all files / express-stormpath/lib/controllers/ idp-login.js

8.7% Statements 4/46
0% Branches 0/26
0% Functions 0/6
8.7% Lines 4/46
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90                                                                                                                                                                           
'use strict';
 
var AccessTokenAuthenticator = require('../okta/access-token-authenticator');
var createSession = require('../helpers/create-session');
var oauth = require('../oauth');
 
/**
 * This controller logs in an existing after a callback from Okta with an authorization code
 *
 * @method
 *
 * @param {Object} req - The http request.
 * @param {Object} res - The http response.
 */
module.exports = function (provider, req, res) {
  var client = req.app.get('stormpathClient');
  var config = req.app.get('stormpathConfig');
  var logger = req.app.get('stormpathLogger');
  var postLoginHandler = config.postLoginHandler;
  var postRegistrationHandler = config.postRegistrationHandler;
 
  if (req.query.code) {
 
    oauth.common.exchangeAuthCodeForAccessToken(req, provider, function (err, oauthAccessTokenResult) {
      if (err) {
        logger.info('During a Facebook OAuth login attempt, we were unable to exchange the authentication code for an access token.');
        return oauth.errorResponder(req, res, err);
      }
 
      var issuer = config.org + '/oauth2/' + config.authorizationServerId;
 
      var accessTokenAuthenticator = new AccessTokenAuthenticator(client).forIssuer(issuer).withLocalValidation();
 
      accessTokenAuthenticator.authenticate(oauthAccessTokenResult.access_token, function (err, authenticationResult) {
 
        if (err) {
          logger.info(err);
          return oauth.errorResponder(req, res, err);
        }
 
        authenticationResult.getAccount(function (err, user) {
          if (err) {
            logger.info(err);
            return oauth.errorResponder(req, res, err);
          }
 
          createSession(oauthAccessTokenResult, user, req, res);
 
          var nextUrl = oauth.common.consumeRedirectUri(req, res);
 
          // Was the user created in the last 10 seconds?
 
          var isNewUser = (new Date().getTime() - new Date(user.created).getTime()) < 60000 ;
 
          if (!nextUrl) {
            nextUrl = isNewUser ? config.web.register.nextUri : config.web.login.nextUri;
          }
 
          if (isNewUser && postRegistrationHandler) {
            postRegistrationHandler(req.user, req, res, function (err) {
              if (err) {
                logger.info('Error when trying to execute the postRegistrationHandler after authenticating the user.');
                return oauth.errorResponder(req, res, err);
              }
              res.redirect(302, nextUrl);
            });
          } else if (postLoginHandler) {
            postLoginHandler(req.user, req, res, function () {
              if (err) {
                logger.info('Error when trying to execute the postLoginHandler after authenticating the user.');
                return oauth.errorResponder(req, res, err);
              }
              res.redirect(302, nextUrl);
            });
          } else {
            res.redirect(302, nextUrl);
          }
 
        });
 
      });
    });
  } else if (req.query.error) {
    var errorString = req.query.error_description ? (req.query.error_description + ' (' + req.query.error + ')') : req.query.error;
    return oauth.errorResponder(req, res, new Error(errorString));
  } else {
    return oauth.errorResponder(req, res, new Error('Callback did not contain a code parameter.'));
  }
};