overleaf/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee

AuthenticationManager = require ("./AuthenticationManager")
LoginRateLimiter = require("../Security/LoginRateLimiter")
UserUpdater = require "../User/UserUpdater"
Metrics = require('metrics-sharelatex')
logger = require("logger-sharelatex")
querystring = require('querystring')
Url = require("url")
Settings = require "settings-sharelatex"
basicAuth = require('basic-auth-connect')
UserHandler = require("../User/UserHandler")
UserSessionsManager = require("../User/UserSessionsManager")
Analytics = require "../Analytics/AnalyticsManager"
passport = require 'passport'
NotificationsBuilder = require("../Notifications/NotificationsBuilder")
SudoModeHandler = require '../SudoMode/SudoModeHandler'
V1Api = require "../V1/V1Api"
{User} = require "../../models/User"

module.exports = AuthenticationController =

	serializeUser: (user, callback) ->
		lightUser =
			_id: user._id
			first_name: user.first_name
			last_name: user.last_name
			isAdmin: user.isAdmin
			email: user.email
			referal_id: user.referal_id
			session_created: (new Date()).toISOString()
			ip_address: user._login_req_ip
		callback(null, lightUser)

	deserializeUser: (user, cb) ->
		cb(null, user)

	afterLoginSessionSetup: (req, user, callback=(err)->) ->
		req.login user, (err) ->
			if err?
				logger.err {user_id: user._id, err}, "error from req.login"
				return callback(err)
			# Regenerate the session to get a new sessionID (cookie value) to
			# protect against session fixation attacks
			oldSession = req.session
			req.session.destroy (err) ->
				if err?
					logger.err {user_id: user._id, err}, "error when trying to destroy old session"
					return callback(err)
				req.sessionStore.generate(req)
				for key, value of oldSession
					req.session[key] = value unless key == '__tmp'
				# copy to the old `session.user` location, for backward-comptability
				req.session.user = req.session.passport.user
				req.session.save (err) ->
					if err?
						logger.err {user_id: user._id}, "error saving regenerated session after login"
						return callback(err)
					UserSessionsManager.trackSession(user, req.sessionID, () ->)
					callback(null)

	passportLogin: (req, res, next) ->
		# This function is middleware which wraps the passport.authenticate middleware,
		# so we can send back our custom `{message: {text: "", type: ""}}` responses on failure,
		# and send a `{redir: ""}` response on success
		passport.authenticate('local', (err, user, info) ->
			if err?
				return next(err)
			if user # `user` is either a user object or false
				AuthenticationController.finishLogin(user, req, res, next)
			else
				if info.redir?
					res.json {redir: info.redir}
				else
					res.json message: info
		)(req, res, next)

	finishLogin: (user, req, res, next) ->
		redir = AuthenticationController._getRedirectFromSession(req) || "/project"
		AuthenticationController._loginAsyncHandlers(req, user)
		AuthenticationController.afterLoginSessionSetup req, user, (err) ->
			if err?
				return next(err)
			SudoModeHandler.activateSudoMode user._id, (err) ->
				if err?
					logger.err {err, user_id: user._id}, "Error activating Sudo Mode on login, continuing"
				AuthenticationController._clearRedirectFromSession(req)
				if req.headers?['accept']?.match(/^application\/json.*$/)
					res.json {redir: redir}
				else
					res.redirect(redir)

	doPassportLogin: (req, username, password, done) ->
		email = username.toLowerCase()
		Modules = require "../../infrastructure/Modules"
		Modules.hooks.fire 'preDoPassportLogin', req, email, (err, infoList) ->
			return next(err) if err?
			info = infoList.find((i) => i?)
			if info?
				return done(null, false, info)
			LoginRateLimiter.processLoginRequest email, (err, isAllowed)->
				return done(err) if err?
				if !isAllowed
					logger.log email:email, "too many login requests"
					return done(null, null, {text: req.i18n.translate("to_many_login_requests_2_mins"), type: 'error'})
				AuthenticationManager.authenticate email: email, password, (error, user) ->
					return done(error) if error?
					if user?
						# async actions
						return done(null, user)
					else
						AuthenticationController._recordFailedLogin()
						logger.log email: email, "failed log in"
						return done(
							null,
							false,
							{text: req.i18n.translate("email_or_password_wrong_try_again"), type: 'error'}
						)

	_loginAsyncHandlers: (req, user) ->
		UserHandler.setupLoginData(user, ()->)
		LoginRateLimiter.recordSuccessfulLogin(user.email)
		AuthenticationController._recordSuccessfulLogin(user._id)
		AuthenticationController.ipMatchCheck(req, user)
		Analytics.recordEvent(user._id, "user-logged-in", {ip:req.ip})
		Analytics.identifyUser(user._id, req.sessionID)
		logger.log email: user.email, user_id: user._id.toString(), "successful log in"
		req.session.justLoggedIn = true
		# capture the request ip for use when creating the session
		user._login_req_ip = req.ip

	ipMatchCheck: (req, user) ->
		if req.ip != user.lastLoginIp
			NotificationsBuilder.ipMatcherAffiliation(user._id, req.ip).create()
		UserUpdater.updateUser user._id.toString(), {
			$set: { "lastLoginIp": req.ip }
		}

	setInSessionUser: (req, props) ->
		for key, value of props
			if req?.session?.passport?.user?
				req.session.passport.user[key] = value
			if req?.session?.user?
				req.session.user[key] = value

	isUserLoggedIn: (req) ->
		user_id = AuthenticationController.getLoggedInUserId(req)
		return (user_id not in [null, undefined, false])

	# TODO: perhaps should produce an error if the current user is not present
	getLoggedInUserId: (req) ->
		user = AuthenticationController.getSessionUser(req)
		if user
			return user._id
		else
			return null

	getSessionUser: (req) ->
		if req?.session?.user?
			return req.session.user
		else if req?.session?.passport?.user
			return req.session.passport.user
		else
			return null

	requireLogin: () ->
		doRequest = (req, res, next = (error) ->) ->
			if !AuthenticationController.isUserLoggedIn(req)
				AuthenticationController._redirectToLoginOrRegisterPage(req, res)
			else
				req.user = AuthenticationController.getSessionUser(req)
				next()

		return doRequest

	requireOauth: () ->
		return (req, res, next = (error) ->) ->
			return res.status(401).send() unless req.token?
			options =
				expectedStatusCodes: [401]
				json: token: req.token
				method: "POST"
				uri: "/api/v1/sharelatex/oauth_authorize"
			V1Api.request options, (error, response, body) ->
				return next(error) if error?
				return res.status(401).json({error: "invalid_token"}) unless body?.user_profile?.id
				User.findOne { "overleaf.id": body.user_profile.id }, (error, user) ->
					return next(error) if error?
					return res.status(401).send({error: "invalid_token"}) unless user?
					req.oauth = access_token: body.access_token
					req.oauth_user = user
					next()

	_globalLoginWhitelist: []
	addEndpointToLoginWhitelist: (endpoint) ->
		AuthenticationController._globalLoginWhitelist.push endpoint

	requireGlobalLogin: (req, res, next) ->
		if req._parsedUrl.pathname in AuthenticationController._globalLoginWhitelist
			return next()

		if req.headers['authorization']?
			return AuthenticationController.httpAuth(req, res, next)
		else if AuthenticationController.isUserLoggedIn(req)
			return next()
		else
			logger.log url:req.url, "user trying to access endpoint not in global whitelist"
			AuthenticationController._setRedirectInSession(req)
			return res.redirect "/login"

	httpAuth: basicAuth (user, pass)->
		isValid = Settings.httpAuthUsers[user] == pass
		if !isValid
			logger.err user:user, pass:pass, "invalid login details"
		return isValid

	_redirectToLoginOrRegisterPage: (req, res)->
		if (req.query.zipUrl? or req.query.project_name? or req.path == '/user/subscription/new')
			return AuthenticationController._redirectToRegisterPage(req, res)
		else
			AuthenticationController._redirectToLoginPage(req, res)

	_redirectToLoginPage: (req, res) ->
		logger.log url: req.url, "user not logged in so redirecting to login page"
		AuthenticationController._setRedirectInSession(req)
		url = "/login?#{querystring.stringify(req.query)}"
		res.redirect url
		Metrics.inc "security.login-redirect"

	_redirectToRegisterPage: (req, res) ->
		logger.log url: req.url, "user not logged in so redirecting to register page"
		AuthenticationController._setRedirectInSession(req)
		url = "/register?#{querystring.stringify(req.query)}"
		res.redirect url
		Metrics.inc "security.login-redirect"

	_recordSuccessfulLogin: (user_id, callback = (error) ->) ->
		UserUpdater.updateUser user_id.toString(), {
			$set: { "lastLoggedIn": new Date() },
			$inc: { "loginCount": 1 }
		}, (error) ->
			callback(error) if error?
			Metrics.inc "user.login.success"
			callback()

	_recordFailedLogin: (callback = (error) ->) ->
		Metrics.inc "user.login.failed"
		callback()

	_setRedirectInSession: (req, value) ->
		if !value?
			value = if Object.keys(req.query).length > 0 then "#{req.path}?#{querystring.stringify(req.query)}" else "#{req.path}"
		if (
			req.session? &&
			!/^\/(socket.io|js|stylesheets|img)\/.*$/.test(value) &&
			!/^.*\.(png|jpeg|svg)$/.test(value)
		)
			req.session.postLoginRedirect = value

	_getRedirectFromSession: (req) ->
		return req?.session?.postLoginRedirect || null

	_clearRedirectFromSession: (req) ->
		if req.session?
			delete req.session.postLoginRedirect
Intial open source comment 2014-02-12 05:23:40 -05:00			`AuthenticationManager = require ("./AuthenticationManager")`
			`LoginRateLimiter = require("../Security/LoginRateLimiter")`
			`UserUpdater = require "../User/UserUpdater"`
Remove the Metrics module, use metrics-sharelatex 2017-04-03 11:18:30 -04:00			`Metrics = require('metrics-sharelatex')`
Intial open source comment 2014-02-12 05:23:40 -05:00			`logger = require("logger-sharelatex")`
			`querystring = require('querystring')`
			`Url = require("url")`
Add in option for global login requirement (defaults to on) 2015-04-15 06:14:38 -04:00			`Settings = require "settings-sharelatex"`
v1 of express4 conversion 2015-06-30 07:04:41 -04:00			`basicAuth = require('basic-auth-connect')`
user notifications auto created on login for joinging groups 2016-02-17 11:24:09 -05:00			`UserHandler = require("../User/UserHandler")`
Begin keeping record of user sessions in reds. 2016-06-29 06:35:25 -04:00			`UserSessionsManager = require("../User/UserSessionsManager")`
Track login events. 2016-08-11 09:09:45 -04:00			`Analytics = require "../Analytics/AnalyticsManager"`
Finalise login workflow, works with login form again. 2016-09-15 09:36:11 -04:00			`passport = require 'passport'`
test against ip matcher for notification on login if different from previous ip 2018-09-04 12:26:15 -04:00			`NotificationsBuilder = require("../Notifications/NotificationsBuilder")`
WIP: trying to get acceptance tests to pass 2018-09-20 09:59:30 -04:00			`SudoModeHandler = require '../SudoMode/SudoModeHandler'`
Merge pull request #1047 from sharelatex/ew-oauth-authorization add oauth middlewear GitOrigin-RevId: b68360763e1060fdbcbb4348d3d691a803fbfa41 2018-10-30 14:18:42 -04:00			`V1Api = require "../V1/V1Api"`
			`{User} = require "../../models/User"`
Intial open source comment 2014-02-12 05:23:40 -05:00
			`module.exports = AuthenticationController =`
barely functional login and logout 2016-09-05 05:28:47 -04:00
Basic passport integration 2016-09-02 11:17:37 -04:00			`serializeUser: (user, callback) ->`
			`lightUser =`
			`_id: user._id`
			`first_name: user.first_name`
			`last_name: user.last_name`
			`isAdmin: user.isAdmin`
			`email: user.email`
			`referal_id: user.referal_id`
			`session_created: (new Date()).toISOString()`
			`ip_address: user._login_req_ip`
			`callback(null, lightUser)`

			`deserializeUser: (user, cb) ->`
			`cb(null, user)`

Enable hook from module into passport init. 2016-11-01 10:06:54 -04:00			`afterLoginSessionSetup: (req, user, callback=(err)->) ->`
			`req.login user, (err) ->`
WIP: start moving web sessions to cluster 2016-11-08 10:32:36 -05:00			`if err?`
			`logger.err {user_id: user._id, err}, "error from req.login"`
			`return callback(err)`
Enable hook from module into passport init. 2016-11-01 10:06:54 -04:00			`# Regenerate the session to get a new sessionID (cookie value) to`
			`# protect against session fixation attacks`
			`oldSession = req.session`
WIP: start moving web sessions to cluster 2016-11-08 10:32:36 -05:00			`req.session.destroy (err) ->`
Enable hook from module into passport init. 2016-11-01 10:06:54 -04:00			`if err?`
WIP: start moving web sessions to cluster 2016-11-08 10:32:36 -05:00			`logger.err {user_id: user._id, err}, "error when trying to destroy old session"`
Enable hook from module into passport init. 2016-11-01 10:06:54 -04:00			`return callback(err)`
WIP: start moving web sessions to cluster 2016-11-08 10:32:36 -05:00			`req.sessionStore.generate(req)`
			`for key, value of oldSession`
When regenerating session, don't copy the `__tmp` key 2018-09-13 07:31:59 -04:00			`req.session[key] = value unless key == '__tmp'`
WIP: start moving web sessions to cluster 2016-11-08 10:32:36 -05:00			# copy to the old `session.user` location, for backward-comptability
			`req.session.user = req.session.passport.user`
			`req.session.save (err) ->`
			`if err?`
			`logger.err {user_id: user._id}, "error saving regenerated session after login"`
			`return callback(err)`
			`UserSessionsManager.trackSession(user, req.sessionID, () ->)`
			`callback(null)`
Enable hook from module into passport init. 2016-11-01 10:06:54 -04:00
Finalise login workflow, works with login form again. 2016-09-15 09:36:11 -04:00			`passportLogin: (req, res, next) ->`
			`# This function is middleware which wraps the passport.authenticate middleware,`
			# so we can send back our custom `{message: {text: "", type: ""}}` responses on failure,
			# and send a `{redir: ""}` response on success
			`passport.authenticate('local', (err, user, info) ->`
			`if err?`
			`return next(err)`
move comment for user is false next to if statment 2016-09-20 09:50:26 -04:00			if user # `user` is either a user object or false
Refactor the way logins are finished off and sessions established 2018-07-17 11:27:24 -04:00			`AuthenticationController.finishLogin(user, req, res, next)`
Finalise login workflow, works with login form again. 2016-09-15 09:36:11 -04:00			`else`
If we're creating v1 accounts, don't allow login for users already linked up 2018-07-31 10:53:05 -04:00			`if info.redir?`
			`res.json {redir: info.redir}`
			`else`
			`res.json message: info`
Finalise login workflow, works with login form again. 2016-09-15 09:36:11 -04:00			`)(req, res, next)`

Refactor the way logins are finished off and sessions established 2018-07-17 11:27:24 -04:00			`finishLogin: (user, req, res, next) ->`
			`redir = AuthenticationController._getRedirectFromSession(req) \|\| "/project"`
			`AuthenticationController._loginAsyncHandlers(req, user)`
			`AuthenticationController.afterLoginSessionSetup req, user, (err) ->`
			`if err?`
			`return next(err)`
Add an error log if activating sudo-mode on login fails 2018-10-04 10:03:22 -04:00			`SudoModeHandler.activateSudoMode user._id, (err) ->`
			`if err?`
			`logger.err {err, user_id: user._id}, "Error activating Sudo Mode on login, continuing"`
WIP: trying to get acceptance tests to pass 2018-09-20 09:59:30 -04:00			`AuthenticationController._clearRedirectFromSession(req)`
			`if req.headers?['accept']?.match(/^application\/json.*$/)`
			`res.json {redir: redir}`
			`else`
			`res.redirect(redir)`
Refactor the way logins are finished off and sessions established 2018-07-17 11:27:24 -04:00
Basic passport integration 2016-09-02 11:17:37 -04:00			`doPassportLogin: (req, username, password, done) ->`
			`email = username.toLowerCase()`
If we're creating v1 accounts, don't allow login for users already linked up 2018-07-31 10:53:05 -04:00			`Modules = require "../../infrastructure/Modules"`
Pass req to preDoPassportLogin module hook 2018-08-17 07:04:05 -04:00			`Modules.hooks.fire 'preDoPassportLogin', req, email, (err, infoList) ->`
If we're creating v1 accounts, don't allow login for users already linked up 2018-07-31 10:53:05 -04:00			`return next(err) if err?`
			`info = infoList.find((i) => i?)`
			`if info?`
			`return done(null, false, info)`
			`LoginRateLimiter.processLoginRequest email, (err, isAllowed)->`
			`return done(err) if err?`
			`if !isAllowed`
			`logger.log email:email, "too many login requests"`
			`return done(null, null, {text: req.i18n.translate("to_many_login_requests_2_mins"), type: 'error'})`
			`AuthenticationManager.authenticate email: email, password, (error, user) ->`
			`return done(error) if error?`
			`if user?`
			`# async actions`
			`return done(null, user)`
			`else`
			`AuthenticationController._recordFailedLogin()`
			`logger.log email: email, "failed log in"`
			`return done(`
			`null,`
			`false,`
			`{text: req.i18n.translate("email_or_password_wrong_try_again"), type: 'error'}`
			`)`
Basic passport integration 2016-09-02 11:17:37 -04:00
Refactor the way logins are finished off and sessions established 2018-07-17 11:27:24 -04:00			`_loginAsyncHandlers: (req, user) ->`
Move the pre-login async code into a helper function 2018-07-13 06:51:11 -04:00			`UserHandler.setupLoginData(user, ()->)`
Refactor the way logins are finished off and sessions established 2018-07-17 11:27:24 -04:00			`LoginRateLimiter.recordSuccessfulLogin(user.email)`
Move the pre-login async code into a helper function 2018-07-13 06:51:11 -04:00			`AuthenticationController._recordSuccessfulLogin(user._id)`
move call for creating ip matched notifcation to project controller 2018-09-05 10:28:26 -04:00			`AuthenticationController.ipMatchCheck(req, user)`
Move the pre-login async code into a helper function 2018-07-13 06:51:11 -04:00			`Analytics.recordEvent(user._id, "user-logged-in", {ip:req.ip})`
			`Analytics.identifyUser(user._id, req.sessionID)`
Refactor the way logins are finished off and sessions established 2018-07-17 11:27:24 -04:00			`logger.log email: user.email, user_id: user._id.toString(), "successful log in"`
Move the pre-login async code into a helper function 2018-07-13 06:51:11 -04:00			`req.session.justLoggedIn = true`
			`# capture the request ip for use when creating the session`
			`user._login_req_ip = req.ip`

test against ip matcher for notification on login if different from previous ip 2018-09-04 12:26:15 -04:00			`ipMatchCheck: (req, user) ->`
			`if req.ip != user.lastLoginIp`
remove unnecessary error returns and ip fetching 2018-09-07 13:15:32 -04:00			`NotificationsBuilder.ipMatcherAffiliation(user._id, req.ip).create()`
test against ip matcher for notification on login if different from previous ip 2018-09-04 12:26:15 -04:00			`UserUpdater.updateUser user._id.toString(), {`
			`$set: { "lastLoginIp": req.ip }`
			`}`

update session when user settings change 2016-09-22 11:58:25 -04:00			`setInSessionUser: (req, props) ->`
			`for key, value of props`
			`if req?.session?.passport?.user?`
			`req.session.passport.user[key] = value`
			`if req?.session?.user?`
			`req.session.user[key] = value`

WIP: refactor 2016-09-05 10:58:31 -04:00			`isUserLoggedIn: (req) ->`
			`user_id = AuthenticationController.getLoggedInUserId(req)`
Handle null, undefined and false in `isUserLoggedIn` 2016-09-23 11:53:07 -04:00			`return (user_id not in [null, undefined, false])`
Basic passport integration 2016-09-02 11:17:37 -04:00
WIP: refactor 2016-09-05 10:58:31 -04:00			`# TODO: perhaps should produce an error if the current user is not present`
			`getLoggedInUserId: (req) ->`
wip refactor 2016-09-06 10:22:13 -04:00			`user = AuthenticationController.getSessionUser(req)`
wip: fix unit tests for AuthenticationController 2016-09-07 09:05:51 -04:00			`if user`
wip refactor 2016-09-06 10:22:13 -04:00			`return user._id`
			`else`
			`return null`

			`getSessionUser: (req) ->`
wip: fix unit tests for AuthenticationController 2016-09-07 09:05:51 -04:00			`if req?.session?.user?`
wip refactor 2016-09-06 10:22:13 -04:00			`return req.session.user`
wip: fix unit tests for AuthenticationController 2016-09-07 09:05:51 -04:00			`else if req?.session?.passport?.user`
wip refactor 2016-09-06 10:22:13 -04:00			`return req.session.passport.user`
null check user when getting user id from session 2014-04-02 10:56:54 -04:00			`else`
WIP: refactor 2016-09-05 10:58:31 -04:00			`return null`
Intial open source comment 2014-02-12 05:23:40 -05:00
Remove dead auth_token code 2016-03-10 12:15:14 -05:00			`requireLogin: () ->`
Intial open source comment 2014-02-12 05:23:40 -05:00			`doRequest = (req, res, next = (error) ->) ->`
WIP: fixing acceptance tests 2016-09-06 08:21:22 -04:00			`if !AuthenticationController.isUserLoggedIn(req)`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`AuthenticationController._redirectToLoginOrRegisterPage(req, res)`
Intial open source comment 2014-02-12 05:23:40 -05:00			`else`
Set req.user 2016-09-22 08:54:13 -04:00			`req.user = AuthenticationController.getSessionUser(req)`
WIP: fixing acceptance tests 2016-09-06 08:21:22 -04:00			`next()`
Intial open source comment 2014-02-12 05:23:40 -05:00
			`return doRequest`

Merge pull request #1047 from sharelatex/ew-oauth-authorization add oauth middlewear GitOrigin-RevId: b68360763e1060fdbcbb4348d3d691a803fbfa41 2018-10-30 14:18:42 -04:00			`requireOauth: () ->`
			`return (req, res, next = (error) ->) ->`
			`return res.status(401).send() unless req.token?`
			`options =`
			`expectedStatusCodes: [401]`
			`json: token: req.token`
			`method: "POST"`
			`uri: "/api/v1/sharelatex/oauth_authorize"`
			`V1Api.request options, (error, response, body) ->`
			`return next(error) if error?`
			`return res.status(401).json({error: "invalid_token"}) unless body?.user_profile?.id`
			`User.findOne { "overleaf.id": body.user_profile.id }, (error, user) ->`
			`return next(error) if error?`
Collabratec Get Projects API (#1092) collabratec get projects api GitOrigin-RevId: c733aecf515cf75ca1ae9c454efa7a35f09cf495 2018-11-06 08:33:12 -05:00			`return res.status(401).send({error: "invalid_token"}) unless user?`
Merge pull request #1047 from sharelatex/ew-oauth-authorization add oauth middlewear GitOrigin-RevId: b68360763e1060fdbcbb4348d3d691a803fbfa41 2018-10-30 14:18:42 -04:00			`req.oauth = access_token: body.access_token`
			`req.oauth_user = user`
			`next()`

Add in option for global login requirement (defaults to on) 2015-04-15 06:14:38 -04:00			`_globalLoginWhitelist: []`
			`addEndpointToLoginWhitelist: (endpoint) ->`
			`AuthenticationController._globalLoginWhitelist.push endpoint`

			`requireGlobalLogin: (req, res, next) ->`
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 06:57:40 -04:00			`if req._parsedUrl.pathname in AuthenticationController._globalLoginWhitelist`
Add in option for global login requirement (defaults to on) 2015-04-15 06:14:38 -04:00			`return next()`

			`if req.headers['authorization']?`
			`return AuthenticationController.httpAuth(req, res, next)`
wip: fix unit tests for AuthenticationController 2016-09-07 09:05:51 -04:00			`else if AuthenticationController.isUserLoggedIn(req)`
Add in option for global login requirement (defaults to on) 2015-04-15 06:14:38 -04:00			`return next()`
			`else`
changed authentication controller to use req.parsedUrl.pathname as query strings on req.url were breaking the whitelist 2015-04-30 06:57:40 -04:00			`logger.log url:req.url, "user trying to access endpoint not in global whitelist"`
Set redirect when sending user to `login` page. Allows smart redirecting to work when public access is turned off. 2017-01-10 10:42:36 -05:00			`AuthenticationController._setRedirectInSession(req)`
Add in option for global login requirement (defaults to on) 2015-04-15 06:14:38 -04:00			`return res.redirect "/login"`

v1 of express4 conversion 2015-06-30 07:04:41 -04:00			`httpAuth: basicAuth (user, pass)->`
Add in option for global login requirement (defaults to on) 2015-04-15 06:14:38 -04:00			`isValid = Settings.httpAuthUsers[user] == pass`
			`if !isValid`
			`logger.err user:user, pass:pass, "invalid login details"`
			`return isValid`
redirect users to /register when coming from templates or share url redirect to /login when going anywhere else (/project /project/1234) 2014-11-13 12:12:39 -05:00
			`_redirectToLoginOrRegisterPage: (req, res)->`
Fixup mixed indentation 2018-06-25 19:27:47 -04:00			`if (req.query.zipUrl? or req.query.project_name? or req.path == '/user/subscription/new')`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`return AuthenticationController._redirectToRegisterPage(req, res)`
redirect users to /register when coming from templates or share url redirect to /login when going anywhere else (/project /project/1234) 2014-11-13 12:12:39 -05:00			`else`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`AuthenticationController._redirectToLoginPage(req, res)`
redirect users to /register when coming from templates or share url redirect to /login when going anywhere else (/project /project/1234) 2014-11-13 12:12:39 -05:00
			`_redirectToLoginPage: (req, res) ->`
			`logger.log url: req.url, "user not logged in so redirecting to login page"`
use session for the post-login redirect, remove `redir` query string. 2016-11-22 09:24:36 -05:00			`AuthenticationController._setRedirectInSession(req)`
redirect users to /register when coming from templates or share url redirect to /login when going anywhere else (/project /project/1234) 2014-11-13 12:12:39 -05:00			`url = "/login?#{querystring.stringify(req.query)}"`
			`res.redirect url`
			`Metrics.inc "security.login-redirect"`

Intial open source comment 2014-02-12 05:23:40 -05:00			`_redirectToRegisterPage: (req, res) ->`
			`logger.log url: req.url, "user not logged in so redirecting to register page"`
use session for the post-login redirect, remove `redir` query string. 2016-11-22 09:24:36 -05:00			`AuthenticationController._setRedirectInSession(req)`
Intial open source comment 2014-02-12 05:23:40 -05:00			`url = "/register?#{querystring.stringify(req.query)}"`
			`res.redirect url`
			`Metrics.inc "security.login-redirect"`

			`_recordSuccessfulLogin: (user_id, callback = (error) ->) ->`
			`UserUpdater.updateUser user_id.toString(), {`
			`$set: { "lastLoggedIn": new Date() },`
			`$inc: { "loginCount": 1 }`
			`}, (error) ->`
			`callback(error) if error?`
			`Metrics.inc "user.login.success"`
			`callback()`

			`_recordFailedLogin: (callback = (error) ->) ->`
			`Metrics.inc "user.login.failed"`
			`callback()`
use session for the post-login redirect, remove `redir` query string. 2016-11-22 09:24:36 -05:00
Set redirect when redirecting from restricted 2016-11-22 11:54:03 -05:00			`_setRedirectInSession: (req, value) ->`
			`if !value?`
Don't record redirect to static asset paths 2017-01-17 09:35:37 -05:00			`value = if Object.keys(req.query).length > 0 then "#{req.path}?#{querystring.stringify(req.query)}" else "#{req.path}"`
Don't redirect to images, icons, etc, in login workflow 2017-05-12 10:46:16 -04:00			`if (`
			`req.session? &&`
use regex test instead of match when only bool needed 2018-08-27 14:25:01 -04:00			`!/^\/(socket.io\|js\|stylesheets\|img)\/.*$/.test(value) &&`
			`!/^.*\.(png\|jpeg\|svg)$/.test(value)`
Don't redirect to images, icons, etc, in login workflow 2017-05-12 10:46:16 -04:00			`)`
Set redirect when redirecting from restricted 2016-11-22 11:54:03 -05:00			`req.session.postLoginRedirect = value`
use session for the post-login redirect, remove `redir` query string. 2016-11-22 09:24:36 -05:00
			`_getRedirectFromSession: (req) ->`
			`return req?.session?.postLoginRedirect \|\| null`

			`_clearRedirectFromSession: (req) ->`
			`if req.session?`
			`delete req.session.postLoginRedirect`