Refactor the way logins are finished off and sessions established

2024-11-21 20:47:08 -05:00 · 2018-07-17 16:27:24 +01:00 · 2018-07-17 16:27:24 +01:00 · 299de369e5
commit 299de369e5
parent b4f8108277
1 changed files with 16 additions and 10 deletions
--- a/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
+++ b/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
@ -62,16 +62,23 @@ module.exports = AuthenticationController =
 			if err?
 				return next(err)
 			if user # `user` is either a user object or false
-				redir = AuthenticationController._getRedirectFromSession(req) || "/project"
-				AuthenticationController.afterLoginSessionSetup req, user, (err) ->
-					if err?
-						return next(err)
-					AuthenticationController._clearRedirectFromSession(req)
-					res.json {redir: redir}
+				AuthenticationController.finishLogin(user, req, res, next)
 			else
 				res.json message: info
 		)(req, res, next)

+	finishLogin: (user, req, res, next) ->
+		redir = AuthenticationController._getRedirectFromSession(req) || "/project"
+		AuthenticationController._loginAsyncHandlers(req, user)
+		AuthenticationController.afterLoginSessionSetup req, user, (err) ->
+			if err?
+				return next(err)
+			AuthenticationController._clearRedirectFromSession(req)
+			if req.headers?['accept']?.match(/^application\/json.*$/)
+				res.json {redir: redir}
+			else
+				res.redirect(redir)
+
 	doPassportLogin: (req, username, password, done) ->
 		email = username.toLowerCase()
 		LoginRateLimiter.processLoginRequest email, (err, isAllowed)->
@ -83,20 +90,19 @@ module.exports = AuthenticationController =
 				return done(error) if error?
 				if user?
 					# async actions
-					AuthenticationController._loginAsyncHandlers(req, email, user)
 					return done(null, user)
 				else
 					AuthenticationController._recordFailedLogin()
 					logger.log email: email, "failed log in"
 					return done(null, false, {text: req.i18n.translate("email_or_password_wrong_try_again"), type: 'error'})

-	_loginAsyncHandlers: (req, email, user) ->
+	_loginAsyncHandlers: (req, user) ->
 		UserHandler.setupLoginData(user, ()->)
-		LoginRateLimiter.recordSuccessfulLogin(email)
+		LoginRateLimiter.recordSuccessfulLogin(user.email)
 		AuthenticationController._recordSuccessfulLogin(user._id)
 		Analytics.recordEvent(user._id, "user-logged-in", {ip:req.ip})
 		Analytics.identifyUser(user._id, req.sessionID)
-		logger.log email: email, user_id: user._id.toString(), "successful log in"
+		logger.log email: user.email, user_id: user._id.toString(), "successful log in"
 		req.session.justLoggedIn = true
 		# capture the request ip for use when creating the session
 		user._login_req_ip = req.ip