, res);
        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + nextUri) : ''));
 
        var hasSocialProviders = _.some(config.web.social, function (socialProvider) {
          return socialProvider.enabled;
        });
 
        extend(options, {
          form: form,
          formActionUri: formActionUri,
          oauthStateToken: oauthStateToken,
          hasSocialProviders: hasSocialProviders
        });
 
        helpers.render(req, res, view, options);
      }
 
      helpers.setTempCookie(res, 'oauthRedirectUri', req.originalUrl);
 
      forms.loginForm.handle(req, {
        // If we get here, it means the user is submitting a login request, so we
        // should attempt to log the user into their account.
        success: function (form) {
          helpers.authenticate(form.data, req, res, function (err) {
            Iif (err) {
              return renderForm(form, { error: err.userMessage || err.message });
            }
 
            helpers.loginResponder(req, res);
          });
        },
        // If we get here, it means the user didn't supply required form fields.
        error: function (form) {
          // Special case: if the user is being redirected to this page for the
          // first time, don't display any error.
          Eif (form.data && !form.data.login && !form.data.password) {
            return renderForm(form);
          }
 
          renderForm(form, { formErrors: helpers.collectFormErrors(form) });
        },
        // If we get here, it means the user is doing a simple GET request, so we
        // should just render the login template.
        empty: function (form) {
          renderForm(form);
        }
      });
    }
  }, next);
};